Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/828f99-83b5-40ad-a5a7-06437ec466b8/1/nrcGyBhyC8BxDbQEM0wlhv4Aswg.roa
File:                     nrcGyBhyC8BxDbQEM0wlhv4Aswg.roa (raw, json)
Hash identifier:          CP+K5yhvWwPwGK3G9rwzsnkq7YTP4yYD67qmsSLS6h0=
Subject key identifier:   9E:B7:06:C8:18:72:0B:C0:71:0D:B4:04:33:4C:25:86:FE:00:B3:08
Certificate issuer:       /CN=bbd2dc1d2c8fbdc08516ab0bb2088c37eb002863
Certificate serial:       018CC802FC380512933CFFEA233A148582FC
Authority key identifier: BB:D2:DC:1D:2C:8F:BD:C0:85:16:AB:0B:B2:08:8C:37:EB:00:28:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u9LcHSyPvcCFFqsLsgiMN-sAKGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/828f99-83b5-40ad-a5a7-06437ec466b8/1/nrcGyBhyC8BxDbQEM0wlhv4Aswg.roa
Signing time:             Tue 02 Jan 2024 02:31:27 +0000
ROA not before:           Tue 02 Jan 2024 02:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10753
IP address blocks:        89.47.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/828f99-83b5-40ad-a5a7-06437ec466b8/1/u9LcHSyPvcCFFqsLsgiMN-sAKGM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/828f99-83b5-40ad-a5a7-06437ec466b8/1/u9LcHSyPvcCFFqsLsgiMN-sAKGM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u9LcHSyPvcCFFqsLsgiMN-sAKGM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:fc:38:05:12:93:3c:ff:ea:23:3a:14:85:82:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbd2dc1d2c8fbdc08516ab0bb2088c37eb002863
        Validity
            Not Before: Jan  2 02:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9eb706c818720bc0710db404334c2586fe00b308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:03:8a:e7:a2:ae:96:5a:f5:7e:48:d8:d4:dc:
                    97:bd:c2:e4:4a:75:d2:8d:33:e2:0e:ed:9e:ae:72:
                    9a:b2:8a:bd:bb:39:2c:03:82:f6:35:80:4a:7a:74:
                    5d:2d:1e:28:8d:68:d9:02:72:aa:95:4c:d4:21:5c:
                    2b:61:d8:5e:20:c9:80:34:10:53:d2:0d:ce:38:ec:
                    5c:8d:7e:7b:04:a7:b0:85:e1:d6:5a:85:ec:f6:ab:
                    9f:60:46:55:b9:d3:2d:32:73:4e:f4:b5:5a:d0:d7:
                    6c:ea:14:df:cc:d5:9c:e8:9f:a8:ab:0c:d1:d2:0e:
                    2e:4f:7c:3a:c8:55:1d:25:9b:e9:5a:51:42:0b:ff:
                    e3:d6:25:e7:f4:7e:fd:ab:f5:60:5a:38:76:30:c2:
                    a9:a5:bc:ec:6d:f5:fb:77:36:99:d5:6d:37:45:bf:
                    1e:82:98:dd:5c:ae:d4:94:14:c4:46:be:5d:9d:89:
                    09:19:00:15:c4:16:8b:2d:36:c5:7d:2f:d0:73:7a:
                    23:d7:a5:f2:d3:55:8c:05:ee:fa:0b:e7:de:37:7f:
                    eb:1b:fc:a4:a1:37:87:ea:f1:c5:d1:2a:e8:92:68:
                    11:37:5a:d2:d3:4d:c9:d4:f7:5e:4c:29:29:85:bf:
                    14:08:07:56:ea:08:4d:0b:38:fc:48:ea:8b:d1:f2:
                    22:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:B7:06:C8:18:72:0B:C0:71:0D:B4:04:33:4C:25:86:FE:00:B3:08
            X509v3 Authority Key Identifier:
