Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/cddf94-8d51-41cd-8a5b-a0b4930cbd1e/1/1FnYlUmT0z8WEcuve2nW8k3Z5Do.roa
File:                     1FnYlUmT0z8WEcuve2nW8k3Z5Do.roa (raw, json)
Hash identifier:          Os+7+sbyIFri+y/inYii5kRDGK+7D6pYYcqQeqTT6VQ=
Subject key identifier:   D4:59:D8:95:49:93:D3:3F:16:11:CB:AF:7B:69:D6:F2:4D:D9:E4:3A
Certificate issuer:       /CN=96179b39d1c1d28f5063ca921d6007e363e1c60b
Certificate serial:       018CC726D3D368C78090CF2EDAC7C78437B8
Authority key identifier: 96:17:9B:39:D1:C1:D2:8F:50:63:CA:92:1D:60:07:E3:63:E1:C6:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lhebOdHB0o9QY8qSHWAH42Phxgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/cddf94-8d51-41cd-8a5b-a0b4930cbd1e/1/1FnYlUmT0z8WEcuve2nW8k3Z5Do.roa
Signing time:             Mon 01 Jan 2024 22:30:59 +0000
ROA not before:           Mon 01 Jan 2024 22:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209633
IP address blocks:        139.28.184.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/cddf94-8d51-41cd-8a5b-a0b4930cbd1e/1/lhebOdHB0o9QY8qSHWAH42Phxgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/cddf94-8d51-41cd-8a5b-a0b4930cbd1e/1/lhebOdHB0o9QY8qSHWAH42Phxgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lhebOdHB0o9QY8qSHWAH42Phxgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d3:d3:68:c7:80:90:cf:2e:da:c7:c7:84:37:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96179b39d1c1d28f5063ca921d6007e363e1c60b
        Validity
            Not Before: Jan  1 22:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d459d8954993d33f1611cbaf7b69d6f24dd9e43a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c4:01:20:4b:ca:70:d9:4c:62:cc:b9:25:eb:
                    81:f5:92:47:d3:d2:b8:5d:59:4f:24:90:2f:35:70:
                    d9:ac:d4:d7:59:f7:2c:76:97:23:96:09:92:89:81:
                    33:5a:db:27:3e:ca:c0:a2:63:eb:b8:cb:ab:2c:85:
                    06:47:5d:91:35:8e:6c:b4:ac:c1:98:6f:41:5d:58:
                    57:4e:e2:75:d7:be:d1:a1:08:d8:31:2e:e3:be:39:
                    40:cc:7f:ac:7b:8d:57:02:6f:a7:96:13:b4:d5:35:
                    13:22:fa:71:bc:b4:97:59:ef:aa:05:b2:ba:c5:3d:
                    57:27:db:da:6f:e9:3f:0f:e7:c1:83:89:58:22:8e:
                    70:09:93:fe:77:0c:99:0a:d2:db:2d:d0:d1:5e:5d:
                    e5:75:33:87:06:ef:dc:76:b1:95:b8:d8:fa:fb:75:
                    ee:a3:e1:ff:61:88:db:a3:7d:2e:85:2d:de:fe:9c:
                    44:5b:d6:57:b1:1c:be:e8:9d:92:28:18:42:ea:99:
                    8b:13:8e:bb:68:7c:ed:b9:01:5b:c3:ac:fe:03:19:
                    a8:10:c4:27:c4:35:e0:6a:4c:ff:03:cb:09:35:78:
                    4a:b9:c0:a4:a5:e4:15:2a:5b:b0:62:4d:88:dd:cb:
                    28:fb:40:3f:5f:c4:88:ba:ad:20:2a:ef:c0:20:d3:
                    16:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:59:D8:95:49:93:D3:3F:16:11:CB:AF:7B:69:D6:F2:4D:D9:E4:3A
            X509v3 Authority Key Identifier:
