Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/AMCH7gudrHbGvZQSFrGlz74oMSU.roa
File:                     AMCH7gudrHbGvZQSFrGlz74oMSU.roa (raw, json)
Hash identifier:          /2GM51FpMWybnNXPeu+ADauUDVZ0ZlsHb5piprQ7g8E=
Subject key identifier:   00:C0:87:EE:0B:9D:AC:76:C6:BD:94:12:16:B1:A5:CF:BE:28:31:25
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       018CC5013A10C458696624C1611D65E77FDA
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/AMCH7gudrHbGvZQSFrGlz74oMSU.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203408
IP address blocks:        78.159.82.0/24 maxlen: 24
                          78.159.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3a:10:c4:58:69:66:24:c1:61:1d:65:e7:7f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00c087ee0b9dac76c6bd941216b1a5cfbe283125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b8:da:e2:06:51:e5:c7:43:46:3f:a7:dc:bb:
                    15:0f:5f:6a:36:19:62:ce:fd:2e:e7:5f:4f:e9:cb:
                    bc:e5:2f:22:3b:b3:0a:ba:32:b8:01:24:cb:c6:0e:
                    41:b0:73:35:00:92:2b:55:50:f1:ad:d4:24:a7:2a:
                    bb:e4:6b:f7:63:da:dd:53:eb:df:bb:48:e5:99:98:
                    3e:0f:40:35:87:b3:c6:4f:ae:f9:cb:42:43:71:9c:
                    de:eb:87:41:bc:06:d5:a9:80:08:d1:77:92:32:fd:
                    ba:2b:16:81:a9:06:eb:b4:db:3e:f7:30:13:24:5b:
                    0d:c9:29:9c:83:95:b5:62:12:6f:84:52:fd:43:04:
                    2c:fe:62:9c:a9:6d:1a:f5:fd:b9:2c:92:94:a2:8d:
                    0f:33:be:1b:62:5b:7e:c5:d4:11:8e:33:a2:91:52:
                    2f:23:3a:34:d4:09:38:6d:bc:84:0b:44:ff:77:b4:
                    5e:b7:11:08:07:8c:fe:aa:ad:b9:47:b9:08:96:ff:
                    79:61:0f:fe:9a:83:bc:c2:3f:0b:7b:7c:5f:65:c1:
                    c3:24:ff:e6:0e:04:c6:2e:84:12:88:3e:0c:c6:83:
                    65:04:ef:53:1d:3b:47:52:c6:21:b3:96:1a:09:a7:
                    4a:ce:bc:aa:aa:92:e9:44:da:27:ce:35:ca:42:91:
                    cc:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:C0:87:EE:0B:9D:AC:76:C6:BD:94:12:16:B1:A5:CF:BE:28:31:25
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/AMCH7gudrHbGvZQSFrGlz74oMSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.82.0/24
                  78.159.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ab:0f:e0:c3:d3:e3:51:95:c0:e6:bc:23:8b:ce:3e:f2:5c:
         48:99:e5:59:30:39:67:43:97:e9:d7:3a:3b:e7:05:2d:62:1c:
         be:b3:2d:74:a9:02:15:7e:9e:84:99:6d:cb:b7:70:02:0b:e0:
         62:2d:e9:c4:52:2e:01:01:a5:2a:61:a2:75:f4:5f:7b:f4:6a:
         eb:ef:44:07:99:3d:3d:c1:cf:24:f3:ae:1f:9a:c0:b6:37:6d:
         91:f1:fe:8c:ad:88:dc:31:81:19:a0:99:1f:bc:49:be:8e:c9:
         62:af:07:1a:89:aa:00:3d:37:f8:85:58:1c:31:f8:71:c6:0b:
         10:d9:a8:28:6b:bf:32:17:44:b2:28:19:c4:da:ac:29:be:22:
         82:dc:da:40:93:e6:cc:a9:2f:d9:79:a7:49:54:2f:8e:15:87:
         b2:0e:97:0f:95:cd:55:e8:5f:e0:4a:f9:f8:40:95:dd:a6:a0:
         98:f2:27:04:39:26:35:f9:72:f6:7d:75:03:b2:52:28:cf:30:
         08:5c:7a:4f:ef:a7:29:17:27:79:08:c5:23:a4:7f:d1:27:1f:
         a3:de:57:71:7b:ae:3a:09:fa:89:b2:6a:eb:6c:7d:9c:bf:79:
         b0:9d:85:6a:87:cc:c6:77:dd:af:9a:03:53:3d:a4:ec:fd:fe:
         a3:49:cb:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAToQxFhpZiTBYR1l53/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGMwODdlZTBiOWRhYzc2YzZiZDk0MTIxNmIxYTVjZmJlMjgzMTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLja4gZR5cdDRj+n3LsVD19qNhli
zv0u519P6cu85S8iO7MKujK4ASTLxg5BsHM1AJIrVVDxrdQkpyq75Gv3Y9rdU+vf
u0jlmZg+D0A1h7PGT675y0JDcZze64dBvAbVqYAI0XeSMv26KxaBqQbrtNs+9zAT
JFsNySmcg5W1YhJvhFL9QwQs/mKcqW0a9f25LJKUoo0PM74bYlt+xdQRjjOikVIv
Izo01Ak4bbyEC0T/d7RetxEIB4z+qq25R7kIlv95YQ/+moO8wj8Le3xfZcHDJP/m
DgTGLoQSiD4MxoNlBO9THTtHUsYhs5YaCadKzryqqpLpRNonzjXKQpHM+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFADAh+4Lnax2xr2UEhaxpc++KDElMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvQU1DSDdndWRySGJHdlpRU0ZyR2x6NzRvTVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATp9SAwQA
Tp9XMA0GCSqGSIb3DQEBCwUAA4IBAQBmqw/gw9PjUZXA5rwji84+8lxImeVZMDln
Q5fp1zo75wUtYhy+sy10qQIVfp6EmW3Lt3ACC+BiLenEUi4BAaUqYaJ19F979Grr
70QHmT09wc8k864fmsC2N22R8f6MrYjcMYEZoJkfvEm+jslirwcaiaoAPTf4hVgc
MfhxxgsQ2agoa78yF0SyKBnE2qwpviKC3NpAk+bMqS/ZeadJVC+OFYeyDpcPlc1V
6F/gSvn4QJXdpqCY8icEOSY1+XL2fXUDslIozzAIXHpP76cpFyd5CMUjpH/RJx+j
3ldxe646CfqJsmrrbH2cv3mwnYVqh8zGd92vmgNTPaTs/f6jSctg
-----END CERTIFICATE-----