Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/DlX59XsIUIai9wQofbYDru5CmHk.roa
File:                     DlX59XsIUIai9wQofbYDru5CmHk.roa (raw, json)
Hash identifier:          f47lnrvZMOrEv56gE3l3qgZAIEGZNfHyhHcL2BnQyyw=
Subject key identifier:   0E:55:F9:F5:7B:08:50:86:A2:F7:04:28:7D:B6:03:AE:EE:42:98:79
Certificate issuer:       /CN=e2b1e2e4c508c6c7a98b6598528745c813fad31d
Certificate serial:       018CC8DF71B96F8B1E835397E5A8A6D000CA
Authority key identifier: E2:B1:E2:E4:C5:08:C6:C7:A9:8B:65:98:52:87:45:C8:13:FA:D3:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/DlX59XsIUIai9wQofbYDru5CmHk.roa
Signing time:             Tue 02 Jan 2024 06:32:15 +0000
ROA not before:           Tue 02 Jan 2024 06:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43905
IP address blocks:        185.84.12.0/22 maxlen: 22
                          217.173.61.0/24 maxlen: 24
                          217.173.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:71:b9:6f:8b:1e:83:53:97:e5:a8:a6:d0:00:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2b1e2e4c508c6c7a98b6598528745c813fad31d
        Validity
            Not Before: Jan  2 06:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e55f9f57b085086a2f704287db603aeee429879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f8:c9:4c:68:34:d1:77:e8:a6:fe:e3:7f:97:
                    b1:b8:f2:29:70:ef:28:bd:94:18:84:a8:a3:1e:0a:
                    e8:5d:09:66:01:f2:73:0b:23:31:a3:57:1c:40:e0:
                    df:f2:b7:15:94:ae:d0:55:63:27:32:9a:e5:3a:f0:
                    2e:23:f0:79:74:55:bb:1b:48:1f:19:64:23:7e:49:
                    98:75:ce:1d:b3:d6:b2:cc:9a:28:bf:74:37:36:98:
                    12:63:ff:f7:c0:81:15:29:76:dd:4f:74:db:07:7b:
                    8e:de:51:51:7f:66:77:75:5d:58:19:52:96:f0:58:
                    a7:f6:bc:5c:ee:ff:ce:c7:c5:91:55:92:7d:0c:b6:
                    81:25:55:29:eb:9c:9f:2f:68:4e:80:25:08:be:b4:
                    82:e4:53:4b:96:4c:49:43:ac:48:c7:8e:9d:6e:a6:
                    f2:f1:9e:5a:a6:a2:47:de:cc:1f:49:c2:61:a6:95:
                    6e:c0:db:98:c8:99:23:93:c7:92:06:cf:cd:9d:a3:
                    48:5d:cf:b4:53:f0:10:ac:4e:7f:44:3a:62:82:50:
                    34:c3:f8:0a:6a:a9:ad:f3:a4:8b:3e:19:6d:90:29:
                    3f:bc:9f:2f:25:0f:01:0d:ba:a8:61:c5:71:42:13:
                    54:cc:5b:bc:a0:6d:07:a9:55:bb:1f:ef:fc:10:91:
                    16:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:55:F9:F5:7B:08:50:86:A2:F7:04:28:7D:B6:03:AE:EE:42:98:79
            X509v3 Authority Key Identifier:
                keyid:E2:B1:E2:E4:C5:08:C6:C7:A9:8B:65:98:52:87:45:C8:13:FA:D3:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/DlX59XsIUIai9wQofbYDru5CmHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.12.0/22
