Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/eYrNgv_-Nv9X6yLbdqMJbXizg3s.roa
File:                     eYrNgv_-Nv9X6yLbdqMJbXizg3s.roa (raw, json)
Hash identifier:          uor230O+es+CKsz0g3t1Z4iCMFebXhfJjog4K4qDJ+8=
Subject key identifier:   79:8A:CD:82:FF:FE:36:FF:57:EB:22:DB:76:A3:09:6D:78:B3:83:7B
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       01913C63E6554CAAD359FC65F1933B5638CC
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/eYrNgv_-Nv9X6yLbdqMJbXizg3s.roa
Signing time:             Sat 10 Aug 2024 13:04:25 +0000
ROA not before:           Sat 10 Aug 2024 13:04:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.21.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:3c:63:e6:55:4c:aa:d3:59:fc:65:f1:93:3b:56:38:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Aug 10 13:04:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=798acd82fffe36ff57eb22db76a3096d78b3837b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:de:88:9a:4f:0a:ce:d0:23:1d:57:c5:fa:67:
                    0f:26:bd:d1:d5:d4:58:da:cf:79:49:fb:3e:ac:83:
                    2b:17:3e:e0:9d:3a:49:a2:b4:d5:29:a7:1e:35:4b:
                    15:5f:49:7b:4f:b8:a9:73:e9:8a:c9:17:9f:e7:f9:
                    fc:c1:c0:66:94:08:bd:fb:d7:81:e0:f1:ee:a0:47:
                    db:e5:a0:53:4d:17:b3:4f:05:c8:e5:0e:be:83:73:
                    6a:c3:86:61:0e:ea:f7:65:57:2e:73:21:88:42:a1:
                    e3:08:57:c2:59:24:23:d3:c3:fd:56:fd:10:75:6e:
                    0f:16:0b:65:db:6b:cb:46:07:fc:17:1d:bf:62:c7:
                    6d:10:59:4e:5a:19:d3:1d:43:28:ff:e0:9f:f7:c3:
                    f4:40:fe:7a:7b:e8:52:b3:ba:de:af:ee:fb:22:65:
                    9b:13:b9:e8:2b:09:27:e2:99:e4:8f:ab:cb:1f:d4:
                    50:ea:da:aa:63:af:a8:af:95:d3:4f:85:75:e2:7e:
                    74:bd:ba:55:a8:2c:b8:cc:a1:13:35:78:3e:d7:4e:
                    24:41:22:0d:55:e4:eb:d1:57:31:56:9e:4b:77:dc:
                    3a:76:9c:9e:8d:a8:e7:41:f1:34:88:30:8e:77:19:
                    68:5c:db:3d:57:fb:fe:63:a6:51:f5:21:4d:e6:8e:
                    69:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:8A:CD:82:FF:FE:36:FF:57:EB:22:DB:76:A3:09:6D:78:B3:83:7B
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/eYrNgv_-Nv9X6yLbdqMJbXizg3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:3c:cc:a2:0d:a0:bc:76:ba:c9:73:ab:59:63:e5:22:b9:55:
         76:c8:7f:97:16:fa:8d:a4:9a:ef:09:dc:f8:eb:ac:ae:16:f1:
         e8:db:da:26:31:94:43:08:98:29:bb:3b:e5:87:29:93:fb:f2:
         bd:9a:05:3c:db:38:37:7a:3f:5f:bc:c5:3d:8a:63:25:95:f2:
         76:58:15:fb:ab:b5:04:f2:bd:df:b0:49:7c:69:22:c0:b7:bc:
         06:3f:37:88:d0:00:c8:5c:d7:a3:29:3a:80:a3:0d:ca:c7:4d:
         ec:19:be:66:61:62:e7:b9:03:bf:1d:f6:d3:24:e2:8e:27:02:
         58:77:9b:6c:7a:c4:ce:cd:c5:ae:9a:67:32:ae:60:09:82:90:
         be:57:b9:3b:2a:52:21:36:91:f6:6e:96:de:f9:c1:84:f8:cb:
         29:cb:60:65:20:52:08:58:19:ca:3e:c4:22:84:4b:42:5b:c2:
         c2:6d:8d:35:6d:ad:77:4e:37:14:4a:a1:e7:22:af:47:80:03:
         b3:d5:a0:a6:39:15:df:45:40:f0:6b:d6:b5:c3:ab:f7:81:be:
         a6:7e:ab:ce:68:7e:9a:80:b4:05:a6:80:93:19:7e:a6:91:6d:
         fa:56:f3:a2:3c:a0:8f:18:6c:c6:06:f6:ae:57:8d:ea:39:da:
         c0:b1:f4:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE8Y+ZVTKrTWfxl8ZM7VjjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwODEwMTMwNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OThhY2Q4MmZmZmUzNmZmNTdlYjIyZGI3NmEzMDk2ZDc4YjM4MzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzt6Imk8KztAjHVfF+mcPJr3R1dRY
2s95Sfs+rIMrFz7gnTpJorTVKaceNUsVX0l7T7ipc+mKyRef5/n8wcBmlAi9+9eB
4PHuoEfb5aBTTRezTwXI5Q6+g3Nqw4ZhDur3ZVcucyGIQqHjCFfCWSQj08P9Vv0Q
dW4PFgtl22vLRgf8Fx2/YsdtEFlOWhnTHUMo/+Cf98P0QP56e+hSs7rer+77ImWb
E7noKwkn4pnkj6vLH9RQ6tqqY6+or5XTT4V14n50vbpVqCy4zKETNXg+104kQSIN
VeTr0VcxVp5Ld9w6dpyejajnQfE0iDCOdxloXNs9V/v+Y6ZR9SFN5o5pzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmKzYL//jb/V+si23ajCW14s4N7MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvZVlyTmd2Xy1OdjlYNnlMYmRxTUpiWGl6ZzNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX9MA0G
CSqGSIb3DQEBCwUAA4IBAQCvPMyiDaC8drrJc6tZY+UiuVV2yH+XFvqNpJrvCdz4
66yuFvHo29omMZRDCJgpuzvlhymT+/K9mgU82zg3ej9fvMU9imMllfJ2WBX7q7UE
8r3fsEl8aSLAt7wGPzeI0ADIXNejKTqAow3Kx03sGb5mYWLnuQO/HfbTJOKOJwJY
d5tsesTOzcWummcyrmAJgpC+V7k7KlIhNpH2bpbe+cGE+Mspy2BlIFIIWBnKPsQi
hEtCW8LCbY01ba13TjcUSqHnIq9HgAOz1aCmORXfRUDwa9a1w6v3gb6mfqvOaH6a
gLQFpoCTGX6mkW36VvOiPKCPGGzGBvauV43qOdrAsfQj
-----END CERTIFICATE-----