Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/DCDT61IMzZ8MU-uRZYXhOfb65Ck.roa
File:                     DCDT61IMzZ8MU-uRZYXhOfb65Ck.roa (raw, json)
Hash identifier:          rTFMJH/QJrFTWzstdnpT+4YuzF/yCg33pgdsVNNyS7E=
Subject key identifier:   0C:20:D3:EB:52:0C:CD:9F:0C:53:EB:91:65:85:E1:39:F6:FA:E4:29
Certificate issuer:       /CN=8a16a5fac65ac5e9c5ebbfed71518cae0c1311c5
Certificate serial:       018CC424658F9B55EBA5E389ECA16079F69F
Authority key identifier: 8A:16:A5:FA:C6:5A:C5:E9:C5:EB:BF:ED:71:51:8C:AE:0C:13:11:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ihal-sZaxenF67_tcVGMrgwTEcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/DCDT61IMzZ8MU-uRZYXhOfb65Ck.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        194.113.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/ihal-sZaxenF67_tcVGMrgwTEcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/ihal-sZaxenF67_tcVGMrgwTEcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ihal-sZaxenF67_tcVGMrgwTEcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 13:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:65:8f:9b:55:eb:a5:e3:89:ec:a1:60:79:f6:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a16a5fac65ac5e9c5ebbfed71518cae0c1311c5
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c20d3eb520ccd9f0c53eb916585e139f6fae429
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f6:a9:95:ae:6a:9e:f3:bd:f8:37:c5:a1:2e:
                    4b:fd:61:4d:b5:28:48:45:b4:ad:c9:a7:aa:5d:db:
                    03:f1:c8:1e:38:e9:8d:33:28:31:c7:f0:62:ed:e9:
                    fc:e1:31:1e:20:32:27:12:31:5a:db:9e:47:39:fd:
                    c0:09:96:3a:d6:a3:ce:00:b0:76:8a:55:d8:82:11:
                    de:21:af:9c:6a:ec:0f:31:10:09:29:2b:22:7f:a0:
                    da:d3:a8:e5:89:30:9a:d6:e1:e8:cf:90:99:51:0b:
                    16:d6:8b:57:55:82:14:7d:d7:86:e7:f4:40:6f:39:
                    bb:a7:d3:ae:ba:b6:09:db:ee:ce:3b:de:77:81:3b:
                    b5:a6:6d:8a:09:37:fe:2c:ea:d0:5c:05:4b:bf:42:
                    32:67:f2:b0:d8:6d:27:73:46:b4:a3:6f:45:e3:0e:
                    79:a2:be:08:49:52:cd:68:f2:93:83:72:bd:c1:e8:
                    39:05:af:47:e5:38:12:aa:b2:49:9d:dc:08:59:6d:
                    cb:76:03:af:94:08:2c:1c:cc:74:7b:28:00:32:6d:
                    d2:9d:d7:aa:6d:75:6f:d4:50:09:1d:cb:68:a7:2c:
                    bb:34:a3:95:cb:3a:4a:de:4f:4c:eb:a7:02:dc:88:
                    a3:14:68:48:9d:ea:c4:30:0e:16:c0:1b:fc:a3:be:
                    16:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:20:D3:EB:52:0C:CD:9F:0C:53:EB:91:65:85:E1:39:F6:FA:E4:29
            X509v3 Authority Key Identifier:
                keyid:8A:16:A5:FA:C6:5A:C5:E9:C5:EB:BF:ED:71:51:8C:AE:0C:13:11:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ihal-sZaxenF67_tcVGMrgwTEcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/DCDT61IMzZ8MU-uRZYXhOfb65Ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/ihal-sZaxenF67_tcVGMrgwTEcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:18:5d:4f:56:c1:49:9e:b2:2b:67:f2:5f:60:a1:f0:06:35:
         83:ea:a8:b6:09:1f:c4:cd:cf:5a:79:c0:d9:f1:b8:a7:41:ba:
         a2:ad:64:a1:3b:fc:d1:42:7c:67:07:81:bd:ef:2e:e7:ba:0a:
         7b:a5:0b:61:84:59:37:be:48:20:01:b6:8d:dc:83:22:7a:26:
         e8:9a:7b:af:29:1f:f0:31:97:eb:62:31:a7:2f:40:46:ca:7c:
         46:84:54:56:6e:96:21:92:2f:31:43:03:10:f0:93:87:63:cf:
         71:b8:d8:6d:82:18:40:d0:76:08:90:6f:a3:2f:c5:a5:08:65:
         47:a5:40:59:4c:ff:1b:e9:06:bc:10:bd:09:2a:f1:0d:09:1e:
         31:a7:45:fe:c4:69:f6:80:80:1e:df:9c:8e:c5:eb:15:37:34:
         e5:18:ed:f9:67:00:38:4b:cf:f6:68:f2:86:9d:33:b8:1e:e4:
         87:0b:c0:57:29:a9:25:60:2a:dd:2e:57:69:c3:a9:b7:db:d8:
         b9:20:b2:42:bb:8c:d3:cf:38:1f:bc:3c:a0:b4:18:1e:7c:3e:
         8b:cf:1c:d1:01:6b:47:e3:ef:b2:5a:46:a9:10:a9:20:73:13:
         35:7c:10:a2:48:d3:38:99:a9:6f:88:a0:35:af:f8:85:3e:79:
         47:0e:85:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGWPm1XrpeOJ7KFgefafMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMTZhNWZhYzY1YWM1ZTljNWViYmZlZDcxNTE4Y2FlMGMx
MzExYzUwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzIwZDNlYjUyMGNjZDlmMGM1M2ViOTE2NTg1ZTEzOWY2ZmFlNDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPapla5qnvO9+DfFoS5L/WFNtShI
RbStyaeqXdsD8cgeOOmNMygxx/Bi7en84TEeIDInEjFa255HOf3ACZY61qPOALB2
ilXYghHeIa+cauwPMRAJKSsif6Da06jliTCa1uHoz5CZUQsW1otXVYIUfdeG5/RA
bzm7p9OuurYJ2+7OO953gTu1pm2KCTf+LOrQXAVLv0IyZ/Kw2G0nc0a0o29F4w55
or4ISVLNaPKTg3K9weg5Ba9H5TgSqrJJndwIWW3LdgOvlAgsHMx0eygAMm3Sndeq
bXVv1FAJHctopyy7NKOVyzpK3k9M66cC3IijFGhInerEMA4WwBv8o74WJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwg0+tSDM2fDFPrkWWF4Tn2+uQpMB8GA1UdIwQY
MBaAFIoWpfrGWsXpxeu/7XFRjK4MExHFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWhhbC1zWmF4ZW5GNjdfdGNWR01yZ3dURWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9jMTBiNWQtYzhmYy00YzY4LWIwMWUt
NGNjMDFiNmY4ODQ3LzEvRENEVDYxSU16WjhNVS11UlpZWGhPZmI2NUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9jMTBiNWQtYzhmYy00YzY4LWIwMWUtNGNjMDFiNmY4ODQ3
LzEvaWhhbC1zWmF4ZW5GNjdfdGNWR01yZ3dURWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnH2MA0G
CSqGSIb3DQEBCwUAA4IBAQBBGF1PVsFJnrIrZ/JfYKHwBjWD6qi2CR/Ezc9aecDZ
8binQbqirWShO/zRQnxnB4G97y7nugp7pQthhFk3vkggAbaN3IMieibomnuvKR/w
MZfrYjGnL0BGynxGhFRWbpYhki8xQwMQ8JOHY89xuNhtghhA0HYIkG+jL8WlCGVH
pUBZTP8b6Qa8EL0JKvENCR4xp0X+xGn2gIAe35yOxesVNzTlGO35ZwA4S8/2aPKG
nTO4HuSHC8BXKaklYCrdLldpw6m329i5ILJCu4zTzzgfvDygtBgefD6LzxzRAWtH
4++yWkapEKkgcxM1fBCiSNM4malviKA1r/iFPnlHDoWt
-----END CERTIFICATE-----