Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Pdla7N6gjUbtXWXba8IG46AUmMw.roa
File:                     Pdla7N6gjUbtXWXba8IG46AUmMw.roa (raw, json)
Hash identifier:          CmFrtQHUmUBBokl0R1/jF1Ey7HXNozduJpmgtuyzi4U=
Subject key identifier:   3D:D9:5A:EC:DE:A0:8D:46:ED:5D:65:DB:6B:C2:06:E3:A0:14:98:CC
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018D94ABAF80D9D44D138F76EE559D61D0D6
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Pdla7N6gjUbtXWXba8IG46AUmMw.roa
Signing time:             Sat 10 Feb 2024 20:18:15 +0000
ROA not before:           Sat 10 Feb 2024 20:18:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215545
IP address blocks:        85.120.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:94:ab:af:80:d9:d4:4d:13:8f:76:ee:55:9d:61:d0:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Feb 10 20:18:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dd95aecdea08d46ed5d65db6bc206e3a01498cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0d:b5:fb:78:5d:da:08:f0:21:21:e7:cd:fc:
                    d6:0b:79:4a:4c:a4:d1:5e:f2:3c:52:30:18:3d:1a:
                    23:72:03:9b:8c:5b:33:b3:e3:bb:cb:2e:fc:1e:36:
                    a8:aa:2f:32:54:b5:54:b7:26:f4:8c:97:b6:0a:05:
                    b5:60:02:1a:85:eb:bc:35:7b:86:ba:f2:89:9f:af:
                    b7:f4:44:a6:15:45:d7:4d:7f:a0:87:cb:83:97:9b:
                    3f:a5:86:17:72:cb:4d:5e:13:80:45:38:1f:91:b0:
                    0f:47:dc:e9:d2:f1:c0:57:46:98:25:6c:13:e6:09:
                    50:53:07:60:d1:53:b1:4d:91:32:ce:39:e2:bb:89:
                    33:1b:14:f8:c8:94:94:7c:71:0e:40:58:86:71:e8:
                    a0:95:a5:6b:74:0c:d8:ee:a6:16:4b:f8:c3:30:d3:
                    ac:38:39:47:91:ba:1a:f2:5e:d3:54:19:74:32:c0:
                    5d:ef:5e:c3:4f:f3:e9:1d:41:f4:fb:8a:ff:51:cc:
                    e1:49:0a:cb:44:3d:11:ed:19:0a:6c:46:7d:2e:69:
                    3b:6e:37:a6:b0:f4:9c:5e:ee:78:24:c6:50:71:61:
                    11:c9:ae:5e:b1:33:fd:e8:30:79:b9:3c:07:be:37:
                    f4:88:dc:e3:14:57:19:5d:b3:5a:60:3b:eb:39:07:
                    5f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D9:5A:EC:DE:A0:8D:46:ED:5D:65:DB:6B:C2:06:E3:A0:14:98:CC
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Pdla7N6gjUbtXWXba8IG46AUmMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:8a:b9:f2:d9:f3:bd:c1:20:64:0a:9e:d5:c3:23:56:2d:a9:
         e1:5b:e9:75:0c:a8:5a:61:79:7f:fa:04:f4:9f:8d:2a:02:36:
         f4:04:79:ff:9e:5b:9a:eb:5d:ed:ce:2f:fa:64:13:77:d2:37:
         72:8f:f3:8a:73:3c:a5:d9:f7:1a:1a:d5:23:5e:68:69:fd:9d:
         9a:d4:69:7f:9e:92:4e:dc:c8:63:9e:8d:40:03:ee:8c:de:bc:
         1e:ab:31:9e:da:ec:00:28:9d:76:08:bf:35:63:3f:90:00:98:
         65:ae:bd:ca:2c:04:e0:06:bd:18:ad:40:fe:36:43:78:21:62:
         5f:3a:3c:aa:63:72:34:3d:f5:d9:3f:51:a3:12:95:fa:58:40:
         1a:ec:b2:52:a0:0b:51:5a:a0:02:d7:30:aa:2f:26:5f:09:18:
         76:29:14:c5:7c:76:26:75:c0:60:8b:08:d5:fe:44:a1:0d:c5:
         f2:f0:75:09:5a:3e:16:60:36:36:ea:bc:e2:e9:fa:3e:f7:3e:
         ee:ef:23:c4:9d:2d:3c:31:4b:f2:4a:59:04:d7:10:67:8d:26:
         4b:e5:01:48:cf:c7:27:38:d9:ae:d7:2b:5b:c7:99:2f:cc:1f:
         49:6d:c8:ec:80:72:94:9b:48:99:53:6c:eb:1a:3c:27:2f:01:
         ed:e8:8f:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2Uq6+A2dRNE4927lWdYdDWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMjEwMjAxODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGQ5NWFlY2RlYTA4ZDQ2ZWQ1ZDY1ZGI2YmMyMDZlM2EwMTQ5OGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQ21+3hd2gjwISHnzfzWC3lKTKTR
XvI8UjAYPRojcgObjFszs+O7yy78Hjaoqi8yVLVUtyb0jJe2CgW1YAIaheu8NXuG
uvKJn6+39ESmFUXXTX+gh8uDl5s/pYYXcstNXhOARTgfkbAPR9zp0vHAV0aYJWwT
5glQUwdg0VOxTZEyzjniu4kzGxT4yJSUfHEOQFiGceiglaVrdAzY7qYWS/jDMNOs
ODlHkboa8l7TVBl0MsBd717DT/PpHUH0+4r/UczhSQrLRD0R7RkKbEZ9Lmk7bjem
sPScXu54JMZQcWERya5esTP96DB5uTwHvjf0iNzjFFcZXbNaYDvrOQdfYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3ZWuzeoI1G7V1l22vCBuOgFJjMMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvUGRsYTdONmdqVWJ0WFdYYmE4SUc0NkFVbU13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXgEMA0G
CSqGSIb3DQEBCwUAA4IBAQCZirny2fO9wSBkCp7VwyNWLanhW+l1DKhaYXl/+gT0
n40qAjb0BHn/nlua613tzi/6ZBN30jdyj/OKczyl2fcaGtUjXmhp/Z2a1Gl/npJO
3Mhjno1AA+6M3rweqzGe2uwAKJ12CL81Yz+QAJhlrr3KLATgBr0YrUD+NkN4IWJf
OjyqY3I0PfXZP1GjEpX6WEAa7LJSoAtRWqAC1zCqLyZfCRh2KRTFfHYmdcBgiwjV
/kShDcXy8HUJWj4WYDY26rzi6fo+9z7u7yPEnS08MUvySlkE1xBnjSZL5QFIz8cn
ONmu1ytbx5kvzB9JbcjsgHKUm0iZU2zrGjwnLwHt6I9r
-----END CERTIFICATE-----