Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/iopDWpo_rr_E4Jdu-DFJ_YACb-s.roa
File:                     iopDWpo_rr_E4Jdu-DFJ_YACb-s.roa (raw, json)
Hash identifier:          Fdit1nHKijH5P0XK6gAs4Qqb+a25jZ9LTB23GgD9Srg=
Subject key identifier:   8A:8A:43:5A:9A:3F:AE:BF:C4:E0:97:6E:F8:31:49:FD:80:02:6F:EB
Certificate issuer:       /CN=0277acd112f1c6c833bec22f8b53cc70d2390876
Certificate serial:       018CC86F55A2BE34D090EB5E325B888624B6
Authority key identifier: 02:77:AC:D1:12:F1:C6:C8:33:BE:C2:2F:8B:53:CC:70:D2:39:08:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/iopDWpo_rr_E4Jdu-DFJ_YACb-s.roa
Signing time:             Tue 02 Jan 2024 04:29:48 +0000
ROA not before:           Tue 02 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59973
IP address blocks:        176.58.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:55:a2:be:34:d0:90:eb:5e:32:5b:88:86:24:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0277acd112f1c6c833bec22f8b53cc70d2390876
        Validity
            Not Before: Jan  2 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a8a435a9a3faebfc4e0976ef83149fd80026feb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b2:b1:20:3d:cd:22:0a:26:91:cc:63:8a:a4:
                    01:2a:17:0d:03:3a:b7:9b:3d:cb:3b:dd:0e:f1:63:
                    23:b3:8b:b8:6b:1e:25:09:a4:a8:cf:e9:28:a3:7e:
                    5a:32:2c:82:4d:6a:52:bc:18:47:02:72:a3:01:8d:
                    da:be:a4:88:cc:9c:19:79:8e:ba:60:92:cf:36:e7:
                    1f:ac:2b:e5:03:c4:b2:39:c2:2d:1d:59:85:2d:e5:
                    ad:e7:3a:31:7f:82:d4:6b:5b:60:46:82:bf:fb:8f:
                    a2:cb:c5:e4:f8:38:da:c0:9a:09:40:08:37:d9:3f:
                    ec:4a:1e:fb:7b:a6:db:87:e7:44:42:87:f2:22:38:
                    82:48:a0:99:3b:bb:02:ff:ff:63:a6:88:47:7f:dc:
                    ce:95:50:f4:9f:6b:a1:01:62:27:d6:ad:e0:d8:c5:
                    bb:6e:62:fe:07:a9:83:df:1a:51:70:d5:8f:39:4e:
                    03:1a:09:bd:c3:c2:bc:82:0b:b9:1f:5e:42:b8:73:
                    ba:ea:0e:be:5f:50:b2:92:26:3a:5a:21:79:48:9f:
                    e7:61:a8:25:eb:59:22:a5:7e:dc:cb:45:3d:c2:f6:
                    5f:73:f3:03:53:54:e3:c6:ac:1c:70:18:42:f4:fb:
                    bb:56:4d:9b:63:83:ec:c3:fc:68:d1:90:f6:22:28:
                    e5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:8A:43:5A:9A:3F:AE:BF:C4:E0:97:6E:F8:31:49:FD:80:02:6F:EB
            X509v3 Authority Key Identifier:
                keyid:02:77:AC:D1:12:F1:C6:C8:33:BE:C2:2F:8B:53:CC:70:D2:39:08:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/iopDWpo_rr_E4Jdu-DFJ_YACb-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d3:5e:00:35:5c:24:cc:c8:3f:6b:77:f5:04:6b:e0:47:77:
