Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/17fbf9-09ae-46a1-8f64-6d419b717d0a/1/DN4ZyYBoa3GLv92eA51vXxaIdy8.roa
File:                     DN4ZyYBoa3GLv92eA51vXxaIdy8.roa (raw, json)
Hash identifier:          SWWR5MO/aqHOYYmJYI8Z/7gCoGHvNzaVQGrndBzS2Vs=
Subject key identifier:   0C:DE:19:C9:80:68:6B:71:8B:BF:DD:9E:03:9D:6F:5F:16:88:77:2F
Certificate issuer:       /CN=1130a1d5e5c0901d19b4b707a73d17cae0e3b660
Certificate serial:       018CC6B831D8F0BFA776E8F439D7F386275B
Authority key identifier: 11:30:A1:D5:E5:C0:90:1D:19:B4:B7:07:A7:3D:17:CA:E0:E3:B6:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ETCh1eXAkB0ZtLcHpz0XyuDjtmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/17fbf9-09ae-46a1-8f64-6d419b717d0a/1/DN4ZyYBoa3GLv92eA51vXxaIdy8.roa
Signing time:             Mon 01 Jan 2024 20:30:09 +0000
ROA not before:           Mon 01 Jan 2024 20:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57395
IP address blocks:        176.124.36.0/24 maxlen: 24
                          176.124.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/17fbf9-09ae-46a1-8f64-6d419b717d0a/1/ETCh1eXAkB0ZtLcHpz0XyuDjtmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/17fbf9-09ae-46a1-8f64-6d419b717d0a/1/ETCh1eXAkB0ZtLcHpz0XyuDjtmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ETCh1eXAkB0ZtLcHpz0XyuDjtmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:31:d8:f0:bf:a7:76:e8:f4:39:d7:f3:86:27:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1130a1d5e5c0901d19b4b707a73d17cae0e3b660
        Validity
            Not Before: Jan  1 20:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cde19c980686b718bbfdd9e039d6f5f1688772f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d5:ad:74:62:1b:78:0c:73:47:e7:bc:e9:52:
                    93:19:ec:64:c7:e5:80:df:5d:5b:fd:63:17:d9:df:
                    e6:4a:82:d6:4a:62:48:25:d1:9e:17:69:f9:14:23:
                    47:5c:0d:96:fd:4c:c3:a8:e3:2b:eb:fc:5b:9e:c7:
                    9e:1c:f1:bc:84:e3:7c:8a:fa:4e:06:2a:f1:8f:9f:
                    54:83:23:f8:60:94:2b:16:15:d7:ef:16:44:dd:c0:
                    cc:b0:54:e8:19:c6:37:a7:65:75:bc:02:db:d9:46:
                    17:aa:10:41:63:cc:81:6e:b7:ec:4c:4a:05:8f:db:
                    ac:ed:6a:36:02:1c:1b:b7:5d:52:0b:86:e1:3e:99:
                    b8:ba:e2:ba:eb:78:fd:b5:82:c9:37:56:ba:84:de:
                    ca:45:81:b9:d3:5a:c1:11:1e:d3:48:55:d2:37:c6:
                    82:c1:56:a6:5f:68:c7:1f:ed:c2:2a:84:90:37:61:
                    7e:4e:bb:4d:32:e5:fd:f7:3e:c7:43:ab:06:8e:dc:
                    9e:2d:09:12:e4:07:29:0a:8a:f7:36:4a:ab:85:c8:
                    35:8e:3c:54:a0:5a:31:bd:93:8a:59:7b:85:fc:8b:
                    89:12:f6:fd:93:7a:0a:fc:83:c8:82:29:84:0c:e3:
                    86:4c:22:ff:a7:cb:e9:4f:e5:b5:3e:f9:2d:96:6f:
                    99:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DE:19:C9:80:68:6B:71:8B:BF:DD:9E:03:9D:6F:5F:16:88:77:2F
            X509v3 Authority Key Identifier:
