Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/43dpaAaEIzMD6vp_S_NEpuliWfo.roa
File:                     43dpaAaEIzMD6vp_S_NEpuliWfo.roa (raw, json)
Hash identifier:          oPoXzlNfpEIe1LG+OkKB0atQeT3W0ZGSj7+HT989h/0=
Subject key identifier:   E3:77:69:68:06:84:23:33:03:EA:FA:7F:4B:F3:44:A6:E9:62:59:FA
Certificate issuer:       /CN=2b9bec0211f61eaf119ceb2d40c5a0fe3aa8c2a0
Certificate serial:       018CC86F7261205DF55E3D730249F29EEEF6
Authority key identifier: 2B:9B:EC:02:11:F6:1E:AF:11:9C:EB:2D:40:C5:A0:FE:3A:A8:C2:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5vsAhH2Hq8RnOstQMWg_jqowqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/43dpaAaEIzMD6vp_S_NEpuliWfo.roa
Signing time:             Tue 02 Jan 2024 04:29:56 +0000
ROA not before:           Tue 02 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207719
IP address blocks:        185.116.63.0/24 maxlen: 24
                          185.65.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/K5vsAhH2Hq8RnOstQMWg_jqowqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/K5vsAhH2Hq8RnOstQMWg_jqowqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5vsAhH2Hq8RnOstQMWg_jqowqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:72:61:20:5d:f5:5e:3d:73:02:49:f2:9e:ee:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b9bec0211f61eaf119ceb2d40c5a0fe3aa8c2a0
        Validity
            Not Before: Jan  2 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e37769680684233303eafa7f4bf344a6e96259fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:93:70:69:23:7e:89:b7:84:2b:b1:94:48:ae:
                    a1:c5:b8:e1:0e:67:dc:10:6a:11:75:aa:c1:9e:66:
                    55:ca:33:1f:c8:a4:17:3e:3e:ac:f0:e0:d9:d1:99:
                    ae:72:b8:b0:c6:72:fb:f8:e4:9d:ec:76:97:c2:a6:
                    32:2a:9b:d0:b4:bd:6d:9c:46:4b:fc:d7:60:c9:60:
                    34:c7:f4:20:09:3f:f5:91:e9:33:5d:3a:52:00:d9:
                    c6:e5:04:27:ec:b1:03:20:4a:5c:a7:c7:c2:68:16:
                    62:4e:47:9d:a6:4d:57:7e:57:4c:ef:01:34:4c:3c:
                    e4:e5:31:02:fb:ef:9f:a1:92:0c:79:5b:59:90:a3:
                    e1:b5:81:c6:56:45:e1:42:33:8a:b7:5f:e4:6b:7c:
                    b9:5d:4d:a1:f2:31:5e:89:3c:cc:5a:96:ae:12:fb:
                    85:e4:52:57:7d:23:5a:22:39:91:5a:56:24:db:96:
                    6d:65:fd:be:5f:30:d3:b0:27:6b:aa:49:89:d6:67:
                    d3:92:d2:8d:91:e3:20:de:fb:49:0a:a9:36:8d:c0:
                    45:f7:07:6e:87:ca:72:64:fa:1a:59:66:fc:d9:28:
                    cc:39:8b:d5:d5:02:fe:d0:e0:ce:52:4d:e4:ae:87:
                    98:9a:d5:8d:e1:28:70:0c:56:e3:6f:bf:ae:71:80:
                    10:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:77:69:68:06:84:23:33:03:EA:FA:7F:4B:F3:44:A6:E9:62:59:FA
            X509v3 Authority Key Identifier:
                keyid:2B:9B:EC:02:11:F6:1E:AF:11:9C:EB:2D:40:C5:A0:FE:3A:A8:C2:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5vsAhH2Hq8RnOstQMWg_jqowqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/43dpaAaEIzMD6vp_S_NEpuliWfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/K5vsAhH2Hq8RnOstQMWg_jqowqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.79.0/24
                  185.116.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:0f:df:ca:4a:40:03:89:72:26:bd:56:be:47:96:c0:94:e6:
         0e:ea:eb:56:ce:57:5f:b8:44:71:92:e1:6b:2c:f3:84:64:aa:
         b6:a0:c6:e7:63:f7:54:00:8d:e3:8d:0d:0b:f0:f1:55:8e:05:
         80:1c:1e:fd:d1:cf:c1:07:8b:a3:80:63:25:cc:52:e4:93:5b:
         ac:b5:50:1f:53:82:86:d4:09:91:3e:5d:c2:f4:23:8f:a6:08:
         60:ec:52:62:76:32:50:c3:63:09:04:2e:56:86:24:a2:0c:bc:
         b3:61:d0:c3:9c:9f:54:66:6c:dd:98:76:63:5c:13:c0:ad:49:
         3b:77:94:2b:7b:d0:b2:b3:f8:10:1c:bd:78:6f:e3:68:10:c2:
         25:52:27:c8:27:a5:4c:3b:03:aa:08:5c:49:91:20:94:d1:69:
         4f:c4:3f:d4:ad:04:04:c3:99:9b:ce:c3:56:d8:a1:25:91:cd:
         c6:23:38:90:60:0e:53:8b:68:c4:0a:59:32:2e:59:c9:46:ab:
         4a:7e:2a:35:69:83:b5:3f:02:ae:53:c9:76:f4:98:56:d5:8e:
         64:f5:b1:ca:32:d2:a8:ab:34:a6:ae:fc:7b:18:ab:3c:d4:8a:
         f4:f6:7a:ef:ac:b5:23:94:75:91:23:cd:99:e0:ca:cf:fa:e2:
         65:1e:d5:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb3JhIF31Xj1zAknynu72MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOWJlYzAyMTFmNjFlYWYxMTljZWIyZDQwYzVhMGZlM2Fh
OGMyYTAwHhcNMjQwMTAyMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzc3Njk2ODA2ODQyMzMzMDNlYWZhN2Y0YmYzNDRhNmU5NjI1OWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZNwaSN+ibeEK7GUSK6hxbjhDmfc
EGoRdarBnmZVyjMfyKQXPj6s8ODZ0ZmucriwxnL7+OSd7HaXwqYyKpvQtL1tnEZL
/NdgyWA0x/QgCT/1kekzXTpSANnG5QQn7LEDIEpcp8fCaBZiTkedpk1XfldM7wE0
TDzk5TEC+++foZIMeVtZkKPhtYHGVkXhQjOKt1/ka3y5XU2h8jFeiTzMWpauEvuF
5FJXfSNaIjmRWlYk25ZtZf2+XzDTsCdrqkmJ1mfTktKNkeMg3vtJCqk2jcBF9wdu
h8pyZPoaWWb82SjMOYvV1QL+0ODOUk3kroeYmtWN4ShwDFbjb7+ucYAQaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFON3aWgGhCMzA+r6f0vzRKbpYln6MB8GA1UdIwQY
MBaAFCub7AIR9h6vEZzrLUDFoP46qMKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzV2c0FoSDJIcThSbk9zdFFNV2dfanFvd3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yNmU0ZDEtMTJjOC00MTQ0LWEzN2Qt
ODMzMjk1ZTA0ZTM3LzEvNDNkcGFBYUVJek1ENnZwX1NfTkVwdWxpV2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8yNmU0ZDEtMTJjOC00MTQ0LWEzN2QtODMzMjk1ZTA0ZTM3
LzEvSzV2c0FoSDJIcThSbk9zdFFNV2dfanFvd3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUFPAwQA
uXQ/MA0GCSqGSIb3DQEBCwUAA4IBAQACD9/KSkADiXImvVa+R5bAlOYO6utWzldf
uERxkuFrLPOEZKq2oMbnY/dUAI3jjQ0L8PFVjgWAHB790c/BB4ujgGMlzFLkk1us
tVAfU4KG1AmRPl3C9COPpghg7FJidjJQw2MJBC5WhiSiDLyzYdDDnJ9UZmzdmHZj
XBPArUk7d5Qre9Cys/gQHL14b+NoEMIlUifIJ6VMOwOqCFxJkSCU0WlPxD/UrQQE
w5mbzsNW2KElkc3GIziQYA5Ti2jEClkyLlnJRqtKfio1aYO1PwKuU8l29JhW1Y5k
9bHKMtKoqzSmrvx7GKs81Ir09nrvrLUjlHWRI82Z4MrP+uJlHtXU
-----END CERTIFICATE-----