Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/5911d5-160e-4635-9297-5e5b04693adc/1/d2g8u6TgzrCXsxMPVzmCqWrw33k.roa
File:                     d2g8u6TgzrCXsxMPVzmCqWrw33k.roa (raw, json)
Hash identifier:          V3SEif4oMgYgI+uf7FwPzb/AznJTYIbhn+SI7C1JG3Q=
Subject key identifier:   77:68:3C:BB:A4:E0:CE:B0:97:B3:13:0F:57:39:82:A9:6A:F0:DF:79
Certificate issuer:       /CN=16edcfec9f6e325bc2c39d24193f830f43183135
Certificate serial:       018DEF3ED57C6CC2D25C5AA680BD12FD3DFB
Authority key identifier: 16:ED:CF:EC:9F:6E:32:5B:C2:C3:9D:24:19:3F:83:0F:43:18:31:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fu3P7J9uMlvCw50kGT-DD0MYMTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/5911d5-160e-4635-9297-5e5b04693adc/1/d2g8u6TgzrCXsxMPVzmCqWrw33k.roa
Signing time:             Wed 28 Feb 2024 10:24:48 +0000
ROA not before:           Wed 28 Feb 2024 10:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212077
IP address blocks:        185.101.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/5911d5-160e-4635-9297-5e5b04693adc/1/Fu3P7J9uMlvCw50kGT-DD0MYMTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/5911d5-160e-4635-9297-5e5b04693adc/1/Fu3P7J9uMlvCw50kGT-DD0MYMTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fu3P7J9uMlvCw50kGT-DD0MYMTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:3e:d5:7c:6c:c2:d2:5c:5a:a6:80:bd:12:fd:3d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16edcfec9f6e325bc2c39d24193f830f43183135
        Validity
            Not Before: Feb 28 10:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77683cbba4e0ceb097b3130f573982a96af0df79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f5:fb:8e:37:8e:f5:16:d3:ff:e4:c1:3c:b8:
                    e9:7a:00:61:50:c9:1e:5b:99:c8:72:8d:e8:13:6a:
                    8c:ea:3d:3e:b8:7d:97:88:20:30:8f:a2:80:7c:3f:
                    56:8c:f0:6d:ef:8b:97:b6:10:e1:81:a1:fd:fb:0d:
                    2b:ad:0a:60:22:f1:24:e3:62:a2:68:c7:06:72:c2:
                    41:aa:d8:b6:69:78:12:29:1b:4d:a1:2c:ad:2f:a5:
                    18:b9:bd:28:e8:54:de:3b:4c:61:18:1c:b9:94:3e:
                    ec:9c:49:c6:c4:33:ef:c9:94:97:9e:09:c7:06:dd:
                    c9:8d:93:e6:c2:1f:44:1e:a8:35:55:6d:21:71:96:
                    b4:78:e2:f6:e4:c8:81:c9:02:2e:0e:de:07:2b:80:
                    6e:f0:ab:5a:6e:95:b8:7d:21:24:61:14:2a:0a:3f:
                    23:1f:19:03:76:3c:25:56:d2:d1:bc:d4:75:0f:6a:
                    a7:3f:38:bf:68:55:b0:b5:ab:0b:13:55:32:f9:c6:
                    67:a7:82:e4:76:9d:db:fe:f1:6e:20:52:5d:b6:09:
                    90:5d:60:71:54:e9:a6:2f:be:8b:dd:8e:ef:7b:9f:
                    c2:32:d0:07:08:19:ea:f0:c7:52:80:84:ce:50:f8:
                    e2:f7:e3:c6:23:8c:f4:07:ba:85:de:8d:9b:04:8a:
                    0e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:68:3C:BB:A4:E0:CE:B0:97:B3:13:0F:57:39:82:A9:6A:F0:DF:79
            X509v3 Authority Key Identifier:
                keyid:16:ED:CF:EC:9F:6E:32:5B:C2:C3:9D:24:19:3F:83:0F:43:18:31:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fu3P7J9uMlvCw50kGT-DD0MYMTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/5911d5-160e-4635-9297-5e5b04693adc/1/d2g8u6TgzrCXsxMPVzmCqWrw33k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/5911d5-160e-4635-9297-5e5b04693adc/1/Fu3P7J9uMlvCw50kGT-DD0MYMTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:8c:37:b9:4a:07:e8:de:96:38:1c:28:08:50:ba:af:95:46:
         70:07:48:bb:d9:a5:d6:f5:88:d1:8e:01:f0:ab:1c:fc:0d:24:
         62:9c:30:68:49:b0:62:da:3b:30:72:e0:dc:c2:1a:e4:c4:9c:
         42:1f:28:3b:aa:90:2f:9c:dc:1b:9b:be:8f:12:5f:bc:a7:e9:
         d2:c9:ca:a8:86:e3:3f:50:29:fa:c7:4c:ad:94:c4:ce:84:18:
         9e:b9:86:e8:d2:15:dc:98:d9:48:a4:68:41:ae:4b:d2:a6:b9:
         01:b0:3c:3d:e2:42:bc:9b:9e:f5:78:14:63:4d:67:e4:1b:da:
         64:39:0f:e0:73:3d:e6:24:70:d8:52:0b:06:2b:a5:a6:8c:eb:
         45:75:d8:fc:af:62:de:71:16:2d:c7:10:10:d8:09:a6:6c:b8:
         07:ef:54:3e:f3:af:90:be:42:38:18:d4:65:de:2d:38:3c:6c:
         b0:ce:e2:94:61:b2:d9:4f:f1:8b:6c:a6:ba:17:b4:df:98:f7:
         c8:cb:b9:31:09:18:95:9e:96:3a:ae:20:8c:f1:ca:75:17:83:
         9f:dc:bb:67:2b:9b:89:c6:f3:04:cc:c1:a8:dd:e1:9d:45:d2:
         98:5f:c9:3a:ee:ae:60:7a:22:90:e7:33:f4:69:a3:81:34:9a:
         a7:c5:4f:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3vPtV8bMLSXFqmgL0S/T37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZWRjZmVjOWY2ZTMyNWJjMmMzOWQyNDE5M2Y4MzBmNDMx
ODMxMzUwHhcNMjQwMjI4MTAyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzY4M2NiYmE0ZTBjZWIwOTdiMzEzMGY1NzM5ODJhOTZhZjBkZjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvX7jjeO9RbT/+TBPLjpegBhUMke
W5nIco3oE2qM6j0+uH2XiCAwj6KAfD9WjPBt74uXthDhgaH9+w0rrQpgIvEk42Ki
aMcGcsJBqti2aXgSKRtNoSytL6UYub0o6FTeO0xhGBy5lD7snEnGxDPvyZSXngnH
Bt3JjZPmwh9EHqg1VW0hcZa0eOL25MiByQIuDt4HK4Bu8KtabpW4fSEkYRQqCj8j
HxkDdjwlVtLRvNR1D2qnPzi/aFWwtasLE1Uy+cZnp4Lkdp3b/vFuIFJdtgmQXWBx
VOmmL76L3Y7ve5/CMtAHCBnq8MdSgITOUPji9+PGI4z0B7qF3o2bBIoO+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdoPLuk4M6wl7MTD1c5gqlq8N95MB8GA1UdIwQY
MBaAFBbtz+yfbjJbwsOdJBk/gw9DGDE1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnUzUDdKOXVNbHZDdzUwa0dULUREME1ZTVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC81OTExZDUtMTYwZS00NjM1LTkyOTct
NWU1YjA0NjkzYWRjLzEvZDJnOHU2VGd6ckNYc3hNUFZ6bUNxV3J3MzNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC81OTExZDUtMTYwZS00NjM1LTkyOTctNWU1YjA0NjkzYWRj
LzEvRnUzUDdKOXVNbHZDdzUwa0dULUREME1ZTVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWUnMA0G
CSqGSIb3DQEBCwUAA4IBAQBBjDe5Sgfo3pY4HCgIULqvlUZwB0i72aXW9YjRjgHw
qxz8DSRinDBoSbBi2jswcuDcwhrkxJxCHyg7qpAvnNwbm76PEl+8p+nSycqohuM/
UCn6x0ytlMTOhBieuYbo0hXcmNlIpGhBrkvSprkBsDw94kK8m571eBRjTWfkG9pk
OQ/gcz3mJHDYUgsGK6WmjOtFddj8r2LecRYtxxAQ2AmmbLgH71Q+86+QvkI4GNRl
3i04PGywzuKUYbLZT/GLbKa6F7TfmPfIy7kxCRiVnpY6riCM8cp1F4Of3LtnK5uJ
xvMEzMGo3eGdRdKYX8k67q5geiKQ5zP0aaOBNJqnxU9N
-----END CERTIFICATE-----