Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/dltGPO9ZywzmFsUihi-9EifrsPY.roa
File:                     dltGPO9ZywzmFsUihi-9EifrsPY.roa (raw, json)
Hash identifier:          Oaq00yz8leEnbW0LcS93H3UgDbMfr1swjpjxWs8GPJs=
Subject key identifier:   76:5B:46:3C:EF:59:CB:0C:E6:16:C5:22:86:2F:BD:12:27:EB:B0:F6
Certificate issuer:       /CN=2c96946c501ddf48696da2cf110fdceb286fac98
Certificate serial:       018E2D6B70F691FE6236D1D473167B70F45C
Authority key identifier: 2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/dltGPO9ZywzmFsUihi-9EifrsPY.roa
Signing time:             Mon 11 Mar 2024 12:09:59 +0000
ROA not before:           Mon 11 Mar 2024 12:09:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47543
IP address blocks:        185.234.96.0/24 maxlen: 24
                          185.234.97.0/24 maxlen: 24
                          185.234.98.0/24 maxlen: 24
                          185.234.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:6b:70:f6:91:fe:62:36:d1:d4:73:16:7b:70:f4:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c96946c501ddf48696da2cf110fdceb286fac98
        Validity
            Not Before: Mar 11 12:09:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=765b463cef59cb0ce616c522862fbd1227ebb0f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1d:0c:5c:10:9b:50:9d:5b:41:a7:22:e6:9a:
                    71:58:54:46:af:1d:2a:03:60:7a:78:8b:b0:97:fd:
                    33:77:79:4f:f2:82:bf:68:60:f8:59:6b:fa:61:3a:
                    61:68:2d:ef:da:6c:1d:4d:31:0b:b9:ae:f7:b7:c1:
                    cf:42:9f:0a:b4:8e:5f:91:41:53:aa:dc:22:06:a3:
                    75:f0:d5:fc:8c:c9:a1:66:d4:eb:a7:fe:0a:88:94:
                    73:62:59:12:d3:dc:aa:62:02:fd:e3:ac:37:ae:ed:
                    ce:4e:92:18:1a:5e:e5:ff:56:c1:71:53:de:64:ec:
                    2a:38:c4:56:2c:41:fa:a6:68:5a:e7:7a:51:28:d9:
                    7a:b2:b9:cd:2c:d3:a3:20:d4:7a:b1:c7:d4:28:07:
                    6a:3a:06:93:8e:c9:e1:69:f1:f1:60:63:a9:32:11:
                    f2:e4:c5:df:9c:02:0f:ec:6a:da:a6:79:d0:19:7d:
                    17:bf:f1:1c:df:27:3d:7d:62:ab:02:b7:4e:b2:61:
                    e9:09:00:e5:d2:63:73:61:06:91:53:96:e3:51:da:
                    67:cb:74:e1:e0:65:4a:bc:02:47:95:80:84:76:10:
                    69:01:29:c9:83:5d:47:40:be:f9:ef:e5:20:4f:13:
                    3e:3f:b0:f7:f3:14:77:d8:6a:6a:df:2c:59:34:0c:
                    36:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:5B:46:3C:EF:59:CB:0C:E6:16:C5:22:86:2F:BD:12:27:EB:B0:F6
            X509v3 Authority Key Identifier:
                keyid:2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/dltGPO9ZywzmFsUihi-9EifrsPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:ed:d8:de:3d:59:17:81:1c:85:6f:29:ac:7f:11:14:a1:d6:
         ac:fc:43:3b:78:18:d1:8f:25:55:bd:2e:0c:b4:f2:0d:14:26:
         53:e1:01:c2:c3:f9:bd:b4:59:a4:0e:a7:00:33:ba:cb:72:2b:
         2f:8a:6e:94:e6:85:25:95:64:83:ba:be:c0:a2:6f:f4:bb:92:
         98:2a:3d:af:cb:f2:be:7d:e5:b1:21:ca:88:31:8e:32:82:1b:
         41:ca:2b:4c:8a:c3:9f:fa:fa:d0:ee:08:f9:c6:d0:c3:5d:62:
         fc:f3:46:00:2c:de:29:11:0c:7e:bd:f6:a5:88:68:0f:b4:88:
         84:bc:3e:8c:0b:40:85:4d:f9:f3:04:b3:40:15:36:0a:40:5c:
         8b:ff:29:ff:dd:e6:11:78:70:31:f2:17:75:52:c1:0c:dd:88:
         97:71:c8:72:c3:69:78:b4:fc:bc:51:a7:6f:da:af:16:7a:57:
         25:52:24:8b:35:ec:ed:f2:e3:55:46:4c:28:72:51:24:fe:38:
         37:3b:32:a9:20:3f:c0:b2:f8:15:50:83:e4:a0:cf:f2:9e:c6:
         8e:34:45:a5:0e:dd:75:cc:12:5f:c2:75:d8:c2:bc:04:ee:ae:
         39:27:55:a7:63:46:4e:f5:62:c5:d5:9f:19:d6:1f:31:a5:71:
         9a:fc:7d:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4ta3D2kf5iNtHUcxZ7cPRcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOTY5NDZjNTAxZGRmNDg2OTZkYTJjZjExMGZkY2ViMjg2
ZmFjOTgwHhcNMjQwMzExMTIwOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjViNDYzY2VmNTljYjBjZTYxNmM1MjI4NjJmYmQxMjI3ZWJiMGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR0MXBCbUJ1bQaci5ppxWFRGrx0q
A2B6eIuwl/0zd3lP8oK/aGD4WWv6YTphaC3v2mwdTTELua73t8HPQp8KtI5fkUFT
qtwiBqN18NX8jMmhZtTrp/4KiJRzYlkS09yqYgL946w3ru3OTpIYGl7l/1bBcVPe
ZOwqOMRWLEH6pmha53pRKNl6srnNLNOjINR6scfUKAdqOgaTjsnhafHxYGOpMhHy
5MXfnAIP7GrapnnQGX0Xv/Ec3yc9fWKrArdOsmHpCQDl0mNzYQaRU5bjUdpny3Th
4GVKvAJHlYCEdhBpASnJg11HQL757+UgTxM+P7D38xR32Gpq3yxZNAw2bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZbRjzvWcsM5hbFIoYvvRIn67D2MB8GA1UdIwQY
MBaAFCyWlGxQHd9IaW2izxEP3Osob6yYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQt
N2Y5NzBhM2FmOWNkLzEvZGx0R1BPOVp5d3ptRnNVaWhpLTlFaWZyc1BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQtN2Y5NzBhM2FmOWNk
LzEvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuepgMA0G
CSqGSIb3DQEBCwUAA4IBAQBr7djePVkXgRyFbymsfxEUodas/EM7eBjRjyVVvS4M
tPINFCZT4QHCw/m9tFmkDqcAM7rLcisvim6U5oUllWSDur7Aom/0u5KYKj2vy/K+
feWxIcqIMY4yghtByitMisOf+vrQ7gj5xtDDXWL880YALN4pEQx+vfaliGgPtIiE
vD6MC0CFTfnzBLNAFTYKQFyL/yn/3eYReHAx8hd1UsEM3YiXcchyw2l4tPy8Uadv
2q8WelclUiSLNezt8uNVRkwoclEk/jg3OzKpID/AsvgVUIPkoM/ynsaONEWlDt11
zBJfwnXYwrwE7q45J1WnY0ZO9WLF1Z8Z1h8xpXGa/H0w
-----END CERTIFICATE-----