Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/59yhtSNrnRABYlpmuJgd4p_9MSg.roa
File:                     59yhtSNrnRABYlpmuJgd4p_9MSg.roa (raw, json)
Hash identifier:          JW6FoStzAzbGYWpXWQ80Vy5Mw/jK8UMEedMFJ9f6inc=
Subject key identifier:   E7:DC:A1:B5:23:6B:9D:10:01:62:5A:66:B8:98:1D:E2:9F:FD:31:28
Certificate issuer:       /CN=10d7038b83eb247fc65bdad0195b86246f8f3006
Certificate serial:       018CC5DBFED61706D2567C4E70FB0E79F356
Authority key identifier: 10:D7:03:8B:83:EB:24:7F:C6:5B:DA:D0:19:5B:86:24:6F:8F:30:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ENcDi4PrJH_GW9rQGVuGJG-PMAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/59yhtSNrnRABYlpmuJgd4p_9MSg.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42244
IP address blocks:        185.115.142.0/24 maxlen: 24
                          185.115.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/ENcDi4PrJH_GW9rQGVuGJG-PMAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/ENcDi4PrJH_GW9rQGVuGJG-PMAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ENcDi4PrJH_GW9rQGVuGJG-PMAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fe:d6:17:06:d2:56:7c:4e:70:fb:0e:79:f3:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10d7038b83eb247fc65bdad0195b86246f8f3006
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7dca1b5236b9d1001625a66b8981de29ffd3128
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:7c:db:ae:d4:8c:f9:65:15:af:35:3f:56:48:
                    40:91:61:f9:35:43:00:b0:32:b4:f8:5d:38:78:e1:
                    81:40:38:ec:8f:54:20:87:6d:36:09:9b:45:fc:e2:
                    fe:67:ea:a4:42:b4:0b:50:bd:a4:e2:c9:33:f5:0c:
                    5d:cc:4e:68:84:c7:35:99:20:27:d9:01:b2:47:3c:
                    a5:ad:fd:8b:3f:c4:bc:ae:5b:27:63:c0:eb:cc:7e:
                    f1:6e:6c:dd:58:59:ea:47:ea:2f:1f:f6:ef:6d:28:
                    95:40:5e:42:c4:ec:74:a8:af:d2:97:46:14:54:1e:
                    a9:44:a2:70:74:22:a1:c4:cc:aa:61:72:e1:59:02:
                    a9:cf:3d:b6:76:f0:e9:32:b3:da:ec:83:4a:4b:9c:
                    64:9f:f9:55:26:7c:96:de:93:66:46:81:55:b0:a9:
                    2e:13:61:fb:6a:11:68:d2:e7:08:df:d2:bc:09:c1:
                    98:11:5d:35:fa:5c:aa:fb:13:77:e3:43:52:52:53:
                    e0:5b:b9:00:b5:82:ef:40:78:6a:33:28:4c:cf:8d:
                    6c:44:90:99:f4:3e:79:6d:a3:59:b1:da:ee:7d:85:
                    cf:c0:a9:36:82:de:59:27:64:86:d8:c5:87:1a:43:
                    ec:c8:43:7a:77:02:cc:09:19:85:16:25:31:2e:6f:
                    f0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:DC:A1:B5:23:6B:9D:10:01:62:5A:66:B8:98:1D:E2:9F:FD:31:28
            X509v3 Authority Key Identifier:
