Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/m87-CXNBm5VwmmEvQBAI-p_8l98.roa
File:                     m87-CXNBm5VwmmEvQBAI-p_8l98.roa (raw, json)
Hash identifier:          vGGq9E7IPOkRddkapcYuXImJsPgw9f+HEWKjnAHtMCI=
Subject key identifier:   9B:CE:FE:09:73:41:9B:95:70:9A:61:2F:40:10:08:FA:9F:FC:97:DF
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       019427489415E204021843F2428BDB21EA96
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/m87-CXNBm5VwmmEvQBAI-p_8l98.roa
Signing time:             Thu 02 Jan 2025 13:50:55 +0000
ROA not before:           Thu 02 Jan 2025 13:50:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60464
IP address blocks:        80.93.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 23:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:94:15:e2:04:02:18:43:f2:42:8b:db:21:ea:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: Jan  2 13:50:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bcefe0973419b95709a612f401008fa9ffc97df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:68:17:86:b7:f5:5e:8f:56:dc:7e:2b:47:80:
                    d5:e1:46:e7:de:60:f7:50:f1:6c:17:11:79:bf:2b:
                    f3:42:e4:45:77:ba:80:86:4c:6a:fc:d6:83:d9:23:
                    eb:2a:ac:ab:03:c1:86:d3:8d:31:ca:14:eb:0a:7a:
                    d3:56:f7:de:64:0c:fb:7b:47:ad:2f:a9:25:f4:88:
                    af:7b:3f:5c:75:fd:b3:50:66:3e:51:de:bf:73:d8:
                    55:0b:8f:ea:bc:a1:5c:82:0e:f2:d2:ab:d2:85:39:
                    44:a7:98:db:52:12:ac:5c:25:6c:11:91:bf:17:f2:
                    ff:a0:bb:28:ac:da:15:11:3c:4e:a7:44:7b:dd:01:
                    a0:c8:93:03:53:4d:0f:b6:68:60:7c:91:29:1f:c8:
                    18:fc:ef:46:5f:77:ce:35:ba:6c:b5:ec:24:66:6d:
                    82:48:39:38:f3:e9:60:68:52:88:4f:1a:68:79:8f:
                    cf:28:6d:74:f3:0c:23:9b:75:64:b8:89:d0:cb:37:
                    86:5e:c9:96:75:b9:20:df:53:e3:7a:3e:cd:fc:7d:
                    68:85:78:4d:3c:f2:4c:0c:a4:69:42:0b:19:ba:c3:
                    5b:4b:43:de:fd:72:50:36:15:e7:67:37:22:40:58:
                    70:5a:09:b7:2a:93:85:b9:c8:20:d6:17:e1:3e:a0:
                    f3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:CE:FE:09:73:41:9B:95:70:9A:61:2F:40:10:08:FA:9F:FC:97:DF
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/m87-CXNBm5VwmmEvQBAI-p_8l98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:63:e9:7d:e0:ed:6a:b9:c9:0e:22:bc:a3:a2:02:08:14:6b:
         0c:6e:d7:e3:b8:86:a6:5f:08:0c:08:d6:dc:d9:6f:7d:b7:6f:
         6a:12:aa:f5:a6:2d:09:65:fc:36:f1:a7:f5:56:29:ff:27:20:
         c0:24:56:3d:e5:84:f2:07:9c:9d:e8:7f:78:ff:58:13:33:75:
         0e:0f:a5:c8:48:d1:e1:4a:8e:a6:05:f4:22:9b:83:67:5c:43:
         7d:8b:37:dc:cb:f6:a0:6a:40:12:b9:16:16:99:ba:af:d9:8d:
         e7:3e:e6:17:04:1b:42:9c:80:e5:71:aa:11:37:62:59:2f:85:
         e8:31:66:1e:e2:e5:a7:d7:b8:41:28:8f:8b:de:37:de:09:a3:
         14:37:44:85:ad:19:66:d1:cd:ae:2f:55:d9:fa:2e:89:6e:e5:
         27:cb:a2:b7:c1:d4:87:2c:0f:99:62:93:6a:d8:14:37:35:0e:
         dc:71:50:48:ea:9d:5e:55:12:11:93:c1:0e:79:60:35:35:22:
         bc:09:cb:e7:85:ed:0b:4b:8e:e4:e3:53:59:af:2b:96:19:e8:
         29:b3:b9:d8:09:13:b0:b3:5c:1b:94:e5:8d:ca:0b:5c:f6:b5:
         5d:8a:c9:d6:46:61:d7:85:ae:d4:ea:ad:3f:a9:40:64:36:8f:
         09:93:38:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJQV4gQCGEPyQovbIeqWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjUwMTAyMTM1MDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmNlZmUwOTczNDE5Yjk1NzA5YTYxMmY0MDEwMDhmYTlmZmM5N2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2gXhrf1Xo9W3H4rR4DV4Ubn3mD3
UPFsFxF5vyvzQuRFd7qAhkxq/NaD2SPrKqyrA8GG040xyhTrCnrTVvfeZAz7e0et
L6kl9Iivez9cdf2zUGY+Ud6/c9hVC4/qvKFcgg7y0qvShTlEp5jbUhKsXCVsEZG/
F/L/oLsorNoVETxOp0R73QGgyJMDU00PtmhgfJEpH8gY/O9GX3fONbpstewkZm2C
SDk48+lgaFKITxpoeY/PKG108wwjm3VkuInQyzeGXsmWdbkg31Pjej7N/H1ohXhN
PPJMDKRpQgsZusNbS0Pe/XJQNhXnZzciQFhwWgm3KpOFucgg1hfhPqDzMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvO/glzQZuVcJphL0AQCPqf/JffMB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvbTg3LUNYTkJtNVZ3bW1FdlFCQUktcF84bDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF3GMA0G
CSqGSIb3DQEBCwUAA4IBAQAtY+l94O1quckOIryjogIIFGsMbtfjuIamXwgMCNbc
2W99t29qEqr1pi0JZfw28af1Vin/JyDAJFY95YTyB5yd6H94/1gTM3UOD6XISNHh
So6mBfQim4NnXEN9izfcy/agakASuRYWmbqv2Y3nPuYXBBtCnIDlcaoRN2JZL4Xo
MWYe4uWn17hBKI+L3jfeCaMUN0SFrRlm0c2uL1XZ+i6JbuUny6K3wdSHLA+ZYpNq
2BQ3NQ7ccVBI6p1eVRIRk8EOeWA1NSK8Ccvnhe0LS47k41NZryuWGegps7nYCROw
s1wblOWNygtc9rVdisnWRmHXha7U6q0/qUBkNo8JkzjJ
-----END CERTIFICATE-----