Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/269f66-0fc1-4658-b367-9c30f656fd5b/1/OTghOwq7xgXqEvwy3EaFIVb1128.roa
File:                     OTghOwq7xgXqEvwy3EaFIVb1128.roa (raw, json)
Hash identifier:          NCJqZeGxF023/YRQK9STolclkdxE1OIqqNnPrXzZ5VY=
Subject key identifier:   39:38:21:3B:0A:BB:C6:05:EA:12:FC:32:DC:46:85:21:56:F5:D7:6F
Certificate issuer:       /CN=9df589672bc2a345dc11e9ff162500ec15dadd1d
Certificate serial:       018CC80179E1F31AEB9C842E7E8207F3A9E5
Authority key identifier: 9D:F5:89:67:2B:C2:A3:45:DC:11:E9:FF:16:25:00:EC:15:DA:DD:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfWJZyvCo0XcEen_FiUA7BXa3R0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/269f66-0fc1-4658-b367-9c30f656fd5b/1/OTghOwq7xgXqEvwy3EaFIVb1128.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39078
IP address blocks:        212.23.220.0/24 maxlen: 24
                          2a12:3600::/30 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/269f66-0fc1-4658-b367-9c30f656fd5b/1/nfWJZyvCo0XcEen_FiUA7BXa3R0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/269f66-0fc1-4658-b367-9c30f656fd5b/1/nfWJZyvCo0XcEen_FiUA7BXa3R0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfWJZyvCo0XcEen_FiUA7BXa3R0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:79:e1:f3:1a:eb:9c:84:2e:7e:82:07:f3:a9:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df589672bc2a345dc11e9ff162500ec15dadd1d
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3938213b0abbc605ea12fc32dc46852156f5d76f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bc:be:3d:a9:20:61:c7:11:92:78:78:7d:a6:
                    55:c9:42:6d:ac:11:2a:e9:71:39:62:fe:94:b2:40:
                    f3:f4:45:af:cb:13:37:e6:7a:3a:4c:73:b9:8b:ed:
                    41:88:92:02:85:42:8b:b4:fe:eb:7b:c5:f4:60:70:
                    e7:74:44:81:64:21:df:43:a5:4b:8b:fb:f1:1e:eb:
                    77:ce:8d:19:f6:b4:2b:a9:33:9e:c0:ab:0a:17:e0:
                    04:d3:40:2d:f7:c0:57:e0:22:d2:87:75:65:c8:e7:
                    05:29:8e:14:be:33:86:bc:f1:39:cb:cd:c5:0c:e2:
                    01:80:5e:37:bc:4a:d2:15:54:d9:e8:86:e3:5b:df:
                    a3:b3:20:fc:ed:54:45:a5:29:f1:35:a1:26:33:97:
                    f2:49:17:2a:ed:4a:27:c0:03:d5:b2:9d:f0:7d:43:
                    63:28:67:d4:c8:62:4d:94:93:79:8d:85:f2:ee:ac:
                    c4:ee:cf:73:52:4d:cf:52:db:0b:8a:4e:ea:9f:77:
                    98:36:c3:4e:50:e2:fe:0a:ff:34:0d:22:4d:fb:d6:
                    0b:88:1d:b1:9e:35:7b:65:37:c4:ff:b5:11:81:a8:
                    f7:ce:66:a7:14:f8:b0:f2:a5:01:bb:dd:f0:85:92:
                    9d:23:1a:83:66:05:0a:7b:89:a2:68:a5:b8:dd:7c:
                    fe:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:38:21:3B:0A:BB:C6:05:EA:12:FC:32:DC:46:85:21:56:F5:D7:6F
            X509v3 Authority Key Identifier:
                keyid:9D:F5:89:67:2B:C2:A3:45:DC:11:E9:FF:16:25:00:EC:15:DA:DD:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfWJZyvCo0XcEen_FiUA7BXa3R0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/269f66-0fc1-4658-b367-9c30f656fd5b/1/OTghOwq7xgXqEvwy3EaFIVb1128.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/269f66-0fc1-4658-b367-9c30f656fd5b/1/nfWJZyvCo0XcEen_FiUA7BXa3R0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.220.0/24
                IPv6:
                  2a12:3600::/30

    Signature Algorithm: sha256WithRSAEncryption
         0a:9b:e3:08:27:2d:fe:ce:e3:10:c0:f5:ba:ad:f7:82:82:69:
         e8:4d:66:d2:68:65:f5:45:d8:b8:b2:c4:c5:c4:a7:2c:92:aa:
         9f:01:f9:71:f3:ee:d1:2a:82:ea:77:ed:c3:1d:c9:3a:13:93:
         25:ee:a8:1d:21:5e:62:ba:1b:82:e2:fb:ef:85:b6:58:0d:8a:
         67:e1:12:32:12:bf:17:cf:82:8e:5f:95:9e:e3:c1:15:61:25:
         48:1d:cd:85:56:d1:45:4e:fb:0a:cd:d0:58:eb:53:48:1a:55:
         f1:83:78:49:9e:e2:b2:77:32:20:33:0a:da:73:62:a9:9c:22:
         41:32:4e:06:e3:f3:91:e2:5b:4c:59:e0:ad:74:aa:82:a9:c6:
         23:9e:f8:87:2a:7a:cb:39:46:43:2a:f5:74:d3:c8:5e:2e:17:
         a8:41:8b:8d:5a:0c:3a:6a:93:ea:d8:91:38:53:99:fa:a9:81:
         9c:9b:73:00:9d:94:4f:a9:a5:f2:8f:bb:58:1a:f9:8b:fd:ad:
         90:b3:69:e0:21:04:13:73:4c:89:12:37:86:20:72:17:cb:ca:
         8d:af:48:b1:a8:9a:ad:a7:39:e4:b0:fa:bc:98:a5:24:d2:bf:
         85:06:89:2e:b3:9e:4b:6d:23:07:5e:7d:89:28:5d:22:a2:3d:
         ea:e6:fa:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAXnh8xrrnIQufoIH86nlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZjU4OTY3MmJjMmEzNDVkYzExZTlmZjE2MjUwMGVjMTVk
YWRkMWQwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTM4MjEzYjBhYmJjNjA1ZWExMmZjMzJkYzQ2ODUyMTU2ZjVkNzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7y+PakgYccRknh4faZVyUJtrBEq
6XE5Yv6UskDz9EWvyxM35no6THO5i+1BiJIChUKLtP7re8X0YHDndESBZCHfQ6VL
i/vxHut3zo0Z9rQrqTOewKsKF+AE00At98BX4CLSh3VlyOcFKY4UvjOGvPE5y83F
DOIBgF43vErSFVTZ6IbjW9+jsyD87VRFpSnxNaEmM5fySRcq7UonwAPVsp3wfUNj
KGfUyGJNlJN5jYXy7qzE7s9zUk3PUtsLik7qn3eYNsNOUOL+Cv80DSJN+9YLiB2x
njV7ZTfE/7URgaj3zmanFPiw8qUBu93whZKdIxqDZgUKe4miaKW43Xz+xQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDk4ITsKu8YF6hL8MtxGhSFW9ddvMB8GA1UdIwQY
MBaAFJ31iWcrwqNF3BHp/xYlAOwV2t0dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmZXSlp5dkNvMFhjRWVuX0ZpVUE3QlhhM1IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8yNjlmNjYtMGZjMS00NjU4LWIzNjct
OWMzMGY2NTZmZDViLzEvT1RnaE93cTd4Z1hxRXZ3eTNFYUZJVmIxMTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8yNjlmNjYtMGZjMS00NjU4LWIzNjctOWMzMGY2NTZmZDVi
LzEvbmZXSlp5dkNvMFhjRWVuX0ZpVUE3QlhhM1IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1BfcMA0E
AgACMAcDBQIqEjYAMA0GCSqGSIb3DQEBCwUAA4IBAQAKm+MIJy3+zuMQwPW6rfeC
gmnoTWbSaGX1Rdi4ssTFxKcskqqfAflx8+7RKoLqd+3DHck6E5Ml7qgdIV5iuhuC
4vvvhbZYDYpn4RIyEr8Xz4KOX5We48EVYSVIHc2FVtFFTvsKzdBY61NIGlXxg3hJ
nuKydzIgMwrac2KpnCJBMk4G4/OR4ltMWeCtdKqCqcYjnviHKnrLOUZDKvV008he
LheoQYuNWgw6apPq2JE4U5n6qYGcm3MAnZRPqaXyj7tYGvmL/a2Qs2ngIQQTc0yJ
EjeGIHIXy8qNr0ixqJqtpznksPq8mKUk0r+FBokus55LbSMHXn2JKF0ioj3q5vqb
-----END CERTIFICATE-----