         0c:6d:9d:c3:7c:29:4d:6f:e9:4a:34:86:1d:71:ff:52:5b:74:
         57:e4:9e:78:cb:ab:e7:98:bf:ed:49:f9:c4:0f:fa:b5:19:6e:
         70:f2:e0:4d:a0:61:6e:9e:22:49:d5:95:3a:48:37:2d:15:86:
         03:2e:85:11:c0:2e:dd:a5:84:64:4b:9e:bf:36:83:4f:3a:f0:
         40:f4:4e:36:35:92:09:5f:a7:45:68:8f:16:2d:5a:d3:55:d3:
         39:34:14:80:b6:46:15:71:03:4a:cc:a3:74:83:c0:62:7c:19:
         32:7f:b9:c8:bc:f6:e2:f6:90:34:70:a4:48:48:99:49:6a:a2:
         de:e5:23:aa:6d:a6:dd:d6:76:89:f5:80:5d:96:f0:29:6c:b6:
         2f:07:ed:bb:a4:05:fb:2a:10:40:42:2b:b8:0e:2b:f2:51:36:
         46:f5:be:55:86:38:e4:a9:15:54:14:8d:32:db:3d:6a:0d:8e:
         fc:ba:5e:f8:a3:54:f4:1e:92:a6:59:0f:81:c2:82:aa:d1:2b:
         89:fe:af:03:27:85:91:dc:50:78:26:c9:a1:34:f3:d7:86:7d:
         17:97:35:ef:48:f0:fe:f4:18:3b:81:e4:bc:df:de:a8:2c:e7:
         88:cd:59:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1WivjTQkOteMluIhiS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNzdhY2QxMTJmMWM2YzgzM2JlYzIyZjhiNTNjYzcwZDIz
OTA4NzYwHhcNMjQwMTAyMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YThhNDM1YTlhM2ZhZWJmYzRlMDk3NmVmODMxNDlmZDgwMDI2ZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLKxID3NIgomkcxjiqQBKhcNAzq3
mz3LO90O8WMjs4u4ax4lCaSoz+koo35aMiyCTWpSvBhHAnKjAY3avqSIzJwZeY66
YJLPNucfrCvlA8SyOcItHVmFLeWt5zoxf4LUa1tgRoK/+4+iy8Xk+DjawJoJQAg3
2T/sSh77e6bbh+dEQofyIjiCSKCZO7sC//9jpohHf9zOlVD0n2uhAWIn1q3g2MW7
bmL+B6mD3xpRcNWPOU4DGgm9w8K8ggu5H15CuHO66g6+X1CykiY6WiF5SJ/nYagl
61kipX7cy0U9wvZfc/MDU1TjxqwccBhC9Pu7Vk2bY4Psw/xo0ZD2IijlwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqKQ1qaP66/xOCXbvgxSf2AAm/rMB8GA1UdIwQY
MBaAFAJ3rNES8cbIM77CL4tTzHDSOQh2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW5lczBSTHh4c2d6dnNJdmkxUE1jTkk1Q0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yYzBmMGItNzgzMS00MWQzLTkxNmQt
ZDk2NTU5ODc4NzRhLzEvaW9wRFdwb19ycl9FNEpkdS1ERkpfWUFDYi1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yYzBmMGItNzgzMS00MWQzLTkxNmQtZDk2NTU5ODc4NzRh
LzEvQW5lczBSTHh4c2d6dnNJdmkxUE1jTkk1Q0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDpCMA0G
CSqGSIb3DQEBCwUAA4IBAQB8014ANVwkzMg/a3f1BGvgR3cMbZ3DfClNb+lKNIYd
cf9SW3RX5J54y6vnmL/tSfnED/q1GW5w8uBNoGFuniJJ1ZU6SDctFYYDLoURwC7d
pYRkS56/NoNPOvBA9E42NZIJX6dFaI8WLVrTVdM5NBSAtkYVcQNKzKN0g8BifBky
f7nIvPbi9pA0cKRISJlJaqLe5SOqbabd1naJ9YBdlvApbLYvB+27pAX7KhBAQiu4
DivyUTZG9b5VhjjkqRVUFI0y2z1qDY78ul74o1T0HpKmWQ+BwoKq0SuJ/q8DJ4WR
3FB4JsmhNPPXhn0XlzXvSPD+9Bg7geS8396oLOeIzVnd
-----END CERTIFICATE-----