                keyid:11:30:A1:D5:E5:C0:90:1D:19:B4:B7:07:A7:3D:17:CA:E0:E3:B6:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ETCh1eXAkB0ZtLcHpz0XyuDjtmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/17fbf9-09ae-46a1-8f64-6d419b717d0a/1/DN4ZyYBoa3GLv92eA51vXxaIdy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/17fbf9-09ae-46a1-8f64-6d419b717d0a/1/ETCh1eXAkB0ZtLcHpz0XyuDjtmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:58:cb:96:7c:01:9f:62:5d:43:70:45:74:88:d2:30:7d:e3:
         94:7e:c5:b1:00:19:70:87:24:bd:fa:7e:16:1e:ac:4b:bc:82:
         70:ad:4f:d3:f3:62:88:ad:01:fa:e5:3f:70:70:4d:6c:2e:2a:
         b1:28:c6:73:48:47:d7:10:52:c9:95:3e:8d:49:4e:9d:8a:10:
         04:19:ae:82:87:0c:6e:9f:24:5d:bf:07:ac:65:2e:a1:f6:76:
         8d:6a:1b:a4:8b:e2:99:ae:29:e1:a5:5c:e3:3a:1b:71:b8:bc:
         9e:36:ce:1a:92:54:d9:cb:60:f7:be:9b:10:65:60:3a:ab:ab:
         19:f4:58:8f:10:b2:1a:d5:85:70:9f:a1:c5:cd:0c:b3:fc:09:
         1c:89:87:06:ac:ba:62:83:84:9a:3f:97:54:5a:77:ed:16:c2:
         ea:ad:d4:0e:91:7a:de:40:97:21:66:7d:1d:56:d1:39:ea:99:
         56:77:26:0d:82:69:f2:c2:52:3c:1e:8c:d0:2b:89:2a:22:66:
         1e:31:0c:4f:86:b3:c2:d8:83:bd:90:82:fe:32:ae:65:d1:88:
         82:e9:3c:b4:e6:45:cb:64:b3:ce:19:46:d6:ca:28:c0:f0:b4:
         1c:45:41:bf:12:cc:14:09:54:21:f0:bc:d5:74:f3:9b:eb:95:
         b8:fd:7e:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuDHY8L+nduj0OdfzhidbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMzBhMWQ1ZTVjMDkwMWQxOWI0YjcwN2E3M2QxN2NhZTBl
M2I2NjAwHhcNMjQwMTAxMjAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2RlMTljOTgwNjg2YjcxOGJiZmRkOWUwMzlkNmY1ZjE2ODg3NzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdWtdGIbeAxzR+e86VKTGexkx+WA
311b/WMX2d/mSoLWSmJIJdGeF2n5FCNHXA2W/UzDqOMr6/xbnseeHPG8hON8ivpO
Birxj59UgyP4YJQrFhXX7xZE3cDMsFToGcY3p2V1vALb2UYXqhBBY8yBbrfsTEoF
j9us7Wo2Ahwbt11SC4bhPpm4uuK663j9tYLJN1a6hN7KRYG501rBER7TSFXSN8aC
wVamX2jHH+3CKoSQN2F+TrtNMuX99z7HQ6sGjtyeLQkS5AcpCor3Nkqrhcg1jjxU
oFoxvZOKWXuF/IuJEvb9k3oK/IPIgimEDOOGTCL/p8vpT+W1Pvktlm+ZSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzeGcmAaGtxi7/dngOdb18WiHcvMB8GA1UdIwQY
MBaAFBEwodXlwJAdGbS3B6c9F8rg47ZgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVRDaDFlWEFrQjBadExjSHB6MFh5dURqdG1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xN2ZiZjktMDlhZS00NmExLThmNjQt
NmQ0MTliNzE3ZDBhLzEvRE40WnlZQm9hM0dMdjkyZUE1MXZYeGFJZHk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xN2ZiZjktMDlhZS00NmExLThmNjQtNmQ0MTliNzE3ZDBh
LzEvRVRDaDFlWEFrQjBadExjSHB6MFh5dURqdG1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHwkMA0G
CSqGSIb3DQEBCwUAA4IBAQCRWMuWfAGfYl1DcEV0iNIwfeOUfsWxABlwhyS9+n4W
HqxLvIJwrU/T82KIrQH65T9wcE1sLiqxKMZzSEfXEFLJlT6NSU6dihAEGa6Chwxu
nyRdvwesZS6h9naNahuki+KZrinhpVzjOhtxuLyeNs4aklTZy2D3vpsQZWA6q6sZ
9FiPELIa1YVwn6HFzQyz/AkciYcGrLpig4SaP5dUWnftFsLqrdQOkXreQJchZn0d
VtE56plWdyYNgmnywlI8HozQK4kqImYeMQxPhrPC2IO9kIL+Mq5l0YiC6Ty05kXL
ZLPOGUbWyijA8LQcRUG/EswUCVQh8LzVdPOb65W4/X4M
-----END CERTIFICATE-----