Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/Kn7MDXlNGlATKoeiTIA7J6uCQTg.roa
File:                     Kn7MDXlNGlATKoeiTIA7J6uCQTg.roa (raw, json)
Hash identifier:          ErnQVPS51Dpf0L5u2FRTLChfvQq9ArDVz179RCPgB2E=
Subject key identifier:   2A:7E:CC:0D:79:4D:1A:50:13:2A:87:A2:4C:80:3B:27:AB:82:41:38
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       018CC56EF56E25FD6D780BB22FADED47D928
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/Kn7MDXlNGlATKoeiTIA7J6uCQTg.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199191
IP address blocks:        87.246.27.0/24 maxlen: 24
                          87.246.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f5:6e:25:fd:6d:78:0b:b2:2f:ad:ed:47:d9:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a7ecc0d794d1a50132a87a24c803b27ab824138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c0:93:24:b9:4e:99:c8:96:d3:05:8a:14:f1:
                    7e:5c:00:1e:03:47:0b:74:a2:a9:92:5a:7e:3e:51:
                    dd:0d:e9:b5:65:0d:a8:0d:4d:ae:e4:79:f3:27:af:
                    a2:07:37:c6:58:1c:0b:e0:47:42:c0:57:d5:c4:df:
                    db:02:bc:31:90:ce:7b:f5:87:d2:dc:59:7a:4f:87:
                    60:65:e7:27:79:b8:e2:86:7f:af:e7:05:16:ab:c7:
                    49:8a:df:96:d4:7e:6f:c5:9e:e4:91:c2:94:81:75:
                    13:6f:fc:1e:d4:15:a5:24:1e:6c:f0:b8:4d:39:49:
                    1a:b8:b2:52:a1:39:d7:7c:6b:9a:87:b0:0c:e6:92:
                    87:ca:9d:2a:e6:e6:cb:68:97:2c:87:84:d6:c1:b4:
                    6e:1f:cc:08:a1:27:67:96:b4:b4:18:79:c2:29:11:
                    54:be:b7:02:1a:1f:4c:a1:a9:8e:82:25:de:84:9a:
                    94:24:de:07:12:9b:8b:1e:85:ce:57:fd:07:97:78:
                    2f:84:03:8c:f3:29:9e:bd:4b:61:82:9c:f1:92:14:
                    17:12:74:93:12:a9:11:41:c1:61:e2:13:b8:c6:f0:
                    9c:03:a5:6a:95:c8:0d:3c:29:46:34:10:28:98:16:
                    3a:65:f5:fc:6d:0f:8a:7d:e9:1b:53:9b:ff:71:52:
                    aa:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:7E:CC:0D:79:4D:1A:50:13:2A:87:A2:4C:80:3B:27:AB:82:41:38
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/Kn7MDXlNGlATKoeiTIA7J6uCQTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.246.27.0/24
                  87.246.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:ed:cb:7a:e1:fd:19:f6:a7:fe:50:9f:c7:f5:10:e3:b6:a1:
         78:f0:a1:e6:62:10:5f:72:72:82:8d:d0:26:8b:38:d5:f5:04:
         56:f6:59:45:76:7f:4e:f7:ae:bf:e8:ac:14:ca:63:10:d0:96:
         43:bb:56:72:a5:61:d2:a5:13:62:5b:43:5c:d4:9f:8e:80:2d:
         88:1d:44:37:7e:f5:98:c8:f3:e7:6e:0b:d9:a4:7a:00:04:ab:
         3c:7a:b2:d8:6d:80:84:6a:ec:17:80:b6:a7:61:ba:f5:da:dc:
         da:01:59:e8:9f:67:d6:cb:a7:a0:e7:de:92:e0:ac:d6:66:16:
         33:3e:b2:0c:ab:5d:e3:78:ff:bd:b9:41:2a:5d:06:b3:4d:38:
         4b:07:a6:02:47:fe:4e:4a:28:d3:62:ed:a4:2b:3a:4f:d8:c2:
         93:10:95:25:dd:e9:03:5a:2b:9e:8d:57:a4:0c:72:5b:39:d5:
         37:81:c1:7a:a0:0e:be:e2:05:48:19:41:3e:aa:b0:95:4e:56:
         c5:8c:f4:9a:64:e9:1e:0f:bd:b8:50:33:28:06:a6:c7:5d:fc:
         29:00:0d:06:06:5a:4d:7b:06:f4:06:58:c6:b8:eb:25:d0:04:
         b7:c4:d0:7f:58:3b:1c:d2:9a:24:0f:32:91:05:cf:cf:d2:f5:
         a0:1a:a0:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbvVuJf1teAuyL63tR9koMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTdlY2MwZDc5NGQxYTUwMTMyYTg3YTI0YzgwM2IyN2FiODI0MTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8CTJLlOmciW0wWKFPF+XAAeA0cL
dKKpklp+PlHdDem1ZQ2oDU2u5HnzJ6+iBzfGWBwL4EdCwFfVxN/bArwxkM579YfS
3Fl6T4dgZecnebjihn+v5wUWq8dJit+W1H5vxZ7kkcKUgXUTb/we1BWlJB5s8LhN
OUkauLJSoTnXfGuah7AM5pKHyp0q5ubLaJcsh4TWwbRuH8wIoSdnlrS0GHnCKRFU
vrcCGh9MoamOgiXehJqUJN4HEpuLHoXOV/0Hl3gvhAOM8ymevUthgpzxkhQXEnST
EqkRQcFh4hO4xvCcA6VqlcgNPClGNBAomBY6ZfX8bQ+KfekbU5v/cVKq+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCp+zA15TRpQEyqHokyAOyergkE4MB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvS243TURYbE5HbEFUS29laVRJQTdKNnVDUVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/YbAwQA
V/YgMA0GCSqGSIb3DQEBCwUAA4IBAQAz7ct64f0Z9qf+UJ/H9RDjtqF48KHmYhBf
cnKCjdAmizjV9QRW9llFdn9O966/6KwUymMQ0JZDu1ZypWHSpRNiW0Nc1J+OgC2I
HUQ3fvWYyPPnbgvZpHoABKs8erLYbYCEauwXgLanYbr12tzaAVnon2fWy6eg596S
4KzWZhYzPrIMq13jeP+9uUEqXQazTThLB6YCR/5OSijTYu2kKzpP2MKTEJUl3ekD
WiuejVekDHJbOdU3gcF6oA6+4gVIGUE+qrCVTlbFjPSaZOkeD724UDMoBqbHXfwp
AA0GBlpNewb0BljGuOsl0AS3xNB/WDsc0pokDzKRBc/P0vWgGqBV
-----END CERTIFICATE-----