Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/2dVJ9Ba5vVXcTWDiPYn6RWK1A3w.roa
File:                     2dVJ9Ba5vVXcTWDiPYn6RWK1A3w.roa (raw, json)
Hash identifier:          +9O3Mv3EN9TBnFarhg2copHQG8wzRhXwtireKPnLTSE=
Subject key identifier:   D9:D5:49:F4:16:B9:BD:55:DC:4D:60:E2:3D:89:FA:45:62:B5:03:7C
Certificate issuer:       /CN=e10d5c29a3439703d89b5abf03a75d861771bef4
Certificate serial:       018CC56EE2C5BA11803C9AC7A076F4390DAD
Authority key identifier: E1:0D:5C:29:A3:43:97:03:D8:9B:5A:BF:03:A7:5D:86:17:71:BE:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/2dVJ9Ba5vVXcTWDiPYn6RWK1A3w.roa
Signing time:             Mon 01 Jan 2024 14:30:27 +0000
ROA not before:           Mon 01 Jan 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60946
IP address blocks:        159.146.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e2:c5:ba:11:80:3c:9a:c7:a0:76:f4:39:0d:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e10d5c29a3439703d89b5abf03a75d861771bef4
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9d549f416b9bd55dc4d60e23d89fa4562b5037c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:38:7a:17:24:2d:86:2c:cb:22:1f:4d:74:84:
                    b8:e3:a6:fb:5e:fe:94:15:91:18:5c:a4:24:1d:de:
                    87:16:50:10:96:d2:b8:0c:0c:48:a3:08:f7:11:c0:
                    a4:7a:3d:db:03:e3:91:a1:d2:db:18:5e:ee:3c:a6:
                    59:9d:f6:59:24:f5:5f:59:a1:05:c6:ef:11:84:f3:
                    f2:e8:ec:39:0e:00:8b:49:87:a7:5f:5e:28:f3:27:
                    e2:2e:07:7a:1a:38:85:69:2f:77:df:60:f1:f8:4a:
                    21:c9:ef:c3:93:4d:2b:69:8f:7a:3b:00:32:5e:d1:
                    0c:78:d0:12:43:c5:f6:9e:02:5e:ab:6e:27:ff:5d:
                    44:90:3a:f6:81:ff:4d:1b:1e:a3:c4:5a:e3:4c:61:
                    bb:a8:c5:9b:39:e2:33:64:e1:50:d8:f8:e9:02:c0:
                    41:36:be:da:d0:e6:32:72:5a:1a:e8:1b:6f:ce:89:
                    d8:05:9b:c5:51:d7:d4:2b:0f:4c:fb:3e:4c:de:1d:
                    fb:c7:e7:15:60:b7:e4:45:05:c7:b1:9a:c4:ef:2e:
                    65:29:89:da:ce:eb:aa:c4:72:92:40:a2:8b:68:65:
                    78:6d:54:01:42:49:d4:2b:fb:05:13:6d:e1:93:1d:
                    87:05:35:91:62:21:3c:48:8b:6e:54:85:ba:ca:dc:
                    28:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:D5:49:F4:16:B9:BD:55:DC:4D:60:E2:3D:89:FA:45:62:B5:03:7C
            X509v3 Authority Key Identifier:
                keyid:E1:0D:5C:29:A3:43:97:03:D8:9B:5A:BF:03:A7:5D:86:17:71:BE:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/2dVJ9Ba5vVXcTWDiPYn6RWK1A3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.146.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:98:fa:e8:8c:db:e6:33:24:12:e2:23:8f:a0:bf:a3:35:0e:
         2f:ef:be:42:4d:dd:ad:42:6c:be:92:2a:d9:7e:38:dc:b4:44:
         ce:d1:ee:70:8b:9b:54:67:61:62:3c:9b:dd:bd:7d:42:8c:e3:
         9f:08:14:eb:0d:9e:d4:a1:62:bb:14:7e:df:2a:70:38:88:5a:
         09:02:19:d2:78:3e:50:d5:db:58:e0:81:61:cb:ad:35:22:9b:
         c2:b5:40:03:8f:47:ba:d1:df:56:61:84:63:37:ee:bf:eb:3c:
         a9:4a:20:0b:d8:e3:4c:30:43:38:43:9b:4b:9e:11:ae:fc:63:
         42:16:8d:3d:b0:79:cf:ff:42:d6:dd:52:8c:65:93:ad:d0:63:
         cf:0d:84:81:3d:6e:e2:46:3e:d1:c5:b9:ee:3f:56:14:6e:d6:
         f2:b6:4c:b7:83:6a:2a:7c:5d:5a:51:fb:6a:2a:e3:ea:cd:2e:
         a4:94:94:4d:8a:7f:03:7e:83:5e:21:0a:fc:eb:59:76:8b:43:
         8c:6f:fa:fb:d6:fa:54:32:17:84:5a:b4:e5:59:d9:4a:68:c7:
         21:9c:5d:7a:f0:ab:2c:29:1f:57:9f:f9:42:2a:05:3a:b1:20:
         83:88:e0:c1:59:4f:81:41:f2:cf:ee:af:29:8f:63:96:60:ca:
         c6:27:a9:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuLFuhGAPJrHoHb0OQ2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMGQ1YzI5YTM0Mzk3MDNkODliNWFiZjAzYTc1ZDg2MTc3
MWJlZjQwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWQ1NDlmNDE2YjliZDU1ZGM0ZDYwZTIzZDg5ZmE0NTYyYjUwMzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDh6FyQthizLIh9NdIS446b7Xv6U
FZEYXKQkHd6HFlAQltK4DAxIowj3EcCkej3bA+ORodLbGF7uPKZZnfZZJPVfWaEF
xu8RhPPy6Ow5DgCLSYenX14o8yfiLgd6GjiFaS9332Dx+Eohye/Dk00raY96OwAy
XtEMeNASQ8X2ngJeq24n/11EkDr2gf9NGx6jxFrjTGG7qMWbOeIzZOFQ2PjpAsBB
Nr7a0OYycloa6BtvzonYBZvFUdfUKw9M+z5M3h37x+cVYLfkRQXHsZrE7y5lKYna
zuuqxHKSQKKLaGV4bVQBQknUK/sFE23hkx2HBTWRYiE8SItuVIW6ytwoLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnVSfQWub1V3E1g4j2J+kVitQN8MB8GA1UdIwQY
MBaAFOENXCmjQ5cD2JtavwOnXYYXcb70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFExY0thTkRsd1BZbTFxX0E2ZGRoaGR4dnZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8zZWRiNDctZmQ2ZS00YzU5LWE3YWIt
ZTQyYTU4MDY0YTYzLzEvMmRWSjlCYTV2VlhjVFdEaVBZbjZSV0sxQTN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8zZWRiNDctZmQ2ZS00YzU5LWE3YWItZTQyYTU4MDY0YTYz
LzEvNFExY0thTkRsd1BZbTFxX0E2ZGRoaGR4dnZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5J8MA0G
CSqGSIb3DQEBCwUAA4IBAQBzmProjNvmMyQS4iOPoL+jNQ4v775CTd2tQmy+kirZ
fjjctETO0e5wi5tUZ2FiPJvdvX1CjOOfCBTrDZ7UoWK7FH7fKnA4iFoJAhnSeD5Q
1dtY4IFhy601IpvCtUADj0e60d9WYYRjN+6/6zypSiAL2ONMMEM4Q5tLnhGu/GNC
Fo09sHnP/0LW3VKMZZOt0GPPDYSBPW7iRj7RxbnuP1YUbtbytky3g2oqfF1aUftq
KuPqzS6klJRNin8DfoNeIQr861l2i0OMb/r71vpUMheEWrTlWdlKaMchnF168Kss
KR9Xn/lCKgU6sSCDiODBWU+BQfLP7q8pj2OWYMrGJ6lw
-----END CERTIFICATE-----