Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/DjiehCg8a9rTDLsC51aJnA38h64.roa
File:                     DjiehCg8a9rTDLsC51aJnA38h64.roa (raw, json)
Hash identifier:          2MV7hnfoMOfK5uDY/Ofa+3NIqG9DFg+AZ4Oy1Tr3q4s=
Subject key identifier:   0E:38:9E:84:28:3C:6B:DA:D3:0C:BB:02:E7:56:89:9C:0D:FC:87:AE
Certificate issuer:       /CN=1a2474ce5b5e220b9f431afc86af4ec140f5f16c
Certificate serial:       018CC348C979E09844730B933C37997054E6
Authority key identifier: 1A:24:74:CE:5B:5E:22:0B:9F:43:1A:FC:86:AF:4E:C1:40:F5:F1:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GiR0zlteIgufQxr8hq9OwUD18Ww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/DjiehCg8a9rTDLsC51aJnA38h64.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212341
IP address blocks:        85.202.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/GiR0zlteIgufQxr8hq9OwUD18Ww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/GiR0zlteIgufQxr8hq9OwUD18Ww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GiR0zlteIgufQxr8hq9OwUD18Ww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c9:79:e0:98:44:73:0b:93:3c:37:99:70:54:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a2474ce5b5e220b9f431afc86af4ec140f5f16c
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e389e84283c6bdad30cbb02e756899c0dfc87ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ff:15:14:20:60:d9:ec:50:fa:a6:7d:9c:d0:
                    0e:37:10:db:96:08:a7:fb:5d:8f:20:c0:9c:ce:2a:
                    e9:ad:52:ce:a9:63:7b:d1:bd:6d:e7:46:b9:ef:fa:
                    0d:7a:94:b9:0d:b7:7a:47:ca:69:fb:08:ce:cf:a4:
                    e5:d1:80:2f:f1:91:93:e2:17:f1:90:23:dc:70:99:
                    15:82:57:6f:9f:25:cb:6e:55:de:70:83:7f:01:98:
                    51:53:d1:ea:5e:16:39:f7:08:67:ef:14:43:63:64:
                    2f:39:38:84:81:cf:31:1b:5c:f0:11:4c:fa:fc:29:
                    15:53:31:33:67:5c:f9:c5:af:80:69:b0:c0:5a:04:
                    9f:60:a6:5f:17:fe:25:a0:79:07:ef:31:53:aa:dc:
                    c7:07:b0:c5:34:df:7b:c6:08:b6:26:69:16:a9:ec:
                    a4:18:a8:29:86:4c:a5:2f:a2:7b:0f:ab:40:79:bc:
                    e3:66:c5:1f:cf:be:90:94:8b:e3:6d:a5:15:4a:02:
                    14:2a:13:ec:89:1e:ed:18:39:90:fc:ef:b7:a0:fc:
                    5e:16:f3:23:f7:0f:9e:ff:ac:bc:48:d5:9b:8a:92:
                    47:cc:ab:10:2f:f9:84:df:6b:3f:d9:89:4d:23:09:
                    48:6f:ab:5c:6c:6c:75:65:87:93:26:68:b6:b0:58:
                    fe:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:38:9E:84:28:3C:6B:DA:D3:0C:BB:02:E7:56:89:9C:0D:FC:87:AE
            X509v3 Authority Key Identifier:
