Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/1A_CNDKkOY0RMS1kH2ButpwVX1Y.roa
File:                     1A_CNDKkOY0RMS1kH2ButpwVX1Y.roa (raw, json)
Hash identifier:          R9YA5hXZbCePKt+329DkXB2EUstc8APP51/dm/d3nco=
Subject key identifier:   D4:0F:C2:34:32:A4:39:8D:11:31:2D:64:1F:60:6E:B6:9C:15:5F:56
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018F1EB591903B6EA801330A4B4D599EB2D3
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/1A_CNDKkOY0RMS1kH2ButpwVX1Y.roa
Signing time:             Sat 27 Apr 2024 08:39:26 +0000
ROA not before:           Sat 27 Apr 2024 08:39:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210474
IP address blocks:        213.176.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:39:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1e:b5:91:90:3b:6e:a8:01:33:0a:4b:4d:59:9e:b2:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Apr 27 08:39:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d40fc23432a4398d11312d641f606eb69c155f56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1b:ce:70:8f:94:33:ae:4f:24:ee:cb:1f:bd:
                    78:90:9d:03:e3:73:64:ce:ef:2e:1b:e1:c5:ec:31:
                    d2:0f:a4:af:fb:06:20:f0:90:e1:4f:cd:d3:21:ea:
                    b6:52:70:df:18:e7:14:74:56:72:eb:e8:e5:9e:7b:
                    13:83:24:6f:4b:42:76:ed:4e:cb:98:3f:9c:12:03:
                    16:08:4e:47:3d:10:56:41:2b:80:1c:57:a9:36:4d:
                    59:54:89:d0:7a:e5:2b:7d:c7:7c:62:52:0e:d0:fd:
                    f2:d7:76:a7:a6:58:4e:56:29:6a:c5:57:49:a8:be:
                    de:ba:58:1b:5b:96:50:e5:ee:20:58:89:9d:59:4d:
                    c3:05:59:8b:27:b0:53:97:c8:70:22:71:9d:14:ae:
                    5c:53:e0:e2:e1:95:ca:29:35:07:70:32:61:8c:74:
                    44:3b:d0:fb:fb:94:41:c2:a2:81:78:29:40:67:97:
                    e0:8d:3d:0c:33:13:b9:6e:54:24:24:82:d9:dd:02:
                    96:ff:be:c5:b8:c5:3f:07:06:b1:6d:13:d5:17:dd:
                    c1:93:24:7e:11:01:29:a5:6f:ef:f2:d3:33:c7:f0:
                    15:65:5b:d3:e2:25:c3:c1:7f:23:e6:6e:07:b9:49:
                    64:29:f0:4e:6c:3a:16:9e:70:08:cb:72:6d:30:c0:
                    16:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:0F:C2:34:32:A4:39:8D:11:31:2D:64:1F:60:6E:B6:9C:15:5F:56
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/1A_CNDKkOY0RMS1kH2ButpwVX1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:3e:72:13:8e:6c:de:18:78:a0:05:b2:5c:8f:02:b7:be:56:
         77:61:ae:be:be:c0:67:2b:05:29:bc:d0:74:f1:94:3e:c1:31:
         eb:1d:91:40:e7:64:43:d2:27:f2:6b:9c:7f:16:d7:86:c3:f5:
         f9:e3:52:0e:88:6a:e2:a0:e8:20:e4:bc:11:90:32:f2:fb:75:
         09:ca:b6:94:00:a5:6c:25:0b:59:0d:0c:51:18:8b:45:3c:fe:
         a3:14:53:50:69:a6:9b:b9:e3:88:32:b8:79:0a:c1:62:19:23:
         77:bb:8e:15:ca:ed:75:8d:92:ef:dc:bb:26:14:33:e1:0c:11:
         f4:30:07:96:9b:0d:9c:d8:94:85:17:14:70:51:ff:84:fe:05:
         3f:24:90:cd:38:33:4b:24:1b:10:27:85:55:d8:5e:14:0c:e7:
         38:a6:62:11:b9:f7:95:78:3a:cf:10:c3:7c:b5:4e:38:d9:e9:
         7f:a2:59:2f:61:2c:6b:5b:61:a2:eb:5a:30:78:b0:1c:d5:e5:
         28:14:94:15:3f:41:88:e7:8c:75:44:24:a9:cc:ce:af:e1:c4:
         14:6d:af:34:2f:d5:cc:18:d3:a6:d5:ef:54:27:b9:d2:73:58:
         be:5a:b9:ff:b0:73:75:7b:f9:03:ea:35:35:2f:f3:3f:e5:93:
         c1:21:cd:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8etZGQO26oATMKS01ZnrLTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwNDI3MDgzOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDBmYzIzNDMyYTQzOThkMTEzMTJkNjQxZjYwNmViNjljMTU1ZjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRvOcI+UM65PJO7LH714kJ0D43Nk
zu8uG+HF7DHSD6Sv+wYg8JDhT83TIeq2UnDfGOcUdFZy6+jlnnsTgyRvS0J27U7L
mD+cEgMWCE5HPRBWQSuAHFepNk1ZVInQeuUrfcd8YlIO0P3y13anplhOVilqxVdJ
qL7eulgbW5ZQ5e4gWImdWU3DBVmLJ7BTl8hwInGdFK5cU+Di4ZXKKTUHcDJhjHRE
O9D7+5RBwqKBeClAZ5fgjT0MMxO5blQkJILZ3QKW/77FuMU/BwaxbRPVF93BkyR+
EQEppW/v8tMzx/AVZVvT4iXDwX8j5m4HuUlkKfBObDoWnnAIy3JtMMAWRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQPwjQypDmNETEtZB9gbracFV9WMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvMUFfQ05ES2tPWTBSTVMxa0gyQnV0cHdWWDFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bB4MA0G
CSqGSIb3DQEBCwUAA4IBAQAHPnITjmzeGHigBbJcjwK3vlZ3Ya6+vsBnKwUpvNB0
8ZQ+wTHrHZFA52RD0ifya5x/FteGw/X541IOiGrioOgg5LwRkDLy+3UJyraUAKVs
JQtZDQxRGItFPP6jFFNQaaabueOIMrh5CsFiGSN3u44Vyu11jZLv3LsmFDPhDBH0
MAeWmw2c2JSFFxRwUf+E/gU/JJDNODNLJBsQJ4VV2F4UDOc4pmIRufeVeDrPEMN8
tU442el/olkvYSxrW2Gi61oweLAc1eUoFJQVP0GI54x1RCSpzM6v4cQUba80L9XM
GNOm1e9UJ7nSc1i+Wrn/sHN1e/kD6jU1L/M/5ZPBIc1I
-----END CERTIFICATE-----