Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/tRAgULQ0l-wnrYyk7kEqU4bzXNc.roa
File:                     tRAgULQ0l-wnrYyk7kEqU4bzXNc.roa (raw, json)
Hash identifier:          LNtOiyRtvkQC3SslxqUtOfyFOXmx3KNqDB1jJ3Z8M8E=
Subject key identifier:   B5:10:20:50:B4:34:97:EC:27:AD:8C:A4:EE:41:2A:53:86:F3:5C:D7
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018E5D5A09A38D8FB67CC17E0308D4E4F029
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/tRAgULQ0l-wnrYyk7kEqU4bzXNc.roa
Signing time:             Wed 20 Mar 2024 19:32:45 +0000
ROA not before:           Wed 20 Mar 2024 19:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        85.209.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5d:5a:09:a3:8d:8f:b6:7c:c1:7e:03:08:d4:e4:f0:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Mar 20 19:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5102050b43497ec27ad8ca4ee412a5386f35cd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:34:cb:a7:63:5e:70:e0:9a:23:bd:95:0b:5e:
                    ea:ba:7e:a9:08:c8:c2:7e:37:a0:d5:9b:3f:93:f1:
                    d3:4c:1c:ea:26:c7:96:26:0b:02:e1:69:20:fe:6b:
                    bf:64:c7:ab:bf:83:79:7a:cb:29:c9:61:f5:03:73:
                    65:36:da:61:6c:53:99:2b:4e:b8:ac:8d:33:8a:4b:
                    db:70:d1:a5:aa:c2:19:e5:0b:dd:ec:de:f7:52:08:
                    fc:03:c3:5a:e9:2f:95:2e:5d:45:ad:e8:5f:ba:3b:
                    33:a2:9e:cd:eb:9f:28:06:96:77:c6:21:c5:42:90:
                    f7:43:4c:ed:ec:8d:5f:ab:7a:b5:6f:e7:98:c8:17:
                    6d:26:b7:63:ad:e5:57:8e:79:e6:e1:81:8b:60:a5:
                    d3:30:fd:ec:60:d4:9a:a2:74:77:1c:c2:2d:25:84:
                    e2:99:62:f3:cc:bb:e5:7c:eb:37:30:23:55:d9:5d:
                    c4:c8:de:57:88:8c:14:f3:3b:47:57:38:91:58:58:
                    b3:9d:30:89:a9:3a:1d:34:19:5b:f8:fd:70:16:d3:
                    40:6e:cb:e5:49:4e:06:b0:d3:fe:3f:9f:45:73:d1:
                    c8:bf:17:75:03:57:22:7f:4c:06:41:89:43:e8:55:
                    2e:05:bf:b9:40:e6:bb:12:e0:73:be:27:8a:8d:e8:
                    09:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:10:20:50:B4:34:97:EC:27:AD:8C:A4:EE:41:2A:53:86:F3:5C:D7
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/tRAgULQ0l-wnrYyk7kEqU4bzXNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:34:62:a9:99:a7:3b:a0:20:8c:f9:c8:9e:81:65:29:aa:79:
         45:5e:1d:0a:75:37:f5:d2:16:ec:7b:53:dc:b7:43:f6:f4:84:
         95:85:5d:9a:80:31:11:b4:a6:28:88:a1:92:aa:1a:f1:5d:7f:
         ba:5a:83:a3:bf:bd:a8:c5:be:99:1f:89:2a:17:ce:00:e5:47:
         6f:3c:8d:82:92:c5:85:10:c4:fe:3c:e2:f6:34:34:3e:0c:34:
         7a:7f:1a:14:23:a2:e6:9d:06:15:c4:5d:41:38:3e:55:f9:7a:
         bf:06:93:8c:9a:ad:91:4d:6a:c4:54:fa:c1:1c:7e:25:af:e6:
         79:5e:6b:28:98:c9:e3:b6:6d:7e:42:a6:58:4a:9c:a6:89:52:
         50:ef:6b:ab:ad:51:b9:d0:a5:8d:fc:22:a5:99:fe:6b:1d:9c:
         67:fb:ae:53:a2:31:72:42:81:06:2f:9d:64:97:40:32:9d:c3:
         cb:ea:a6:c2:8f:19:b5:d6:c4:5a:dd:ed:de:9e:ca:f4:74:ee:
         c2:76:2a:90:2f:b2:ca:97:11:18:f0:c5:87:87:f4:db:de:3e:
         14:03:d1:a8:46:30:76:1f:bc:f8:2f:8d:a2:38:c3:b0:1a:f8:
         6d:3c:54:eb:2b:d5:b7:5c:0a:1a:23:5e:a0:d1:ec:37:1d:8a:
         c1:f5:95:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5dWgmjjY+2fMF+AwjU5PApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMzIwMTkzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTEwMjA1MGI0MzQ5N2VjMjdhZDhjYTRlZTQxMmE1Mzg2ZjM1Y2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTTLp2NecOCaI72VC17qun6pCMjC
fjeg1Zs/k/HTTBzqJseWJgsC4Wkg/mu/ZMerv4N5esspyWH1A3NlNtphbFOZK064
rI0zikvbcNGlqsIZ5Qvd7N73Ugj8A8Na6S+VLl1Frehfujszop7N658oBpZ3xiHF
QpD3Q0zt7I1fq3q1b+eYyBdtJrdjreVXjnnm4YGLYKXTMP3sYNSaonR3HMItJYTi
mWLzzLvlfOs3MCNV2V3EyN5XiIwU8ztHVziRWFiznTCJqTodNBlb+P1wFtNAbsvl
SU4GsNP+P59Fc9HIvxd1A1cif0wGQYlD6FUuBb+5QOa7EuBzvieKjegJdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUQIFC0NJfsJ62MpO5BKlOG81zXMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvdFJBZ1VMUTBsLXducll5azdrRXFVNGJ6WE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdF6MA0G
CSqGSIb3DQEBCwUAA4IBAQCnNGKpmac7oCCM+ciegWUpqnlFXh0KdTf10hbse1Pc
t0P29ISVhV2agDERtKYoiKGSqhrxXX+6WoOjv72oxb6ZH4kqF84A5UdvPI2CksWF
EMT+POL2NDQ+DDR6fxoUI6LmnQYVxF1BOD5V+Xq/BpOMmq2RTWrEVPrBHH4lr+Z5
XmsomMnjtm1+QqZYSpymiVJQ72urrVG50KWN/CKlmf5rHZxn+65TojFyQoEGL51k
l0AyncPL6qbCjxm11sRa3e3ensr0dO7CdiqQL7LKlxEY8MWHh/Tb3j4UA9GoRjB2
H7z4L42iOMOwGvhtPFTrK9W3XAoaI16g0ew3HYrB9ZWN
-----END CERTIFICATE-----