Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/AS9jTYjVEDIXCOdMlyorwVUaWG0.roa
File:                     AS9jTYjVEDIXCOdMlyorwVUaWG0.roa (raw, json)
Hash identifier:          wWVR8r7Kf2HN8esf0HbXAMxlvLcV3TVtqYl+DumlHG0=
Subject key identifier:   01:2F:63:4D:88:D5:10:32:17:08:E7:4C:97:2A:2B:C1:55:1A:58:6D
Certificate issuer:       /CN=ac1f721b7b7e6d049fbfe520e1ca89c1ca256813
Certificate serial:       018CC49390AD6F902450F2AD86DD2D7F0DC6
Authority key identifier: AC:1F:72:1B:7B:7E:6D:04:9F:BF:E5:20:E1:CA:89:C1:CA:25:68:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rB9yG3t-bQSfv-Ug4cqJwcolaBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/AS9jTYjVEDIXCOdMlyorwVUaWG0.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49040
IP address blocks:        85.217.239.0/24 maxlen: 24
                          85.217.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/rB9yG3t-bQSfv-Ug4cqJwcolaBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/rB9yG3t-bQSfv-Ug4cqJwcolaBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rB9yG3t-bQSfv-Ug4cqJwcolaBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:90:ad:6f:90:24:50:f2:ad:86:dd:2d:7f:0d:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac1f721b7b7e6d049fbfe520e1ca89c1ca256813
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=012f634d88d510321708e74c972a2bc1551a586d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:83:22:fa:2b:d8:78:2d:79:0d:cb:f1:26:c3:
                    a2:ae:a3:3f:40:73:f8:6e:1b:9b:7a:cb:a6:61:76:
                    d1:15:a8:03:25:68:cd:1a:5e:03:16:41:8b:c9:9e:
                    32:89:87:03:d6:82:da:73:6d:f2:dc:00:8f:20:43:
                    d8:8f:56:d2:87:64:8d:9b:dd:04:e2:3b:1f:b8:45:
                    14:23:65:bd:5f:6d:2e:8f:a2:ba:e9:28:bb:83:0e:
                    6e:73:45:0b:14:66:ae:96:1a:f7:0a:3c:f2:2c:13:
                    7a:70:22:86:6e:e7:be:e6:4b:6f:98:70:4a:00:2c:
                    5f:19:ad:d7:c3:42:f6:89:f4:f4:2f:27:9b:ea:a1:
                    0c:83:93:44:51:e1:65:2c:90:ec:d9:3c:bb:31:c9:
                    44:f2:b0:f1:d1:3d:4c:7c:77:b3:63:ac:b8:ca:14:
                    56:5b:ea:d3:76:ef:7d:e2:a1:9e:98:31:b5:bb:9d:
                    22:06:35:dd:d9:c0:7e:af:f9:96:a0:b7:73:88:fa:
                    b4:27:ee:80:ea:33:59:6a:eb:5a:42:41:01:3b:ff:
                    b9:bf:20:48:86:53:6d:d5:43:d1:fe:d5:bb:c1:17:
                    81:64:fd:1c:5a:35:43:b5:49:a7:0f:b4:5a:41:ee:
                    84:c9:23:3d:45:2a:17:19:c1:7b:21:74:a7:c5:ea:
                    33:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:2F:63:4D:88:D5:10:32:17:08:E7:4C:97:2A:2B:C1:55:1A:58:6D
            X509v3 Authority Key Identifier:
