Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/b75de2-b997-4bd3-b1ef-c7571ee1d99b/1/dNPekZVe79cVIMirMETmt-yI6jk.roa
File:                     dNPekZVe79cVIMirMETmt-yI6jk.roa (raw, json)
Hash identifier:          +BncwdJV3ZmU0gajnF1B+t7xuxc1f5af/D0d0V0OA9A=
Subject key identifier:   74:D3:DE:91:95:5E:EF:D7:15:20:C8:AB:30:44:E6:B7:EC:88:EA:39
Certificate issuer:       /CN=0199bfbb331f270932ef3f82f03add0c0b2f1572
Certificate serial:       018CC56ED5DB10CC3FACC2E022E9C49BE231
Authority key identifier: 01:99:BF:BB:33:1F:27:09:32:EF:3F:82:F0:3A:DD:0C:0B:2F:15:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZm_uzMfJwky7z-C8DrdDAsvFXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/b75de2-b997-4bd3-b1ef-c7571ee1d99b/1/dNPekZVe79cVIMirMETmt-yI6jk.roa
Signing time:             Mon 01 Jan 2024 14:30:24 +0000
ROA not before:           Mon 01 Jan 2024 14:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56911
IP address blocks:        185.159.48.0/22 maxlen: 24
                          2a07:b2c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/b75de2-b997-4bd3-b1ef-c7571ee1d99b/1/AZm_uzMfJwky7z-C8DrdDAsvFXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/b75de2-b997-4bd3-b1ef-c7571ee1d99b/1/AZm_uzMfJwky7z-C8DrdDAsvFXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AZm_uzMfJwky7z-C8DrdDAsvFXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d5:db:10:cc:3f:ac:c2:e0:22:e9:c4:9b:e2:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0199bfbb331f270932ef3f82f03add0c0b2f1572
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74d3de91955eefd71520c8ab3044e6b7ec88ea39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:aa:f4:17:c3:46:42:5c:6d:65:b5:14:8c:b7:
                    b9:f3:4e:3d:d2:08:da:de:96:9e:7b:e6:3d:dd:d2:
                    06:b1:1d:00:bd:6c:94:bf:b8:3f:da:7b:fd:0b:93:
                    e9:58:9d:cc:45:58:42:94:20:28:be:19:13:da:39:
                    0d:f3:d4:04:c4:59:fe:64:b3:de:12:ea:19:7e:4b:
                    3f:18:46:75:c8:59:4b:b6:df:2b:e6:8a:35:81:ea:
                    df:30:b2:6e:16:e1:2c:73:d3:f0:af:c9:8c:58:18:
                    89:45:24:97:8f:c0:4b:29:eb:da:25:ab:b2:5d:5e:
                    9f:bb:97:47:51:09:1e:b7:b8:d7:e9:81:ae:1b:e0:
                    34:18:6f:6a:98:15:0c:da:9c:c8:84:d5:43:6a:e5:
                    24:23:e4:ca:ec:1a:c0:9c:fe:3c:bf:ce:93:d2:04:
                    71:27:38:15:48:da:f9:75:42:40:c7:25:d6:03:a0:
                    6f:be:0d:56:5f:d6:bd:30:4c:aa:8c:76:ba:4e:1b:
                    82:38:a5:b4:c4:90:d5:67:6b:63:dc:93:f5:04:b8:
                    58:1d:f5:3d:c6:bd:a6:f4:ab:f2:d7:95:38:ae:66:
                    13:70:cf:d5:1f:03:42:e3:aa:be:6c:df:07:41:e3:
                    7a:15:3d:be:82:20:e1:23:38:11:33:ac:76:cd:75:
                    47:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D3:DE:91:95:5E:EF:D7:15:20:C8:AB:30:44:E6:B7:EC:88:EA:39
            X509v3 Authority Key Identifier:
                keyid:01:99:BF:BB:33:1F:27:09:32:EF:3F:82:F0:3A:DD:0C:0B:2F:15:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZm_uzMfJwky7z-C8DrdDAsvFXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b75de2-b997-4bd3-b1ef-c7571ee1d99b/1/dNPekZVe79cVIMirMETmt-yI6jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b75de2-b997-4bd3-b1ef-c7571ee1d99b/1/AZm_uzMfJwky7z-C8DrdDAsvFXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.48.0/22
                IPv6:
                  2a07:b2c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:a3:84:73:5e:72:df:1d:17:a1:2f:52:de:7b:85:2b:6f:2f:
         f4:0b:7b:46:45:19:c6:ed:78:39:04:16:6d:01:25:7f:e8:79:
         8d:e3:a9:46:43:ff:31:11:37:47:37:c0:1a:f7:2a:d2:cd:b4:
         ca:51:87:d6:fb:ce:aa:49:f0:8c:25:50:13:75:44:9d:92:38:
         24:61:ff:90:f1:92:29:1f:21:a5:10:8b:73:8b:75:9e:a7:a1:
         10:f7:d7:29:75:2d:b5:9c:ce:cf:d6:7c:09:2a:37:03:54:3c:
         01:59:18:6d:63:61:cf:58:28:f9:8e:02:e0:a6:91:56:6a:ce:
         4c:e5:5d:25:d2:cb:d1:98:4e:35:76:c4:1e:3b:62:3a:76:b3:
         21:43:2c:b9:50:29:85:8e:27:0e:cb:ba:a1:e2:ed:f6:b9:28:
         11:3f:96:1c:24:03:b2:36:d3:ec:71:69:d0:af:a0:12:af:c5:
         30:68:00:ec:7e:08:d3:ba:eb:79:ec:29:d2:f3:9e:65:40:4a:
         c8:f6:d3:68:f2:61:38:c2:43:31:b2:7a:1f:3f:93:f6:ff:8e:
         2b:c5:89:b2:ec:4e:e2:3f:4e:9d:5c:9d:90:d6:6e:59:f4:57:
         c1:82:a2:92:0d:84:4c:38:a6:ef:2a:6c:ed:87:b8:56:5f:fd:
         c2:6a:e0:f7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbtXbEMw/rMLgIunEm+IxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTliZmJiMzMxZjI3MDkzMmVmM2Y4MmYwM2FkZDBjMGIy
ZjE1NzIwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGQzZGU5MTk1NWVlZmQ3MTUyMGM4YWIzMDQ0ZTZiN2VjODhlYTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6r0F8NGQlxtZbUUjLe580490gja
3paee+Y93dIGsR0AvWyUv7g/2nv9C5PpWJ3MRVhClCAovhkT2jkN89QExFn+ZLPe
EuoZfks/GEZ1yFlLtt8r5oo1gerfMLJuFuEsc9Pwr8mMWBiJRSSXj8BLKevaJauy
XV6fu5dHUQket7jX6YGuG+A0GG9qmBUM2pzIhNVDauUkI+TK7BrAnP48v86T0gRx
JzgVSNr5dUJAxyXWA6Bvvg1WX9a9MEyqjHa6ThuCOKW0xJDVZ2tj3JP1BLhYHfU9
xr2m9Kvy15U4rmYTcM/VHwNC46q+bN8HQeN6FT2+giDhIzgRM6x2zXVHYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHTT3pGVXu/XFSDIqzBE5rfsiOo5MB8GA1UdIwQY
MBaAFAGZv7szHycJMu8/gvA63QwLLxVyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVptX3V6TWZKd2t5N3otQzhEcmREQXN2RlhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9iNzVkZTItYjk5Ny00YmQzLWIxZWYt
Yzc1NzFlZTFkOTliLzEvZE5QZWtaVmU3OWNWSU1pck1FVG10LXlJNmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9iNzVkZTItYjk5Ny00YmQzLWIxZWYtYzc1NzFlZTFkOTli
LzEvQVptX3V6TWZKd2t5N3otQzhEcmREQXN2RlhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZ8wMA0E
AgACMAcDBQAqB7LAMA0GCSqGSIb3DQEBCwUAA4IBAQAOo4RzXnLfHRehL1Lee4Ur
by/0C3tGRRnG7Xg5BBZtASV/6HmN46lGQ/8xETdHN8Aa9yrSzbTKUYfW+86qSfCM
JVATdUSdkjgkYf+Q8ZIpHyGlEItzi3Wep6EQ99cpdS21nM7P1nwJKjcDVDwBWRht
Y2HPWCj5jgLgppFWas5M5V0l0svRmE41dsQeO2I6drMhQyy5UCmFjicOy7qh4u32
uSgRP5YcJAOyNtPscWnQr6ASr8UwaADsfgjTuut57CnS855lQErI9tNo8mE4wkMx
snofP5P2/44rxYmy7E7iP06dXJ2Q1m5Z9FfBgqKSDYRMOKbvKmzth7hWX/3CauD3
-----END CERTIFICATE-----