Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/39tq1dgvLE96nCm4LBRuS4MyoIg.roa
File:                     39tq1dgvLE96nCm4LBRuS4MyoIg.roa (raw, json)
Hash identifier:          oWV932u9vy+kZoK4Kn4G/KIlpcHOwURBfsiJXuSj9ww=
Subject key identifier:   DF:DB:6A:D5:D8:2F:2C:4F:7A:9C:29:B8:2C:14:6E:4B:83:32:A0:88
Certificate issuer:       /CN=c9470ae418eeddd6b39dae9e7a177a19c7799c41
Certificate serial:       018CC56ED7AF29F966AA884146D87075307B
Authority key identifier: C9:47:0A:E4:18:EE:DD:D6:B3:9D:AE:9E:7A:17:7A:19:C7:79:9C:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yUcK5Bju3dazna6eehd6Gcd5nEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/39tq1dgvLE96nCm4LBRuS4MyoIg.roa
Signing time:             Mon 01 Jan 2024 14:30:24 +0000
ROA not before:           Mon 01 Jan 2024 14:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.36.216.0/22 maxlen: 24
                          194.247.26.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/yUcK5Bju3dazna6eehd6Gcd5nEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/yUcK5Bju3dazna6eehd6Gcd5nEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yUcK5Bju3dazna6eehd6Gcd5nEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d7:af:29:f9:66:aa:88:41:46:d8:70:75:30:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9470ae418eeddd6b39dae9e7a177a19c7799c41
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfdb6ad5d82f2c4f7a9c29b82c146e4b8332a088
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:39:53:9d:e4:1a:3f:ac:77:cc:91:07:0a:53:
                    da:42:87:7c:eb:da:bd:57:44:2d:3e:9c:76:19:b1:
                    bf:b5:26:bb:e1:f5:8a:07:b7:7d:33:c2:77:f5:da:
                    24:be:f0:ce:ff:6f:55:cc:81:74:8e:02:b5:d1:09:
                    91:9a:b8:6c:95:3e:a4:3e:c7:2b:42:f9:fe:24:24:
                    19:b9:61:d0:14:7f:07:b8:ab:f8:6a:18:6a:5f:a4:
                    36:28:9c:b3:91:ea:b7:08:a0:9c:0f:ac:de:93:a0:
                    c4:79:32:9f:36:0c:cb:19:6f:2d:93:a5:e0:2e:39:
                    30:58:a8:cc:c6:9f:ed:2b:5f:de:b7:ac:38:ac:29:
                    3c:4e:b9:0d:21:6c:cb:f2:92:29:94:59:a5:1f:5c:
                    77:13:5e:3d:d3:32:a9:2b:12:53:c0:ef:60:aa:2f:
                    a5:9c:3f:c7:fd:8c:6d:94:4c:2b:85:4f:69:8e:a3:
                    49:17:47:cc:dc:13:47:75:55:72:4b:08:04:aa:da:
                    72:84:d8:09:fc:f7:2c:a0:a9:90:3a:be:64:d2:2b:
                    65:48:5c:6b:cd:d5:18:bc:74:30:12:69:df:ba:99:
                    55:b4:32:d5:a0:95:6a:6d:fb:79:c6:10:3a:fe:bf:
                    1a:de:1f:3d:ce:b7:d2:fd:c1:16:75:89:b0:69:33:
                    9f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:DB:6A:D5:D8:2F:2C:4F:7A:9C:29:B8:2C:14:6E:4B:83:32:A0:88
            X509v3 Authority Key Identifier:
                keyid:C9:47:0A:E4:18:EE:DD:D6:B3:9D:AE:9E:7A:17:7A:19:C7:79:9C:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yUcK5Bju3dazna6eehd6Gcd5nEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/39tq1dgvLE96nCm4LBRuS4MyoIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/yUcK5Bju3dazna6eehd6Gcd5nEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.216.0/22
                  194.247.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:db:b1:53:08:c1:f3:58:40:d1:3a:6f:a9:c6:52:13:6d:24:
         c5:c6:55:90:a7:fa:2f:c5:90:da:55:17:7f:76:d6:7e:d4:17:
         a9:28:b2:99:f9:d9:95:63:7e:4d:5f:52:4f:20:02:c3:97:50:
         f3:d1:74:85:54:08:a9:83:c4:1c:ce:73:09:15:61:37:b1:46:
         ff:8c:1b:aa:82:fe:b9:f7:a0:48:30:0d:a6:53:1e:c3:ce:55:
         aa:d6:3a:0a:a6:8a:c8:b3:2a:09:11:60:0a:ef:8f:ea:b0:2a:
         41:58:b0:65:5d:6a:04:5c:14:bf:af:ac:0d:4b:a5:aa:16:8a:
         96:38:69:45:ae:9b:50:a3:5c:87:01:ac:b5:2e:86:cd:39:ca:
         21:8c:f9:ec:c8:2d:81:ff:d6:03:48:d0:92:85:65:36:bd:41:
         25:51:93:a9:5c:4d:6e:5b:b7:0c:c7:82:a1:3c:4c:7c:38:89:
         1c:81:0f:7a:73:72:29:49:1d:6d:24:bb:19:ca:02:1f:2a:7b:
         60:e9:eb:2b:fc:12:dd:ad:98:42:67:b8:73:8e:6f:0e:a8:1f:
         a3:5b:e7:89:1b:51:8d:c4:57:49:6c:bb:4b:1c:0a:3c:85:8c:
         a0:c4:a6:73:80:e3:aa:61:ae:19:b7:d8:73:bc:ab:9a:1e:53:
         95:46:73:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbtevKflmqohBRthwdTB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NDcwYWU0MThlZWRkZDZiMzlkYWU5ZTdhMTc3YTE5Yzc3
OTljNDEwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmRiNmFkNWQ4MmYyYzRmN2E5YzI5YjgyYzE0NmU0YjgzMzJhMDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTlTneQaP6x3zJEHClPaQod869q9
V0QtPpx2GbG/tSa74fWKB7d9M8J39dokvvDO/29VzIF0jgK10QmRmrhslT6kPscr
Qvn+JCQZuWHQFH8HuKv4ahhqX6Q2KJyzkeq3CKCcD6zek6DEeTKfNgzLGW8tk6Xg
LjkwWKjMxp/tK1/et6w4rCk8TrkNIWzL8pIplFmlH1x3E1490zKpKxJTwO9gqi+l
nD/H/YxtlEwrhU9pjqNJF0fM3BNHdVVySwgEqtpyhNgJ/PcsoKmQOr5k0itlSFxr
zdUYvHQwEmnfuplVtDLVoJVqbft5xhA6/r8a3h89zrfS/cEWdYmwaTOfrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN/batXYLyxPepwpuCwUbkuDMqCIMB8GA1UdIwQY
MBaAFMlHCuQY7t3Ws52unnoXehnHeZxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVVjSzVCanUzZGF6bmE2ZWVoZDZHY2Q1bkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTAyMmQtZDhkYi00NDU5LWJlMWMt
YjA5MTIxNWQ1ZTRkLzEvMzl0cTFkZ3ZMRTk2bkNtNExCUnVTNE15b0lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTAyMmQtZDhkYi00NDU5LWJlMWMtYjA5MTIxNWQ1ZTRk
LzEveVVjSzVCanUzZGF6bmE2ZWVoZDZHY2Q1bkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuSTYAwQB
wvcaMA0GCSqGSIb3DQEBCwUAA4IBAQBB27FTCMHzWEDROm+pxlITbSTFxlWQp/ov
xZDaVRd/dtZ+1BepKLKZ+dmVY35NX1JPIALDl1Dz0XSFVAipg8QcznMJFWE3sUb/
jBuqgv6596BIMA2mUx7DzlWq1joKporIsyoJEWAK74/qsCpBWLBlXWoEXBS/r6wN
S6WqFoqWOGlFrptQo1yHAay1LobNOcohjPnsyC2B/9YDSNCShWU2vUElUZOpXE1u
W7cMx4KhPEx8OIkcgQ96c3IpSR1tJLsZygIfKntg6esr/BLdrZhCZ7hzjm8OqB+j
W+eJG1GNxFdJbLtLHAo8hYygxKZzgOOqYa4Zt9hzvKuaHlOVRnM0
-----END CERTIFICATE-----