                  217.173.61.0-217.173.62.255

    Signature Algorithm: sha256WithRSAEncryption
         11:0d:7c:f5:57:76:42:ca:ee:d7:63:a9:2c:20:36:bd:81:4f:
         bb:58:39:20:7d:98:74:f4:95:d4:04:87:92:04:37:0f:76:bd:
         1f:f5:3b:3b:d4:92:4b:02:28:51:b6:b7:db:46:25:d5:7f:61:
         5e:71:80:c2:95:24:e9:e7:9e:d9:70:0d:a7:4e:4c:de:d4:40:
         c5:cc:35:70:0c:b3:e7:a4:f9:19:14:69:3c:7b:b4:ed:b1:5a:
         aa:dc:82:1b:e7:a8:fd:3c:99:50:96:fa:ed:e2:46:5a:be:2d:
         9a:51:a1:d4:65:00:da:91:8c:70:e0:5a:38:3e:43:0f:86:42:
         7b:aa:b8:f2:12:f5:e1:5a:be:9e:d2:2e:9b:87:ef:70:42:db:
         9c:dc:c9:ca:40:08:3e:b1:8c:e5:fc:be:0d:b8:19:5c:b4:c9:
         88:d0:e8:49:99:b2:14:79:03:a7:e8:31:ad:a7:5e:af:7d:6c:
         be:2d:d7:60:b0:e9:9b:71:72:93:33:29:63:fc:05:3f:cf:58:
         0c:7c:9e:ea:9e:e9:c5:bd:77:e3:a1:a6:f1:86:cd:fc:c8:2b:
         af:56:50:76:eb:51:6b:5f:06:c6:86:89:bf:8c:46:f3:8d:08:
         55:ff:73:af:69:67:7d:a3:7e:db:32:c8:fd:c1:a3:fb:fe:51:
         fc:36:ba:18
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzI33G5b4seg1OX5aim0ADKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYjFlMmU0YzUwOGM2YzdhOThiNjU5ODUyODc0NWM4MTNm
YWQzMWQwHhcNMjQwMTAyMDYzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTU1ZjlmNTdiMDg1MDg2YTJmNzA0Mjg3ZGI2MDNhZWVlNDI5ODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfjJTGg00Xfopv7jf5exuPIpcO8o
vZQYhKijHgroXQlmAfJzCyMxo1ccQODf8rcVlK7QVWMnMprlOvAuI/B5dFW7G0gf
GWQjfkmYdc4ds9ayzJoov3Q3NpgSY//3wIEVKXbdT3TbB3uO3lFRf2Z3dV1YGVKW
8Fin9rxc7v/Ox8WRVZJ9DLaBJVUp65yfL2hOgCUIvrSC5FNLlkxJQ6xIx46dbqby
8Z5apqJH3swfScJhppVuwNuYyJkjk8eSBs/NnaNIXc+0U/AQrE5/RDpiglA0w/gK
aqmt86SLPhltkCk/vJ8vJQ8BDbqoYcVxQhNUzFu8oG0HqVW7H+/8EJEWZQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFA5V+fV7CFCGovcEKH22A67uQph5MB8GA1UdIwQY
MBaAFOKx4uTFCMbHqYtlmFKHRcgT+tMdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHJIaTVNVUl4c2VwaTJXWVVvZEZ5QlA2MHgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9kMzFlNWYtMGY1Mi00NjIzLTg2N2Et
NTQzZDYxODJlMjk0LzEvRGxYNTlYc0lVSWFpOXdRb2ZiWURydTVDbUhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9kMzFlNWYtMGY1Mi00NjIzLTg2N2EtNTQzZDYxODJlMjk0
LzEvNHJIaTVNVUl4c2VwaTJXWVVvZEZ5QlA2MHgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCuVQMMAwD
BADZrT0DBADZrT4wDQYJKoZIhvcNAQELBQADggEBABENfPVXdkLK7tdjqSwgNr2B
T7tYOSB9mHT0ldQEh5IENw92vR/1OzvUkksCKFG2t9tGJdV/YV5xgMKVJOnnntlw
DadOTN7UQMXMNXAMs+ek+RkUaTx7tO2xWqrcghvnqP08mVCW+u3iRlq+LZpRodRl
ANqRjHDgWjg+Qw+GQnuquPIS9eFavp7SLpuH73BC25zcycpACD6xjOX8vg24GVy0
yYjQ6EmZshR5A6foMa2nXq99bL4t12Cw6ZtxcpMzKWP8BT/PWAx8nuqe6cW9d+Oh
pvGGzfzIK69WUHbrUWtfBsaGib+MRvONCFX/c69pZ32jftsyyP3Bo/v+Ufw2uhg=
-----END CERTIFICATE-----