                keyid:1A:24:74:CE:5B:5E:22:0B:9F:43:1A:FC:86:AF:4E:C1:40:F5:F1:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GiR0zlteIgufQxr8hq9OwUD18Ww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/DjiehCg8a9rTDLsC51aJnA38h64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/GiR0zlteIgufQxr8hq9OwUD18Ww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:b4:50:70:8b:4e:f1:41:3d:b6:1c:a7:78:5b:17:52:ca:82:
         f1:de:9a:9c:80:ec:8d:c3:a7:83:6c:a4:ef:e9:05:db:55:4c:
         33:62:05:50:3f:1b:eb:e7:7c:c5:c6:cd:95:ce:ea:ff:d8:aa:
         b5:38:3d:c0:58:db:58:dc:d6:4a:9b:31:50:93:81:3d:d1:ae:
         4e:0a:d1:7e:25:f8:a7:12:a0:15:15:44:5f:21:fb:68:3e:18:
         fc:e0:81:e0:a3:19:fd:1f:30:b6:9b:50:d4:c9:bc:39:87:8e:
         cf:78:c5:b5:d9:a8:2a:fa:31:4c:39:06:94:63:3f:2f:c3:03:
         87:fc:c4:08:fe:1f:35:ce:d5:86:3f:b8:6c:c3:d7:5c:80:70:
         8b:ac:a3:af:6d:71:24:75:bb:75:32:0c:70:19:83:37:fb:d3:
         72:da:29:fc:aa:91:eb:e3:b8:20:1c:ed:e7:6e:13:0d:55:d4:
         5c:fe:3d:b1:b9:ff:4b:b4:be:55:29:e8:2b:8d:1f:d7:b8:d9:
         82:a2:65:b8:75:fd:36:c6:1f:bd:f5:9f:ed:d4:0a:57:60:ab:
         60:c1:4f:73:d3:25:de:16:28:4a:a4:c7:43:fb:13:d3:19:a9:
         16:d8:ab:14:96:30:1c:3b:60:08:5d:b3:7f:49:ab:37:ff:f4:
         51:a1:5b:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMl54JhEcwuTPDeZcFTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMjQ3NGNlNWI1ZTIyMGI5ZjQzMWFmYzg2YWY0ZWMxNDBm
NWYxNmMwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTM4OWU4NDI4M2M2YmRhZDMwY2JiMDJlNzU2ODk5YzBkZmM4N2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApf8VFCBg2exQ+qZ9nNAONxDblgin
+12PIMCczirprVLOqWN70b1t50a57/oNepS5Dbd6R8pp+wjOz6Tl0YAv8ZGT4hfx
kCPccJkVgldvnyXLblXecIN/AZhRU9HqXhY59whn7xRDY2QvOTiEgc8xG1zwEUz6
/CkVUzEzZ1z5xa+AabDAWgSfYKZfF/4loHkH7zFTqtzHB7DFNN97xgi2JmkWqeyk
GKgphkylL6J7D6tAebzjZsUfz76QlIvjbaUVSgIUKhPsiR7tGDmQ/O+3oPxeFvMj
9w+e/6y8SNWbipJHzKsQL/mE32s/2YlNIwlIb6tcbGx1ZYeTJmi2sFj+wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA44noQoPGva0wy7AudWiZwN/IeuMB8GA1UdIwQY
MBaAFBokdM5bXiILn0Ma/IavTsFA9fFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2lSMHpsdGVJZ3VmUXhyOGhxOU93VUQxOFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jMDQzNTktNGFlNC00ZTQ3LTkxY2It
ZDdkMDJlOTdlMjVkLzEvRGppZWhDZzhhOXJURExzQzUxYUpuQTM4aDY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jMDQzNTktNGFlNC00ZTQ3LTkxY2ItZDdkMDJlOTdlMjVk
LzEvR2lSMHpsdGVJZ3VmUXhyOGhxOU93VUQxOFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcpYMA0G
CSqGSIb3DQEBCwUAA4IBAQAVtFBwi07xQT22HKd4WxdSyoLx3pqcgOyNw6eDbKTv
6QXbVUwzYgVQPxvr53zFxs2Vzur/2Kq1OD3AWNtY3NZKmzFQk4E90a5OCtF+Jfin
EqAVFURfIftoPhj84IHgoxn9HzC2m1DUybw5h47PeMW12agq+jFMOQaUYz8vwwOH
/MQI/h81ztWGP7hsw9dcgHCLrKOvbXEkdbt1MgxwGYM3+9Ny2in8qpHr47ggHO3n
bhMNVdRc/j2xuf9LtL5VKegrjR/XuNmComW4df02xh+99Z/t1ApXYKtgwU9z0yXe
FihKpMdD+xPTGakW2KsUljAcO2AIXbN/Sas3//RRoVsj
-----END CERTIFICATE-----