Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/D2Xcg5HhL-0yof6WIyzY1SytPs8.roa
File:                     D2Xcg5HhL-0yof6WIyzY1SytPs8.roa (raw, json)
Hash identifier:          AoXZPceZgUyneE+99qfiIlDfvkYtNZCRvBY+b8t8gbE=
Subject key identifier:   0F:65:DC:83:91:E1:2F:ED:32:A1:FE:96:23:2C:D8:D5:2C:AD:3E:CF
Certificate issuer:       /CN=cd576d876e17e67aa3b1f1c10dab39db2935e22b
Certificate serial:       018CC348C88FFDDAFE47DE226CCB41BCC78D
Authority key identifier: CD:57:6D:87:6E:17:E6:7A:A3:B1:F1:C1:0D:AB:39:DB:29:35:E2:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/D2Xcg5HhL-0yof6WIyzY1SytPs8.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209103
IP address blocks:        194.126.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c8:8f:fd:da:fe:47:de:22:6c:cb:41:bc:c7:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd576d876e17e67aa3b1f1c10dab39db2935e22b
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f65dc8391e12fed32a1fe96232cd8d52cad3ecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:77:06:76:0c:64:14:3b:61:d9:66:f0:17:56:
                    cb:cc:92:bc:86:b6:e5:88:58:f8:6e:4d:89:e1:d7:
                    cb:b7:5d:b6:95:b4:c2:72:2e:7c:64:44:9b:71:d7:
                    2e:ee:d7:11:8c:e2:d9:fc:a4:ab:80:33:e8:d2:80:
                    77:e2:db:d8:69:c0:b3:20:14:55:31:a6:33:9b:2e:
                    19:12:96:07:1e:6c:ed:b8:e2:58:40:6e:00:d9:6b:
                    c9:14:e9:8b:b2:a6:70:a7:11:09:ec:38:c1:24:9d:
                    10:92:e6:af:6d:2d:1e:c5:36:97:fc:3d:04:52:26:
                    f3:8d:85:59:d1:f7:df:38:22:52:23:be:f4:d8:f3:
                    b1:5a:47:14:1a:87:23:02:a6:83:2c:08:e7:ee:f5:
                    59:17:ec:3e:d1:8d:1f:24:ec:60:11:4e:a6:ce:21:
                    df:d6:bb:a8:fc:e4:2b:e4:28:81:1d:f8:ca:e8:ad:
                    22:e5:84:4d:63:27:86:2f:dc:fe:1d:c3:31:49:76:
                    d0:fd:1a:23:43:9a:6e:d4:9f:6e:88:28:b4:51:be:
                    c9:ca:50:7b:a6:8e:9e:4b:40:9b:31:3e:b5:49:40:
                    ab:05:d9:7a:2a:65:0c:c3:a2:ba:5a:a4:52:2f:de:
                    a8:70:3b:92:71:42:3e:b7:af:f7:66:66:42:a2:31:
                    58:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:65:DC:83:91:E1:2F:ED:32:A1:FE:96:23:2C:D8:D5:2C:AD:3E:CF
            X509v3 Authority Key Identifier:
                keyid:CD:57:6D:87:6E:17:E6:7A:A3:B1:F1:C1:0D:AB:39:DB:29:35:E2:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/D2Xcg5HhL-0yof6WIyzY1SytPs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:84:a2:bd:69:b1:b6:98:98:78:43:38:5d:90:76:0b:8c:3a:
         af:e4:f8:25:99:79:bd:85:27:ac:27:59:41:b0:e0:37:cd:69:
         00:57:8e:12:2f:98:48:83:da:b1:e5:07:df:db:48:95:54:96:
         b5:25:6f:4b:10:01:ff:52:96:a9:77:41:e4:11:af:bd:b9:0e:
         3f:76:88:fe:f0:fd:7c:62:7d:df:f1:68:69:3d:05:cc:e6:d4:
         4a:df:3b:d8:b8:37:c0:5a:2e:d8:57:4f:b1:48:87:8a:8b:b7:
         3d:a4:84:cc:bc:56:2b:56:7a:f4:67:23:14:24:31:3d:f4:02:
         ef:e6:3f:9e:f8:06:b1:b7:a4:f7:1b:a2:14:5c:37:d3:84:16:
         f0:b9:50:45:c6:41:d0:50:90:3a:56:14:08:86:f9:0b:f1:c1:
         f1:f6:e8:72:c5:dd:d3:7f:84:6d:d7:0f:3a:a6:14:ac:86:f1:
         13:31:7a:ae:7c:e2:e6:ac:a8:f5:19:a5:6b:44:94:45:51:1a:
         91:5a:de:d3:a9:d8:da:ab:30:ed:76:69:52:e6:2b:92:30:6a:
         69:f5:28:8a:45:d3:01:ae:22:af:5b:3d:1c:5a:9a:61:a6:76:
         ac:9a:e1:57:f6:3e:18:ee:a7:4b:92:45:6d:2f:d0:81:82:ee:
         bd:2f:4e:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMiP/dr+R94ibMtBvMeNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNTc2ZDg3NmUxN2U2N2FhM2IxZjFjMTBkYWIzOWRiMjkz
NWUyMmIwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjY1ZGM4MzkxZTEyZmVkMzJhMWZlOTYyMzJjZDhkNTJjYWQzZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXcGdgxkFDth2WbwF1bLzJK8hrbl
iFj4bk2J4dfLt122lbTCci58ZESbcdcu7tcRjOLZ/KSrgDPo0oB34tvYacCzIBRV
MaYzmy4ZEpYHHmztuOJYQG4A2WvJFOmLsqZwpxEJ7DjBJJ0QkuavbS0exTaX/D0E
UibzjYVZ0fffOCJSI7702POxWkcUGocjAqaDLAjn7vVZF+w+0Y0fJOxgEU6mziHf
1ruo/OQr5CiBHfjK6K0i5YRNYyeGL9z+HcMxSXbQ/RojQ5pu1J9uiCi0Ub7JylB7
po6eS0CbMT61SUCrBdl6KmUMw6K6WqRSL96ocDuScUI+t6/3ZmZCojFYTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9l3IOR4S/tMqH+liMs2NUsrT7PMB8GA1UdIwQY
MBaAFM1XbYduF+Z6o7HxwQ2rOdspNeIrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelZkdGgyNFg1bnFqc2ZIQkRhczUyeWsxNGlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS80MmYwMTQtY2Q5Mi00MjA1LWFhNTMt
MWE4MGEyZjdkN2VhLzEvRDJYY2c1SGhMLTB5b2Y2V0l5elkxU3l0UHM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS80MmYwMTQtY2Q5Mi00MjA1LWFhNTMtMWE4MGEyZjdkN2Vh
LzEvelZkdGgyNFg1bnFqc2ZIQkRhczUyeWsxNGlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn6xMA0G
CSqGSIb3DQEBCwUAA4IBAQCMhKK9abG2mJh4QzhdkHYLjDqv5PglmXm9hSesJ1lB
sOA3zWkAV44SL5hIg9qx5Qff20iVVJa1JW9LEAH/Upapd0HkEa+9uQ4/doj+8P18
Yn3f8WhpPQXM5tRK3zvYuDfAWi7YV0+xSIeKi7c9pITMvFYrVnr0ZyMUJDE99ALv
5j+e+Aaxt6T3G6IUXDfThBbwuVBFxkHQUJA6VhQIhvkL8cHx9uhyxd3Tf4Rt1w86
phSshvETMXqufOLmrKj1GaVrRJRFURqRWt7TqdjaqzDtdmlS5iuSMGpp9SiKRdMB
riKvWz0cWpphpnasmuFX9j4Y7qdLkkVtL9CBgu69L05i
-----END CERTIFICATE-----