                keyid:10:D7:03:8B:83:EB:24:7F:C6:5B:DA:D0:19:5B:86:24:6F:8F:30:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ENcDi4PrJH_GW9rQGVuGJG-PMAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/59yhtSNrnRABYlpmuJgd4p_9MSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/ENcDi4PrJH_GW9rQGVuGJG-PMAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.140.0/24
                  185.115.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:86:4c:a8:80:40:3a:bd:41:80:39:f5:ff:e7:a3:41:09:e4:
         58:fc:92:b8:d6:5c:d7:7d:64:dd:30:63:41:65:ce:d8:9a:be:
         50:2f:f4:ec:03:13:a4:3d:8f:8e:9a:09:f3:82:fc:70:7c:4f:
         de:85:48:30:6a:d8:c2:ce:17:33:6c:28:36:73:e3:42:04:42:
         5a:6a:ab:fa:d1:d7:f5:a4:50:d4:64:3a:b4:de:25:32:b6:6a:
         cf:29:99:15:8a:6e:7d:20:fc:2c:74:b0:b0:b0:fe:79:74:e0:
         0d:6a:4f:29:18:ee:58:f1:95:b3:a0:a8:e4:05:c0:5d:82:c7:
         8c:61:2b:f7:94:73:38:45:97:68:35:b2:52:3f:eb:3c:0d:e5:
         97:c8:6a:84:1f:ae:ea:97:c0:77:28:3b:23:43:4c:c4:d8:8e:
         05:dc:2e:a0:e2:0b:74:c0:fb:82:16:87:a8:65:ec:8f:8a:11:
         f4:19:f1:ab:2d:ca:50:d5:a6:23:71:52:ad:35:5f:e8:03:b7:
         86:5c:43:63:e1:5c:0d:66:10:66:0c:52:6b:fa:94:00:25:48:
         c7:09:d7:8c:de:54:81:31:56:26:ab:dd:3e:80:f0:54:3e:80:
         dd:c7:eb:f5:a9:ca:2a:0a:48:d3:56:8b:94:a1:8b:37:2f:09:
         96:1f:f2:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF2/7WFwbSVnxOcPsOefNWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZDcwMzhiODNlYjI0N2ZjNjViZGFkMDE5NWI4NjI0NmY4
ZjMwMDYwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2RjYTFiNTIzNmI5ZDEwMDE2MjVhNjZiODk4MWRlMjlmZmQzMTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6HzbrtSM+WUVrzU/VkhAkWH5NUMA
sDK0+F04eOGBQDjsj1Qgh202CZtF/OL+Z+qkQrQLUL2k4skz9QxdzE5ohMc1mSAn
2QGyRzylrf2LP8S8rlsnY8DrzH7xbmzdWFnqR+ovH/bvbSiVQF5CxOx0qK/Sl0YU
VB6pRKJwdCKhxMyqYXLhWQKpzz22dvDpMrPa7INKS5xkn/lVJnyW3pNmRoFVsKku
E2H7ahFo0ucI39K8CcGYEV01+lyq+xN340NSUlPgW7kAtYLvQHhqMyhMz41sRJCZ
9D55baNZsdrufYXPwKk2gt5ZJ2SG2MWHGkPsyEN6dwLMCRmFFiUxLm/wBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOfcobUja50QAWJaZriYHeKf/TEoMB8GA1UdIwQY
MBaAFBDXA4uD6yR/xlva0BlbhiRvjzAGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRU5jRGk0UHJKSF9HVzlyUUdWdUdKRy1QTUFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny82MTA1YWQtODMwNC00OWY0LWEwZGUt
MWM1YmRlMmMxNGY0LzEvNTl5aHRTTnJuUkFCWWxwbXVKZ2Q0cF85TVNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny82MTA1YWQtODMwNC00OWY0LWEwZGUtMWM1YmRlMmMxNGY0
LzEvRU5jRGk0UHJKSF9HVzlyUUdWdUdKRy1QTUFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXOMAwQA
uXOOMA0GCSqGSIb3DQEBCwUAA4IBAQAbhkyogEA6vUGAOfX/56NBCeRY/JK41lzX
fWTdMGNBZc7Ymr5QL/TsAxOkPY+OmgnzgvxwfE/ehUgwatjCzhczbCg2c+NCBEJa
aqv60df1pFDUZDq03iUytmrPKZkVim59IPwsdLCwsP55dOANak8pGO5Y8ZWzoKjk
BcBdgseMYSv3lHM4RZdoNbJSP+s8DeWXyGqEH67ql8B3KDsjQ0zE2I4F3C6g4gt0
wPuCFoeoZeyPihH0GfGrLcpQ1aYjcVKtNV/oA7eGXENj4VwNZhBmDFJr+pQAJUjH
CdeM3lSBMVYmq90+gPBUPoDdx+v1qcoqCkjTVouUoYs3LwmWH/Lo
-----END CERTIFICATE-----