Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/dOsYS-LDC33vHrzMmr2RHOK3Qh4.roa
File:                     dOsYS-LDC33vHrzMmr2RHOK3Qh4.roa (raw, json)
Hash identifier:          IwKXZ1rsfji03P5hqGbvxL3Chj5ToApstZ6h/K2QXsA=
Subject key identifier:   74:EB:18:4B:E2:C3:0B:7D:EF:1E:BC:CC:9A:BD:91:1C:E2:B7:42:1E
Certificate issuer:       /CN=421f108882a9e2d72782db6527da4d9adeeb19cc
Certificate serial:       018CC5DC4404D50ECCBCF0C2A268519B5AC6
Authority key identifier: 42:1F:10:88:82:A9:E2:D7:27:82:DB:65:27:DA:4D:9A:DE:EB:19:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qh8QiIKp4tcngttlJ9pNmt7rGcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/dOsYS-LDC33vHrzMmr2RHOK3Qh4.roa
Signing time:             Mon 01 Jan 2024 16:29:55 +0000
ROA not before:           Mon 01 Jan 2024 16:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.86.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/Qh8QiIKp4tcngttlJ9pNmt7rGcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/Qh8QiIKp4tcngttlJ9pNmt7rGcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qh8QiIKp4tcngttlJ9pNmt7rGcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:44:04:d5:0e:cc:bc:f0:c2:a2:68:51:9b:5a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=421f108882a9e2d72782db6527da4d9adeeb19cc
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74eb184be2c30b7def1ebccc9abd911ce2b7421e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c3:61:6d:2a:a8:91:78:bf:a9:9d:28:90:93:
                    f6:6c:b9:f4:3d:8f:37:2c:9c:a2:73:21:65:c9:72:
                    f2:ee:22:75:c0:90:2b:7e:6a:cd:e4:3b:a2:c5:4e:
                    db:e8:43:72:4a:ff:8b:d4:f0:61:89:e6:8c:11:e6:
                    6b:a0:25:4d:e1:40:e8:b4:1f:1c:bb:63:4d:b8:42:
                    6f:34:84:01:55:1d:0e:9a:85:2a:8f:62:15:bd:bf:
                    fb:5b:03:83:3b:b0:e0:67:b0:bf:e6:86:61:63:aa:
                    11:7a:81:fc:d8:a5:55:5b:b6:e3:a6:f2:79:67:5e:
                    32:e5:04:c9:b8:54:43:5f:1c:bd:64:8c:2c:ff:d2:
                    3d:42:48:f2:de:e3:67:24:7d:da:c9:bd:20:33:ee:
                    c5:be:d9:bc:91:fd:59:70:33:9e:d3:62:72:9b:95:
                    92:79:1a:cc:0f:e9:0b:ac:7e:6b:0e:9e:3b:b4:3f:
                    05:28:2f:e3:52:08:87:bf:7a:06:f2:99:12:88:66:
                    5c:e9:76:65:c9:78:30:24:75:c6:c9:5d:a6:c4:a9:
                    ed:49:8f:28:2e:6f:06:50:9d:72:37:99:7a:f7:cf:
                    18:63:80:6e:27:56:e2:5b:3f:67:a9:ee:f3:42:53:
                    06:20:16:6f:69:de:9a:5f:85:9c:11:43:81:31:ba:
                    49:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:EB:18:4B:E2:C3:0B:7D:EF:1E:BC:CC:9A:BD:91:1C:E2:B7:42:1E
            X509v3 Authority Key Identifier:
                keyid:42:1F:10:88:82:A9:E2:D7:27:82:DB:65:27:DA:4D:9A:DE:EB:19:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qh8QiIKp4tcngttlJ9pNmt7rGcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/dOsYS-LDC33vHrzMmr2RHOK3Qh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/Qh8QiIKp4tcngttlJ9pNmt7rGcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:29:36:34:f8:5d:34:69:e8:84:58:49:cf:5d:79:e9:7f:17:
         70:f6:a2:b6:15:3f:b3:e3:c6:3b:da:61:bb:3d:ba:18:6b:13:
         ed:2c:be:74:91:49:84:a3:64:c3:ad:31:1b:b7:50:c3:6f:5a:
         07:42:dc:30:c2:6d:bf:cf:ea:92:96:6e:3e:05:7f:52:9f:51:
         36:0e:1a:3d:0b:b1:75:f7:0c:76:9e:a0:f0:e0:8c:ca:fc:16:
         7e:e7:65:ab:29:46:ec:cc:3d:d5:8d:39:94:a7:b4:55:e4:2a:
         91:b4:b3:9a:20:d8:4d:34:72:67:d2:0d:1f:d9:08:6f:63:12:
         d7:82:6e:d6:f5:b9:72:d0:ec:b1:82:2b:63:3a:26:05:62:45:
         4d:d4:c3:d0:15:f6:e1:e6:87:a3:e3:2b:16:8d:f2:45:4a:f1:
         13:4d:e4:a2:a7:78:27:44:b8:8f:e8:1c:3d:f9:c8:dd:27:52:
         b1:32:ca:ba:13:ac:4b:03:59:0d:07:44:1c:d1:b7:9f:35:aa:
         00:73:f9:8f:7f:f5:bb:6a:39:c1:56:df:63:cf:8c:91:ec:31:
         64:5a:74:b9:fd:c9:c2:1e:6a:27:9a:ac:48:57:33:1b:ae:71:
         13:c5:b3:ef:a6:39:07:cb:1c:62:f5:14:9d:ae:c3:fd:2d:28:
         b8:b5:fa:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3EQE1Q7MvPDComhRm1rGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMWYxMDg4ODJhOWUyZDcyNzgyZGI2NTI3ZGE0ZDlhZGVl
YjE5Y2MwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGViMTg0YmUyYzMwYjdkZWYxZWJjY2M5YWJkOTExY2UyYjc0MjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8NhbSqokXi/qZ0okJP2bLn0PY83
LJyicyFlyXLy7iJ1wJArfmrN5DuixU7b6ENySv+L1PBhieaMEeZroCVN4UDotB8c
u2NNuEJvNIQBVR0OmoUqj2IVvb/7WwODO7DgZ7C/5oZhY6oReoH82KVVW7bjpvJ5
Z14y5QTJuFRDXxy9ZIws/9I9Qkjy3uNnJH3ayb0gM+7Fvtm8kf1ZcDOe02Jym5WS
eRrMD+kLrH5rDp47tD8FKC/jUgiHv3oG8pkSiGZc6XZlyXgwJHXGyV2mxKntSY8o
Lm8GUJ1yN5l6988YY4BuJ1biWz9nqe7zQlMGIBZvad6aX4WcEUOBMbpJjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTrGEviwwt97x68zJq9kRzit0IeMB8GA1UdIwQY
MBaAFEIfEIiCqeLXJ4LbZSfaTZre6xnMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWg4UWlJS3A0dGNuZ3R0bEo5cE5tdDdyR2N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8yMTkyMmEtZGQ3OS00ZjU2LTgzYmUt
MGEwNjlkZWMxMDBhLzEvZE9zWVMtTERDMzN2SHJ6TW1yMlJIT0szUWg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8yMTkyMmEtZGQ3OS00ZjU2LTgzYmUtMGEwNjlkZWMxMDBh
LzEvUWg4UWlJS3A0dGNuZ3R0bEo5cE5tdDdyR2N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVZwMA0G
CSqGSIb3DQEBCwUAA4IBAQCnKTY0+F00aeiEWEnPXXnpfxdw9qK2FT+z48Y72mG7
PboYaxPtLL50kUmEo2TDrTEbt1DDb1oHQtwwwm2/z+qSlm4+BX9Sn1E2Dho9C7F1
9wx2nqDw4IzK/BZ+52WrKUbszD3VjTmUp7RV5CqRtLOaINhNNHJn0g0f2QhvYxLX
gm7W9bly0OyxgitjOiYFYkVN1MPQFfbh5oej4ysWjfJFSvETTeSip3gnRLiP6Bw9
+cjdJ1KxMsq6E6xLA1kNB0Qc0befNaoAc/mPf/W7ajnBVt9jz4yR7DFkWnS5/cnC
HmonmqxIVzMbrnETxbPvpjkHyxxi9RSdrsP9LSi4tfop
-----END CERTIFICATE-----