Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/N1WC2hNvcCwkxKY9YZ22v1hX16c.roa
File:                     N1WC2hNvcCwkxKY9YZ22v1hX16c.roa (raw, json)
Hash identifier:          JAk973GFQud3PLpcRIUHRDZ9s9DadVWA9g4BWX1g8Wk=
Subject key identifier:   37:55:82:DA:13:6F:70:2C:24:C4:A6:3D:61:9D:B6:BF:58:57:D7:A7
Certificate issuer:       /CN=0dcda5d060ba9366bb4325828b57033bef18e3c0
Certificate serial:       018CC2DB34B9880BBB2F438F11696BDDC0ED
Authority key identifier: 0D:CD:A5:D0:60:BA:93:66:BB:43:25:82:8B:57:03:3B:EF:18:E3:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/N1WC2hNvcCwkxKY9YZ22v1hX16c.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207443
IP address blocks:        185.89.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:34:b9:88:0b:bb:2f:43:8f:11:69:6b:dd:c0:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dcda5d060ba9366bb4325828b57033bef18e3c0
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=375582da136f702c24c4a63d619db6bf5857d7a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5c:b4:d5:5d:9a:80:38:89:cd:af:0f:a7:86:
                    0e:50:b3:00:ff:81:ce:22:a3:2d:4a:91:dd:9c:e6:
                    c3:cc:a3:81:92:f7:7a:07:1b:15:cd:7d:b6:97:7f:
                    22:69:c7:ea:b5:0b:38:66:d7:ef:63:4f:84:b0:4f:
                    a8:01:c3:ed:ca:2f:0d:38:bc:a2:cb:be:50:a3:12:
                    b1:0e:f9:9d:7b:ff:d6:02:38:71:fd:7f:99:e7:15:
                    c2:fd:58:7b:db:7d:ad:a3:ca:d6:68:80:9c:75:b5:
                    ac:fc:d7:5c:ee:db:01:d3:8e:ea:78:3e:d6:da:8c:
                    8c:6a:97:ff:09:e9:47:e0:78:72:ea:8e:42:eb:c9:
                    fd:8c:af:3b:50:99:06:9e:d7:d1:ab:ac:d5:80:28:
                    4e:2e:d3:5c:c3:97:c4:34:52:b9:5c:e3:84:01:34:
                    ab:44:f8:85:db:de:32:24:a3:be:22:53:00:5b:29:
                    59:70:b7:45:4d:1a:1d:17:38:f1:ce:94:03:84:b8:
                    54:24:0a:9c:0c:20:97:65:21:9e:7b:8c:fa:b6:99:
                    77:c0:5b:25:b0:b1:f8:f9:4c:89:22:f5:11:8e:d3:
                    83:2b:b7:dd:8e:16:3c:47:59:e9:6e:9c:09:47:48:
                    ee:ff:07:2f:84:2b:1b:c3:3a:7a:4a:8a:07:f8:35:
                    78:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:55:82:DA:13:6F:70:2C:24:C4:A6:3D:61:9D:B6:BF:58:57:D7:A7
            X509v3 Authority Key Identifier:
                keyid:0D:CD:A5:D0:60:BA:93:66:BB:43:25:82:8B:57:03:3B:EF:18:E3:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/N1WC2hNvcCwkxKY9YZ22v1hX16c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:e4:ee:6a:f9:01:74:8a:9a:67:a9:0c:15:df:16:37:a3:12:
