Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/JuTpN6DOyJ4bwlGbvRP16GBS3ug.roa
File:                     JuTpN6DOyJ4bwlGbvRP16GBS3ug.roa (raw, json)
Hash identifier:          /fh62kYyHK/mrSfyMWv0NcH6VmLRg2x7JqiCjeT91R4=
Subject key identifier:   26:E4:E9:37:A0:CE:C8:9E:1B:C2:51:9B:BD:13:F5:E8:60:52:DE:E8
Certificate issuer:       /CN=7eeb0aec63949f4125c73aa6177ea0b721d527bb
Certificate serial:       018CC9BC59B24DB75162C58DE39E96A310EF
Authority key identifier: 7E:EB:0A:EC:63:94:9F:41:25:C7:3A:A6:17:7E:A0:B7:21:D5:27:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/JuTpN6DOyJ4bwlGbvRP16GBS3ug.roa
Signing time:             Tue 02 Jan 2024 10:33:33 +0000
ROA not before:           Tue 02 Jan 2024 10:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61177
IP address blocks:        185.16.97.0/24 maxlen: 24
                          185.16.98.0/24 maxlen: 24
                          185.16.96.0/24 maxlen: 24
                          185.16.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:59:b2:4d:b7:51:62:c5:8d:e3:9e:96:a3:10:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7eeb0aec63949f4125c73aa6177ea0b721d527bb
        Validity
            Not Before: Jan  2 10:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26e4e937a0cec89e1bc2519bbd13f5e86052dee8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:65:7d:62:27:94:6b:bd:7f:78:63:ff:6f:69:
                    2e:a5:72:44:9d:71:81:76:2c:43:00:1e:e3:1d:19:
                    ab:d9:b9:e0:b1:a0:a0:d4:fe:42:e5:ce:01:7f:e2:
                    ad:2d:cb:08:6d:4c:81:6d:62:9b:d5:a9:27:5e:d9:
                    f3:1e:a2:12:65:ae:f4:9b:b2:f6:c5:dd:78:06:4a:
                    ef:10:88:1c:c6:03:a7:e0:a7:34:92:77:87:98:a7:
                    6a:4b:06:f8:69:d4:2c:6b:3b:52:f8:4a:ef:bd:f5:
                    74:cc:1d:19:fa:e0:07:42:c9:40:b4:6f:c5:4a:16:
                    91:7a:d5:04:b4:49:5b:85:99:36:1b:cc:41:ca:30:
                    2a:f1:6a:d9:53:cc:35:ff:0b:47:cd:3b:99:94:ab:
                    71:59:ad:c1:3e:40:d7:47:8a:35:b5:4d:c1:96:e7:
                    7d:76:f5:58:ab:cb:4d:89:8a:22:67:2b:17:55:43:
                    3e:5e:1e:4c:44:aa:56:01:c0:4e:50:f3:34:c1:65:
                    d5:c4:f8:a7:f1:c3:e4:d0:05:e8:13:ff:65:32:1b:
                    d4:27:0a:05:94:5c:85:e4:9f:ef:b9:05:9b:4a:68:
                    d4:61:68:23:fd:f9:cd:f8:1a:be:76:d6:a0:92:c0:
                    7a:80:29:47:e2:1f:4c:3d:99:6e:e0:b3:61:43:e1:
                    a0:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:E4:E9:37:A0:CE:C8:9E:1B:C2:51:9B:BD:13:F5:E8:60:52:DE:E8
            X509v3 Authority Key Identifier:
