Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/77792b-e20e-4bf7-b126-359f79361e99/1/Nib3bi_B183dy6WxnKJ0SmDGmIs.roa
File:                     Nib3bi_B183dy6WxnKJ0SmDGmIs.roa (raw, json)
Hash identifier:          3AhmHomt9Hb9T0lylPEUWxjyo+u1VGSuJedADz0aA0Q=
Subject key identifier:   36:26:F7:6E:2F:C1:D7:CD:DD:CB:A5:B1:9C:A2:74:4A:60:C6:98:8B
Certificate issuer:       /CN=8fa9aeb426c28a34808776f9568935d3b9ec9e08
Certificate serial:       018CC9BC4210D49ADE15D22E770CBFA437B6
Authority key identifier: 8F:A9:AE:B4:26:C2:8A:34:80:87:76:F9:56:89:35:D3:B9:EC:9E:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j6mutCbCijSAh3b5Vok107nsngg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/77792b-e20e-4bf7-b126-359f79361e99/1/Nib3bi_B183dy6WxnKJ0SmDGmIs.roa
Signing time:             Tue 02 Jan 2024 10:33:27 +0000
ROA not before:           Tue 02 Jan 2024 10:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211569
IP address blocks:        185.225.10.0/24 maxlen: 24
                          2a10:e480::/29 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/77792b-e20e-4bf7-b126-359f79361e99/1/j6mutCbCijSAh3b5Vok107nsngg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/77792b-e20e-4bf7-b126-359f79361e99/1/j6mutCbCijSAh3b5Vok107nsngg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j6mutCbCijSAh3b5Vok107nsngg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 18:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:42:10:d4:9a:de:15:d2:2e:77:0c:bf:a4:37:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fa9aeb426c28a34808776f9568935d3b9ec9e08
        Validity
            Not Before: Jan  2 10:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3626f76e2fc1d7cdddcba5b19ca2744a60c6988b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:93:fc:4f:c8:c1:f6:b7:c6:5f:34:c6:82:1e:
                    7c:a1:00:5f:53:52:5f:a4:c4:0c:32:c1:b3:1e:f3:
                    f8:d4:97:ad:94:85:0b:47:e3:fe:c2:30:b2:ce:f3:
                    01:9e:a7:92:32:44:e8:54:21:ac:4f:8d:9d:43:f9:
                    71:a8:13:dc:70:c7:36:b6:57:6e:61:a2:2c:48:e4:
                    35:2b:fa:99:a7:01:85:ab:bf:4a:42:23:db:90:3e:
                    91:c3:fe:1e:16:50:ef:67:38:48:05:d4:df:66:54:
                    f4:42:cf:99:fc:8b:e2:68:4a:1f:3f:ac:fd:0a:6c:
                    40:4b:70:08:16:d7:70:e0:78:92:e6:9b:1a:c4:fb:
                    53:12:31:de:a2:b8:93:67:28:d4:da:ba:75:aa:3f:
                    c7:b6:2f:95:65:62:5c:01:80:b6:71:cd:8b:fa:06:
                    8d:37:81:3d:42:99:a6:6b:20:4f:90:62:38:30:41:
                    0d:2a:3d:1c:e9:ce:2f:8e:f2:ae:20:5b:cd:cf:8c:
                    ee:4e:e0:ee:37:a3:75:01:b8:f0:ac:6e:45:4e:33:
                    19:90:3c:58:a2:3a:0b:b2:97:1a:cf:29:a9:8d:49:
                    09:d7:6a:23:3f:50:3f:84:e3:55:08:6a:f3:8a:23:
                    eb:52:5e:91:8e:7f:6d:fd:a5:ca:e6:0f:e5:76:bf:
                    96:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:26:F7:6E:2F:C1:D7:CD:DD:CB:A5:B1:9C:A2:74:4A:60:C6:98:8B
            X509v3 Authority Key Identifier:
