Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/DPQcTVe-zkzt3A3HRYS90D6Hi5I.roa
File:                     DPQcTVe-zkzt3A3HRYS90D6Hi5I.roa (raw, json)
Hash identifier:          w7EnG6chn3I455eutuiqSjSRcWEa/rOaEIdcXVD6zWs=
Subject key identifier:   0C:F4:1C:4D:57:BE:CE:4C:ED:DC:0D:C7:45:84:BD:D0:3E:87:8B:92
Certificate issuer:       /CN=bb0d4e85937b7a0f271054d28614f2934d4ea500
Certificate serial:       018CC79540CA823A32F428A1D6E533E69F92
Authority key identifier: BB:0D:4E:85:93:7B:7A:0F:27:10:54:D2:86:14:F2:93:4D:4E:A5:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/DPQcTVe-zkzt3A3HRYS90D6Hi5I.roa
Signing time:             Tue 02 Jan 2024 00:31:36 +0000
ROA not before:           Tue 02 Jan 2024 00:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        194.33.58.0/24 maxlen: 24
                          91.224.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:40:ca:82:3a:32:f4:28:a1:d6:e5:33:e6:9f:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb0d4e85937b7a0f271054d28614f2934d4ea500
        Validity
            Not Before: Jan  2 00:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cf41c4d57bece4ceddc0dc74584bdd03e878b92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:11:54:9e:ec:2e:33:be:22:ff:58:43:df:10:
                    b5:7a:9f:60:bd:4c:ca:79:d4:ca:36:42:a3:6f:4d:
                    00:8f:94:0f:ca:22:36:48:13:c5:40:7c:84:f7:d9:
                    3d:46:bd:bb:d3:67:bf:71:fb:0f:c9:ff:f3:d0:b2:
                    38:a4:77:63:d5:b6:40:71:a6:56:f6:fd:cb:b9:b0:
                    c6:4e:44:98:aa:ea:69:79:d2:d9:d6:a7:f8:57:12:
                    9b:ad:0c:37:72:53:e2:f8:77:0d:91:53:ac:70:c4:
                    5d:eb:79:db:d1:1e:10:4d:98:7d:bc:c0:5d:3e:84:
                    f7:ee:4e:f7:26:72:b9:cf:51:1c:66:e8:4d:80:92:
                    81:0c:3c:70:0f:57:9e:d9:aa:9b:85:7d:81:c4:b8:
                    76:a7:a5:43:9e:d8:19:7c:d3:58:d0:0b:cb:ae:f5:
                    57:10:66:46:5f:44:83:c0:39:47:12:65:89:e1:d3:
                    e3:a2:af:d3:d4:68:aa:eb:92:81:e3:6b:4a:4e:b3:
                    87:25:01:76:04:50:c9:3f:aa:c0:92:b6:98:08:ed:
                    75:1a:04:87:19:f9:1d:b4:e7:7b:ac:da:8b:d6:b5:
                    8d:23:29:35:4b:3c:76:8c:f1:bb:ff:71:9d:9a:33:
                    ae:52:c9:fc:4b:0a:29:8f:45:f2:1a:29:76:5e:35:
                    3b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:F4:1C:4D:57:BE:CE:4C:ED:DC:0D:C7:45:84:BD:D0:3E:87:8B:92
            X509v3 Authority Key Identifier:
                keyid:BB:0D:4E:85:93:7B:7A:0F:27:10:54:D2:86:14:F2:93:4D:4E:A5:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/DPQcTVe-zkzt3A3HRYS90D6Hi5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.108.0/24