                keyid:BB:D2:DC:1D:2C:8F:BD:C0:85:16:AB:0B:B2:08:8C:37:EB:00:28:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u9LcHSyPvcCFFqsLsgiMN-sAKGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/828f99-83b5-40ad-a5a7-06437ec466b8/1/nrcGyBhyC8BxDbQEM0wlhv4Aswg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/828f99-83b5-40ad-a5a7-06437ec466b8/1/u9LcHSyPvcCFFqsLsgiMN-sAKGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:2e:63:ce:da:27:06:94:7a:8c:1c:6b:7b:54:ee:7c:96:33:
         9d:1b:40:06:8f:8c:7f:87:56:83:2b:72:06:c8:3f:69:ca:58:
         f6:ae:e8:9e:30:bc:23:2d:fe:22:bb:19:55:e4:7a:f6:6e:ec:
         e7:04:c6:60:f6:d9:18:fd:05:ae:a4:00:64:e2:99:a4:bb:f4:
         ed:2a:b0:c8:b4:95:57:73:b1:bc:7a:c9:89:f2:29:6d:7f:a5:
         29:a6:20:67:33:8f:5a:f3:57:ed:74:1d:6f:06:ef:99:c8:d7:
         41:85:46:b9:e3:a9:95:d7:a6:05:eb:e5:05:dc:8e:71:4e:26:
         59:b8:3f:45:0d:2d:3b:ec:1f:39:0a:fc:25:1c:88:67:05:5f:
         aa:05:68:ac:41:2f:82:56:dd:9d:0d:a8:9c:9c:e9:4f:62:c3:
         0d:8d:5c:ee:d3:a8:06:1d:9f:24:44:e9:47:b7:45:02:d8:ce:
         4b:25:7c:c7:e9:c9:1d:06:23:66:69:3d:63:13:df:73:75:62:
         cf:46:e6:0e:10:c0:75:3b:01:11:41:66:22:25:b8:ba:8b:6f:
         40:9b:08:10:6b:b1:54:0d:07:90:57:24:46:9f:aa:bc:5b:81:
         2f:4a:ce:7f:58:60:0e:65:ae:9e:c1:b3:63:c8:bd:00:94:44:
         82:03:4b:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAvw4BRKTPP/qIzoUhYL8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZDJkYzFkMmM4ZmJkYzA4NTE2YWIwYmIyMDg4YzM3ZWIw
MDI4NjMwHhcNMjQwMTAyMDIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWI3MDZjODE4NzIwYmMwNzEwZGI0MDQzMzRjMjU4NmZlMDBiMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQOK56Kullr1fkjY1NyXvcLkSnXS
jTPiDu2ernKasoq9uzksA4L2NYBKenRdLR4ojWjZAnKqlUzUIVwrYdheIMmANBBT
0g3OOOxcjX57BKewheHWWoXs9qufYEZVudMtMnNO9LVa0Nds6hTfzNWc6J+oqwzR
0g4uT3w6yFUdJZvpWlFCC//j1iXn9H79q/VgWjh2MMKppbzsbfX7dzaZ1W03Rb8e
gpjdXK7UlBTERr5dnYkJGQAVxBaLLTbFfS/Qc3oj16Xy01WMBe76C+feN3/rG/yk
oTeH6vHF0SrokmgRN1rS003J1PdeTCkphb8UCAdW6ghNCzj8SOqL0fIiGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ63BsgYcgvAcQ20BDNMJYb+ALMIMB8GA1UdIwQY
MBaAFLvS3B0sj73AhRarC7IIjDfrAChjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTlMY0hTeVB2Y0NGRnFzTHNnaU1OLXNBS0dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC84MjhmOTktODNiNS00MGFkLWE1YTct
MDY0MzdlYzQ2NmI4LzEvbnJjR3lCaHlDOEJ4RGJRRU0wd2xodjRBc3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC84MjhmOTktODNiNS00MGFkLWE1YTctMDY0MzdlYzQ2NmI4
LzEvdTlMY0hTeVB2Y0NGRnFzTHNnaU1OLXNBS0dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS8lMA0G
CSqGSIb3DQEBCwUAA4IBAQCULmPO2icGlHqMHGt7VO58ljOdG0AGj4x/h1aDK3IG
yD9pylj2ruieMLwjLf4iuxlV5Hr2buznBMZg9tkY/QWupABk4pmku/TtKrDItJVX
c7G8esmJ8iltf6UppiBnM49a81ftdB1vBu+ZyNdBhUa546mV16YF6+UF3I5xTiZZ
uD9FDS077B85CvwlHIhnBV+qBWisQS+CVt2dDaicnOlPYsMNjVzu06gGHZ8kROlH
t0UC2M5LJXzH6ckdBiNmaT1jE99zdWLPRuYOEMB1OwERQWYiJbi6i29AmwgQa7FU
DQeQVyRGn6q8W4EvSs5/WGAOZa6ewbNjyL0AlESCA0ub
-----END CERTIFICATE-----