                keyid:7E:EB:0A:EC:63:94:9F:41:25:C7:3A:A6:17:7E:A0:B7:21:D5:27:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/JuTpN6DOyJ4bwlGbvRP16GBS3ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:66:96:0c:23:2f:7d:bc:6b:91:2f:93:0a:b7:7a:68:5e:84:
         30:15:63:bc:7a:3d:9c:61:92:a2:f8:40:dc:1d:45:9b:61:60:
         67:e7:22:cf:a4:09:c7:85:3b:e8:68:ac:56:12:80:9a:bf:29:
         c5:0b:d5:7d:44:63:81:fe:9e:e7:10:52:26:89:43:99:74:c7:
         81:c2:f6:8f:a7:61:79:77:ef:66:1b:f8:3f:8c:dc:a8:30:f8:
         b4:fe:e7:67:29:a2:4e:33:fe:95:d5:57:c2:24:33:92:a3:55:
         63:85:15:64:54:46:22:98:09:12:f4:10:04:a3:24:8a:ea:c1:
         e4:0d:17:aa:ec:9b:d2:c5:41:90:da:e2:04:80:24:64:98:b8:
         c8:5f:86:e9:b0:27:72:37:37:5e:94:26:da:60:00:a0:c1:16:
         17:56:15:76:9e:db:1b:38:2b:ed:09:95:2f:0e:6e:ae:03:46:
         4e:1b:96:cb:ba:d7:db:08:ec:29:52:87:ea:bc:cb:1a:78:98:
         43:33:0d:0d:40:73:c8:19:4c:ac:cd:9a:75:4e:ef:bd:1d:6f:
         f4:5b:ee:fa:d5:6b:73:03:48:87:14:26:70:ea:8b:63:68:1b:
         82:21:64:e3:7b:e1:5f:67:af:e5:6b:ba:87:9a:c8:5b:49:e8:
         d0:27:c4:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFmyTbdRYsWN456WoxDvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZWIwYWVjNjM5NDlmNDEyNWM3M2FhNjE3N2VhMGI3MjFk
NTI3YmIwHhcNMjQwMTAyMTAzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmU0ZTkzN2EwY2VjODllMWJjMjUxOWJiZDEzZjVlODYwNTJkZWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2V9YieUa71/eGP/b2kupXJEnXGB
dixDAB7jHRmr2bngsaCg1P5C5c4Bf+KtLcsIbUyBbWKb1aknXtnzHqISZa70m7L2
xd14BkrvEIgcxgOn4Kc0kneHmKdqSwb4adQsaztS+ErvvfV0zB0Z+uAHQslAtG/F
ShaRetUEtElbhZk2G8xByjAq8WrZU8w1/wtHzTuZlKtxWa3BPkDXR4o1tU3Blud9
dvVYq8tNiYoiZysXVUM+Xh5MRKpWAcBOUPM0wWXVxPin8cPk0AXoE/9lMhvUJwoF
lFyF5J/vuQWbSmjUYWgj/fnN+Bq+dtagksB6gClH4h9MPZlu4LNhQ+Gg2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbk6TegzsieG8JRm70T9ehgUt7oMB8GA1UdIwQY
MBaAFH7rCuxjlJ9BJcc6phd+oLch1Se7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVzSzdHT1VuMEVseHpxbUYzNmd0eUhWSjdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wMDFlZGYtYmZmYy00OTYwLWEwMmMt
ZDI2ZDdkNGMyNTA1LzEvSnVUcE42RE95SjRid2xHYnZSUDE2R0JTM3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wMDFlZGYtYmZmYy00OTYwLWEwMmMtZDI2ZDdkNGMyNTA1
LzEvZnVzSzdHT1VuMEVseHpxbUYzNmd0eUhWSjdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRBgMA0G
CSqGSIb3DQEBCwUAA4IBAQB4ZpYMIy99vGuRL5MKt3poXoQwFWO8ej2cYZKi+EDc
HUWbYWBn5yLPpAnHhTvoaKxWEoCavynFC9V9RGOB/p7nEFImiUOZdMeBwvaPp2F5
d+9mG/g/jNyoMPi0/udnKaJOM/6V1VfCJDOSo1VjhRVkVEYimAkS9BAEoySK6sHk
DReq7JvSxUGQ2uIEgCRkmLjIX4bpsCdyNzdelCbaYACgwRYXVhV2ntsbOCvtCZUv
Dm6uA0ZOG5bLutfbCOwpUofqvMsaeJhDMw0NQHPIGUyszZp1Tu+9HW/0W+761Wtz
A0iHFCZw6otjaBuCIWTje+FfZ6/la7qHmshbSejQJ8QF
-----END CERTIFICATE-----