Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/gT9hQP-UdDCt57mihFVpqqXrFtI.roa
File:                     gT9hQP-UdDCt57mihFVpqqXrFtI.roa (raw, json)
Hash identifier:          kNibPxS2eQrpumYUBGMAqANuhPpfcCuUaU7rkaUGWGs=
Subject key identifier:   81:3F:61:40:FF:94:74:30:AD:E7:B9:A2:84:55:69:AA:A5:EB:16:D2
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       018D8379D2856A8A2126BCAE970634B4AD3B
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/gT9hQP-UdDCt57mihFVpqqXrFtI.roa
Signing time:             Wed 07 Feb 2024 12:10:15 +0000
ROA not before:           Wed 07 Feb 2024 12:10:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197737
IP address blocks:        185.21.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:83:79:d2:85:6a:8a:21:26:bc:ae:97:06:34:b4:ad:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Feb  7 12:10:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=813f6140ff947430ade7b9a2845569aaa5eb16d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b5:34:9f:4b:b2:f6:26:78:22:1a:d4:79:5d:
                    0a:51:3c:60:af:f2:cc:aa:4a:36:b7:63:c3:c3:36:
                    ac:52:e8:43:57:c6:b1:13:f8:ff:ae:0a:b9:39:42:
                    89:ea:50:a6:a8:56:ae:02:30:e2:c5:d9:39:db:b0:
                    2a:17:36:bc:ad:dc:9f:d7:e0:05:4a:d2:7b:af:7f:
                    ed:a4:ca:f5:ff:d5:db:54:1b:29:8c:eb:83:f6:69:
                    5b:33:33:10:a0:ef:c7:1c:ff:1b:a2:5a:42:5a:01:
                    1f:53:c3:0f:d6:cd:60:aa:f7:72:75:66:b7:e6:da:
                    b8:d6:27:bd:04:1a:85:7f:0a:69:dc:ec:34:84:59:
                    29:c6:ba:8a:60:76:b9:d1:45:1f:92:c7:92:20:99:
                    2b:43:58:23:a5:63:67:9c:a5:93:08:45:27:dd:07:
                    b4:40:b0:84:56:88:fc:20:7c:e8:d6:81:26:ee:0f:
                    95:76:96:75:96:02:40:4e:14:5c:b3:41:57:54:d9:
                    da:a1:02:76:7e:54:38:61:d3:2c:5d:f7:07:da:20:
                    22:9e:f0:2f:01:10:0e:f9:ea:e7:97:04:b8:99:89:
                    bd:7f:0e:e3:5d:58:a5:d6:fb:9c:7f:67:f4:6e:24:
                    97:6f:eb:2a:ee:62:c5:29:9a:ab:27:d0:37:49:2a:
                    9b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:3F:61:40:FF:94:74:30:AD:E7:B9:A2:84:55:69:AA:A5:EB:16:D2
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/gT9hQP-UdDCt57mihFVpqqXrFtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:8f:af:e1:9f:38:a5:6c:68:0c:73:8b:b2:c1:8c:ca:42:ca:
         3a:ec:cc:00:86:cc:59:a3:e7:26:6f:7b:ac:13:2f:47:31:a9:
         0d:ef:3c:ab:17:1f:c5:75:26:fe:4c:6c:1a:60:6c:b6:b6:19:
         c6:05:09:88:47:7b:bf:ef:46:d9:64:ae:08:54:e6:1c:2d:f6:
         5c:42:73:7c:9b:2b:d8:6e:49:70:8a:13:98:db:5f:59:7d:b9:
         8b:b6:7a:97:b6:c2:3c:25:60:86:b6:94:38:69:b3:61:05:d6:
         00:4d:ba:73:93:4c:5f:25:94:72:52:1b:67:3d:9b:d8:fa:af:
         a5:9b:b4:55:9a:8f:c1:d3:cd:ce:a0:e4:ef:d6:0a:da:f1:cc:
         15:b3:b6:fa:dd:2d:1e:e4:d1:30:73:78:94:e9:79:b6:93:97:
         f3:05:7e:33:70:a1:56:4a:3a:80:e1:75:10:1d:ec:9d:3f:69:
         a3:6c:b5:66:87:d2:27:a4:5d:05:a4:72:52:7e:9e:3b:cd:6c:
         d2:78:8b:da:2d:26:b6:8f:04:16:19:a6:e5:94:eb:74:cc:14:
         56:2c:11:e5:ab:cd:d8:22:c5:43:e9:b2:83:35:61:02:b5:56:
         f7:52:fb:27:2b:23:27:0c:67:10:3b:68:d3:17:2a:fc:de:f2:
         d3:4a:d0:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2DedKFaoohJryulwY0tK07MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwMjA3MTIxMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTNmNjE0MGZmOTQ3NDMwYWRlN2I5YTI4NDU1NjlhYWE1ZWIxNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LU0n0uy9iZ4IhrUeV0KUTxgr/LM
qko2t2PDwzasUuhDV8axE/j/rgq5OUKJ6lCmqFauAjDixdk527AqFza8rdyf1+AF
StJ7r3/tpMr1/9XbVBspjOuD9mlbMzMQoO/HHP8bolpCWgEfU8MP1s1gqvdydWa3
5tq41ie9BBqFfwpp3Ow0hFkpxrqKYHa50UUfkseSIJkrQ1gjpWNnnKWTCEUn3Qe0
QLCEVoj8IHzo1oEm7g+VdpZ1lgJAThRcs0FXVNnaoQJ2flQ4YdMsXfcH2iAinvAv
ARAO+ernlwS4mYm9fw7jXVil1vucf2f0biSXb+sq7mLFKZqrJ9A3SSqbqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIE/YUD/lHQwree5ooRVaaql6xbSMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvZ1Q5aFFQLVVkREN0NTdtaWhGVnBxcVhyRnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX+MA0G
CSqGSIb3DQEBCwUAA4IBAQDCj6/hnzilbGgMc4uywYzKQso67MwAhsxZo+cmb3us
Ey9HMakN7zyrFx/FdSb+TGwaYGy2thnGBQmIR3u/70bZZK4IVOYcLfZcQnN8myvY
bklwihOY219ZfbmLtnqXtsI8JWCGtpQ4abNhBdYATbpzk0xfJZRyUhtnPZvY+q+l
m7RVmo/B083OoOTv1gra8cwVs7b63S0e5NEwc3iU6Xm2k5fzBX4zcKFWSjqA4XUQ
HeydP2mjbLVmh9InpF0FpHJSfp47zWzSeIvaLSa2jwQWGabllOt0zBRWLBHlq83Y
IsVD6bKDNWECtVb3UvsnKyMnDGcQO2jTFyr83vLTStC/
-----END CERTIFICATE-----