Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/afdJYObpHyQiaIUJ0iep-2LBv1E.roa
File:                     afdJYObpHyQiaIUJ0iep-2LBv1E.roa (raw, json)
Hash identifier:          WOYATKZAlK9CLfH1+pQVQO3MDNblR3aiBTQ/jOOmqM0=
Subject key identifier:   69:F7:49:60:E6:E9:1F:24:22:68:85:09:D2:27:A9:FB:62:C1:BF:51
Certificate issuer:       /CN=84bbaeb70b3f1d06716358ad9a2ecfef7d2126fb
Certificate serial:       018CC794E39B73581928B41AE6802E7AC5DF
Authority key identifier: 84:BB:AE:B7:0B:3F:1D:06:71:63:58:AD:9A:2E:CF:EF:7D:21:26:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/afdJYObpHyQiaIUJ0iep-2LBv1E.roa
Signing time:             Tue 02 Jan 2024 00:31:12 +0000
ROA not before:           Tue 02 Jan 2024 00:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42910
IP address blocks:        185.179.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e3:9b:73:58:19:28:b4:1a:e6:80:2e:7a:c5:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84bbaeb70b3f1d06716358ad9a2ecfef7d2126fb
        Validity
            Not Before: Jan  2 00:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69f74960e6e91f2422688509d227a9fb62c1bf51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4f:3e:8b:8b:3d:10:aa:63:71:f3:bc:6c:39:
                    6d:fa:fa:7c:19:da:cd:2a:c5:c8:05:83:69:04:6a:
                    65:9c:15:3b:5b:f1:58:7b:41:8b:60:a8:5c:4c:e8:
                    c4:e5:ab:22:ca:a0:ca:11:a5:9a:05:12:d1:0a:21:
                    ad:38:1e:23:13:05:05:18:cb:af:d0:da:fe:c0:91:
                    ee:e3:74:ff:67:58:e8:d9:8c:95:74:87:8e:0e:1c:
                    40:f9:36:80:e5:28:c0:04:b1:9b:79:cc:67:15:07:
                    25:2c:54:46:93:e8:cf:ef:ed:cd:67:99:0e:49:f3:
                    f9:01:24:32:8e:af:28:c5:6c:44:31:90:4d:1d:07:
                    a0:e7:a5:fb:9b:77:b0:19:eb:ee:d2:21:b3:b2:2f:
                    30:34:66:d5:70:f7:b6:8d:2c:7e:08:90:f0:d9:34:
                    86:22:c1:6f:ea:eb:5e:4c:f9:5c:2d:17:42:bd:ab:
                    a6:e2:34:33:36:e8:d0:51:9a:79:7f:0a:6c:28:5d:
                    6e:4c:29:a3:90:f3:83:2d:c4:d3:b0:5e:52:14:f0:
                    8b:69:11:54:c7:df:43:a6:db:e8:eb:3e:ad:14:85:
                    84:b6:8f:45:f3:a2:58:51:ba:c0:cd:07:2f:91:16:
                    40:7a:f7:62:01:fa:e6:3f:ac:f6:77:33:60:b5:ae:
                    05:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:F7:49:60:E6:E9:1F:24:22:68:85:09:D2:27:A9:FB:62:C1:BF:51
            X509v3 Authority Key Identifier:
                keyid:84:BB:AE:B7:0B:3F:1D:06:71:63:58:AD:9A:2E:CF:EF:7D:21:26:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/afdJYObpHyQiaIUJ0iep-2LBv1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:1e:d4:b3:0b:ea:c7:a9:ac:55:65:47:52:50:70:1e:53:2c:
         28:0c:10:f6:9c:31:4e:79:27:15:ed:59:80:24:b7:51:ec:7d:
         f2:38:b7:f1:84:83:0a:9c:aa:45:71:f7:06:eb:5d:a8:55:8f:
         0b:c4:0c:de:4e:c3:d1:2a:6f:a6:b9:6e:77:19:5f:83:5c:7d:
         c6:e2:62:f0:90:2c:2e:64:d1:1e:48:bd:85:6e:be:38:fb:52:
         b6:5c:9f:d9:06:b2:15:6e:56:1f:cc:bb:50:65:7f:36:26:29:
         fd:c9:79:f1:ef:82:b5:78:9e:ff:a1:0a:ab:d9:da:42:5b:f6:
         ec:66:71:b9:9a:b6:c8:0f:65:7d:c5:4b:a3:9e:27:fa:5c:50:
         58:18:08:c1:90:41:23:1f:ce:ae:83:33:72:c7:3a:1c:e8:91:
         0e:50:01:02:a0:dd:07:9f:66:67:d7:eb:12:bb:34:66:af:69:
         e8:76:8e:e0:de:9b:60:d1:14:74:45:15:1f:55:9d:e9:0f:0b:
         b4:e5:89:89:72:6d:16:9c:2b:9b:37:6f:30:c8:de:de:00:74:
         01:27:1e:62:8f:f9:ca:e6:1a:ed:53:13:f0:4a:c3:b4:55:4c:
         0f:4f:b9:00:e4:d5:bb:eb:4e:8c:92:bd:de:e0:10:2f:2d:db:
         1c:39:73:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlOObc1gZKLQa5oAuesXfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YmJhZWI3MGIzZjFkMDY3MTYzNThhZDlhMmVjZmVmN2Qy
MTI2ZmIwHhcNMjQwMTAyMDAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWY3NDk2MGU2ZTkxZjI0MjI2ODg1MDlkMjI3YTlmYjYyYzFiZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj08+i4s9EKpjcfO8bDlt+vp8GdrN
KsXIBYNpBGplnBU7W/FYe0GLYKhcTOjE5asiyqDKEaWaBRLRCiGtOB4jEwUFGMuv
0Nr+wJHu43T/Z1jo2YyVdIeODhxA+TaA5SjABLGbecxnFQclLFRGk+jP7+3NZ5kO
SfP5ASQyjq8oxWxEMZBNHQeg56X7m3ewGevu0iGzsi8wNGbVcPe2jSx+CJDw2TSG
IsFv6uteTPlcLRdCvaum4jQzNujQUZp5fwpsKF1uTCmjkPODLcTTsF5SFPCLaRFU
x99Dptvo6z6tFIWEto9F86JYUbrAzQcvkRZAevdiAfrmP6z2dzNgta4FaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGn3SWDm6R8kImiFCdInqftiwb9RMB8GA1UdIwQY
MBaAFIS7rrcLPx0GcWNYrZouz+99ISb7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEx1dXR3c19IUVp4WTFpdG1pN1A3MzBoSnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjdlYjctZTQ5Ni00YzMxLTlmNjct
OTc5MDJkOGE3ZmE2LzEvYWZkSllPYnBIeVFpYUlVSjBpZXAtMkxCdjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjdlYjctZTQ5Ni00YzMxLTlmNjctOTc5MDJkOGE3ZmE2
LzEvaEx1dXR3c19IUVp4WTFpdG1pN1A3MzBoSnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubMYMA0G
CSqGSIb3DQEBCwUAA4IBAQCeHtSzC+rHqaxVZUdSUHAeUywoDBD2nDFOeScV7VmA
JLdR7H3yOLfxhIMKnKpFcfcG612oVY8LxAzeTsPRKm+muW53GV+DXH3G4mLwkCwu
ZNEeSL2Fbr44+1K2XJ/ZBrIVblYfzLtQZX82Jin9yXnx74K1eJ7/oQqr2dpCW/bs
ZnG5mrbID2V9xUujnif6XFBYGAjBkEEjH86ugzNyxzoc6JEOUAECoN0Hn2Zn1+sS
uzRmr2nodo7g3ptg0RR0RRUfVZ3pDwu05YmJcm0WnCubN28wyN7eAHQBJx5ij/nK
5hrtUxPwSsO0VUwPT7kA5NW7606Mkr3e4BAvLdscOXOc
-----END CERTIFICATE-----