         84:df:70:8a:26:89:92:14:3e:a7:63:74:f1:aa:5c:e1:41:94:
         3b:86:74:fc:cc:aa:94:14:2e:64:0f:5d:ae:87:df:89:86:70:
         42:d3:8c:b9:6c:3e:ca:93:ff:94:1e:91:2d:fd:5c:c1:58:96:
         1f:a2:c7:44:20:62:0a:60:41:49:35:2a:57:8e:9d:55:28:a2:
         69:e4:d1:4a:68:2d:d6:4b:1a:d0:24:93:c5:13:4b:ba:59:11:
         9a:7b:9f:d8:07:93:3c:e4:38:cc:c7:20:60:79:85:47:47:80:
         d2:95:db:db:dd:e5:5d:98:01:e1:27:59:c1:f2:ab:56:ea:fa:
         b9:c4:4f:f2:41:26:f9:cf:f0:7b:55:79:8f:58:5e:8b:2d:e0:
         df:6d:1d:73:8a:67:20:7d:d5:4d:30:b0:1e:79:cc:ff:05:ed:
         09:96:9d:86:74:03:4b:4d:8f:cb:42:a5:e1:27:bc:bc:7b:70:
         e3:e7:41:a9:ce:26:ca:e1:78:5c:bb:2d:5e:56:99:94:ea:93:
         ef:46:ab:57:eb:2d:c6:3c:64:8d:21:60:3a:4e:df:3e:d5:08:
         99:3a:32:44:bb:4a:7a:2e:40:2c:c9:68:c7:15:6b:2f:80:43:
         be:7b:6a:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zS5iAu7L0OPEWlr3cDtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkY2RhNWQwNjBiYTkzNjZiYjQzMjU4MjhiNTcwMzNiZWYx
OGUzYzAwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzU1ODJkYTEzNmY3MDJjMjRjNGE2M2Q2MTlkYjZiZjU4NTdkN2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1y01V2agDiJza8Pp4YOULMA/4HO
IqMtSpHdnObDzKOBkvd6BxsVzX22l38iacfqtQs4ZtfvY0+EsE+oAcPtyi8NOLyi
y75QoxKxDvmde//WAjhx/X+Z5xXC/Vh7232to8rWaICcdbWs/Ndc7tsB047qeD7W
2oyMapf/CelH4Hhy6o5C68n9jK87UJkGntfRq6zVgChOLtNcw5fENFK5XOOEATSr
RPiF294yJKO+IlMAWylZcLdFTRodFzjxzpQDhLhUJAqcDCCXZSGee4z6tpl3wFsl
sLH4+UyJIvURjtODK7fdjhY8R1npbpwJR0ju/wcvhCsbwzp6SooH+DV4KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdVgtoTb3AsJMSmPWGdtr9YV9enMB8GA1UdIwQY
MBaAFA3NpdBgupNmu0MlgotXAzvvGOPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGMybDBHQzZrMmE3UXlXQ2kxY0RPLThZNDhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9lMTYwMDEtNjUyNS00MDRiLTliNDkt
YTU3YjFiMzkyMjA1LzEvTjFXQzJoTnZjQ3dreEtZOVlaMjJ2MWhYMTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9lMTYwMDEtNjUyNS00MDRiLTliNDktYTU3YjFiMzkyMjA1
LzEvRGMybDBHQzZrMmE3UXlXQ2kxY0RPLThZNDhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVlhMA0G
CSqGSIb3DQEBCwUAA4IBAQAV5O5q+QF0ippnqQwV3xY3oxKE33CKJomSFD6nY3Tx
qlzhQZQ7hnT8zKqUFC5kD12uh9+JhnBC04y5bD7Kk/+UHpEt/VzBWJYfosdEIGIK
YEFJNSpXjp1VKKJp5NFKaC3WSxrQJJPFE0u6WRGae5/YB5M85DjMxyBgeYVHR4DS
ldvb3eVdmAHhJ1nB8qtW6vq5xE/yQSb5z/B7VXmPWF6LLeDfbR1zimcgfdVNMLAe
ecz/Be0Jlp2GdANLTY/LQqXhJ7y8e3Dj50GpzibK4Xhcuy1eVpmU6pPvRqtX6y3G
PGSNIWA6Tt8+1QiZOjJEu0p6LkAsyWjHFWsvgEO+e2qb
-----END CERTIFICATE-----