Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/DhkghLDOcRxMpEbtnzsqhd_Tnmc.roa
File:                     DhkghLDOcRxMpEbtnzsqhd_Tnmc.roa (raw, json)
Hash identifier:          I1jKtGzalUuPBOsn1H8IA4fqiE1oMxOJXWaahyUivP8=
Subject key identifier:   0E:19:20:84:B0:CE:71:1C:4C:A4:46:ED:9F:3B:2A:85:DF:D3:9E:67
Certificate issuer:       /CN=c75799ff4335b7b1ae7188edfa53fd7e213eb216
Certificate serial:       018CC56EE476FCD534C9F5946210B7321D6D
Authority key identifier: C7:57:99:FF:43:35:B7:B1:AE:71:88:ED:FA:53:FD:7E:21:3E:B2:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x1eZ_0M1t7GucYjt-lP9fiE-shY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/DhkghLDOcRxMpEbtnzsqhd_Tnmc.roa
Signing time:             Mon 01 Jan 2024 14:30:27 +0000
ROA not before:           Mon 01 Jan 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51221
IP address blocks:        185.34.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/x1eZ_0M1t7GucYjt-lP9fiE-shY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/x1eZ_0M1t7GucYjt-lP9fiE-shY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x1eZ_0M1t7GucYjt-lP9fiE-shY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e4:76:fc:d5:34:c9:f5:94:62:10:b7:32:1d:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c75799ff4335b7b1ae7188edfa53fd7e213eb216
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e192084b0ce711c4ca446ed9f3b2a85dfd39e67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8d:8d:5d:fa:78:e8:db:7d:62:d6:45:ad:44:
                    45:74:aa:1b:a9:79:e9:7e:07:8c:0f:6a:68:77:67:
                    2c:d1:30:e7:c2:4c:15:91:fc:8f:4d:97:f2:9a:e3:
                    eb:3a:83:a8:45:7b:fa:77:16:0a:a0:2f:1a:0b:60:
                    b6:9c:20:84:f2:dd:15:be:c7:9c:5b:73:35:06:6a:
                    8a:7b:02:b6:22:b6:63:e6:24:23:ed:e0:a6:d4:a4:
                    58:ef:2a:db:03:17:18:7c:f7:7f:96:83:ef:8a:cf:
                    30:03:9e:59:e3:54:ab:4e:22:16:2e:9e:81:aa:5c:
                    55:87:93:3a:23:19:81:bd:8c:1a:cf:d1:e3:25:4d:
                    a2:47:d2:1d:1b:44:25:5e:e0:d6:e6:52:99:9e:73:
                    5b:f6:c7:32:35:bd:55:33:98:ca:1d:37:84:ee:9a:
                    a9:dc:31:34:65:57:01:a9:f7:b3:35:61:44:11:be:
                    6f:57:d2:f4:60:cb:13:1a:2e:7e:4a:82:38:26:c1:
                    65:f5:0c:69:61:cb:67:37:44:ba:d1:81:9f:85:58:
                    56:af:98:5d:f2:7a:c6:2d:b9:7d:19:e3:70:61:2a:
                    80:2a:3c:3f:d1:93:2f:ee:64:b7:19:9f:cd:d1:b5:
                    e9:9c:b4:53:98:39:b6:67:dc:c9:16:fb:d2:d3:88:
                    2e:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:19:20:84:B0:CE:71:1C:4C:A4:46:ED:9F:3B:2A:85:DF:D3:9E:67
            X509v3 Authority Key Identifier:
