Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/yLzrDp2Fk69zZmFlYknZxn0mQ0c.roa
File:                     yLzrDp2Fk69zZmFlYknZxn0mQ0c.roa (raw, json)
Hash identifier:          i/fQTRbEJRJk7RvyK0xpkXzoI6sUonZCjsp8cMPw5aA=
Subject key identifier:   C8:BC:EB:0E:9D:85:93:AF:73:66:61:65:62:49:D9:C6:7D:26:43:47
Certificate issuer:       /CN=d367d1635b46b3c2274b287505bbbd7d915dcaf5
Certificate serial:       018CC26D49CD20FA8C2A2D563B125E031FF0
Authority key identifier: D3:67:D1:63:5B:46:B3:C2:27:4B:28:75:05:BB:BD:7D:91:5D:CA:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02fRY1tGs8InSyh1Bbu9fZFdyvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/yLzrDp2Fk69zZmFlYknZxn0mQ0c.roa
Signing time:             Mon 01 Jan 2024 00:29:51 +0000
ROA not before:           Mon 01 Jan 2024 00:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23393
IP address blocks:        178.255.80.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/02fRY1tGs8InSyh1Bbu9fZFdyvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/02fRY1tGs8InSyh1Bbu9fZFdyvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02fRY1tGs8InSyh1Bbu9fZFdyvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:49:cd:20:fa:8c:2a:2d:56:3b:12:5e:03:1f:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d367d1635b46b3c2274b287505bbbd7d915dcaf5
        Validity
            Not Before: Jan  1 00:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8bceb0e9d8593af736661656249d9c67d264347
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a5:5d:43:14:d3:f1:45:b3:55:58:a4:8b:4b:
                    5f:07:e3:ef:a2:f1:63:92:b2:eb:78:77:df:73:45:
                    57:c0:f7:dc:36:26:a0:2e:19:23:27:f4:64:67:ee:
                    bc:c4:e1:56:f1:f3:22:ea:d2:ca:2e:64:0f:e1:ed:
                    e1:32:5b:06:7a:5e:35:a8:2f:d0:56:0e:1c:68:e7:
                    6f:3f:be:e6:c6:7a:95:be:69:81:f3:11:4d:97:48:
                    9b:e1:63:e7:63:a4:1b:4f:9f:10:75:4b:1f:40:07:
                    5a:aa:85:13:4d:38:2f:07:be:c2:0b:96:03:06:b3:
                    c4:0f:ca:0e:10:8e:02:4c:dc:7f:96:b3:ee:9b:65:
                    75:42:fd:3c:29:cb:7c:98:4f:f1:fc:d4:66:38:87:
                    b3:1b:24:72:e1:1c:8a:9e:a1:45:00:35:17:fa:e3:
                    0d:c5:8a:87:6d:db:7d:94:54:4f:aa:f3:78:e2:c0:
                    23:dc:13:a3:52:6c:1b:4a:9b:40:df:b7:6e:16:2f:
                    a5:9d:7d:47:cf:bc:5a:d3:f9:b9:64:e5:32:46:b2:
                    58:99:a3:7f:30:28:40:16:40:74:e6:49:0e:be:25:
                    d5:f0:ee:cd:80:72:f4:a5:7a:44:33:12:f7:55:07:
                    f3:04:a4:99:88:1c:30:32:07:21:95:2b:e3:98:3b:
                    2f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:BC:EB:0E:9D:85:93:AF:73:66:61:65:62:49:D9:C6:7D:26:43:47
            X509v3 Authority Key Identifier:
                keyid:D3:67:D1:63:5B:46:B3:C2:27:4B:28:75:05:BB:BD:7D:91:5D:CA:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02fRY1tGs8InSyh1Bbu9fZFdyvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/yLzrDp2Fk69zZmFlYknZxn0mQ0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/8a8b4c-8f12-4c8d-8be4-69b8d6b53e8c/1/02fRY1tGs8InSyh1Bbu9fZFdyvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         78:2b:30:4a:01:2c:41:e3:af:e3:6b:d1:ec:d1:fa:17:fe:ec:
         a9:9f:22:5d:b1:6f:a9:4f:9c:b9:29:b3:98:70:a3:dd:b2:5b:
         74:70:ec:b6:3c:6a:a1:d0:19:58:e2:4a:23:e0:a4:55:6c:25:
         22:d9:65:2c:16:6e:21:ba:61:75:a1:3e:4e:f9:84:b7:41:89:
         5d:94:ed:8a:41:4e:4f:79:a0:56:5f:6e:2d:1e:b9:3a:78:8c:
         96:46:67:fe:cc:db:e7:9e:73:ec:cc:59:bb:2a:b8:03:b5:7e:
         31:1c:14:e7:d7:ad:0c:86:64:10:df:75:0f:9e:89:30:50:79:
         bc:81:77:03:d6:61:99:f8:39:1d:20:53:5f:db:34:30:42:54:
         da:ee:8d:db:2a:9e:cf:00:a3:36:88:45:62:5f:aa:c9:bc:9f:
         e8:fa:16:51:d5:84:e7:e8:65:e4:2d:d6:8b:04:d8:d1:3c:f7:
         7d:64:1a:47:ec:aa:2f:d0:8b:73:a2:67:f3:0b:f0:db:81:95:
         5c:8a:d5:a3:17:ce:54:38:12:af:32:a8:c3:77:9e:56:c6:a6:
         2b:45:4a:a0:ae:03:59:b2:a2:1c:73:1c:71:9f:08:5f:e0:57:
         3d:88:d8:7d:20:24:4a:3e:3d:96:60:8a:80:4b:97:a8:f6:2e:
         27:3a:ef:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUnNIPqMKi1WOxJeAx/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjdkMTYzNWI0NmIzYzIyNzRiMjg3NTA1YmJiZDdkOTE1
ZGNhZjUwHhcNMjQwMTAxMDAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGJjZWIwZTlkODU5M2FmNzM2NjYxNjU2MjQ5ZDljNjdkMjY0MzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqVdQxTT8UWzVViki0tfB+PvovFj
krLreHffc0VXwPfcNiagLhkjJ/RkZ+68xOFW8fMi6tLKLmQP4e3hMlsGel41qC/Q
Vg4caOdvP77mxnqVvmmB8xFNl0ib4WPnY6QbT58QdUsfQAdaqoUTTTgvB77CC5YD
BrPED8oOEI4CTNx/lrPum2V1Qv08Kct8mE/x/NRmOIezGyRy4RyKnqFFADUX+uMN
xYqHbdt9lFRPqvN44sAj3BOjUmwbSptA37duFi+lnX1Hz7xa0/m5ZOUyRrJYmaN/
MChAFkB05kkOviXV8O7NgHL0pXpEMxL3VQfzBKSZiBwwMgchlSvjmDsvFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMi86w6dhZOvc2ZhZWJJ2cZ9JkNHMB8GA1UdIwQY
MBaAFNNn0WNbRrPCJ0sodQW7vX2RXcr1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJmUlkxdEdzOEluU3loMUJidTlmWkZkeXZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy84YThiNGMtOGYxMi00YzhkLThiZTQt
NjliOGQ2YjUzZThjLzEveUx6ckRwMkZrNjl6Wm1GbFlrblp4bjBtUTBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy84YThiNGMtOGYxMi00YzhkLThiZTQtNjliOGQ2YjUzZThj
LzEvMDJmUlkxdEdzOEluU3loMUJidTlmWkZkeXZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsv9QMA0G
CSqGSIb3DQEBCwUAA4IBAQB4KzBKASxB46/ja9Hs0foX/uypnyJdsW+pT5y5KbOY
cKPdslt0cOy2PGqh0BlY4koj4KRVbCUi2WUsFm4humF1oT5O+YS3QYldlO2KQU5P
eaBWX24tHrk6eIyWRmf+zNvnnnPszFm7KrgDtX4xHBTn160MhmQQ33UPnokwUHm8
gXcD1mGZ+DkdIFNf2zQwQlTa7o3bKp7PAKM2iEViX6rJvJ/o+hZR1YTn6GXkLdaL
BNjRPPd9ZBpH7Kov0ItzomfzC/DbgZVcitWjF85UOBKvMqjDd55WxqYrRUqgrgNZ
sqIccxxxnwhf4Fc9iNh9ICRKPj2WYIqAS5eo9i4nOu8Y
-----END CERTIFICATE-----