Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/d27da2-2754-4d7b-af90-6e02af0a4994/1/DCuTdt8A1mHBSNMOfGk8mRw-xEk.roa
File:                     DCuTdt8A1mHBSNMOfGk8mRw-xEk.roa (raw, json)
Hash identifier:          0QXIcMu0NZhOofzv9xedwHxaqo5AzoGlMsFOPCSu890=
Subject key identifier:   0C:2B:93:76:DF:00:D6:61:C1:48:D3:0E:7C:69:3C:99:1C:3E:C4:49
Certificate issuer:       /CN=a0937525577cb2af1b285c96431dbd600f57cbe8
Certificate serial:       018CC8011507D62909433F469516E5C850F4
Authority key identifier: A0:93:75:25:57:7C:B2:AF:1B:28:5C:96:43:1D:BD:60:0F:57:CB:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oJN1JVd8sq8bKFyWQx29YA9Xy-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/d27da2-2754-4d7b-af90-6e02af0a4994/1/DCuTdt8A1mHBSNMOfGk8mRw-xEk.roa
Signing time:             Tue 02 Jan 2024 02:29:23 +0000
ROA not before:           Tue 02 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24944
IP address blocks:        194.50.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/d27da2-2754-4d7b-af90-6e02af0a4994/1/oJN1JVd8sq8bKFyWQx29YA9Xy-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/d27da2-2754-4d7b-af90-6e02af0a4994/1/oJN1JVd8sq8bKFyWQx29YA9Xy-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oJN1JVd8sq8bKFyWQx29YA9Xy-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:15:07:d6:29:09:43:3f:46:95:16:e5:c8:50:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0937525577cb2af1b285c96431dbd600f57cbe8
        Validity
            Not Before: Jan  2 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c2b9376df00d661c148d30e7c693c991c3ec449
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:32:16:91:c1:54:0e:cb:f9:1c:ff:3c:e5:7c:
                    dd:67:76:f2:62:12:4a:70:82:b5:6f:10:e7:e5:2b:
                    01:73:2a:0a:00:d7:63:65:80:4d:26:38:9c:52:02:
                    7b:a6:25:0d:27:30:db:7b:bc:40:ab:cf:8d:9d:6b:
                    a1:52:a5:7d:37:e6:67:1a:17:a6:e2:ae:3c:ad:d7:
                    47:bf:97:50:d5:68:81:3b:8e:77:75:97:e0:65:ad:
                    dc:4b:27:e3:25:86:ad:72:bf:b2:04:e7:0a:47:d1:
                    fd:d5:6c:04:a0:92:80:89:12:5f:3d:34:fc:64:3b:
                    03:a0:c0:09:5a:29:be:9e:88:3b:a7:97:96:56:d8:
                    92:f4:a7:f1:66:33:e6:2d:00:90:74:ef:64:9e:1e:
                    9b:f2:2c:6a:e9:28:e3:bd:7a:92:41:d8:7a:36:84:
                    0b:bd:3b:15:81:50:48:29:5d:68:59:2b:8b:2f:77:
                    69:bc:d3:eb:9e:6a:c2:25:64:4d:2f:f0:12:2f:01:
                    23:a0:c7:2a:12:e5:bc:30:ce:63:7b:22:5a:69:f2:
                    c1:77:7c:73:20:65:06:c9:f5:0c:71:27:d0:28:c1:
                    27:1b:c2:11:48:12:ce:95:7a:cc:67:0e:86:14:fa:
                    ce:d0:e4:bc:d4:3b:58:71:a4:9e:20:8c:38:c5:81:
                    c7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:2B:93:76:DF:00:D6:61:C1:48:D3:0E:7C:69:3C:99:1C:3E:C4:49
            X509v3 Authority Key Identifier:
                keyid:A0:93:75:25:57:7C:B2:AF:1B:28:5C:96:43:1D:BD:60:0F:57:CB:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oJN1JVd8sq8bKFyWQx29YA9Xy-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/d27da2-2754-4d7b-af90-6e02af0a4994/1/DCuTdt8A1mHBSNMOfGk8mRw-xEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/d27da2-2754-4d7b-af90-6e02af0a4994/1/oJN1JVd8sq8bKFyWQx29YA9Xy-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:82:1e:f0:47:cc:e9:de:35:d8:2f:19:80:e7:92:21:b9:56:
         87:d3:32:ef:76:c4:d2:95:1c:5e:0a:e7:9e:d2:ca:a4:0b:56:
         0f:30:55:1d:65:15:eb:b8:a9:cf:5c:3d:e1:4b:4d:0e:1d:77:
         f9:9d:df:a7:bc:67:a2:a1:48:03:b2:c8:d6:0c:ba:36:84:c3:
         4e:66:9f:1b:3a:d6:43:5d:29:0e:06:4a:5e:ec:89:97:2d:84:
         8e:f0:01:38:16:59:29:45:22:ee:e8:2a:6e:7e:a5:5f:00:13:
         22:b6:be:9d:c1:d2:f8:a6:0f:91:0f:2f:11:bd:4b:13:08:f7:
         38:aa:9c:c4:be:0b:aa:eb:52:ec:e4:9b:9d:99:a1:8a:a9:b6:
         38:a5:0b:1b:ff:a5:83:04:74:25:b2:67:46:9c:50:a1:ef:30:
         b1:01:6f:f3:b0:41:34:0c:2a:dd:83:2c:83:4d:1f:b6:f4:76:
         50:71:48:09:df:50:ea:96:d8:b5:56:62:d8:6b:08:f3:ef:d2:
         8b:2b:ca:20:67:34:d2:98:36:3d:e0:28:1a:de:9d:b8:52:97:
         ab:8f:0f:2d:0d:00:7d:e5:4a:12:8f:8a:ed:f0:2f:60:ef:b7:
         87:7f:56:ff:7c:36:b5:1a:9e:56:5e:37:bb:74:fa:69:24:17:
         21:e8:02:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARUH1ikJQz9GlRblyFD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwOTM3NTI1NTc3Y2IyYWYxYjI4NWM5NjQzMWRiZDYwMGY1
N2NiZTgwHhcNMjQwMTAyMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzJiOTM3NmRmMDBkNjYxYzE0OGQzMGU3YzY5M2M5OTFjM2VjNDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzIWkcFUDsv5HP885XzdZ3byYhJK
cIK1bxDn5SsBcyoKANdjZYBNJjicUgJ7piUNJzDbe7xAq8+NnWuhUqV9N+ZnGhem
4q48rddHv5dQ1WiBO453dZfgZa3cSyfjJYatcr+yBOcKR9H91WwEoJKAiRJfPTT8
ZDsDoMAJWim+nog7p5eWVtiS9KfxZjPmLQCQdO9knh6b8ixq6SjjvXqSQdh6NoQL
vTsVgVBIKV1oWSuLL3dpvNPrnmrCJWRNL/ASLwEjoMcqEuW8MM5jeyJaafLBd3xz
IGUGyfUMcSfQKMEnG8IRSBLOlXrMZw6GFPrO0OS81DtYcaSeIIw4xYHHzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwrk3bfANZhwUjTDnxpPJkcPsRJMB8GA1UdIwQY
MBaAFKCTdSVXfLKvGyhclkMdvWAPV8voMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0pOMUpWZDhzcThiS0Z5V1F4MjlZQTlYeS1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9kMjdkYTItMjc1NC00ZDdiLWFmOTAt
NmUwMmFmMGE0OTk0LzEvREN1VGR0OEExbUhCU05NT2ZHazhtUncteEVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9kMjdkYTItMjc1NC00ZDdiLWFmOTAtNmUwMmFmMGE0OTk0
LzEvb0pOMUpWZDhzcThiS0Z5V1F4MjlZQTlYeS1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJUMA0G
CSqGSIb3DQEBCwUAA4IBAQB6gh7wR8zp3jXYLxmA55IhuVaH0zLvdsTSlRxeCuee
0sqkC1YPMFUdZRXruKnPXD3hS00OHXf5nd+nvGeioUgDssjWDLo2hMNOZp8bOtZD
XSkOBkpe7ImXLYSO8AE4FlkpRSLu6CpufqVfABMitr6dwdL4pg+RDy8RvUsTCPc4
qpzEvguq61Ls5JudmaGKqbY4pQsb/6WDBHQlsmdGnFCh7zCxAW/zsEE0DCrdgyyD
TR+29HZQcUgJ31Dqlti1VmLYawjz79KLK8ogZzTSmDY94Cga3p24Uperjw8tDQB9
5UoSj4rt8C9g77eHf1b/fDa1Gp5WXje7dPppJBch6AJB
-----END CERTIFICATE-----