Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/cdksG9-LD4mtvkD_qJCsBo4hEV4.roa
File:                     cdksG9-LD4mtvkD_qJCsBo4hEV4.roa (raw, json)
Hash identifier:          vEvLXhIlRIzg1TzhMSEdHooMhR+OWsnqR7vx6GCyMYs=
Subject key identifier:   71:D9:2C:1B:DF:8B:0F:89:AD:BE:40:FF:A8:90:AC:06:8E:21:11:5E
Certificate issuer:       /CN=9b340699c8ed970a8c9ed8c162088f2067c33250
Certificate serial:       018CC64B1E64A40FF0E6454E84285A35E6D5
Authority key identifier: 9B:34:06:99:C8:ED:97:0A:8C:9E:D8:C1:62:08:8F:20:67:C3:32:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mzQGmcjtlwqMntjBYgiPIGfDMlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/cdksG9-LD4mtvkD_qJCsBo4hEV4.roa
Signing time:             Mon 01 Jan 2024 18:31:00 +0000
ROA not before:           Mon 01 Jan 2024 18:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        185.85.128.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/mzQGmcjtlwqMntjBYgiPIGfDMlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/mzQGmcjtlwqMntjBYgiPIGfDMlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mzQGmcjtlwqMntjBYgiPIGfDMlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1e:64:a4:0f:f0:e6:45:4e:84:28:5a:35:e6:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b340699c8ed970a8c9ed8c162088f2067c33250
        Validity
            Not Before: Jan  1 18:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71d92c1bdf8b0f89adbe40ffa890ac068e21115e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fb:8e:0b:a5:c5:e2:17:c6:f1:b3:0f:aa:d0:
                    2a:56:fb:9c:55:73:13:29:9c:7f:6a:94:d9:16:ac:
                    c3:c9:83:a1:bb:a5:5b:d0:ad:d3:76:16:43:a4:78:
                    be:d6:f0:35:1f:a6:00:c7:1a:d0:a2:b6:a0:85:37:
                    53:cb:75:d7:94:2a:76:b6:b5:34:81:1c:f7:ba:d4:
                    68:a2:8f:2e:3e:60:25:6b:f1:b8:d0:54:da:a4:b1:
                    1b:16:dc:13:02:fd:ca:ab:69:98:b5:5e:f4:be:b1:
                    3d:31:09:4f:37:f3:0f:4c:4d:39:c1:91:86:27:0d:
                    1e:67:aa:0a:f3:24:8b:b8:58:9f:c4:f4:e3:fd:f5:
                    09:b7:d5:d0:3b:8e:b0:98:1d:6f:25:fe:21:9d:57:
                    ec:f3:40:e3:5d:80:99:ae:b0:5f:53:1e:74:47:0c:
                    44:a5:18:66:cb:b0:6b:ea:54:e1:6b:e5:79:24:30:
                    1e:55:ca:4a:47:fe:a1:30:f0:35:06:b6:2e:6e:1d:
                    97:2a:32:ef:65:61:28:bc:96:6f:ae:d3:af:6f:dd:
                    53:6b:77:c4:93:90:02:2c:df:15:13:1e:58:7d:28:
                    29:03:23:0e:34:5e:c1:46:55:1f:14:65:28:d6:e5:
                    ed:94:7b:29:68:ef:cc:83:1c:05:8b:1d:45:e6:62:
                    81:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D9:2C:1B:DF:8B:0F:89:AD:BE:40:FF:A8:90:AC:06:8E:21:11:5E
            X509v3 Authority Key Identifier:
                keyid:9B:34:06:99:C8:ED:97:0A:8C:9E:D8:C1:62:08:8F:20:67:C3:32:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mzQGmcjtlwqMntjBYgiPIGfDMlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/cdksG9-LD4mtvkD_qJCsBo4hEV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/mzQGmcjtlwqMntjBYgiPIGfDMlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:c4:de:9a:e7:1f:e6:42:50:02:0a:66:95:71:6e:62:1b:ed:
         ec:3f:2a:c6:9a:73:d2:85:78:fb:a1:d4:aa:9a:32:b1:c3:8e:
         19:9c:78:1d:0a:4b:62:f0:56:f3:50:b4:04:83:3b:94:2a:da:
         3a:80:aa:23:a5:e8:a1:a7:f6:de:e2:de:1c:ba:64:90:ad:ea:
         76:fc:9d:ab:6f:71:a2:f7:93:bf:1e:7c:13:11:4d:9f:97:24:
         3a:8a:ca:58:ff:a2:13:a8:c1:f0:0f:8a:22:ed:1c:1a:12:84:
         41:82:84:96:bb:49:0d:52:c8:9d:6e:1f:85:82:0f:fd:e1:30:
         71:50:7f:5b:1a:83:ab:54:69:38:84:9d:fb:92:c9:b1:60:44:
         60:44:f2:03:d2:88:55:d5:f1:43:16:a3:15:98:2a:bf:9f:d3:
         74:a4:9e:fe:bd:5b:12:ac:09:f5:a0:78:95:61:e3:2c:30:39:
         8b:bc:d1:e3:f9:f2:34:f2:64:34:02:eb:54:c1:12:02:c1:80:
         b9:57:37:6a:74:0e:2d:a1:3f:0d:5c:40:c3:e9:06:ab:9b:1d:
         9f:ea:72:79:b3:8d:63:21:ba:b4:a3:80:99:ee:82:a9:cc:f4:
         fe:ee:6b:37:01:3d:03:7b:9c:c3:a5:b0:23:2f:13:64:68:9a:
         df:21:9f:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSx5kpA/w5kVOhChaNebVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMzQwNjk5YzhlZDk3MGE4YzllZDhjMTYyMDg4ZjIwNjdj
MzMyNTAwHhcNMjQwMTAxMTgzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQ5MmMxYmRmOGIwZjg5YWRiZTQwZmZhODkwYWMwNjhlMjExMTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvuOC6XF4hfG8bMPqtAqVvucVXMT
KZx/apTZFqzDyYOhu6Vb0K3TdhZDpHi+1vA1H6YAxxrQoraghTdTy3XXlCp2trU0
gRz3utRooo8uPmAla/G40FTapLEbFtwTAv3Kq2mYtV70vrE9MQlPN/MPTE05wZGG
Jw0eZ6oK8ySLuFifxPTj/fUJt9XQO46wmB1vJf4hnVfs80DjXYCZrrBfUx50RwxE
pRhmy7Br6lTha+V5JDAeVcpKR/6hMPA1BrYubh2XKjLvZWEovJZvrtOvb91Ta3fE
k5ACLN8VEx5YfSgpAyMONF7BRlUfFGUo1uXtlHspaO/MgxwFix1F5mKBvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHZLBvfiw+Jrb5A/6iQrAaOIRFeMB8GA1UdIwQY
MBaAFJs0BpnI7ZcKjJ7YwWIIjyBnwzJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXpRR21janRsd3FNbnRqQllnaVBJR2ZETWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82ZjQ5NDAtNWFiYy00OWI0LTk3NDct
ZTA4YmUwZWRhZjc2LzEvY2Rrc0c5LUxENG10dmtEX3FKQ3NCbzRoRVY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82ZjQ5NDAtNWFiYy00OWI0LTk3NDctZTA4YmUwZWRhZjc2
LzEvbXpRR21janRsd3FNbnRqQllnaVBJR2ZETWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVWAMA0G
CSqGSIb3DQEBCwUAA4IBAQAKxN6a5x/mQlACCmaVcW5iG+3sPyrGmnPShXj7odSq
mjKxw44ZnHgdCkti8FbzULQEgzuUKto6gKojpeihp/be4t4cumSQrep2/J2rb3Gi
95O/HnwTEU2flyQ6ispY/6ITqMHwD4oi7RwaEoRBgoSWu0kNUsidbh+Fgg/94TBx
UH9bGoOrVGk4hJ37ksmxYERgRPID0ohV1fFDFqMVmCq/n9N0pJ7+vVsSrAn1oHiV
YeMsMDmLvNHj+fI08mQ0AutUwRICwYC5VzdqdA4toT8NXEDD6Qarmx2f6nJ5s41j
Ibq0o4CZ7oKpzPT+7ms3AT0De5zDpbAjLxNkaJrfIZ83
-----END CERTIFICATE-----