Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/du_i9F3ymKMiJeNpx7SC9fNKnFc.roa
File:                     du_i9F3ymKMiJeNpx7SC9fNKnFc.roa (raw, json)
Hash identifier:          yhgaMz1xcuafKXHnu0W/ZQD2/nWsakMbD6Qe6LGAivI=
Subject key identifier:   76:EF:E2:F4:5D:F2:98:A3:22:25:E3:69:C7:B4:82:F5:F3:4A:9C:57
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AD97C240E0355F3098C66B8A0E749
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/du_i9F3ymKMiJeNpx7SC9fNKnFc.roa
Signing time:             Mon 01 Jan 2024 18:30:43 +0000
ROA not before:           Mon 01 Jan 2024 18:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59692
IP address blocks:        95.164.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d9:7c:24:0e:03:55:f3:09:8c:66:b8:a0:e7:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76efe2f45df298a32225e369c7b482f5f34a9c57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ce:ea:4d:74:61:be:ea:73:72:a2:00:9d:04:
                    0d:63:ff:3f:b2:1a:01:ff:e0:f5:9a:91:8a:eb:74:
                    e6:0e:60:f9:cb:76:68:22:00:b2:56:d2:1a:c7:c8:
                    5a:13:d4:66:ec:85:b3:b9:b7:d2:66:65:66:ce:7a:
                    f5:9b:4d:0b:52:9f:4e:f1:cb:26:cb:dc:1d:ac:ab:
                    4b:cc:40:28:a0:3f:97:cf:ec:07:03:06:ac:b9:48:
                    19:5b:36:81:23:be:07:46:e9:6c:e5:5a:cf:6b:1b:
                    62:82:ac:7b:59:3a:d7:0d:16:be:13:82:63:4d:12:
                    03:22:bc:b1:48:8d:53:92:5c:1c:99:bb:12:26:79:
                    ea:d2:1a:56:3d:0d:a7:b8:40:96:a1:cd:66:aa:17:
                    7e:94:cf:3e:d4:df:38:4f:dd:ed:94:d6:d4:71:0e:
                    7c:af:d0:db:4b:f8:03:17:dc:20:9a:91:12:0a:7a:
                    52:95:8c:13:3c:e0:d8:0a:23:34:f5:b8:2a:d7:85:
                    88:a1:5c:fc:22:2c:77:d4:d1:3f:49:48:04:c8:25:
                    d5:57:c6:0e:26:d8:0c:06:6b:29:89:e5:cb:e4:70:
                    f5:b3:57:20:6d:7a:f4:48:fc:9a:f9:e1:3d:db:ea:
                    50:ff:19:54:40:20:6d:da:ca:1a:f6:3c:a9:e7:b4:
                    b8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:EF:E2:F4:5D:F2:98:A3:22:25:E3:69:C7:B4:82:F5:F3:4A:9C:57
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/du_i9F3ymKMiJeNpx7SC9fNKnFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:3d:03:10:2a:06:80:d8:b8:b5:df:86:ff:ef:ab:3e:bd:97:
         13:cc:fe:38:44:ce:a1:05:dd:12:de:86:8a:1b:99:bd:9a:a4:
         80:00:30:20:74:67:71:cc:b2:d2:b8:e0:55:5a:03:10:58:86:
         ec:c2:44:36:9c:9a:3b:2d:8c:a2:69:a2:d4:56:4f:d1:86:45:
         14:2f:0f:8d:1a:ed:d3:a8:e7:50:f5:c6:b3:34:2f:e1:e5:43:
         78:2a:db:28:48:29:14:cc:bf:a3:b7:8a:6f:54:80:97:43:22:
         a9:41:6e:f0:18:c7:22:23:68:7b:f3:1e:92:e2:1e:76:19:da:
         8c:fb:e6:3e:49:a8:aa:32:89:c0:58:ea:10:c1:e8:30:1e:53:
         61:f6:51:7f:f7:fc:15:30:0b:22:ca:3e:48:e4:51:c7:83:2c:
         89:dd:35:c6:b8:51:3d:2e:7c:fc:19:44:9c:8c:46:40:ca:ac:
         5c:dd:c0:f1:23:a3:d1:c9:48:34:18:9f:2a:78:ce:36:f4:41:
         5c:80:2c:80:9e:f5:0d:b4:47:44:1d:13:2e:75:1e:c1:12:5e:
         31:49:48:ac:39:71:20:9f:92:98:e0:ef:23:b2:18:1a:a7:d9:
         7c:17:ee:99:5d:33:74:c9:01:e9:50:19:05:c1:ca:dd:0c:ad:
         6b:d6:04:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStl8JA4DVfMJjGa4oOdJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmVmZTJmNDVkZjI5OGEzMjIyNWUzNjljN2I0ODJmNWYzNGE5YzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw87qTXRhvupzcqIAnQQNY/8/shoB
/+D1mpGK63TmDmD5y3ZoIgCyVtIax8haE9Rm7IWzubfSZmVmznr1m00LUp9O8csm
y9wdrKtLzEAooD+Xz+wHAwasuUgZWzaBI74HRuls5VrPaxtigqx7WTrXDRa+E4Jj
TRIDIryxSI1TklwcmbsSJnnq0hpWPQ2nuECWoc1mqhd+lM8+1N84T93tlNbUcQ58
r9DbS/gDF9wgmpESCnpSlYwTPODYCiM09bgq14WIoVz8Iix31NE/SUgEyCXVV8YO
JtgMBmspieXL5HD1s1cgbXr0SPya+eE92+pQ/xlUQCBt2soa9jyp57S4lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbv4vRd8pijIiXjace0gvXzSpxXMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvZHVfaTlGM3ltS01pSmVOcHg3U0M5Zk5LbkZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6Q8MA0G
CSqGSIb3DQEBCwUAA4IBAQCmPQMQKgaA2Li134b/76s+vZcTzP44RM6hBd0S3oaK
G5m9mqSAADAgdGdxzLLSuOBVWgMQWIbswkQ2nJo7LYyiaaLUVk/RhkUULw+NGu3T
qOdQ9cazNC/h5UN4KtsoSCkUzL+jt4pvVICXQyKpQW7wGMciI2h78x6S4h52GdqM
++Y+SaiqMonAWOoQwegwHlNh9lF/9/wVMAsiyj5I5FHHgyyJ3TXGuFE9Lnz8GUSc
jEZAyqxc3cDxI6PRyUg0GJ8qeM429EFcgCyAnvUNtEdEHRMudR7BEl4xSUisOXEg
n5KY4O8jshgap9l8F+6ZXTN0yQHpUBkFwcrdDK1r1gTX
-----END CERTIFICATE-----