Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/oq6FJoCxI2q3o4XGq4xg-2S77tY.roa
File:                     oq6FJoCxI2q3o4XGq4xg-2S77tY.roa (raw, json)
Hash identifier:          mgEiRLTIlQUfq6TOKMCjpUNS7fgeYq46yqwlQT5fn/k=
Subject key identifier:   A2:AE:85:26:80:B1:23:6A:B7:A3:85:C6:AB:8C:60:FB:64:BB:EE:D6
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018CC56F03F70E5F631EBE9723C7FAE0805E
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/oq6FJoCxI2q3o4XGq4xg-2S77tY.roa
Signing time:             Mon 01 Jan 2024 14:30:36 +0000
ROA not before:           Mon 01 Jan 2024 14:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400039
IP address blocks:        86.104.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:03:f7:0e:5f:63:1e:be:97:23:c7:fa:e0:80:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jan  1 14:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2ae852680b1236ab7a385c6ab8c60fb64bbeed6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7a:18:9a:50:cb:1f:2b:32:0c:32:a3:8c:3d:
                    12:b9:d4:ac:aa:c6:8e:53:67:b7:96:50:5b:7b:bc:
                    05:9d:c9:a8:2e:35:83:68:54:44:65:7a:e1:a9:90:
                    84:71:9b:a5:7a:1f:d0:af:be:9a:45:89:05:07:71:
                    b3:c1:95:79:d3:62:b0:9d:4d:bf:07:b9:41:76:21:
                    6d:ea:20:ec:cb:13:0c:7d:2c:20:74:23:70:c1:e7:
                    af:85:7c:16:4c:a8:bb:e2:16:db:89:aa:d9:db:3a:
                    4b:28:a3:94:9b:04:93:f9:b9:0c:2e:4a:52:15:48:
                    30:85:de:f6:9f:d6:87:80:8d:4d:b1:6f:f7:7c:01:
                    ba:5e:7e:c5:71:93:5b:a1:66:13:12:e2:fb:87:b3:
                    f1:8d:c0:02:99:e4:08:97:83:0e:c9:8d:8c:8a:93:
                    ab:ae:02:5a:90:c2:17:50:72:1c:c3:48:95:04:55:
                    ff:9b:8b:01:2a:c7:9f:7f:4a:bd:a5:68:7b:f9:d6:
                    2e:dd:f7:dc:35:0c:51:0e:d8:f1:51:51:5c:02:47:
                    4b:d7:5e:c2:9d:50:d7:f5:5b:10:3a:07:b8:3c:5b:
                    73:ac:e1:91:0a:80:e5:38:09:4a:43:60:f3:1d:ff:
                    c5:da:97:c8:76:df:c5:99:fe:8e:24:bb:73:78:ad:
                    e5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:AE:85:26:80:B1:23:6A:B7:A3:85:C6:AB:8C:60:FB:64:BB:EE:D6
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/oq6FJoCxI2q3o4XGq4xg-2S77tY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ee:d1:7f:06:24:42:29:28:d8:09:2f:ae:ab:af:4b:a2:99:
         e3:65:25:77:ae:e3:04:41:39:15:53:e6:56:ff:80:52:5f:7d:
         25:1e:aa:10:7d:f3:63:13:e4:03:ee:95:17:a9:6d:da:a3:f6:
         19:6e:c2:6f:40:12:f5:ab:99:53:4e:f2:a4:cf:58:86:67:59:
         7a:f5:4b:79:07:9a:ea:c9:c0:f8:82:8a:47:b8:98:08:cd:eb:
         1e:9a:c5:57:6c:ff:be:c8:ab:f8:d6:a0:a1:7f:b4:9c:7c:70:
         67:34:8c:80:f6:d9:fa:01:76:7d:b7:b4:e8:9c:2d:9d:e9:7b:
         ec:d7:85:fe:6d:5a:0e:a7:7b:a1:c7:31:7d:f9:88:26:fd:a1:
         00:b1:2b:e7:71:e0:03:27:8c:85:b9:75:21:32:75:24:bf:75:
         78:05:c9:ce:77:41:c7:51:a4:30:5c:a4:30:75:ab:7f:c8:1c:
         76:80:35:0f:e5:09:ed:00:cf:08:4c:06:1b:ff:d4:d6:32:68:
         a2:fd:a9:6e:39:1e:20:c7:f3:51:89:0d:d2:2f:8d:f6:38:2f:
         10:49:d0:5b:00:c5:1d:34:7d:5a:63:f2:21:b0:85:5d:ff:45:
         27:7b:2f:33:25:8b:1b:3f:dc:d9:80:2d:61:4f:ac:30:3e:71:
         17:f3:1f:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwP3Dl9jHr6XI8f64IBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMTAxMTQzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmFlODUyNjgwYjEyMzZhYjdhMzg1YzZhYjhjNjBmYjY0YmJlZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnoYmlDLHysyDDKjjD0SudSsqsaO
U2e3llBbe7wFncmoLjWDaFREZXrhqZCEcZuleh/Qr76aRYkFB3GzwZV502KwnU2/
B7lBdiFt6iDsyxMMfSwgdCNwweevhXwWTKi74hbbiarZ2zpLKKOUmwST+bkMLkpS
FUgwhd72n9aHgI1NsW/3fAG6Xn7FcZNboWYTEuL7h7PxjcACmeQIl4MOyY2MipOr
rgJakMIXUHIcw0iVBFX/m4sBKseff0q9pWh7+dYu3ffcNQxRDtjxUVFcAkdL117C
nVDX9VsQOge4PFtzrOGRCoDlOAlKQ2DzHf/F2pfIdt/Fmf6OJLtzeK3l/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKuhSaAsSNqt6OFxquMYPtku+7WMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvb3E2RkpvQ3hJMnEzbzRYR3E0eGctMlM3N3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmjRMA0G
CSqGSIb3DQEBCwUAA4IBAQA67tF/BiRCKSjYCS+uq69LopnjZSV3ruMEQTkVU+ZW
/4BSX30lHqoQffNjE+QD7pUXqW3ao/YZbsJvQBL1q5lTTvKkz1iGZ1l69Ut5B5rq
ycD4gopHuJgIzesemsVXbP++yKv41qChf7ScfHBnNIyA9tn6AXZ9t7TonC2d6Xvs
14X+bVoOp3uhxzF9+Ygm/aEAsSvnceADJ4yFuXUhMnUkv3V4BcnOd0HHUaQwXKQw
dat/yBx2gDUP5QntAM8ITAYb/9TWMmii/aluOR4gx/NRiQ3SL432OC8QSdBbAMUd
NH1aY/IhsIVd/0Uney8zJYsbP9zZgC1hT6wwPnEX8x+w
-----END CERTIFICATE-----