Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/8X1PRYPmNXj_nVFKPAtlxtT3zTA.roa
File:                     8X1PRYPmNXj_nVFKPAtlxtT3zTA.roa (raw, json)
Hash identifier:          x31133Z7Mg++KdLJpRRjAShgGN2+l0RZVha3A/5JQBg=
Subject key identifier:   F1:7D:4F:45:83:E6:35:78:FF:9D:51:4A:3C:0B:65:C6:D4:F7:CD:30
Certificate issuer:       /CN=49c403d43b5f38fca2119cd1409a92763edefe71
Certificate serial:       0191C6A27A4F8A884F8CCCECF281111965B6
Authority key identifier: 49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/8X1PRYPmNXj_nVFKPAtlxtT3zTA.roa
Signing time:             Fri 06 Sep 2024 09:20:22 +0000
ROA not before:           Fri 06 Sep 2024 09:20:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39838
IP address blocks:        176.57.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c6:a2:7a:4f:8a:88:4f:8c:cc:ec:f2:81:11:19:65:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49c403d43b5f38fca2119cd1409a92763edefe71
        Validity
            Not Before: Sep  6 09:20:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f17d4f4583e63578ff9d514a3c0b65c6d4f7cd30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8e:2f:9d:e4:cf:cc:34:30:9e:03:13:de:1c:
                    85:d1:5b:24:77:db:9a:29:b5:40:87:85:04:df:53:
                    e6:df:ca:8b:6b:62:1e:d9:bb:e4:8f:84:dc:7b:9e:
                    a9:7b:86:b8:8c:f1:58:42:ca:48:14:36:3f:26:70:
                    ac:ca:9d:5c:a7:fd:7d:5a:28:5e:93:68:f6:9f:c8:
                    8c:f5:59:bc:4c:dd:fe:7a:40:b6:ab:13:5c:c0:7a:
                    2f:af:88:c6:e4:fe:00:89:76:b7:92:65:8e:82:24:
                    81:ed:8c:48:45:4a:d2:b3:22:2b:f6:72:05:27:5c:
                    0c:78:d7:19:35:e0:6c:db:10:6d:19:3f:31:b8:eb:
                    f3:64:91:aa:5c:00:d3:d9:b5:2d:8f:ac:ca:e4:a7:
                    3f:af:fb:be:30:09:a7:0a:3f:e0:a6:3b:62:95:3f:
                    8d:5b:43:16:c2:e8:a9:b4:25:50:a4:16:03:fd:71:
                    86:dd:07:ee:5c:69:f5:de:dd:d8:c4:10:df:ff:62:
                    db:d4:5d:f5:ba:21:60:89:62:3a:fb:76:43:b2:5f:
                    0c:66:fc:14:1e:f9:de:96:69:29:23:f7:33:d3:ea:
                    7f:9d:15:93:14:41:0c:ec:d1:21:93:63:e3:90:aa:
                    7d:78:9c:73:59:21:08:3d:0d:51:35:0f:17:69:0d:
                    b1:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:7D:4F:45:83:E6:35:78:FF:9D:51:4A:3C:0B:65:C6:D4:F7:CD:30
            X509v3 Authority Key Identifier:
                keyid:49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/8X1PRYPmNXj_nVFKPAtlxtT3zTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:a5:8e:31:b9:df:d7:9e:44:a8:04:a8:cc:9c:af:6d:03:33:
         22:cf:90:05:4e:cb:6a:58:44:a1:de:8a:fb:e0:3a:85:9e:07:
         cd:ea:51:ae:e0:e8:bb:ed:71:41:4d:77:8e:3e:e6:c0:be:ea:
         55:04:33:24:96:d8:d6:17:f8:dc:c8:4b:cd:2d:68:6a:64:08:
         ef:aa:3b:bf:1d:0d:57:ce:2e:83:7a:87:d4:c3:3f:98:1e:fd:
         36:5b:d9:bd:29:7e:41:44:a2:fb:6a:51:02:64:fe:4b:b8:92:
         d1:3b:9f:1b:a7:f2:f3:be:07:df:a0:da:80:c7:a7:b2:4e:79:
         3a:e7:f0:02:c1:dd:d8:80:d6:df:ad:8f:18:80:63:da:dc:78:
         1a:99:3a:59:42:e6:c3:63:2c:a9:66:bf:b2:61:dc:8d:b3:5f:
         f7:bf:35:ef:b1:f1:bc:18:61:29:72:78:68:eb:f7:86:bb:ed:
         5c:bc:35:93:d9:56:0e:93:41:31:a7:3e:1c:50:68:b8:53:ee:
         83:af:0e:8f:6f:0c:ba:3e:58:c9:cb:be:cb:18:ee:cb:bc:d1:
         e6:b2:ef:67:b5:04:5c:9e:57:91:8f:6a:52:80:94:f9:06:86:
         8a:85:c7:94:a0:ba:6a:77:58:08:dc:ac:33:9d:3f:66:13:74:
         4f:2f:70:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHGonpPiohPjMzs8oERGWW2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YzQwM2Q0M2I1ZjM4ZmNhMjExOWNkMTQwOWE5Mjc2M2Vk
ZWZlNzEwHhcNMjQwOTA2MDkyMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTdkNGY0NTgzZTYzNTc4ZmY5ZDUxNGEzYzBiNjVjNmQ0ZjdjZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAko4vneTPzDQwngMT3hyF0Vskd9ua
KbVAh4UE31Pm38qLa2Ie2bvkj4Tce56pe4a4jPFYQspIFDY/JnCsyp1cp/19Wihe
k2j2n8iM9Vm8TN3+ekC2qxNcwHovr4jG5P4AiXa3kmWOgiSB7YxIRUrSsyIr9nIF
J1wMeNcZNeBs2xBtGT8xuOvzZJGqXADT2bUtj6zK5Kc/r/u+MAmnCj/gpjtilT+N
W0MWwuiptCVQpBYD/XGG3QfuXGn13t3YxBDf/2Lb1F31uiFgiWI6+3ZDsl8MZvwU
HvnelmkpI/cz0+p/nRWTFEEM7NEhk2PjkKp9eJxzWSEIPQ1RNQ8XaQ2x+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPF9T0WD5jV4/51RSjwLZcbU980wMB8GA1UdIwQY
MBaAFEnEA9Q7Xzj8ohGc0UCaknY+3v5xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQt
Zjg4OWNhMTYxYzAxLzEvOFgxUFJZUG1OWGpfblZGS1BBdGx4dFQzelRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQtZjg4OWNhMTYxYzAx
LzEvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDnKMA0G
CSqGSIb3DQEBCwUAA4IBAQAqpY4xud/XnkSoBKjMnK9tAzMiz5AFTstqWESh3or7
4DqFngfN6lGu4Oi77XFBTXeOPubAvupVBDMkltjWF/jcyEvNLWhqZAjvqju/HQ1X
zi6DeofUwz+YHv02W9m9KX5BRKL7alECZP5LuJLRO58bp/LzvgffoNqAx6eyTnk6
5/ACwd3YgNbfrY8YgGPa3HgamTpZQubDYyypZr+yYdyNs1/3vzXvsfG8GGEpcnho
6/eGu+1cvDWT2VYOk0Expz4cUGi4U+6Drw6Pbwy6PljJy77LGO7LvNHmsu9ntQRc
nleRj2pSgJT5BoaKhceUoLpqd1gI3KwznT9mE3RPL3Bb
-----END CERTIFICATE-----