                keyid:96:17:9B:39:D1:C1:D2:8F:50:63:CA:92:1D:60:07:E3:63:E1:C6:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lhebOdHB0o9QY8qSHWAH42Phxgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/cddf94-8d51-41cd-8a5b-a0b4930cbd1e/1/1FnYlUmT0z8WEcuve2nW8k3Z5Do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/cddf94-8d51-41cd-8a5b-a0b4930cbd1e/1/lhebOdHB0o9QY8qSHWAH42Phxgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:2f:4a:18:82:eb:57:94:ed:06:81:0c:de:a2:21:1f:61:3e:
         2d:36:14:24:1d:9e:ab:db:b5:a9:d1:bf:e3:27:31:ab:dd:fd:
         8e:66:a1:11:e4:43:44:aa:c0:fb:3a:68:26:62:70:90:64:dd:
         2e:8d:16:3c:b8:ae:d1:21:61:3f:d6:e4:53:aa:19:e8:46:d9:
         66:f6:3a:7d:0f:f8:7f:65:75:b7:17:23:65:c0:66:ef:0e:60:
         7e:df:7d:86:4b:91:a5:e9:47:15:12:24:40:b8:df:a9:03:b0:
         ea:1b:8f:cd:44:5b:64:46:1c:cb:04:cb:fa:15:b6:10:90:d2:
         f6:70:cf:b4:6e:bb:d8:96:36:3b:3d:5d:a8:aa:46:c8:14:09:
         b5:98:c8:c2:96:99:b5:e7:55:16:ea:d0:b3:fb:a6:cd:cd:b5:
         bd:8e:ab:62:8d:76:0d:f0:e7:f7:1d:27:d0:53:2d:01:8e:b0:
         13:f9:fd:3a:d5:a2:43:ac:dd:2d:25:64:8b:f4:1d:3b:7f:09:
         20:19:48:ed:77:35:d2:ce:19:a2:ab:79:1b:de:70:fd:8b:30:
         28:6d:19:ed:81:be:39:a7:74:f9:eb:81:ee:81:c1:6c:65:3d:
         6c:df:36:93:4d:f6:a8:7e:d1:ed:5a:a3:d1:26:38:fa:55:84:
         0e:1b:86:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJtPTaMeAkM8u2sfHhDe4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MTc5YjM5ZDFjMWQyOGY1MDYzY2E5MjFkNjAwN2UzNjNl
MWM2MGIwHhcNMjQwMTAxMjIzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDU5ZDg5NTQ5OTNkMzNmMTYxMWNiYWY3YjY5ZDZmMjRkZDllNDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsQBIEvKcNlMYsy5JeuB9ZJH09K4
XVlPJJAvNXDZrNTXWfcsdpcjlgmSiYEzWtsnPsrAomPruMurLIUGR12RNY5stKzB
mG9BXVhXTuJ1177RoQjYMS7jvjlAzH+se41XAm+nlhO01TUTIvpxvLSXWe+qBbK6
xT1XJ9vab+k/D+fBg4lYIo5wCZP+dwyZCtLbLdDRXl3ldTOHBu/cdrGVuNj6+3Xu
o+H/YYjbo30uhS3e/pxEW9ZXsRy+6J2SKBhC6pmLE467aHztuQFbw6z+AxmoEMQn
xDXgakz/A8sJNXhKucCkpeQVKluwYk2I3cso+0A/X8SIuq0gKu/AINMW3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRZ2JVJk9M/FhHLr3tp1vJN2eQ6MB8GA1UdIwQY
MBaAFJYXmznRwdKPUGPKkh1gB+Nj4cYLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGhlYk9kSEIwbzlRWThxU0hXQUg0MlBoeGdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9jZGRmOTQtOGQ1MS00MWNkLThhNWIt
YTBiNDkzMGNiZDFlLzEvMUZuWWxVbVQwejhXRWN1dmUyblc4azNaNURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9jZGRmOTQtOGQ1MS00MWNkLThhNWItYTBiNDkzMGNiZDFl
LzEvbGhlYk9kSEIwbzlRWThxU0hXQUg0MlBoeGdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixy4MA0G
CSqGSIb3DQEBCwUAA4IBAQBYL0oYgutXlO0GgQzeoiEfYT4tNhQkHZ6r27Wp0b/j
JzGr3f2OZqER5ENEqsD7OmgmYnCQZN0ujRY8uK7RIWE/1uRTqhnoRtlm9jp9D/h/
ZXW3FyNlwGbvDmB+332GS5Gl6UcVEiRAuN+pA7DqG4/NRFtkRhzLBMv6FbYQkNL2
cM+0brvYljY7PV2oqkbIFAm1mMjClpm151UW6tCz+6bNzbW9jqtijXYN8Of3HSfQ
Uy0BjrAT+f061aJDrN0tJWSL9B07fwkgGUjtdzXSzhmiq3kb3nD9izAobRntgb45
p3T564HugcFsZT1s3zaTTfaoftHtWqPRJjj6VYQOG4a0
-----END CERTIFICATE-----