                keyid:C7:57:99:FF:43:35:B7:B1:AE:71:88:ED:FA:53:FD:7E:21:3E:B2:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1eZ_0M1t7GucYjt-lP9fiE-shY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/DhkghLDOcRxMpEbtnzsqhd_Tnmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/x1eZ_0M1t7GucYjt-lP9fiE-shY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:e4:e2:6c:71:00:19:b1:35:01:9a:29:fa:4c:f4:99:96:c0:
         e0:eb:f3:4a:f1:98:d0:56:fc:06:f1:71:7a:eb:52:a4:44:5d:
         6d:b6:13:4a:f5:8c:a2:34:e5:aa:89:de:05:cd:f2:39:8e:57:
         77:b9:c7:89:70:7f:38:38:f0:c6:ff:2e:69:89:67:89:a9:f6:
         68:26:da:24:21:9f:32:e7:40:85:7e:09:ae:4b:22:1b:e3:64:
         cf:d8:1e:55:b2:15:6e:65:af:7d:03:63:ef:80:7a:85:d9:e0:
         d0:d9:0f:01:72:5c:97:d0:f6:de:7a:6e:1f:18:bd:74:2a:cc:
         dd:70:6a:5e:47:ed:52:55:a5:d3:f1:d4:89:54:b2:3d:52:e9:
         ee:93:71:17:0a:8f:e5:64:86:6c:a7:d5:6b:67:60:d4:7f:9c:
         3b:44:d3:c6:fa:7f:12:50:e4:06:4f:96:f2:b3:38:3d:7c:67:
         36:d6:0a:7c:86:b7:50:23:c7:21:21:48:31:ce:a6:20:cf:76:
         76:31:cb:41:70:5f:3d:b8:be:cf:51:8e:a1:85:3e:8a:17:2c:
         4b:e7:ef:83:5c:f1:cd:e5:50:23:65:b3:84:31:c7:b9:4e:63:
         47:db:e2:4e:ed:10:0b:81:93:98:f7:77:cb:2e:16:46:7c:37:
         e2:00:60:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuR2/NU0yfWUYhC3Mh1tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTc5OWZmNDMzNWI3YjFhZTcxODhlZGZhNTNmZDdlMjEz
ZWIyMTYwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTE5MjA4NGIwY2U3MTFjNGNhNDQ2ZWQ5ZjNiMmE4NWRmZDM5ZTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApo2NXfp46Nt9YtZFrURFdKobqXnp
fgeMD2pod2cs0TDnwkwVkfyPTZfymuPrOoOoRXv6dxYKoC8aC2C2nCCE8t0Vvsec
W3M1BmqKewK2IrZj5iQj7eCm1KRY7yrbAxcYfPd/loPvis8wA55Z41SrTiIWLp6B
qlxVh5M6IxmBvYwaz9HjJU2iR9IdG0QlXuDW5lKZnnNb9scyNb1VM5jKHTeE7pqp
3DE0ZVcBqfezNWFEEb5vV9L0YMsTGi5+SoI4JsFl9QxpYctnN0S60YGfhVhWr5hd
8nrGLbl9GeNwYSqAKjw/0ZMv7mS3GZ/N0bXpnLRTmDm2Z9zJFvvS04guNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4ZIISwznEcTKRG7Z87KoXf055nMB8GA1UdIwQY
MBaAFMdXmf9DNbexrnGI7fpT/X4hPrIWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFlWl8wTTF0N0d1Y1lqdC1sUDlmaUUtc2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xZTRjMDMtZjYxOS00N2EzLTgxYmQt
MzZlZjdhZWViZTNiLzEvRGhrZ2hMRE9jUnhNcEVidG56c3FoZF9Ubm1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xZTRjMDMtZjYxOS00N2EzLTgxYmQtMzZlZjdhZWViZTNi
LzEveDFlWl8wTTF0N0d1Y1lqdC1sUDlmaUUtc2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSKkMA0G
CSqGSIb3DQEBCwUAA4IBAQB65OJscQAZsTUBmin6TPSZlsDg6/NK8ZjQVvwG8XF6
61KkRF1tthNK9YyiNOWqid4FzfI5jld3uceJcH84OPDG/y5piWeJqfZoJtokIZ8y
50CFfgmuSyIb42TP2B5VshVuZa99A2PvgHqF2eDQ2Q8BclyX0Pbeem4fGL10Kszd
cGpeR+1SVaXT8dSJVLI9Uunuk3EXCo/lZIZsp9VrZ2DUf5w7RNPG+n8SUOQGT5by
szg9fGc21gp8hrdQI8chIUgxzqYgz3Z2MctBcF89uL7PUY6hhT6KFyxL5++DXPHN
5VAjZbOEMce5TmNH2+JO7RALgZOY93fLLhZGfDfiAGDy
-----END CERTIFICATE-----