Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/dtsQxqYL_0700mEtpS_0XOPZO-c.roa
File:                     dtsQxqYL_0700mEtpS_0XOPZO-c.roa (raw, json)
Hash identifier:          1TsJR+4CguEWBtk8XTOrs1nFVKtTheqSsjvjsKu1PO8=
Subject key identifier:   76:DB:10:C6:A6:0B:FF:4E:F4:D2:61:2D:A5:2F:F4:5C:E3:D9:3B:E7
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       0191FDA759C57E84E57C328E84C6529989AC
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/dtsQxqYL_0700mEtpS_0XOPZO-c.roa
Signing time:             Tue 17 Sep 2024 01:44:48 +0000
ROA not before:           Tue 17 Sep 2024 01:44:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199614
IP address blocks:        185.138.234.0/24 maxlen: 24
                          185.138.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fd:a7:59:c5:7e:84:e5:7c:32:8e:84:c6:52:99:89:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Sep 17 01:44:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76db10c6a60bff4ef4d2612da52ff45ce3d93be7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:10:4b:d9:fa:15:3e:3e:d6:ee:1d:9d:8f:f0:
                    e5:cd:83:a4:c4:3a:59:5a:0d:76:59:00:97:74:92:
                    85:af:7e:12:bd:50:d2:34:7d:80:67:d0:e9:0e:c1:
                    f7:4a:e2:45:21:51:de:a1:c1:d3:25:e6:c9:3b:c6:
                    8e:15:d0:26:3f:47:1b:7b:44:ba:f9:25:08:a6:bb:
                    5e:e3:ee:11:22:c5:7f:ef:b7:cc:74:39:6c:00:5f:
                    23:8e:a3:72:ca:74:3a:d9:2b:a9:91:2d:17:bb:1f:
                    d0:27:38:ec:bf:a7:7e:14:8d:ac:c6:23:ea:75:8d:
                    09:50:9b:ab:46:45:5f:5c:6d:b9:32:dd:9a:ed:cc:
                    63:3d:9c:5f:02:fe:7a:ec:d6:26:b2:9d:12:6d:57:
                    ed:63:9b:14:46:d4:67:61:19:e5:03:ec:02:d2:a1:
                    5c:34:44:c9:12:0e:e1:26:9d:a6:8f:b0:9f:ab:ba:
                    c6:5e:94:62:b2:4a:13:cb:c6:24:a5:43:46:d7:d8:
                    6a:95:fb:4d:21:0d:19:e3:6e:e2:d9:3b:68:dd:f6:
                    c3:5f:cc:d4:d1:03:19:f3:2b:10:f1:39:fb:02:64:
                    bc:31:95:31:e4:40:11:ca:0b:f9:d6:02:36:e5:9c:
                    df:dc:5d:82:4b:de:c3:c4:ef:af:78:1e:c8:ad:05:
                    fa:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:DB:10:C6:A6:0B:FF:4E:F4:D2:61:2D:A5:2F:F4:5C:E3:D9:3B:E7
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/dtsQxqYL_0700mEtpS_0XOPZO-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:d9:41:25:5e:bd:03:6f:cc:0a:d4:46:90:99:72:aa:c6:9e:
         67:d7:12:9b:f9:b1:8d:e3:93:bc:68:6e:46:36:93:b2:0a:34:
         7c:27:ee:b0:04:60:0b:37:bc:24:48:5b:b3:a7:3a:33:97:59:
         b9:74:8c:6a:58:82:5b:5c:25:89:f2:dc:7c:2b:3c:b0:f7:65:
         42:75:39:31:ab:63:9a:1c:09:53:c7:a8:f2:2f:59:e6:62:a5:
         9f:5f:3e:b9:8c:5a:e5:a8:6b:3d:7b:c1:40:01:14:40:8f:d6:
         d8:91:35:5b:ff:1b:c7:25:6b:4b:23:89:41:56:d9:3b:64:35:
         10:57:ec:f7:c0:e2:49:fe:ae:71:d2:0d:d6:75:9d:a7:84:99:
         84:5c:f1:80:54:71:8b:04:77:57:7e:ba:a9:a6:96:23:9e:8e:
         f9:12:1f:59:02:55:c9:ba:96:68:13:14:42:1a:5c:b1:ba:e4:
         17:33:bb:8a:ca:97:16:db:77:34:71:f4:2e:a4:d9:1b:92:21:
         a9:ed:f0:da:08:43:bb:b1:81:93:3e:eb:98:b4:be:4c:ed:00:
         2b:fc:89:e3:bc:26:a0:2f:ac:96:41:18:a5:67:40:98:d0:ea:
         73:7d:cf:5a:00:f6:0c:8d:39:59:3b:ed:67:05:c1:31:57:e6:
         5f:5b:fd:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH9p1nFfoTlfDKOhMZSmYmsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjQwOTE3MDE0NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmRiMTBjNmE2MGJmZjRlZjRkMjYxMmRhNTJmZjQ1Y2UzZDkzYmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBBL2foVPj7W7h2dj/DlzYOkxDpZ
Wg12WQCXdJKFr34SvVDSNH2AZ9DpDsH3SuJFIVHeocHTJebJO8aOFdAmP0cbe0S6
+SUIprte4+4RIsV/77fMdDlsAF8jjqNyynQ62SupkS0Xux/QJzjsv6d+FI2sxiPq
dY0JUJurRkVfXG25Mt2a7cxjPZxfAv567NYmsp0SbVftY5sURtRnYRnlA+wC0qFc
NETJEg7hJp2mj7Cfq7rGXpRiskoTy8YkpUNG19hqlftNIQ0Z427i2Tto3fbDX8zU
0QMZ8ysQ8Tn7AmS8MZUx5EARygv51gI25Zzf3F2CS97DxO+veB7IrQX6SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbbEMamC/9O9NJhLaUv9Fzj2TvnMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvZHRzUXhxWUxfMDcwMG1FdHBTXzBYT1BaTy1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYrqMA0G
CSqGSIb3DQEBCwUAA4IBAQAu2UElXr0Db8wK1EaQmXKqxp5n1xKb+bGN45O8aG5G
NpOyCjR8J+6wBGALN7wkSFuzpzozl1m5dIxqWIJbXCWJ8tx8Kzyw92VCdTkxq2Oa
HAlTx6jyL1nmYqWfXz65jFrlqGs9e8FAARRAj9bYkTVb/xvHJWtLI4lBVtk7ZDUQ
V+z3wOJJ/q5x0g3WdZ2nhJmEXPGAVHGLBHdXfrqpppYjno75Eh9ZAlXJupZoExRC
GlyxuuQXM7uKypcW23c0cfQupNkbkiGp7fDaCEO7sYGTPuuYtL5M7QAr/InjvCag
L6yWQRilZ0CY0Opzfc9aAPYMjTlZO+1nBcExV+ZfW/2T
-----END CERTIFICATE-----