Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/tDP9U98q7yd3oXVcQtV6zy-lOIc.roa
File:                     tDP9U98q7yd3oXVcQtV6zy-lOIc.roa (raw, json)
Hash identifier:          uWbF29AwBVwDv+9LR8ez+XceHPEJqauUeFdcpKG8RuM=
Subject key identifier:   B4:33:FD:53:DF:2A:EF:27:77:A1:75:5C:42:D5:7A:CF:2F:A5:38:87
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       019200CD04963D9712573F3112188A282695
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/tDP9U98q7yd3oXVcQtV6zy-lOIc.roa
Signing time:             Tue 17 Sep 2024 16:24:48 +0000
ROA not before:           Tue 17 Sep 2024 16:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214669
IP address blocks:        43.240.148.0/24 maxlen: 24
                          147.185.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:40:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:00:cd:04:96:3d:97:12:57:3f:31:12:18:8a:28:26:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Sep 17 16:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b433fd53df2aef2777a1755c42d57acf2fa53887
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a1:be:a7:7b:8a:0e:36:a9:e8:c4:16:91:08:
                    2f:bc:e6:97:2d:55:1d:71:6b:7e:f4:53:83:ff:33:
                    e6:ca:80:f6:bc:01:a8:80:7b:23:57:62:0c:cc:68:
                    80:5b:44:f9:6b:b0:fb:3e:53:bd:09:aa:e2:11:65:
                    d0:e6:9f:f9:dd:89:50:5f:99:39:73:2c:11:5f:2c:
                    5f:30:49:7d:b6:ed:d4:d5:16:30:a5:96:5f:44:fc:
                    e2:d9:7b:da:4c:91:3b:d7:e6:50:57:b0:fa:8e:61:
                    17:e6:e5:b7:e3:b2:cb:e7:3e:52:78:f1:ce:b6:90:
                    a0:cc:04:29:3b:c2:9e:e6:eb:1e:03:db:9b:0c:72:
                    ff:24:49:f4:fe:51:ee:ca:ed:d2:f7:25:c7:02:7f:
                    a4:70:55:6f:7c:2a:ba:35:8c:fd:39:14:4b:6e:93:
                    09:63:2f:6c:4b:36:6c:0b:a0:af:22:9f:73:d5:ae:
                    e5:0f:0f:7e:73:43:f8:91:f3:9e:2b:cb:00:6b:dd:
                    c8:2e:61:10:ba:25:99:87:1e:3a:8a:69:e4:ad:43:
                    9d:c2:9f:fb:e7:3d:c8:04:a1:28:1a:30:99:97:c4:
                    68:2b:20:55:e2:25:3b:58:6f:a8:6d:08:80:55:25:
                    4f:51:7f:fd:b9:81:2f:6c:cf:ae:02:1e:c5:3b:aa:
                    20:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:33:FD:53:DF:2A:EF:27:77:A1:75:5C:42:D5:7A:CF:2F:A5:38:87
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/tDP9U98q7yd3oXVcQtV6zy-lOIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.148.0/24
                  147.185.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:bc:f7:00:60:79:17:17:0d:30:89:d6:c9:93:26:ce:f2:77:
         80:64:74:40:ad:c5:2c:da:ce:f0:63:25:e2:2d:fe:e5:23:e4:
         64:c8:1f:66:ce:c9:78:b8:06:a7:b5:32:3b:5e:fd:2a:8a:83:
         ca:83:05:2d:7a:fd:4d:1a:6b:ba:2a:ec:74:57:77:4a:7f:9e:
         c3:fa:ec:a7:0d:7f:43:00:8c:5f:b1:00:5a:56:40:7b:73:47:
         75:11:07:3d:a8:c1:94:67:a9:c6:03:e3:d2:8c:d9:5b:25:d6:
         a7:a0:8f:82:53:35:5e:1a:3a:04:9e:99:73:d7:b7:76:27:44:
         6c:e7:1a:29:15:ed:a6:3b:e2:84:9c:a6:8d:e5:9a:76:b0:52:
         1f:d2:13:69:f2:8e:73:96:65:ff:e2:82:c7:75:bd:2d:78:a7:
         4f:48:bc:25:90:f8:dd:44:ab:de:40:9a:58:b2:91:d0:c2:7b:
         a0:73:a3:ea:b7:29:ac:f9:04:6f:63:06:04:7e:b2:9c:e3:e4:
         ad:cf:83:b2:92:36:e3:3e:1c:3e:68:d8:30:45:bd:a5:65:c4:
         99:b9:c1:6f:3a:78:76:2b:6a:16:7a:aa:d9:cd:4f:1a:79:b2:
         b5:d1:fd:16:18:1e:4d:42:7a:72:75:df:08:6b:99:09:8d:42:
         00:ae:4a:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIAzQSWPZcSVz8xEhiKKCaVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjQwOTE3MTYyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDMzZmQ1M2RmMmFlZjI3NzdhMTc1NWM0MmQ1N2FjZjJmYTUzODg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaG+p3uKDjap6MQWkQgvvOaXLVUd
cWt+9FOD/zPmyoD2vAGogHsjV2IMzGiAW0T5a7D7PlO9CariEWXQ5p/53YlQX5k5
cywRXyxfMEl9tu3U1RYwpZZfRPzi2XvaTJE71+ZQV7D6jmEX5uW347LL5z5SePHO
tpCgzAQpO8Ke5useA9ubDHL/JEn0/lHuyu3S9yXHAn+kcFVvfCq6NYz9ORRLbpMJ
Yy9sSzZsC6CvIp9z1a7lDw9+c0P4kfOeK8sAa93ILmEQuiWZhx46imnkrUOdwp/7
5z3IBKEoGjCZl8RoKyBV4iU7WG+obQiAVSVPUX/9uYEvbM+uAh7FO6og6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLQz/VPfKu8nd6F1XELVes8vpTiHMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvdERQOVU5OHE3eWQzb1hWY1F0VjZ6eS1sT0ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAK/CUAwQA
k7nOMA0GCSqGSIb3DQEBCwUAA4IBAQCHvPcAYHkXFw0widbJkybO8neAZHRArcUs
2s7wYyXiLf7lI+RkyB9mzsl4uAantTI7Xv0qioPKgwUtev1NGmu6Kux0V3dKf57D
+uynDX9DAIxfsQBaVkB7c0d1EQc9qMGUZ6nGA+PSjNlbJdanoI+CUzVeGjoEnplz
17d2J0Rs5xopFe2mO+KEnKaN5Zp2sFIf0hNp8o5zlmX/4oLHdb0teKdPSLwlkPjd
RKveQJpYspHQwnugc6Pqtyms+QRvYwYEfrKc4+Stz4OykjbjPhw+aNgwRb2lZcSZ
ucFvOnh2K2oWeqrZzU8aebK10f0WGB5NQnpydd8Ia5kJjUIArko3
-----END CERTIFICATE-----