Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/s8ciaCyrMNIVjgf8iRLVlYK3iuQ.roa
File:                     s8ciaCyrMNIVjgf8iRLVlYK3iuQ.roa (raw, json)
Hash identifier:          rapYi4Esen2+ro4pzDnKSIiogMt5XB9QPtlI985qlC4=
Subject key identifier:   B3:C7:22:68:2C:AB:30:D2:15:8E:07:FC:89:12:D5:95:82:B7:8A:E4
Certificate issuer:       /CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
Certificate serial:       018CC64B3F7B4304171F045E47D0A5FBF3C6
Authority key identifier: E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/s8ciaCyrMNIVjgf8iRLVlYK3iuQ.roa
Signing time:             Mon 01 Jan 2024 18:31:09 +0000
ROA not before:           Mon 01 Jan 2024 18:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20546
IP address blocks:        185.64.96.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3f:7b:43:04:17:1f:04:5e:47:d0:a5:fb:f3:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
        Validity
            Not Before: Jan  1 18:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3c722682cab30d2158e07fc8912d59582b78ae4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:44:ee:b6:02:9f:22:84:fa:f0:34:ac:3e:54:
                    e7:da:98:43:a2:c3:89:d2:d7:94:6d:41:2d:be:a3:
                    90:26:43:d3:42:7d:5b:4d:98:6c:ee:87:84:e0:b8:
                    b8:58:7e:85:83:f1:a0:c3:30:4a:79:cb:5a:4a:01:
                    12:ff:3f:1c:43:04:d8:74:3c:5f:66:d4:42:25:7f:
                    d6:ee:44:d3:a5:0b:8a:39:d4:dc:10:e7:85:fb:c0:
                    12:31:e2:d7:fc:25:c1:a1:57:b6:8e:ba:06:52:57:
                    ac:a4:b4:82:5d:d4:0e:48:30:c7:c0:12:bb:83:fc:
                    30:ba:6e:45:66:20:ab:15:9c:9e:f0:36:cc:e1:43:
                    e8:a7:87:a7:25:8d:ac:0e:7d:67:88:7f:8c:13:e6:
                    6a:4c:68:fd:0c:99:e8:2b:ba:ff:32:53:b7:e9:72:
                    df:9a:e8:c2:c1:4a:aa:61:ea:05:2a:3e:9d:e3:11:
                    ac:e0:a2:9d:fe:8f:3f:a2:ff:5c:76:3a:28:3a:b1:
                    b2:b3:42:ef:62:b7:74:8a:05:70:14:33:cd:83:7e:
                    d2:e2:45:9f:96:96:79:b2:d9:6d:27:1d:89:5b:0d:
                    50:6c:51:2b:04:71:48:e8:92:5d:68:44:61:a1:fb:
                    e2:c3:80:e9:da:f8:86:f3:1f:41:ce:0f:37:0c:39:
                    89:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:C7:22:68:2C:AB:30:D2:15:8E:07:FC:89:12:D5:95:82:B7:8A:E4
            X509v3 Authority Key Identifier:
                keyid:E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/s8ciaCyrMNIVjgf8iRLVlYK3iuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:44:a6:f2:6c:f5:5f:af:b7:08:6d:30:72:b5:1b:1c:7e:c3:
         bc:45:ad:98:bd:a1:4d:d4:fd:06:43:af:2d:25:0b:b4:fa:ec:
         33:dd:50:d7:ba:50:bd:5a:48:1b:bc:02:10:ba:3c:6f:19:fd:
         d9:46:85:f0:a6:6a:39:ee:14:03:84:14:83:4f:0b:79:df:44:
         c5:a1:3b:cb:34:48:37:49:21:a7:bd:d9:66:39:14:df:0c:e1:
         a3:bf:e2:e6:a2:52:b2:de:bb:22:78:1b:ae:9c:6f:c9:65:aa:
         81:55:8e:f9:41:57:ea:0b:4f:4a:c6:11:dc:42:94:46:71:8f:
         a6:2e:1a:d6:d5:ce:5c:bc:c6:0f:86:d1:dc:f7:0c:a8:84:1e:
         88:b4:a4:13:48:a8:14:4d:79:49:5b:8a:b0:3c:05:09:b1:b3:
         f3:de:7e:4e:5e:f0:2c:9d:f3:f2:c0:6d:bc:9c:b5:10:61:19:
         6e:f3:d7:94:b3:c7:59:95:10:6f:68:a4:0b:ed:50:7d:c2:fd:
         cd:9d:7c:cc:36:b1:4e:24:00:ae:f3:b9:29:3b:37:06:0c:f4:
         2d:d1:0d:5b:1b:0b:8a:59:95:a5:88:d3:49:c5:0c:e8:49:cf:
         01:70:d1:74:cd:af:c4:15:9c:ae:2d:82:f1:07:cd:b5:75:2c:
         1e:57:84:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSz97QwQXHwReR9Cl+/PGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDljZmIwNzhlZGE1ODE2ZmM4MDllOThjMjVjYjcxOTYz
ZTc1YjcwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2M3MjI2ODJjYWIzMGQyMTU4ZTA3ZmM4OTEyZDU5NTgyYjc4YWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkTutgKfIoT68DSsPlTn2phDosOJ
0teUbUEtvqOQJkPTQn1bTZhs7oeE4Li4WH6Fg/GgwzBKectaSgES/z8cQwTYdDxf
ZtRCJX/W7kTTpQuKOdTcEOeF+8ASMeLX/CXBoVe2jroGUlespLSCXdQOSDDHwBK7
g/wwum5FZiCrFZye8DbM4UPop4enJY2sDn1niH+ME+ZqTGj9DJnoK7r/MlO36XLf
mujCwUqqYeoFKj6d4xGs4KKd/o8/ov9cdjooOrGys0LvYrd0igVwFDPNg37S4kWf
lpZ5stltJx2JWw1QbFErBHFI6JJdaERhofviw4Dp2viG8x9Bzg83DDmJlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPHImgsqzDSFY4H/IkS1ZWCt4rkMB8GA1UdIwQY
MBaAFOfZz7B47aWBb8gJ6Ywly3GWPnW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEt
ZmVlZTdjMjlkNGRlLzEvczhjaWFDeXJNTklWamdmOGlSTFZsWUszaXVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEtZmVlZTdjMjlkNGRl
LzEvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUBgMA0G
CSqGSIb3DQEBCwUAA4IBAQALRKbybPVfr7cIbTBytRscfsO8Ra2YvaFN1P0GQ68t
JQu0+uwz3VDXulC9WkgbvAIQujxvGf3ZRoXwpmo57hQDhBSDTwt530TFoTvLNEg3
SSGnvdlmORTfDOGjv+LmolKy3rsieBuunG/JZaqBVY75QVfqC09KxhHcQpRGcY+m
LhrW1c5cvMYPhtHc9wyohB6ItKQTSKgUTXlJW4qwPAUJsbPz3n5OXvAsnfPywG28
nLUQYRlu89eUs8dZlRBvaKQL7VB9wv3NnXzMNrFOJACu87kpOzcGDPQt0Q1bGwuK
WZWliNNJxQzoSc8BcNF0za/EFZyuLYLxB821dSweV4Rp
-----END CERTIFICATE-----