Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/Dvd9_zQ47pRujPwYBGMv4Yr7JzU.roa
File:                     Dvd9_zQ47pRujPwYBGMv4Yr7JzU.roa (raw, json)
Hash identifier:          AqoAvieIEi7c/5yfD5qpteCjKnHXzeq6zRwAbUOslhk=
Subject key identifier:   0E:F7:7D:FF:34:38:EE:94:6E:8C:FC:18:04:63:2F:E1:8A:FB:27:35
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018CC86F200471B3893E8AE25CE5A94D8A44
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/Dvd9_zQ47pRujPwYBGMv4Yr7JzU.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14516
IP address blocks:        80.231.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:20:04:71:b3:89:3e:8a:e2:5c:e5:a9:4d:8a:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ef77dff3438ee946e8cfc1804632fe18afb2735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b3:50:86:0d:64:fc:8d:e9:fb:55:47:5b:00:
                    77:7c:6d:90:8f:66:74:4b:cf:5a:88:0b:07:8e:72:
                    09:fe:14:0f:b8:50:16:a3:b5:f8:ff:62:4a:e8:0b:
                    e3:04:3b:74:a7:38:39:b4:1b:af:b2:e1:75:bb:ab:
                    f9:9c:36:a0:c4:0a:d2:88:b6:aa:9a:d3:22:d1:93:
                    69:a5:7e:2b:7e:bb:c7:7a:e4:8f:4a:0a:b7:47:f2:
                    5f:5d:ed:c1:b6:97:79:36:ae:f3:bf:f7:70:82:f1:
                    5d:38:2c:a6:58:4c:1e:3c:2c:7b:41:db:3d:7a:e7:
                    85:1d:fc:21:03:62:f5:d3:bf:e0:46:19:a2:be:db:
                    70:1b:81:0b:d7:e6:95:9e:38:99:a4:a6:68:b1:33:
                    8a:18:ad:b6:fa:b5:bc:3e:08:23:c4:2d:2a:7c:3b:
                    b5:5a:72:a6:67:34:09:e4:1f:c1:6b:41:a6:e7:d9:
                    e7:76:ef:28:53:57:df:a3:26:01:c3:eb:79:ef:0a:
                    2b:9e:16:58:34:c9:f4:81:e3:22:db:98:b3:12:15:
                    f3:2c:a7:56:5f:92:54:3e:77:20:76:0f:a4:00:68:
                    69:84:4e:3d:54:83:90:ab:2c:c5:df:6b:69:80:e3:
                    9d:78:73:f9:bc:97:3f:43:e4:b5:58:b3:94:37:db:
                    73:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:F7:7D:FF:34:38:EE:94:6E:8C:FC:18:04:63:2F:E1:8A:FB:27:35
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/Dvd9_zQ47pRujPwYBGMv4Yr7JzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.231.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:26:fd:5a:dd:31:b7:29:76:27:79:05:f1:4a:9e:cf:29:4d:
         a9:c3:7e:ee:4e:ba:94:dd:32:fc:40:13:41:92:9e:be:e1:95:
         75:3d:1a:5f:aa:9d:06:f2:73:00:8c:83:bc:34:a4:d6:f0:9e:
         a4:08:ee:2f:09:4a:b2:37:a9:82:da:28:21:6b:ac:d1:e4:a1:
         24:26:00:9e:34:60:06:82:be:17:bd:84:f3:09:4b:30:19:b4:
         e3:dd:7d:78:7d:08:a6:58:14:ce:9b:e5:1b:ff:23:ac:58:a8:
         87:50:04:93:ec:92:a8:5b:99:fe:14:2e:d0:14:71:0d:a7:03:
         70:d7:e2:9c:6d:d8:06:e4:8f:b9:d8:4c:06:ef:18:74:aa:83:
         eb:18:dd:a7:30:2e:5c:82:b6:3b:98:19:9b:81:dc:06:19:89:
         6a:f9:5c:b9:76:08:ab:98:0a:56:57:70:be:8d:e8:d6:d0:8d:
         2d:06:c0:f1:b3:dc:33:51:9c:93:06:1c:b8:eb:da:c4:72:7b:
         e2:7b:69:18:2c:8a:4d:b8:64:8d:fd:1d:d6:21:79:bb:3b:f8:
         64:51:87:1a:94:8a:3e:7b:3b:ba:01:60:63:08:96:da:92:54:
         fa:72:f0:b4:0f:09:ac:0d:d5:8e:56:17:c6:03:d3:34:39:3b:
         ef:bf:a7:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyAEcbOJPoriXOWpTYpEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWY3N2RmZjM0MzhlZTk0NmU4Y2ZjMTgwNDYzMmZlMThhZmIyNzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLNQhg1k/I3p+1VHWwB3fG2Qj2Z0
S89aiAsHjnIJ/hQPuFAWo7X4/2JK6AvjBDt0pzg5tBuvsuF1u6v5nDagxArSiLaq
mtMi0ZNppX4rfrvHeuSPSgq3R/JfXe3Btpd5Nq7zv/dwgvFdOCymWEwePCx7Qds9
eueFHfwhA2L107/gRhmivttwG4EL1+aVnjiZpKZosTOKGK22+rW8PggjxC0qfDu1
WnKmZzQJ5B/Ba0Gm59nndu8oU1ffoyYBw+t57wornhZYNMn0geMi25izEhXzLKdW
X5JUPncgdg+kAGhphE49VIOQqyzF32tpgOOdeHP5vJc/Q+S1WLOUN9tzywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA73ff80OO6Uboz8GARjL+GK+yc1MB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvRHZkOV96UTQ3cFJ1alB3WUJHTXY0WXI3SnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUOfYMA0G
CSqGSIb3DQEBCwUAA4IBAQDSJv1a3TG3KXYneQXxSp7PKU2pw37uTrqU3TL8QBNB
kp6+4ZV1PRpfqp0G8nMAjIO8NKTW8J6kCO4vCUqyN6mC2igha6zR5KEkJgCeNGAG
gr4XvYTzCUswGbTj3X14fQimWBTOm+Ub/yOsWKiHUAST7JKoW5n+FC7QFHENpwNw
1+KcbdgG5I+52EwG7xh0qoPrGN2nMC5cgrY7mBmbgdwGGYlq+Vy5dgirmApWV3C+
jejW0I0tBsDxs9wzUZyTBhy469rEcnvie2kYLIpNuGSN/R3WIXm7O/hkUYcalIo+
ezu6AWBjCJbaklT6cvC0DwmsDdWOVhfGA9M0OTvvv6e2
-----END CERTIFICATE-----