                  194.33.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:61:72:9a:98:01:15:33:ef:57:c8:37:72:1d:15:f1:ee:b5:
         ac:82:52:01:fa:24:03:50:75:67:74:a1:bd:83:6c:06:f2:d1:
         ed:e9:d7:87:97:91:97:1c:76:e8:4f:f8:2b:c6:24:1b:e5:4f:
         7b:50:72:04:1d:44:e9:2a:bb:ee:91:32:14:e5:98:98:27:2f:
         6a:bd:fa:93:11:b5:55:b1:4c:1f:1b:d6:8f:5b:e7:6c:85:9f:
         a5:39:ea:38:28:00:0a:54:2f:8b:34:0e:ab:4c:90:f9:ae:d2:
         50:9a:a4:82:5c:d7:0f:0e:4a:24:87:de:7a:dd:2d:37:6d:3c:
         96:f2:f2:f4:a7:2c:6b:03:f2:25:fa:77:a5:99:b6:2a:8b:57:
         37:b0:ec:d4:ab:77:9f:d3:f8:c4:d1:71:55:85:7b:42:d0:41:
         4e:6b:ed:09:2f:f0:2a:33:99:05:c7:5c:79:04:35:1d:92:84:
         6a:32:2b:a0:24:64:56:c1:8b:a7:68:b3:81:d4:51:11:f0:f2:
         05:35:17:34:0f:ae:23:b2:be:5f:99:03:9e:e6:f1:46:a2:1d:
         9d:91:70:b3:ff:81:a0:29:e3:43:4d:f3:ee:5c:36:72:b4:53:
         fa:dc:0b:e8:ca:a8:02:a8:a5:e3:2d:06:8e:53:2c:ba:18:39:
         a7:cb:00:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlUDKgjoy9Cih1uUz5p+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMGQ0ZTg1OTM3YjdhMGYyNzEwNTRkMjg2MTRmMjkzNGQ0
ZWE1MDAwHhcNMjQwMTAyMDAzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2Y0MWM0ZDU3YmVjZTRjZWRkYzBkYzc0NTg0YmRkMDNlODc4YjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRFUnuwuM74i/1hD3xC1ep9gvUzK
edTKNkKjb00Aj5QPyiI2SBPFQHyE99k9Rr2702e/cfsPyf/z0LI4pHdj1bZAcaZW
9v3LubDGTkSYquppedLZ1qf4VxKbrQw3clPi+HcNkVOscMRd63nb0R4QTZh9vMBd
PoT37k73JnK5z1EcZuhNgJKBDDxwD1ee2aqbhX2BxLh2p6VDntgZfNNY0AvLrvVX
EGZGX0SDwDlHEmWJ4dPjoq/T1Giq65KB42tKTrOHJQF2BFDJP6rAkraYCO11GgSH
GfkdtOd7rNqL1rWNIyk1Szx2jPG7/3GdmjOuUsn8Swopj0XyGil2XjU7wwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAz0HE1Xvs5M7dwNx0WEvdA+h4uSMB8GA1UdIwQY
MBaAFLsNToWTe3oPJxBU0oYU8pNNTqUAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXcxT2haTjdlZzhuRUZUU2hoVHlrMDFPcFFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9kMTc1MjctY2Y5OC00ZDM3LTg2NmYt
OGU5Yjk4YTk5Y2RiLzEvRFBRY1RWZS16a3p0M0EzSFJZUzkwRDZIaTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9kMTc1MjctY2Y5OC00ZDM3LTg2NmYtOGU5Yjk4YTk5Y2Ri
LzEvdXcxT2haTjdlZzhuRUZUU2hoVHlrMDFPcFFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+BsAwQA
wiE6MA0GCSqGSIb3DQEBCwUAA4IBAQAbYXKamAEVM+9XyDdyHRXx7rWsglIB+iQD
UHVndKG9g2wG8tHt6deHl5GXHHboT/grxiQb5U97UHIEHUTpKrvukTIU5ZiYJy9q
vfqTEbVVsUwfG9aPW+dshZ+lOeo4KAAKVC+LNA6rTJD5rtJQmqSCXNcPDkokh956
3S03bTyW8vL0pyxrA/Il+nelmbYqi1c3sOzUq3ef0/jE0XFVhXtC0EFOa+0JL/Aq
M5kFx1x5BDUdkoRqMiugJGRWwYunaLOB1FER8PIFNRc0D64jsr5fmQOe5vFGoh2d
kXCz/4GgKeNDTfPuXDZytFP63AvoyqgCqKXjLQaOUyy6GDmnywBv
-----END CERTIFICATE-----