Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/46358e-54f7-4f4b-a747-f735e3dafd53/1/dpXNygCrZ3W-tOPTlaPT8MzdEtg.roa
File:                     dpXNygCrZ3W-tOPTlaPT8MzdEtg.roa (raw, json)
Hash identifier:          j4QkLZl9jjvZX5efkLwWSqLSx43IwaXgT7jPe2ORr6s=
Subject key identifier:   76:95:CD:CA:00:AB:67:75:BE:B4:E3:D3:95:A3:D3:F0:CC:DD:12:D8
Certificate issuer:       /CN=a0dae7678a396969e6340c9dcb65cde9e329554a
Certificate serial:       018CC9BBD2EC4F7FB94C4729E483C65E0850
Authority key identifier: A0:DA:E7:67:8A:39:69:69:E6:34:0C:9D:CB:65:CD:E9:E3:29:55:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oNrnZ4o5aWnmNAydy2XN6eMpVUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/46358e-54f7-4f4b-a747-f735e3dafd53/1/dpXNygCrZ3W-tOPTlaPT8MzdEtg.roa
Signing time:             Tue 02 Jan 2024 10:32:58 +0000
ROA not before:           Tue 02 Jan 2024 10:32:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50629
IP address blocks:        185.226.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/46358e-54f7-4f4b-a747-f735e3dafd53/1/oNrnZ4o5aWnmNAydy2XN6eMpVUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/46358e-54f7-4f4b-a747-f735e3dafd53/1/oNrnZ4o5aWnmNAydy2XN6eMpVUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oNrnZ4o5aWnmNAydy2XN6eMpVUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:d2:ec:4f:7f:b9:4c:47:29:e4:83:c6:5e:08:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0dae7678a396969e6340c9dcb65cde9e329554a
        Validity
            Not Before: Jan  2 10:32:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7695cdca00ab6775beb4e3d395a3d3f0ccdd12d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:29:6d:58:91:4b:84:f6:ae:42:80:67:af:99:
                    45:f4:82:f5:27:d1:11:06:fd:de:5c:dd:22:3a:9b:
                    16:97:7b:a6:42:93:b2:db:a1:9f:ad:40:6d:de:58:
                    5d:b7:d3:01:bc:98:7e:20:af:18:85:9c:97:be:a0:
                    76:e2:f5:ec:65:6b:d9:0a:70:e1:a2:d1:1e:c8:54:
                    89:7e:31:26:b1:5b:75:94:43:8f:33:5c:be:de:0d:
                    f9:69:8b:a1:46:19:65:e1:de:8b:85:c1:5c:73:39:
                    73:22:07:d0:d3:57:b8:2f:27:6c:d8:ed:e6:a9:05:
                    29:65:5a:5c:ca:26:81:d1:e4:5c:44:15:e3:a8:03:
                    25:34:6d:d4:57:ca:2a:5c:64:d4:bd:44:04:25:ec:
                    86:51:87:a3:c6:55:1e:7e:dc:60:b3:3b:e4:53:39:
                    5d:10:48:2d:94:6b:1b:a6:48:73:e7:78:16:bc:4e:
                    55:d6:eb:37:43:6a:b2:c9:ef:ea:50:cd:f5:98:b0:
                    08:34:be:fa:cd:0e:d5:9f:b6:80:8f:f5:c0:36:5f:
                    27:59:0c:d7:36:0d:1b:67:bb:9c:d2:cb:4b:5a:80:
                    0d:7a:bf:07:67:4a:c4:d7:5f:9c:47:c7:2f:97:d2:
                    e8:d0:47:d5:53:71:1d:40:40:04:b7:4e:d0:72:e0:
                    76:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:95:CD:CA:00:AB:67:75:BE:B4:E3:D3:95:A3:D3:F0:CC:DD:12:D8
            X509v3 Authority Key Identifier:
                keyid:A0:DA:E7:67:8A:39:69:69:E6:34:0C:9D:CB:65:CD:E9:E3:29:55:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oNrnZ4o5aWnmNAydy2XN6eMpVUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/46358e-54f7-4f4b-a747-f735e3dafd53/1/dpXNygCrZ3W-tOPTlaPT8MzdEtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/46358e-54f7-4f4b-a747-f735e3dafd53/1/oNrnZ4o5aWnmNAydy2XN6eMpVUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:9b:81:1d:aa:d2:5e:a3:c4:75:bb:59:17:83:91:12:66:1e:
         5a:97:24:73:5f:f5:87:31:0c:c3:91:c5:3f:c7:01:86:2b:6e:
         03:1e:dc:93:ba:e8:11:02:dd:c3:de:ac:f4:6e:27:59:b8:9c:
         e0:fb:5d:01:5a:97:40:30:75:23:bc:13:d5:04:59:ca:f5:28:
         0e:3d:31:34:cd:ad:b0:b1:eb:8b:95:ac:c9:aa:d6:de:90:e2:
         33:ff:30:72:32:bc:92:cb:ba:b4:e5:fd:3f:e9:df:18:26:ed:
         4a:87:c0:50:98:2e:82:11:f3:cd:ab:fe:a0:08:a4:d6:db:23:
         be:91:9d:2e:5b:5f:2d:c4:90:73:6e:1c:7a:32:7d:cb:d2:13:
         2c:92:15:41:b1:95:41:44:ea:85:c6:97:6e:b8:9f:e6:59:e2:
         ab:e8:1e:3a:cb:d7:e4:e7:00:f6:04:79:38:fa:96:e1:e9:17:
         c9:84:52:31:21:14:34:19:f2:38:72:48:4a:33:8c:4a:7d:58:
         4c:2e:b8:5f:98:3d:c2:2c:e2:bc:b5:7e:fd:95:c2:40:80:d5:
         7e:66:ee:e3:f4:ab:c9:ef:e8:50:16:cc:b0:92:3e:bb:22:6e:
         ea:ff:e4:88:fd:85:86:08:ee:9e:79:07:36:cb:47:b3:fe:1e:
         5e:e0:8e:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu9LsT3+5TEcp5IPGXghQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZGFlNzY3OGEzOTY5NjllNjM0MGM5ZGNiNjVjZGU5ZTMy
OTU1NGEwHhcNMjQwMTAyMTAzMjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njk1Y2RjYTAwYWI2Nzc1YmViNGUzZDM5NWEzZDNmMGNjZGQxMmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCltWJFLhPauQoBnr5lF9IL1J9ER
Bv3eXN0iOpsWl3umQpOy26GfrUBt3lhdt9MBvJh+IK8YhZyXvqB24vXsZWvZCnDh
otEeyFSJfjEmsVt1lEOPM1y+3g35aYuhRhll4d6LhcFcczlzIgfQ01e4Lyds2O3m
qQUpZVpcyiaB0eRcRBXjqAMlNG3UV8oqXGTUvUQEJeyGUYejxlUeftxgszvkUzld
EEgtlGsbpkhz53gWvE5V1us3Q2qyye/qUM31mLAINL76zQ7Vn7aAj/XANl8nWQzX
Ng0bZ7uc0stLWoANer8HZ0rE11+cR8cvl9Lo0EfVU3EdQEAEt07QcuB2ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHaVzcoAq2d1vrTj05Wj0/DM3RLYMB8GA1UdIwQY
MBaAFKDa52eKOWlp5jQMnctlzenjKVVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb05yblo0bzVhV25tTkF5ZHkyWE42ZU1wVlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy80NjM1OGUtNTRmNy00ZjRiLWE3NDct
ZjczNWUzZGFmZDUzLzEvZHBYTnlnQ3JaM1ctdE9QVGxhUFQ4TXpkRXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy80NjM1OGUtNTRmNy00ZjRiLWE3NDctZjczNWUzZGFmZDUz
LzEvb05yblo0bzVhV25tTkF5ZHkyWE42ZU1wVlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueLzMA0G
CSqGSIb3DQEBCwUAA4IBAQBXm4EdqtJeo8R1u1kXg5ESZh5alyRzX/WHMQzDkcU/
xwGGK24DHtyTuugRAt3D3qz0bidZuJzg+10BWpdAMHUjvBPVBFnK9SgOPTE0za2w
seuLlazJqtbekOIz/zByMrySy7q05f0/6d8YJu1Kh8BQmC6CEfPNq/6gCKTW2yO+
kZ0uW18txJBzbhx6Mn3L0hMskhVBsZVBROqFxpduuJ/mWeKr6B46y9fk5wD2BHk4
+pbh6RfJhFIxIRQ0GfI4ckhKM4xKfVhMLrhfmD3CLOK8tX79lcJAgNV+Zu7j9KvJ
7+hQFsywkj67Im7q/+SI/YWGCO6eeQc2y0ez/h5e4I5s
-----END CERTIFICATE-----