Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/e65ada-4d4a-404d-8700-c2256804e922/1/dnfHFklZo6occvW-eJjsA220YVE.roa
File:                     dnfHFklZo6occvW-eJjsA220YVE.roa (raw, json)
Hash identifier:          R5+4j+i9sSFBkEiL0zZHxS/FDSVDMHagBXItgtdAoc0=
Subject key identifier:   76:77:C7:16:49:59:A3:AA:1C:72:F5:BE:78:98:EC:03:6D:B4:61:51
Certificate issuer:       /CN=3ecd53c66424c3f369ca88ee7af76adb25e18451
Certificate serial:       018CCA9926D6B6D2D7844992BC89E7FDD70C
Authority key identifier: 3E:CD:53:C6:64:24:C3:F3:69:CA:88:EE:7A:F7:6A:DB:25:E1:84:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ps1TxmQkw_Npyojuevdq2yXhhFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/e65ada-4d4a-404d-8700-c2256804e922/1/dnfHFklZo6occvW-eJjsA220YVE.roa
Signing time:             Tue 02 Jan 2024 14:34:43 +0000
ROA not before:           Tue 02 Jan 2024 14:34:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48329
IP address blocks:        185.159.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/e65ada-4d4a-404d-8700-c2256804e922/1/Ps1TxmQkw_Npyojuevdq2yXhhFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/e65ada-4d4a-404d-8700-c2256804e922/1/Ps1TxmQkw_Npyojuevdq2yXhhFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ps1TxmQkw_Npyojuevdq2yXhhFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:26:d6:b6:d2:d7:84:49:92:bc:89:e7:fd:d7:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ecd53c66424c3f369ca88ee7af76adb25e18451
        Validity
            Not Before: Jan  2 14:34:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7677c7164959a3aa1c72f5be7898ec036db46151
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:17:8b:c3:0e:3b:f6:17:9f:96:de:bb:38:81:
                    08:57:fb:22:d6:ce:e9:55:37:2d:6b:38:93:94:9a:
                    40:68:8e:35:93:9a:3e:8e:8c:4a:78:59:08:ee:39:
                    9a:8c:ab:29:cc:c2:8e:24:24:d2:84:b8:73:43:b2:
                    c6:7d:41:ed:e2:c4:39:e4:66:c4:79:44:d9:92:0f:
                    84:a5:1b:81:e2:98:ab:53:88:03:e9:c1:68:c4:3a:
                    da:3f:d0:f8:05:53:76:4c:b3:0d:04:41:3c:69:87:
                    10:03:db:71:7e:89:ac:e5:d8:66:d5:46:c4:98:3a:
                    93:05:e5:f7:6f:89:c5:02:97:08:45:c4:99:f0:72:
                    58:61:30:4f:23:72:6f:9f:9c:72:64:5b:fb:10:9b:
                    57:21:29:f6:61:5c:46:d9:c5:a0:90:75:3d:5c:f8:
                    61:e7:84:a2:29:ed:bf:47:94:f6:50:91:9a:fd:08:
                    d5:93:f3:27:cb:14:86:e8:a9:fe:85:85:f5:e3:35:
                    15:4e:5c:22:35:4b:32:15:5f:83:40:0a:70:25:6e:
                    05:32:dc:34:1f:e8:2d:e7:ed:68:f8:b0:bc:5f:2d:
                    4f:28:1d:3d:5b:27:12:e5:77:7e:a2:34:16:18:ee:
                    88:67:61:63:67:8a:bf:7a:47:44:39:55:7e:4f:6d:
                    e1:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:77:C7:16:49:59:A3:AA:1C:72:F5:BE:78:98:EC:03:6D:B4:61:51
            X509v3 Authority Key Identifier:
                keyid:3E:CD:53:C6:64:24:C3:F3:69:CA:88:EE:7A:F7:6A:DB:25:E1:84:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ps1TxmQkw_Npyojuevdq2yXhhFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e65ada-4d4a-404d-8700-c2256804e922/1/dnfHFklZo6occvW-eJjsA220YVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e65ada-4d4a-404d-8700-c2256804e922/1/Ps1TxmQkw_Npyojuevdq2yXhhFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:44:a0:3c:ed:ee:b5:60:88:51:4d:6f:95:e5:de:a0:88:45:
         46:6c:95:3c:c9:f3:3a:63:cc:22:20:c9:2c:90:f7:af:b7:c4:
         9f:5b:83:95:ed:4d:dd:56:78:69:f6:c3:e2:d3:94:bb:e1:1b:
         92:91:26:cd:fd:82:ae:a7:f4:2e:e1:18:7d:6b:b1:87:ef:cc:
         02:53:54:f1:a8:a3:40:f6:0b:cd:bb:b9:19:e4:ce:c0:7f:01:
         88:41:e0:12:71:f1:06:e5:39:36:9f:a5:f9:b1:fd:10:94:e4:
         e2:31:c9:f2:27:9e:5a:21:9b:27:0e:d3:e2:a1:e9:67:7b:89:
         be:41:0d:17:99:14:1a:cd:d3:a2:a7:a8:4d:38:84:36:0c:ca:
         bc:45:3d:f7:d6:9b:55:e5:72:e4:8c:89:2e:ed:41:03:70:56:
         8e:f0:57:5b:54:90:62:a1:2c:52:21:1a:b5:07:f5:94:a6:03:
         2e:cc:82:63:da:39:21:bb:2b:c2:21:eb:dd:4d:00:af:90:66:
         af:24:35:c6:55:da:89:65:bd:4f:80:66:99:8f:3a:dc:d7:3e:
         30:3d:52:58:a6:c2:a0:1a:2d:2e:58:2b:bc:2d:f6:26:34:03:
         2f:4b:02:0a:63:1a:31:ba:9d:97:55:63:2b:b4:bd:78:62:17:
         ea:19:1d:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmSbWttLXhEmSvInn/dcMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlY2Q1M2M2NjQyNGMzZjM2OWNhODhlZTdhZjc2YWRiMjVl
MTg0NTEwHhcNMjQwMTAyMTQzNDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njc3YzcxNjQ5NTlhM2FhMWM3MmY1YmU3ODk4ZWMwMzZkYjQ2MTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBeLww479heflt67OIEIV/si1s7p
VTctaziTlJpAaI41k5o+joxKeFkI7jmajKspzMKOJCTShLhzQ7LGfUHt4sQ55GbE
eUTZkg+EpRuB4pirU4gD6cFoxDraP9D4BVN2TLMNBEE8aYcQA9txfoms5dhm1UbE
mDqTBeX3b4nFApcIRcSZ8HJYYTBPI3Jvn5xyZFv7EJtXISn2YVxG2cWgkHU9XPhh
54SiKe2/R5T2UJGa/QjVk/MnyxSG6Kn+hYX14zUVTlwiNUsyFV+DQApwJW4FMtw0
H+gt5+1o+LC8Xy1PKB09WycS5Xd+ojQWGO6IZ2FjZ4q/ekdEOVV+T23hHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZ3xxZJWaOqHHL1vniY7ANttGFRMB8GA1UdIwQY
MBaAFD7NU8ZkJMPzacqI7nr3atsl4YRRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHMxVHhtUWt3X05weW9qdWV2ZHEyeVhoaEZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lNjVhZGEtNGQ0YS00MDRkLTg3MDAt
YzIyNTY4MDRlOTIyLzEvZG5mSEZrbFpvNm9jY3ZXLWVKanNBMjIwWVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lNjVhZGEtNGQ0YS00MDRkLTg3MDAtYzIyNTY4MDRlOTIy
LzEvUHMxVHhtUWt3X05weW9qdWV2ZHEyeVhoaEZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ9WMA0G
CSqGSIb3DQEBCwUAA4IBAQATRKA87e61YIhRTW+V5d6giEVGbJU8yfM6Y8wiIMks
kPevt8SfW4OV7U3dVnhp9sPi05S74RuSkSbN/YKup/Qu4Rh9a7GH78wCU1TxqKNA
9gvNu7kZ5M7AfwGIQeAScfEG5Tk2n6X5sf0QlOTiMcnyJ55aIZsnDtPioelne4m+
QQ0XmRQazdOip6hNOIQ2DMq8RT331ptV5XLkjIku7UEDcFaO8FdbVJBioSxSIRq1
B/WUpgMuzIJj2jkhuyvCIevdTQCvkGavJDXGVdqJZb1PgGaZjzrc1z4wPVJYpsKg
Gi0uWCu8LfYmNAMvSwIKYxoxup2XVWMrtL14YhfqGR1L
-----END CERTIFICATE-----