Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/DNEiI_JV_7P9b2PfzfGRK2GBdsw.roa
File:                     DNEiI_JV_7P9b2PfzfGRK2GBdsw.roa (raw, json)
Hash identifier:          uGucDgrNVBEFgQstXrsAAAxzB7ecSFCsW8LyY7k1ajM=
Subject key identifier:   0C:D1:22:23:F2:55:FF:B3:FD:6F:63:DF:CD:F1:91:2B:61:81:76:CC
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019082EF4ABB91F612C77BD1E0EC7C0C530C
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/DNEiI_JV_7P9b2PfzfGRK2GBdsw.roa
Signing time:             Fri 05 Jul 2024 12:47:18 +0000
ROA not before:           Fri 05 Jul 2024 12:47:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1004
IP address blocks:        85.202.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:82:ef:4a:bb:91:f6:12:c7:7b:d1:e0:ec:7c:0c:53:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jul  5 12:47:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cd12223f255ffb3fd6f63dfcdf1912b618176cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:27:d1:a9:f4:7b:5b:e6:52:5f:44:4b:b7:f6:
                    7a:de:de:d1:d5:6c:d7:27:f0:1f:22:10:51:a9:38:
                    06:a1:a8:a7:e8:14:80:c9:60:5e:15:bc:fd:6b:00:
                    f9:45:ca:9e:4f:b0:c0:54:0b:d6:bb:fc:1d:4f:10:
                    92:90:1b:22:8d:b0:c4:1d:a9:5b:e2:c0:55:c5:ad:
                    a3:f6:60:f4:9a:b8:7d:ca:24:e3:6e:cd:e7:d2:99:
                    3b:2d:2f:f0:10:e8:2a:88:50:0f:da:0c:96:95:ff:
                    91:12:8e:92:04:62:b3:bd:02:55:7a:ad:d1:96:ce:
                    78:cf:51:6c:66:c8:f4:97:ae:79:f0:ec:fc:76:0c:
                    d0:58:b4:0b:0d:98:0b:59:58:48:3a:7f:88:73:8e:
                    e0:ba:96:ac:70:23:02:41:0f:4d:f6:63:38:a1:a5:
                    41:f3:f9:f1:c1:6d:5b:c2:4e:38:97:af:73:d1:91:
                    c8:96:a9:c9:d6:9b:9d:95:2f:45:44:dc:5a:bc:60:
                    24:99:e5:e3:38:d9:9c:05:90:fb:40:c5:a0:7c:78:
                    56:c7:25:a9:10:33:38:bc:3a:9f:58:44:ab:8b:19:
                    27:14:f9:5b:15:1e:ba:c6:59:4e:56:9d:93:61:5b:
                    e6:ee:62:45:8b:2e:1c:a5:4b:d6:26:28:af:a9:bd:
                    96:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D1:22:23:F2:55:FF:B3:FD:6F:63:DF:CD:F1:91:2B:61:81:76:CC
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/DNEiI_JV_7P9b2PfzfGRK2GBdsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:45:c6:84:cf:b4:24:92:84:31:e2:9c:42:40:cd:b4:55:1e:
         16:d9:33:71:99:db:19:96:7e:8b:0d:d5:86:ba:0b:fe:90:7d:
         79:20:20:7a:7a:6d:e8:c3:aa:c8:90:b0:b2:36:20:67:e4:9c:
         45:68:e6:66:38:8e:e9:af:ec:18:3f:44:3a:40:2b:28:a5:2f:
         94:d0:cb:ec:37:b6:c8:be:4a:dc:d6:bb:96:3a:b5:44:0a:98:
         c8:8b:57:c9:c6:f5:a4:60:07:40:e4:13:58:f9:e9:d9:85:c5:
         32:97:e3:0b:c7:c6:28:b7:7e:7c:7d:0e:d1:36:21:1f:2a:69:
         fd:4f:e5:4c:cc:08:83:52:0d:e7:2b:6d:78:31:a6:92:c6:b4:
         81:a2:fb:2a:47:a2:62:4c:fc:4d:b2:01:ef:1c:cf:f9:d7:e7:
         ab:a4:6b:d8:f6:d6:12:97:db:c8:19:49:6f:f9:e7:21:41:30:
         40:71:a1:86:a9:ef:74:05:26:bf:33:2b:d8:0f:ef:6b:1b:8b:
         1f:78:8b:0e:05:bb:6c:56:bb:50:e1:c5:8c:4f:01:77:05:0b:
         91:ca:4e:26:c2:17:2e:19:56:79:48:88:a7:20:b2:a0:5b:c7:
         b2:e6:74:ee:b7:15:9e:90:53:e4:45:04:a6:01:fc:8a:04:05:
         23:a6:45:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCC70q7kfYSx3vR4Ox8DFMMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwNzA1MTI0NzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2QxMjIyM2YyNTVmZmIzZmQ2ZjYzZGZjZGYxOTEyYjYxODE3NmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyfRqfR7W+ZSX0RLt/Z63t7R1WzX
J/AfIhBRqTgGoain6BSAyWBeFbz9awD5RcqeT7DAVAvWu/wdTxCSkBsijbDEHalb
4sBVxa2j9mD0mrh9yiTjbs3n0pk7LS/wEOgqiFAP2gyWlf+REo6SBGKzvQJVeq3R
ls54z1FsZsj0l6558Oz8dgzQWLQLDZgLWVhIOn+Ic47gupascCMCQQ9N9mM4oaVB
8/nxwW1bwk44l69z0ZHIlqnJ1pudlS9FRNxavGAkmeXjONmcBZD7QMWgfHhWxyWp
EDM4vDqfWESrixknFPlbFR66xllOVp2TYVvm7mJFiy4cpUvWJiivqb2WjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzRIiPyVf+z/W9j383xkSthgXbMMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvRE5FaUlfSlZfN1A5YjJQZnpmR1JLMkdCZHN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcqgMA0G
CSqGSIb3DQEBCwUAA4IBAQBIRcaEz7QkkoQx4pxCQM20VR4W2TNxmdsZln6LDdWG
ugv+kH15ICB6em3ow6rIkLCyNiBn5JxFaOZmOI7pr+wYP0Q6QCsopS+U0MvsN7bI
vkrc1ruWOrVECpjIi1fJxvWkYAdA5BNY+enZhcUyl+MLx8Yot358fQ7RNiEfKmn9
T+VMzAiDUg3nK214MaaSxrSBovsqR6JiTPxNsgHvHM/51+erpGvY9tYSl9vIGUlv
+echQTBAcaGGqe90BSa/MyvYD+9rG4sfeIsOBbtsVrtQ4cWMTwF3BQuRyk4mwhcu
GVZ5SIinILKgW8ey5nTutxWekFPkRQSmAfyKBAUjpkXN
-----END CERTIFICATE-----