                keyid:AC:1F:72:1B:7B:7E:6D:04:9F:BF:E5:20:E1:CA:89:C1:CA:25:68:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rB9yG3t-bQSfv-Ug4cqJwcolaBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/AS9jTYjVEDIXCOdMlyorwVUaWG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/rB9yG3t-bQSfv-Ug4cqJwcolaBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.217.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:69:da:9b:27:17:66:7c:dd:08:e4:fb:a8:b5:91:12:b3:86:
         9e:d8:1f:e5:32:4f:f9:a8:a2:c2:14:98:77:82:6d:42:29:12:
         22:ac:cb:42:dd:85:48:4c:3a:e4:a2:3f:c6:30:6e:47:11:d5:
         33:40:8a:28:c9:b6:2c:52:2e:a5:57:80:19:88:e7:3c:44:30:
         2c:7f:c1:5a:f0:d8:88:34:27:b1:ad:2f:c3:7f:8c:f7:c6:5c:
         09:27:68:a5:9e:cc:65:d6:c9:16:ae:41:7b:cb:f3:bd:c4:eb:
         eb:8b:ab:ac:41:90:5e:37:fb:ad:c1:5d:73:a0:c1:14:4a:93:
         6c:77:38:98:46:d0:4c:ac:f5:05:b2:e8:4a:12:92:c6:0a:45:
         a1:f7:b2:6f:b6:a8:42:5f:0a:99:f3:a1:3a:00:f4:96:2b:66:
         15:ff:29:1b:f5:be:29:68:b5:74:e5:ac:c7:35:e8:e9:a5:81:
         a2:c9:55:43:1f:c3:c6:f2:0b:eb:67:98:52:fe:7d:56:5d:1d:
         89:d6:6b:94:2f:3b:a7:11:16:4f:0a:3a:d7:d8:97:91:92:e1:
         8c:4b:ae:cf:58:2e:4d:cc:bd:05:93:09:a9:d8:b4:6d:fa:ef:
         a6:9e:0d:2a:2e:a6:f9:53:27:06:c1:54:66:d7:b6:bb:d6:a4:
         dd:b4:9c:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5Ctb5AkUPKtht0tfw3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMWY3MjFiN2I3ZTZkMDQ5ZmJmZTUyMGUxY2E4OWMxY2Ey
NTY4MTMwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTJmNjM0ZDg4ZDUxMDMyMTcwOGU3NGM5NzJhMmJjMTU1MWE1ODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIMi+ivYeC15DcvxJsOirqM/QHP4
bhubesumYXbRFagDJWjNGl4DFkGLyZ4yiYcD1oLac23y3ACPIEPYj1bSh2SNm90E
4jsfuEUUI2W9X20uj6K66Si7gw5uc0ULFGaulhr3CjzyLBN6cCKGbue+5ktvmHBK
ACxfGa3Xw0L2ifT0Lyeb6qEMg5NEUeFlLJDs2Ty7MclE8rDx0T1MfHezY6y4yhRW
W+rTdu994qGemDG1u50iBjXd2cB+r/mWoLdziPq0J+6A6jNZautaQkEBO/+5vyBI
hlNt1UPR/tW7wReBZP0cWjVDtUmnD7RaQe6EySM9RSoXGcF7IXSnxeozGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAEvY02I1RAyFwjnTJcqK8FVGlhtMB8GA1UdIwQY
MBaAFKwfcht7fm0En7/lIOHKicHKJWgTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckI5eUczdC1iUVNmdi1VZzRjcUp3Y29sYUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC81NmQyNjctMWM0My00N2M4LWFmYjIt
NjRkMjljODZiZjNlLzEvQVM5alRZalZFRElYQ09kTWx5b3J3VlVhV0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC81NmQyNjctMWM0My00N2M4LWFmYjItNjRkMjljODZiZjNl
LzEvckI5eUczdC1iUVNmdi1VZzRjcUp3Y29sYUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVdnuMA0G
CSqGSIb3DQEBCwUAA4IBAQBVadqbJxdmfN0I5PuotZESs4ae2B/lMk/5qKLCFJh3
gm1CKRIirMtC3YVITDrkoj/GMG5HEdUzQIooybYsUi6lV4AZiOc8RDAsf8Fa8NiI
NCexrS/Df4z3xlwJJ2ilnsxl1skWrkF7y/O9xOvri6usQZBeN/utwV1zoMEUSpNs
dziYRtBMrPUFsuhKEpLGCkWh97JvtqhCXwqZ86E6APSWK2YV/ykb9b4paLV05azH
NejppYGiyVVDH8PG8gvrZ5hS/n1WXR2J1muULzunERZPCjrX2JeRkuGMS67PWC5N
zL0Fkwmp2LRt+u+mng0qLqb5UycGwVRm17a71qTdtJw8
-----END CERTIFICATE-----