Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/du1CGIIGlbypGc11Cnm3CtzHSEE.roa
File:                     du1CGIIGlbypGc11Cnm3CtzHSEE.roa (raw, json)
Hash identifier:          54LfSXSF6qfdG8PyywEii1hjOTB4Hjb5Ovhek/F0HJ8=
Subject key identifier:   76:ED:42:18:82:06:95:BC:A9:19:CD:75:0A:79:B7:0A:DC:C7:48:41
Certificate issuer:       /CN=f5346d3edbec6da72780722c0a41abeea63661d8
Certificate serial:       018CC9BC53F5A6F8DB41E8F0ABB1C2E0A514
Authority key identifier: F5:34:6D:3E:DB:EC:6D:A7:27:80:72:2C:0A:41:AB:EE:A6:36:61:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/du1CGIIGlbypGc11Cnm3CtzHSEE.roa
Signing time:             Tue 02 Jan 2024 10:33:31 +0000
ROA not before:           Tue 02 Jan 2024 10:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.57.216.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:53:f5:a6:f8:db:41:e8:f0:ab:b1:c2:e0:a5:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5346d3edbec6da72780722c0a41abeea63661d8
        Validity
            Not Before: Jan  2 10:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76ed4218820695bca919cd750a79b70adcc74841
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f1:e7:b7:8e:eb:e8:2b:d8:fa:ea:ce:83:bc:
                    f0:6f:0e:cf:a8:08:aa:01:e1:a4:6e:7f:41:57:53:
                    53:a9:b0:61:a0:aa:6c:cc:81:c6:ef:9c:1c:a1:46:
                    bd:f3:fb:ff:e4:a7:ab:0e:20:83:1e:c0:a1:bc:d6:
                    a2:55:70:19:35:af:20:15:24:b4:9f:cf:e6:ec:91:
                    b7:dc:5f:2f:03:fd:59:67:b1:ff:1b:9e:59:72:07:
                    ef:58:4b:7f:c1:40:11:2f:a5:85:db:fa:06:33:b1:
                    3c:d2:21:10:93:88:84:09:a8:e5:0e:80:46:d6:7a:
                    39:54:00:b5:9d:f0:65:62:0d:ec:49:13:78:c9:e0:
                    a0:4a:74:9d:46:04:05:c8:1b:12:03:da:eb:dc:4c:
                    3d:38:99:8a:b8:3a:01:5f:fe:9a:95:01:7b:9b:69:
                    95:78:8b:fc:b1:43:48:9c:5a:d7:83:45:32:ec:50:
                    e8:f7:b2:04:a2:89:53:a1:dd:90:af:4c:77:10:aa:
                    21:d0:34:1e:2e:29:70:6e:f2:25:a6:3e:c1:21:48:
                    ce:12:2b:7b:71:02:8b:29:bb:a7:30:4e:a0:de:71:
                    e5:cd:e9:64:22:74:79:12:99:27:6b:b8:4c:87:58:
                    85:b8:2b:c1:a0:f2:0a:5b:fc:4a:35:74:8b:13:6b:
                    83:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:ED:42:18:82:06:95:BC:A9:19:CD:75:0A:79:B7:0A:DC:C7:48:41
            X509v3 Authority Key Identifier:
                keyid:F5:34:6D:3E:DB:EC:6D:A7:27:80:72:2C:0A:41:AB:EE:A6:36:61:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/du1CGIIGlbypGc11Cnm3CtzHSEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:d3:3e:7b:36:d5:96:49:87:e8:01:a9:8d:08:0a:0b:cb:79:
         87:78:fa:79:b2:8c:bc:5c:ec:e4:bb:8c:2d:64:76:5d:19:0a:
         5e:cc:01:41:e8:fe:8a:3f:74:b9:ae:09:b7:af:91:26:aa:50:
         36:9d:c6:46:ce:38:75:6c:ff:40:f9:de:94:17:a4:50:f3:63:
         d1:f1:20:ba:6b:08:37:14:d4:90:d5:3c:63:9d:93:d5:9f:81:
         69:e1:ec:b6:dd:4a:e9:43:20:da:00:b1:2c:e4:58:d1:38:99:
         0a:86:44:2c:ff:7e:6e:9d:67:46:15:f1:30:70:31:ce:47:99:
         dd:b1:c2:4f:28:60:41:b5:0a:b5:88:ce:0d:f2:98:72:b5:d7:
         6b:e7:c0:2a:be:af:0b:9f:90:2e:84:38:f0:8d:09:c6:ba:f7:
         54:f8:72:66:89:8c:8b:67:e0:45:cb:94:8d:2c:4f:8e:54:5d:
         bf:b2:dd:08:7c:f9:37:ac:c3:d2:d9:0c:80:83:50:3b:c7:6d:
         f8:1b:af:5f:b0:76:a7:79:d1:1f:e6:45:42:d0:43:a2:f0:fe:
         3b:b7:38:8d:6c:bd:15:0c:70:06:6c:98:c0:0a:cb:60:b8:d9:
         4c:d4:36:3b:54:49:2a:f2:53:26:f2:3a:e8:50:4f:dc:6b:6b:
         91:a1:de:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFP1pvjbQejwq7HC4KUUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MzQ2ZDNlZGJlYzZkYTcyNzgwNzIyYzBhNDFhYmVlYTYz
NjYxZDgwHhcNMjQwMTAyMTAzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmVkNDIxODgyMDY5NWJjYTkxOWNkNzUwYTc5YjcwYWRjYzc0ODQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvHnt47r6CvY+urOg7zwbw7PqAiq
AeGkbn9BV1NTqbBhoKpszIHG75wcoUa98/v/5KerDiCDHsChvNaiVXAZNa8gFSS0
n8/m7JG33F8vA/1ZZ7H/G55ZcgfvWEt/wUARL6WF2/oGM7E80iEQk4iECajlDoBG
1no5VAC1nfBlYg3sSRN4yeCgSnSdRgQFyBsSA9rr3Ew9OJmKuDoBX/6alQF7m2mV
eIv8sUNInFrXg0Uy7FDo97IEoolTod2Qr0x3EKoh0DQeLilwbvIlpj7BIUjOEit7
cQKLKbunME6g3nHlzelkInR5Epkna7hMh1iFuCvBoPIKW/xKNXSLE2uD6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbtQhiCBpW8qRnNdQp5twrcx0hBMB8GA1UdIwQY
MBaAFPU0bT7b7G2nJ4ByLApBq+6mNmHYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVRSdFB0dnNiYWNuZ0hJc0NrR3I3cVkyWWRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9iZTgwNjQtOWUxMS00NjFhLTkzNmQt
ZmE3MGJkOTBlODk0LzEvZHUxQ0dJSUdsYnlwR2MxMUNubTNDdHpIU0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9iZTgwNjQtOWUxMS00NjFhLTkzNmQtZmE3MGJkOTBlODk0
LzEvOVRSdFB0dnNiYWNuZ0hJc0NrR3I3cVkyWWRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTnYMA0G
CSqGSIb3DQEBCwUAA4IBAQAq0z57NtWWSYfoAamNCAoLy3mHePp5soy8XOzku4wt
ZHZdGQpezAFB6P6KP3S5rgm3r5EmqlA2ncZGzjh1bP9A+d6UF6RQ82PR8SC6awg3
FNSQ1TxjnZPVn4Fp4ey23UrpQyDaALEs5FjROJkKhkQs/35unWdGFfEwcDHOR5nd
scJPKGBBtQq1iM4N8phytddr58Aqvq8Ln5AuhDjwjQnGuvdU+HJmiYyLZ+BFy5SN
LE+OVF2/st0IfPk3rMPS2QyAg1A7x234G69fsHanedEf5kVC0EOi8P47tziNbL0V
DHAGbJjACstguNlM1DY7VEkq8lMm8jroUE/ca2uRod5d
-----END CERTIFICATE-----