Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/DL21VQN0mBb50HU2wFLIY7yrnzs.roa
File:                     DL21VQN0mBb50HU2wFLIY7yrnzs.roa (raw, json)
Hash identifier:          qSPg2bEUrhI4/fY1iXCuE9hLZfBCMe2m2vXsvjlWeSk=
Subject key identifier:   0C:BD:B5:55:03:74:98:16:F9:D0:75:36:C0:52:C8:63:BC:AB:9F:3B
Certificate issuer:       /CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
Certificate serial:       018CC64B7CEE53671D71EF8845AFE897DD59
Authority key identifier: ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/DL21VQN0mBb50HU2wFLIY7yrnzs.roa
Signing time:             Mon 01 Jan 2024 18:31:25 +0000
ROA not before:           Mon 01 Jan 2024 18:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208590
IP address blocks:        79.110.170.0/24 maxlen: 24
                          2a0d:1a43::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7c:ee:53:67:1d:71:ef:88:45:af:e8:97:dd:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
        Validity
            Not Before: Jan  1 18:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cbdb55503749816f9d07536c052c863bcab9f3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c6:a6:e6:7d:e8:e4:53:3c:bc:fa:a0:c6:1d:
                    b6:de:4b:51:88:4a:fb:77:9b:f9:9f:1e:53:d5:e4:
                    db:7e:2f:87:1d:ef:a1:b2:20:42:04:b6:bd:a3:d4:
                    87:6a:17:67:11:20:98:b7:10:f6:9c:c3:40:11:31:
                    b5:3c:9c:e5:f0:38:a0:27:ad:ec:2c:66:fc:86:39:
                    bb:21:10:c5:8b:ab:7c:47:cc:6c:97:9b:4d:4b:5f:
                    8f:b2:ee:fb:51:66:c9:a7:5f:ec:2e:0c:35:b7:5b:
                    a5:7d:66:72:55:aa:4f:37:96:49:dd:2d:1e:78:a7:
                    af:c8:e9:7f:c0:65:10:ba:7c:94:f0:fc:00:51:bc:
                    ad:5b:a1:5a:98:a5:c0:8d:af:f7:f7:ad:1b:53:e2:
                    91:28:ac:a0:c1:f7:89:11:62:c5:f5:c5:45:09:f8:
                    be:b7:13:a9:eb:26:fd:4c:06:f3:5e:a8:27:c0:ec:
                    29:98:fb:d1:10:37:21:18:5e:4d:e9:a3:e2:7a:cb:
                    e1:7b:4c:ab:b7:e2:0d:fa:54:b8:af:8c:55:1d:38:
                    6f:37:62:31:f8:e7:f5:d6:71:c8:dc:dd:cd:41:4e:
                    e0:d2:6e:20:7e:b1:92:49:ea:d5:80:d1:9f:d1:46:
                    58:28:3c:c2:9d:14:3c:0b:bb:58:20:21:47:1d:60:
                    83:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:BD:B5:55:03:74:98:16:F9:D0:75:36:C0:52:C8:63:BC:AB:9F:3B
            X509v3 Authority Key Identifier:
                keyid:ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/DL21VQN0mBb50HU2wFLIY7yrnzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.170.0/24
                IPv6:
                  2a0d:1a43::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:b2:97:1f:10:c5:84:0f:b2:f0:73:65:e5:b8:8a:14:69:1c:
         a7:3d:23:5f:87:41:36:d8:cd:dc:bb:85:c0:6c:c7:64:47:d2:
         19:df:de:0b:ad:a3:5a:b1:cc:d7:cf:7e:92:18:82:dd:9d:84:
         1d:91:64:a9:0f:0f:1c:7f:ca:ea:c4:9e:e6:19:7a:df:d2:2f:
         23:66:7c:89:05:d8:ae:ab:5b:5b:81:de:27:69:34:03:fc:cd:
         a4:b5:84:eb:fd:3c:7a:0f:80:ab:9a:54:bd:e5:11:1c:3d:eb:
         38:3d:88:3f:61:ae:c6:59:e4:ea:b7:51:ea:72:6e:38:0e:41:
         79:da:fe:ea:56:4b:7b:78:ff:f3:2b:72:ea:a5:cf:13:75:1f:
         9c:d8:54:ac:16:1e:57:42:3e:12:8c:2d:64:63:87:82:69:23:
         32:5a:de:81:75:1b:16:da:90:6d:08:74:cd:ec:a1:71:5e:5b:
         1c:0f:9a:14:11:0f:04:19:ed:70:a6:53:37:02:6d:e1:bd:1d:
         c6:af:bb:e2:d8:1f:3b:92:df:e2:17:b4:d0:65:2c:44:05:36:
         bd:5e:b7:1d:ca:34:a9:73:22:09:79:cd:e0:75:fb:ed:3a:08:
         29:f7:83:a7:51:9a:94:ad:06:e1:69:6e:67:05:c3:43:74:5d:
         95:33:bc:de
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS3zuU2cdce+IRa/ol91ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdlNmI5MjViM2I3YTdhYmI5Mjg4NWQ1NWQ3MzNkYzVm
YTYyZDIwHhcNMjQwMTAxMTgzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2JkYjU1NTAzNzQ5ODE2ZjlkMDc1MzZjMDUyYzg2M2JjYWI5ZjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocam5n3o5FM8vPqgxh223ktRiEr7
d5v5nx5T1eTbfi+HHe+hsiBCBLa9o9SHahdnESCYtxD2nMNAETG1PJzl8DigJ63s
LGb8hjm7IRDFi6t8R8xsl5tNS1+Psu77UWbJp1/sLgw1t1ulfWZyVapPN5ZJ3S0e
eKevyOl/wGUQunyU8PwAUbytW6FamKXAja/3960bU+KRKKygwfeJEWLF9cVFCfi+
txOp6yb9TAbzXqgnwOwpmPvREDchGF5N6aPiesvhe0yrt+IN+lS4r4xVHThvN2Ix
+Of11nHI3N3NQU7g0m4gfrGSSerVgNGf0UZYKDzCnRQ8C7tYICFHHWCD4wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAy9tVUDdJgW+dB1NsBSyGO8q587MB8GA1UdIwQY
MBaAFO135rkls7enq7kohdVdcz3F+mLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMt
OTI4MTlkZThhMDM2LzEvREwyMVZRTjBtQmI1MEhVMndGTElZN3lybnpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMtOTI4MTlkZThhMDM2
LzEvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAT26qMA0E
AgACMAcDBQAqDRpDMA0GCSqGSIb3DQEBCwUAA4IBAQA+spcfEMWED7Lwc2XluIoU
aRynPSNfh0E22M3cu4XAbMdkR9IZ394LraNasczXz36SGILdnYQdkWSpDw8cf8rq
xJ7mGXrf0i8jZnyJBdiuq1tbgd4naTQD/M2ktYTr/Tx6D4CrmlS95REcPes4PYg/
Ya7GWeTqt1Hqcm44DkF52v7qVkt7eP/zK3Lqpc8TdR+c2FSsFh5XQj4SjC1kY4eC
aSMyWt6BdRsW2pBtCHTN7KFxXlscD5oUEQ8EGe1wplM3Am3hvR3Gr7vi2B87kt/i
F7TQZSxEBTa9XrcdyjSpcyIJec3gdfvtOggp94OnUZqUrQbhaW5nBcNDdF2VM7ze
-----END CERTIFICATE-----