Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/2RUdx02YSlEe2XN-koF6S1bBn1w.roa
File:                     2RUdx02YSlEe2XN-koF6S1bBn1w.roa (raw, json)
Hash identifier:          2yjIK3Bq66ykJM0Tbfwp5X0wi7TvbVjxGzr5FEc0kyw=
Subject key identifier:   D9:15:1D:C7:4D:98:4A:51:1E:D9:73:7E:92:81:7A:4B:56:C1:9F:5C
Certificate issuer:       /CN=215a409d27b9a69346324004694da11beae02dbb
Certificate serial:       0191C224939BE1BDDF218DDF244DA0966F7C
Authority key identifier: 21:5A:40:9D:27:B9:A6:93:46:32:40:04:69:4D:A1:1B:EA:E0:2D:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVpAnSe5ppNGMkAEaU2hG-rgLbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/2RUdx02YSlEe2XN-koF6S1bBn1w.roa
Signing time:             Thu 05 Sep 2024 12:24:22 +0000
ROA not before:           Thu 05 Sep 2024 12:24:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31037
IP address blocks:        185.134.176.0/24 maxlen: 24
                          185.134.178.0/24 maxlen: 24
                          185.134.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/IVpAnSe5ppNGMkAEaU2hG-rgLbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/IVpAnSe5ppNGMkAEaU2hG-rgLbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVpAnSe5ppNGMkAEaU2hG-rgLbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c2:24:93:9b:e1:bd:df:21:8d:df:24:4d:a0:96:6f:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215a409d27b9a69346324004694da11beae02dbb
        Validity
            Not Before: Sep  5 12:24:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9151dc74d984a511ed9737e92817a4b56c19f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ef:ad:9a:2d:c6:83:9a:6a:d8:87:d9:fb:d2:
                    56:44:89:d0:f2:e3:e2:a4:35:b0:34:7b:77:8e:3a:
                    6a:5b:d7:b5:13:1f:ee:c1:df:35:b0:9a:4f:dd:4e:
                    cb:b4:ed:e4:9d:0a:c4:88:43:d6:61:03:fe:38:61:
                    e7:e3:71:09:0e:87:c0:58:44:bc:d1:cf:5b:72:62:
                    96:a3:f0:b6:eb:09:38:5c:91:ab:c4:07:3a:80:52:
                    98:38:c0:d6:6c:f1:bf:ae:76:2e:44:eb:e6:07:7f:
                    0b:16:96:d4:90:79:13:2b:a6:f5:ed:32:2e:a5:8e:
                    70:2d:ad:7c:db:fd:2a:98:c4:6b:3d:15:f5:29:51:
                    52:c7:7c:37:f9:49:cd:c2:04:de:c9:52:fa:88:11:
                    13:78:50:27:23:1f:f7:5d:2e:b7:5f:86:c7:ee:ad:
                    5d:a1:8c:5a:c7:2f:39:31:28:28:23:d7:05:a5:86:
                    e4:63:26:36:a5:f4:14:06:eb:88:ad:47:5e:72:4f:
                    68:5e:39:d1:73:1c:bd:8b:09:77:22:c0:71:2a:a2:
                    0c:81:9d:f8:7d:48:2d:2d:1a:fa:e0:0c:9e:17:74:
                    b0:a7:a7:50:9c:54:50:c5:b5:ac:88:c4:7d:e9:0b:
                    58:7b:6c:39:69:25:d2:2c:c8:25:63:ac:28:a8:d4:
                    d3:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:15:1D:C7:4D:98:4A:51:1E:D9:73:7E:92:81:7A:4B:56:C1:9F:5C
            X509v3 Authority Key Identifier:
                keyid:21:5A:40:9D:27:B9:A6:93:46:32:40:04:69:4D:A1:1B:EA:E0:2D:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVpAnSe5ppNGMkAEaU2hG-rgLbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/2RUdx02YSlEe2XN-koF6S1bBn1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/IVpAnSe5ppNGMkAEaU2hG-rgLbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.176.0/24
                  185.134.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:10:1e:a7:cb:d0:cb:40:61:26:09:13:83:a9:3d:bb:5c:50:
         03:5f:e8:a1:9d:a8:33:c2:67:03:da:44:51:fd:a0:b7:4c:aa:
         9d:9b:0d:10:df:e5:92:4d:4f:62:27:45:b9:19:dd:b1:c1:95:
         85:6a:5b:d4:2e:4e:59:8f:60:a8:b9:6b:f9:c2:77:a1:d0:8a:
         6d:19:ae:f7:7e:f9:76:5c:1a:34:56:4d:e1:db:8c:c2:a7:5d:
         f8:75:8a:52:ee:d1:0c:8c:e6:21:d8:ad:32:5f:95:ce:42:84:
         f5:af:7b:b5:7d:20:75:df:80:04:82:6a:21:c7:aa:2d:6f:b5:
         bf:26:a1:4e:69:5b:5a:46:39:fc:c4:af:2d:31:35:7d:28:08:
         da:8f:c8:b3:09:c2:33:10:f2:82:15:12:66:e8:5a:3c:6f:13:
         d4:ca:37:13:1d:64:3b:92:98:45:2e:bd:f8:fc:06:92:eb:5b:
         82:63:aa:db:6f:20:54:61:bc:95:d3:a8:f9:82:81:a0:d3:05:
         3d:34:0f:79:f1:bd:67:01:9f:c6:dd:8e:80:0f:ed:f5:bd:4b:
         eb:c4:c3:82:09:88:80:21:ee:90:f9:8d:7a:0e:38:e0:bb:26:
         5a:44:f1:f6:a7:d1:6f:9d:96:27:c2:2d:77:42:33:de:d6:ac:
         14:76:e8:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHCJJOb4b3fIY3fJE2glm98MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNWE0MDlkMjdiOWE2OTM0NjMyNDAwNDY5NGRhMTFiZWFl
MDJkYmIwHhcNMjQwOTA1MTIyNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTE1MWRjNzRkOTg0YTUxMWVkOTczN2U5MjgxN2E0YjU2YzE5ZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy++tmi3Gg5pq2IfZ+9JWRInQ8uPi
pDWwNHt3jjpqW9e1Ex/uwd81sJpP3U7LtO3knQrEiEPWYQP+OGHn43EJDofAWES8
0c9bcmKWo/C26wk4XJGrxAc6gFKYOMDWbPG/rnYuROvmB38LFpbUkHkTK6b17TIu
pY5wLa182/0qmMRrPRX1KVFSx3w3+UnNwgTeyVL6iBETeFAnIx/3XS63X4bH7q1d
oYxaxy85MSgoI9cFpYbkYyY2pfQUBuuIrUdeck9oXjnRcxy9iwl3IsBxKqIMgZ34
fUgtLRr64AyeF3Swp6dQnFRQxbWsiMR96QtYe2w5aSXSLMglY6woqNTTpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNkVHcdNmEpRHtlzfpKBektWwZ9cMB8GA1UdIwQY
MBaAFCFaQJ0nuaaTRjJABGlNoRvq4C27MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZwQW5TZTVwcE5HTWtBRWFVMmhHLXJnTGJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9mMGM5ZTMtMWM0MC00ZjMzLTk1Y2Ut
OThkMmZlZTBmODdhLzEvMlJVZHgwMllTbEVlMlhOLWtvRjZTMWJCbjF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9mMGM5ZTMtMWM0MC00ZjMzLTk1Y2UtOThkMmZlZTBmODdh
LzEvSVZwQW5TZTVwcE5HTWtBRWFVMmhHLXJnTGJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuYawAwQB
uYayMA0GCSqGSIb3DQEBCwUAA4IBAQB5EB6ny9DLQGEmCRODqT27XFADX+ihnagz
wmcD2kRR/aC3TKqdmw0Q3+WSTU9iJ0W5Gd2xwZWFalvULk5Zj2CouWv5wneh0Ipt
Ga73fvl2XBo0Vk3h24zCp134dYpS7tEMjOYh2K0yX5XOQoT1r3u1fSB134AEgmoh
x6otb7W/JqFOaVtaRjn8xK8tMTV9KAjaj8izCcIzEPKCFRJm6Fo8bxPUyjcTHWQ7
kphFLr34/AaS61uCY6rbbyBUYbyV06j5goGg0wU9NA958b1nAZ/G3Y6AD+31vUvr
xMOCCYiAIe6Q+Y16DjjguyZaRPH2p9FvnZYnwi13QjPe1qwUdujm
-----END CERTIFICATE-----