Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/2864c8-c042-428f-a02d-3b34c23b9c5a/1/bDpFhtfEoiD4k0asm8J_YT2sw7Y.roa
File:                     bDpFhtfEoiD4k0asm8J_YT2sw7Y.roa (raw, json)
Hash identifier:          xinmvi1kSfr85ws3FHDpQA62Z/HYrY3CFOk1/8VlOTg=
Subject key identifier:   6C:3A:45:86:D7:C4:A2:20:F8:93:46:AC:9B:C2:7F:61:3D:AC:C3:B6
Certificate issuer:       /CN=5d6c15ca903d7d25453eaeb5f724a04e3aa65908
Certificate serial:       018CC425434434F545D64ADE80CE8DAC56A6
Authority key identifier: 5D:6C:15:CA:90:3D:7D:25:45:3E:AE:B5:F7:24:A0:4E:3A:A6:59:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XWwVypA9fSVFPq619ySgTjqmWQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/2864c8-c042-428f-a02d-3b34c23b9c5a/1/bDpFhtfEoiD4k0asm8J_YT2sw7Y.roa
Signing time:             Mon 01 Jan 2024 08:30:25 +0000
ROA not before:           Mon 01 Jan 2024 08:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44432
IP address blocks:        79.134.242.0/24 maxlen: 24
                          79.134.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/2864c8-c042-428f-a02d-3b34c23b9c5a/1/XWwVypA9fSVFPq619ySgTjqmWQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/2864c8-c042-428f-a02d-3b34c23b9c5a/1/XWwVypA9fSVFPq619ySgTjqmWQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XWwVypA9fSVFPq619ySgTjqmWQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:43:44:34:f5:45:d6:4a:de:80:ce:8d:ac:56:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d6c15ca903d7d25453eaeb5f724a04e3aa65908
        Validity
            Not Before: Jan  1 08:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c3a4586d7c4a220f89346ac9bc27f613dacc3b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ac:e0:5c:af:df:21:3e:f9:fe:69:25:16:e6:
                    e5:61:44:81:32:01:4c:f2:a8:2e:35:20:b4:7c:2b:
                    b8:9d:1e:48:c4:8a:b2:83:71:6d:08:a4:0e:e1:e8:
                    34:b1:8c:94:9b:50:49:e0:38:07:12:bc:44:a1:4b:
                    9f:93:89:c1:76:05:d8:dd:bc:0c:b4:b4:07:89:7a:
                    37:01:7d:1c:f0:ec:e5:19:a3:b8:39:83:9e:60:24:
                    25:97:da:2e:a0:8d:d1:45:73:45:c8:78:8a:7d:2c:
                    0a:6e:ba:91:19:d1:f3:3c:4f:1c:f1:0a:78:6b:f7:
                    b7:f9:8e:6a:47:64:b8:eb:a4:aa:67:f7:b3:c5:10:
                    95:f2:29:f2:2e:11:4f:f4:c2:33:d1:d0:a1:32:21:
                    3a:49:72:be:c0:31:4b:d7:d1:45:b2:03:3d:4b:64:
                    bd:39:fc:0c:85:f3:49:10:56:77:79:23:e2:0f:2c:
                    e1:c7:3f:4b:6a:ee:da:cd:44:51:15:f3:f8:68:89:
                    e9:ff:63:a6:05:c8:8b:a7:ba:4b:47:57:4c:ac:0d:
                    75:e2:29:66:d0:65:c5:3d:9f:78:11:06:0a:9c:05:
                    7b:8c:14:a8:b2:0e:6d:ba:b4:b7:60:ec:7e:a5:80:
                    ff:f7:6d:0c:5d:3a:fb:23:e5:9f:ec:ec:11:01:75:
                    d2:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:3A:45:86:D7:C4:A2:20:F8:93:46:AC:9B:C2:7F:61:3D:AC:C3:B6
            X509v3 Authority Key Identifier:
                keyid:5D:6C:15:CA:90:3D:7D:25:45:3E:AE:B5:F7:24:A0:4E:3A:A6:59:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XWwVypA9fSVFPq619ySgTjqmWQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2864c8-c042-428f-a02d-3b34c23b9c5a/1/bDpFhtfEoiD4k0asm8J_YT2sw7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2864c8-c042-428f-a02d-3b34c23b9c5a/1/XWwVypA9fSVFPq619ySgTjqmWQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.134.226.0/24
                  79.134.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:3a:6e:bb:e1:b3:f8:48:69:2c:89:0a:7c:44:d2:34:be:f9:
         c2:f1:7f:09:0c:40:16:c2:43:45:29:8f:2b:d8:be:85:7d:63:
         7c:59:50:d9:6e:e6:b3:70:a3:77:30:06:10:d2:56:a6:9f:84:
         84:fb:08:17:ff:72:19:3e:c8:bb:2d:ef:e4:8f:ab:45:b8:c7:
         cb:76:6d:4a:8c:d1:79:45:d5:9c:63:15:58:28:33:b4:d8:4c:
         5d:98:c8:32:7b:21:1a:3f:8c:08:0f:b7:85:43:9d:c5:af:9b:
         85:a1:0b:69:22:99:f6:8f:37:45:0b:d2:7b:5f:5c:78:6d:16:
         0e:dd:5b:fe:f5:42:49:30:4a:b3:7b:03:bc:50:dd:80:09:fb:
         15:41:e7:7e:40:bc:b2:9a:06:83:e9:f9:d0:b8:4b:7f:4d:46:
         c7:c7:47:38:68:1e:97:69:e4:a6:2a:14:a5:5c:b5:2a:f9:40:
         52:10:03:cf:c0:4b:f7:df:d5:e5:f6:d7:3d:21:e2:c3:4a:91:
         cf:c4:15:3e:e0:04:b2:ff:86:12:3e:c1:fa:1c:fc:c6:bb:9a:
         ab:d8:32:fb:32:96:b1:14:6a:00:9a:42:19:ea:94:a1:e0:05:
         d0:b6:99:ed:08:c1:ce:f1:b9:62:4f:d5:c6:1f:10:82:6a:40:
         1f:1b:9c:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJUNENPVF1kregM6NrFamMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNmMxNWNhOTAzZDdkMjU0NTNlYWViNWY3MjRhMDRlM2Fh
NjU5MDgwHhcNMjQwMTAxMDgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzNhNDU4NmQ3YzRhMjIwZjg5MzQ2YWM5YmMyN2Y2MTNkYWNjM2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkazgXK/fIT75/mklFublYUSBMgFM
8qguNSC0fCu4nR5IxIqyg3FtCKQO4eg0sYyUm1BJ4DgHErxEoUufk4nBdgXY3bwM
tLQHiXo3AX0c8OzlGaO4OYOeYCQll9ouoI3RRXNFyHiKfSwKbrqRGdHzPE8c8Qp4
a/e3+Y5qR2S466SqZ/ezxRCV8inyLhFP9MIz0dChMiE6SXK+wDFL19FFsgM9S2S9
OfwMhfNJEFZ3eSPiDyzhxz9Lau7azURRFfP4aInp/2OmBciLp7pLR1dMrA114ilm
0GXFPZ94EQYKnAV7jBSosg5turS3YOx+pYD/920MXTr7I+Wf7OwRAXXSQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGw6RYbXxKIg+JNGrJvCf2E9rMO2MB8GA1UdIwQY
MBaAFF1sFcqQPX0lRT6utfckoE46plkIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFd3VnlwQTlmU1ZGUHE2MTl5U2dUanFtV1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8yODY0YzgtYzA0Mi00MjhmLWEwMmQt
M2IzNGMyM2I5YzVhLzEvYkRwRmh0ZkVvaUQ0azBhc204Sl9ZVDJzdzdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8yODY0YzgtYzA0Mi00MjhmLWEwMmQtM2IzNGMyM2I5YzVh
LzEvWFd3VnlwQTlmU1ZGUHE2MTl5U2dUanFtV1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT4biAwQA
T4byMA0GCSqGSIb3DQEBCwUAA4IBAQA7Om674bP4SGksiQp8RNI0vvnC8X8JDEAW
wkNFKY8r2L6FfWN8WVDZbuazcKN3MAYQ0lamn4SE+wgX/3IZPsi7Le/kj6tFuMfL
dm1KjNF5RdWcYxVYKDO02ExdmMgyeyEaP4wID7eFQ53Fr5uFoQtpIpn2jzdFC9J7
X1x4bRYO3Vv+9UJJMEqzewO8UN2ACfsVQed+QLyymgaD6fnQuEt/TUbHx0c4aB6X
aeSmKhSlXLUq+UBSEAPPwEv339Xl9tc9IeLDSpHPxBU+4ASy/4YSPsH6HPzGu5qr
2DL7MpaxFGoAmkIZ6pSh4AXQtpntCMHO8bliT9XGHxCCakAfG5yK
-----END CERTIFICATE-----