                keyid:8F:A9:AE:B4:26:C2:8A:34:80:87:76:F9:56:89:35:D3:B9:EC:9E:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j6mutCbCijSAh3b5Vok107nsngg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/77792b-e20e-4bf7-b126-359f79361e99/1/Nib3bi_B183dy6WxnKJ0SmDGmIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/77792b-e20e-4bf7-b126-359f79361e99/1/j6mutCbCijSAh3b5Vok107nsngg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.10.0/24
                IPv6:
                  2a10:e480::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:80:a8:ce:c9:49:27:52:33:9f:6b:36:86:03:8b:08:c9:61:
         f8:26:32:c6:2e:ba:26:a5:4f:d8:15:4b:12:f7:31:ff:20:aa:
         44:6e:92:7c:b1:81:db:24:73:ac:31:17:37:ae:ad:94:17:da:
         63:1c:bd:9e:46:10:d4:36:2c:c1:45:79:ac:59:15:41:ee:cc:
         11:37:43:34:45:11:39:ad:98:ac:3f:49:e0:de:d8:0a:53:74:
         7c:15:e4:9b:32:19:28:d9:26:5a:09:08:4c:03:14:90:43:a7:
         29:6c:de:14:e5:71:1c:d9:7d:fa:17:42:24:e3:8f:12:7a:6c:
         9d:2b:e9:a0:8f:20:75:a8:79:13:3c:bf:eb:5e:a3:0c:93:4c:
         d9:28:7e:35:f9:af:2f:fe:44:b1:fa:4a:00:6d:e4:f3:95:37:
         71:24:28:15:e9:3a:1f:f0:79:42:d0:1d:8c:e2:5e:11:ae:fa:
         71:ef:3a:c1:95:02:10:38:e2:94:70:73:78:f5:ac:f3:45:aa:
         3c:64:b2:06:93:a8:94:d8:29:7d:1d:a3:e1:c6:05:c0:d1:8a:
         bb:b5:fa:52:e3:fa:ae:86:23:b4:7d:f7:7f:af:b8:de:f3:b4:
         9d:0b:8a:0b:86:f6:74:f2:6a:e6:39:45:2e:44:df:75:e5:51:
         b0:8d:ee:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvEIQ1JreFdIudwy/pDe2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYTlhZWI0MjZjMjhhMzQ4MDg3NzZmOTU2ODkzNWQzYjll
YzllMDgwHhcNMjQwMTAyMTAzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjI2Zjc2ZTJmYzFkN2NkZGRjYmE1YjE5Y2EyNzQ0YTYwYzY5ODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpP8T8jB9rfGXzTGgh58oQBfU1Jf
pMQMMsGzHvP41JetlIULR+P+wjCyzvMBnqeSMkToVCGsT42dQ/lxqBPccMc2tldu
YaIsSOQ1K/qZpwGFq79KQiPbkD6Rw/4eFlDvZzhIBdTfZlT0Qs+Z/IviaEofP6z9
CmxAS3AIFtdw4HiS5psaxPtTEjHeoriTZyjU2rp1qj/Hti+VZWJcAYC2cc2L+gaN
N4E9QpmmayBPkGI4MEENKj0c6c4vjvKuIFvNz4zuTuDuN6N1AbjwrG5FTjMZkDxY
ojoLspcazympjUkJ12ojP1A/hONVCGrziiPrUl6Rjn9t/aXK5g/ldr+W2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDYm924vwdfN3culsZyidEpgxpiLMB8GA1UdIwQY
MBaAFI+prrQmwoo0gId2+VaJNdO57J4IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajZtdXRDYkNpalNBaDNiNVZvazEwN25zbmdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi83Nzc5MmItZTIwZS00YmY3LWIxMjYt
MzU5Zjc5MzYxZTk5LzEvTmliM2JpX0IxODNkeTZXeG5LSjBTbURHbUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi83Nzc5MmItZTIwZS00YmY3LWIxMjYtMzU5Zjc5MzYxZTk5
LzEvajZtdXRDYkNpalNBaDNiNVZvazEwN25zbmdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAueEKMA0E
AgACMAcDBQMqEOSAMA0GCSqGSIb3DQEBCwUAA4IBAQAQgKjOyUknUjOfazaGA4sI
yWH4JjLGLrompU/YFUsS9zH/IKpEbpJ8sYHbJHOsMRc3rq2UF9pjHL2eRhDUNizB
RXmsWRVB7swRN0M0RRE5rZisP0ng3tgKU3R8FeSbMhko2SZaCQhMAxSQQ6cpbN4U
5XEc2X36F0Ik448SemydK+mgjyB1qHkTPL/rXqMMk0zZKH41+a8v/kSx+koAbeTz
lTdxJCgV6Tof8HlC0B2M4l4Rrvpx7zrBlQIQOOKUcHN49azzRao8ZLIGk6iU2Cl9
HaPhxgXA0Yq7tfpS4/quhiO0ffd/r7je87SdC4oLhvZ08mrmOUUuRN915VGwje7U
-----END CERTIFICATE-----