Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/42ec46-eb84-475a-a478-1f14ec805390/1/DLtZ20c_h4pbuOB6bkwXWBDSfbg.roa
File:                     DLtZ20c_h4pbuOB6bkwXWBDSfbg.roa (raw, json)
Hash identifier:          hvrIwdgyWmq+X3idkq7Rnl/28NVczrOt2YyKVv0Wsg0=
Subject key identifier:   0C:BB:59:DB:47:3F:87:8A:5B:B8:E0:7A:6E:4C:17:58:10:D2:7D:B8
Certificate issuer:       /CN=773e3278baa249c14de605dc964b2c2755dfecfa
Certificate serial:       018CC56EA503F99FA0D7644CCF36DC81D25D
Authority key identifier: 77:3E:32:78:BA:A2:49:C1:4D:E6:05:DC:96:4B:2C:27:55:DF:EC:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dz4yeLqiScFN5gXclkssJ1Xf7Po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/42ec46-eb84-475a-a478-1f14ec805390/1/DLtZ20c_h4pbuOB6bkwXWBDSfbg.roa
Signing time:             Mon 01 Jan 2024 14:30:11 +0000
ROA not before:           Mon 01 Jan 2024 14:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202341
IP address blocks:        185.229.60.0/22 maxlen: 22
                          2a0d:7200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/42ec46-eb84-475a-a478-1f14ec805390/1/dz4yeLqiScFN5gXclkssJ1Xf7Po.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/42ec46-eb84-475a-a478-1f14ec805390/1/dz4yeLqiScFN5gXclkssJ1Xf7Po.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dz4yeLqiScFN5gXclkssJ1Xf7Po.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a5:03:f9:9f:a0:d7:64:4c:cf:36:dc:81:d2:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=773e3278baa249c14de605dc964b2c2755dfecfa
        Validity
            Not Before: Jan  1 14:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cbb59db473f878a5bb8e07a6e4c175810d27db8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e2:62:02:f2:9c:61:4d:7c:ea:4b:5f:84:f7:
                    f7:7b:86:e9:18:f9:53:56:b0:99:ae:c9:d1:df:08:
                    57:9a:9e:80:b6:d4:a6:20:16:ee:60:12:be:a9:bd:
                    85:09:a9:90:38:05:ba:a2:a6:af:d4:bd:72:a9:5a:
                    85:70:31:e6:26:72:3e:5f:99:2a:63:9f:f9:1d:86:
                    14:56:0a:49:e2:3c:36:cb:b1:32:32:53:7f:30:95:
                    48:97:46:91:6f:16:56:69:f4:29:01:09:70:86:38:
                    78:f1:f0:4e:95:78:68:ce:2d:1f:4d:05:d0:d1:b1:
                    db:47:c1:2f:ad:dd:fb:c1:f1:c4:f6:d0:55:aa:29:
                    f1:bc:b4:66:04:e9:43:fc:86:de:09:6b:12:28:fb:
                    f3:0e:fb:f7:cb:15:38:e9:0b:c8:8b:1d:65:a8:de:
                    d8:5e:72:0b:a3:39:16:1c:44:a3:5c:73:18:19:00:
                    ac:90:95:ad:da:b9:36:54:a6:a2:98:78:ea:cf:53:
                    0c:91:ee:fe:5a:55:87:de:1d:a7:c9:b2:30:87:94:
                    cd:24:e9:ce:2c:81:37:4c:44:86:30:29:8c:f8:69:
                    51:86:f1:20:25:ad:f9:86:32:79:04:d4:01:6d:e5:
                    d9:7a:3e:8e:d2:4a:7d:39:c9:b1:88:bf:d6:72:50:
                    b3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:BB:59:DB:47:3F:87:8A:5B:B8:E0:7A:6E:4C:17:58:10:D2:7D:B8
            X509v3 Authority Key Identifier:
                keyid:77:3E:32:78:BA:A2:49:C1:4D:E6:05:DC:96:4B:2C:27:55:DF:EC:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dz4yeLqiScFN5gXclkssJ1Xf7Po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/42ec46-eb84-475a-a478-1f14ec805390/1/DLtZ20c_h4pbuOB6bkwXWBDSfbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/42ec46-eb84-475a-a478-1f14ec805390/1/dz4yeLqiScFN5gXclkssJ1Xf7Po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.60.0/22
                IPv6:
                  2a0d:7200::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:21:81:45:d6:c3:cf:8b:7d:b2:9b:f4:3f:34:a6:6c:7f:80:
         30:9f:f5:75:36:50:8b:ad:77:5c:f5:81:c8:77:2b:af:5f:c5:
         7b:6f:22:b0:51:3a:b8:f7:68:7a:92:35:65:16:9d:45:47:58:
         e6:ee:a0:fa:1f:cd:38:42:cd:fb:cd:f8:9a:91:83:89:9b:d6:
         b7:9c:a8:2b:84:93:d4:68:8b:85:9d:b8:fe:aa:ea:16:c7:d4:
         54:ae:23:65:e9:b2:00:ff:e9:bf:91:2f:53:a8:c0:12:13:b3:
         01:4f:da:0b:b2:7d:0e:81:aa:34:9f:d7:53:64:f1:c2:0a:24:
         68:1e:5e:38:dc:87:6a:a7:be:71:88:e2:c3:65:35:63:b8:4e:
         47:44:24:08:9a:4b:ff:d6:98:44:5a:6d:a2:5b:5b:7e:64:3f:
         4c:c9:14:5e:87:97:4b:02:0e:bc:b2:a5:00:0d:2f:5c:7d:d5:
         50:48:11:d5:18:57:e8:5d:a5:1c:ad:94:e9:d0:d1:1d:24:23:
         c0:51:74:56:fb:67:fe:30:0a:ab:c5:90:8f:fb:da:e4:08:df:
         98:ca:8a:12:4b:49:df:d4:78:44:f7:a4:5e:0b:89:f8:91:d1:
         de:31:65:ad:4a:d4:10:93:5b:40:17:78:eb:77:c6:c7:3d:6b:
         0e:1c:c7:03
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbqUD+Z+g12RMzzbcgdJdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3M2UzMjc4YmFhMjQ5YzE0ZGU2MDVkYzk2NGIyYzI3NTVk
ZmVjZmEwHhcNMjQwMTAxMTQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2JiNTlkYjQ3M2Y4NzhhNWJiOGUwN2E2ZTRjMTc1ODEwZDI3ZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouJiAvKcYU186ktfhPf3e4bpGPlT
VrCZrsnR3whXmp6AttSmIBbuYBK+qb2FCamQOAW6oqav1L1yqVqFcDHmJnI+X5kq
Y5/5HYYUVgpJ4jw2y7EyMlN/MJVIl0aRbxZWafQpAQlwhjh48fBOlXhozi0fTQXQ
0bHbR8Evrd37wfHE9tBVqinxvLRmBOlD/IbeCWsSKPvzDvv3yxU46QvIix1lqN7Y
XnILozkWHESjXHMYGQCskJWt2rk2VKaimHjqz1MMke7+WlWH3h2nybIwh5TNJOnO
LIE3TESGMCmM+GlRhvEgJa35hjJ5BNQBbeXZej6O0kp9OcmxiL/WclCzEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAy7WdtHP4eKW7jgem5MF1gQ0n24MB8GA1UdIwQY
MBaAFHc+Mni6oknBTeYF3JZLLCdV3+z6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHo0eWVMcWlTY0ZONWdYY2xrc3NKMVhmN1BvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MmVjNDYtZWI4NC00NzVhLWE0Nzgt
MWYxNGVjODA1MzkwLzEvREx0WjIwY19oNHBidU9CNmJrd1hXQkRTZmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MmVjNDYtZWI4NC00NzVhLWE0NzgtMWYxNGVjODA1Mzkw
LzEvZHo0eWVMcWlTY0ZONWdYY2xrc3NKMVhmN1BvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueU8MA0E
AgACMAcDBQMqDXIAMA0GCSqGSIb3DQEBCwUAA4IBAQBOIYFF1sPPi32ym/Q/NKZs
f4Awn/V1NlCLrXdc9YHIdyuvX8V7byKwUTq492h6kjVlFp1FR1jm7qD6H804Qs37
zfiakYOJm9a3nKgrhJPUaIuFnbj+quoWx9RUriNl6bIA/+m/kS9TqMASE7MBT9oL
sn0Ogao0n9dTZPHCCiRoHl443Idqp75xiOLDZTVjuE5HRCQImkv/1phEWm2iW1t+
ZD9MyRReh5dLAg68sqUADS9cfdVQSBHVGFfoXaUcrZTp0NEdJCPAUXRW+2f+MAqr
xZCP+9rkCN+YyooSS0nf1HhE96ReC4n4kdHeMWWtStQQk1tAF3jrd8bHPWsOHMcD
-----END CERTIFICATE-----