Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/8ZjbXieDC7hfZPEv6uPr2DE_7W8.roa
File:                     8ZjbXieDC7hfZPEv6uPr2DE_7W8.roa (raw, json)
Hash identifier:          2DnAc/ycvXB6bppBWJrYaT94DmODzYfjr3IdYwo+NNw=
Subject key identifier:   F1:98:DB:5E:27:83:0B:B8:5F:64:F1:2F:EA:E3:EB:D8:31:3F:ED:6F
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802F25B8A34BC5389762F8EE3D3763C
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/8ZjbXieDC7hfZPEv6uPr2DE_7W8.roa
Signing time:             Tue 02 Jan 2024 02:31:25 +0000
ROA not before:           Tue 02 Jan 2024 02:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50613
IP address blocks:        192.71.218.0/24 maxlen: 24
                          192.36.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:f2:5b:8a:34:bc:53:89:76:2f:8e:e3:d3:76:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f198db5e27830bb85f64f12feae3ebd8313fed6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a4:d3:ac:27:c1:5f:c2:0f:26:d5:47:02:95:
                    2f:0f:49:9a:fe:47:05:03:b9:db:c4:9c:73:9b:3c:
                    e3:e0:25:28:cc:0d:e2:10:53:dd:43:a7:d4:22:f5:
                    df:28:fd:e4:39:7d:26:ff:03:80:25:5e:8e:d0:a5:
                    18:28:74:48:55:c3:43:f0:b7:71:56:b4:54:3e:60:
                    85:d0:44:97:56:46:16:28:5c:13:f1:be:87:11:6b:
                    0c:97:8d:f2:dc:17:76:a6:4b:69:d3:5e:2d:bf:37:
                    5e:d4:c5:23:e2:97:97:64:f2:e7:81:3f:21:9e:08:
                    95:7c:a6:d5:61:27:08:7c:c4:27:09:15:37:3a:b1:
                    18:2f:d5:48:f7:ce:45:8e:f8:01:e6:fc:86:4b:af:
                    cd:5e:c3:13:4c:fb:67:50:20:b3:ce:84:e6:01:47:
                    03:fe:e8:76:1b:78:37:83:bc:0d:ec:da:3a:b2:03:
                    80:9e:72:8d:18:ca:6c:73:aa:4a:b9:59:99:02:ca:
                    8e:61:d6:c3:0e:ac:66:b8:50:a6:2b:7d:0e:26:f1:
                    1a:d0:f4:3b:b3:7d:3d:67:fd:d4:e4:4f:a1:df:01:
                    90:66:8a:4e:75:19:32:c9:43:c9:82:8e:1e:30:79:
                    f7:5d:8a:42:c3:b3:25:bb:e9:f2:ad:27:2c:03:b7:
                    42:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:98:DB:5E:27:83:0B:B8:5F:64:F1:2F:EA:E3:EB:D8:31:3F:ED:6F
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/8ZjbXieDC7hfZPEv6uPr2DE_7W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.36.57.0/24
                  192.71.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:43:ff:ec:00:89:53:d9:cf:cb:2e:8b:46:a4:ed:72:5a:a8:
         4d:13:ed:32:a0:7c:44:5d:62:36:fe:e4:14:ef:0b:18:97:94:
         42:14:14:dc:89:f1:b3:92:e1:4f:23:7e:da:c5:6a:77:b3:65:
         12:e8:41:29:7e:a8:e8:1d:1f:94:fc:d5:7e:8d:28:36:e0:d8:
         f2:3a:4e:01:63:28:0c:e5:df:48:ee:f9:57:4e:cd:b2:27:4e:
         f7:e6:a0:fd:cb:8e:e5:da:d4:ba:bf:f4:cd:12:d7:33:34:c3:
         2f:0b:87:ca:b8:4d:a5:a1:6b:d3:60:2d:2c:5a:85:af:62:4b:
         db:2b:dc:70:65:7c:eb:4b:27:df:d7:a5:48:7f:c4:e4:1e:10:
         83:d5:f2:5f:ff:06:10:f8:17:a5:3a:1e:24:3a:65:ff:67:51:
         e9:9a:ed:b0:5c:f2:9a:79:f6:57:fa:4c:d7:6e:b8:b7:e6:0c:
         57:3a:ee:fa:5f:03:d5:90:d8:d2:f2:1e:95:0b:c4:fc:7c:a1:
         db:8b:aa:19:f4:02:43:a8:ce:2b:a0:a4:14:fd:7b:42:48:6a:
         22:1e:f1:f3:80:97:16:78:52:ff:30:a7:fd:fd:67:10:6a:b8:
         f2:82:78:31:ab:23:b5:9b:8c:7a:3c:83:16:15:e5:08:db:f9:
         a0:d3:11:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAvJbijS8U4l2L47j03Y8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTk4ZGI1ZTI3ODMwYmI4NWY2NGYxMmZlYWUzZWJkODMxM2ZlZDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKTTrCfBX8IPJtVHApUvD0ma/kcF
A7nbxJxzmzzj4CUozA3iEFPdQ6fUIvXfKP3kOX0m/wOAJV6O0KUYKHRIVcND8Ldx
VrRUPmCF0ESXVkYWKFwT8b6HEWsMl43y3Bd2pktp014tvzde1MUj4peXZPLngT8h
ngiVfKbVYScIfMQnCRU3OrEYL9VI985FjvgB5vyGS6/NXsMTTPtnUCCzzoTmAUcD
/uh2G3g3g7wN7No6sgOAnnKNGMpsc6pKuVmZAsqOYdbDDqxmuFCmK30OJvEa0PQ7
s309Z/3U5E+h3wGQZopOdRkyyUPJgo4eMHn3XYpCw7Mlu+nyrScsA7dCUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPGY214ngwu4X2TxL+rj69gxP+1vMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvOFpqYlhpZURDN2hmWlBFdjZ1UHIyREVfN1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwCQ5AwQA
wEfaMA0GCSqGSIb3DQEBCwUAA4IBAQCsQ//sAIlT2c/LLotGpO1yWqhNE+0yoHxE
XWI2/uQU7wsYl5RCFBTcifGzkuFPI37axWp3s2US6EEpfqjoHR+U/NV+jSg24Njy
Ok4BYygM5d9I7vlXTs2yJ0735qD9y47l2tS6v/TNEtczNMMvC4fKuE2loWvTYC0s
WoWvYkvbK9xwZXzrSyff16VIf8TkHhCD1fJf/wYQ+BelOh4kOmX/Z1Hpmu2wXPKa
efZX+kzXbri35gxXOu76XwPVkNjS8h6VC8T8fKHbi6oZ9AJDqM4roKQU/XtCSGoi
HvHzgJcWeFL/MKf9/WcQarjygngxqyO1m4x6PIMWFeUI2/mg0xGI
-----END CERTIFICATE-----