Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/C3hplVUZTneb_tuvMKHYwlta2Dk.roa
File:                     C3hplVUZTneb_tuvMKHYwlta2Dk.roa (raw, json)
Hash identifier:          vqPumhTONJqHrWPy++X8YtHfka++xckmWLYeJRS5Lik=
Subject key identifier:   0B:78:69:95:55:19:4E:77:9B:FE:DB:AF:30:A1:D8:C2:5B:5A:D8:39
Certificate issuer:       /CN=1d65b7b7b898faaee70767d09715c436a83fcdc2
Certificate serial:       018CC64AB23F47D8174E0059492A0808C0C2
Authority key identifier: 1D:65:B7:B7:B8:98:FA:AE:E7:07:67:D0:97:15:C4:36:A8:3F:CD:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HWW3t7iY-q7nB2fQlxXENqg_zcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/C3hplVUZTneb_tuvMKHYwlta2Dk.roa
Signing time:             Mon 01 Jan 2024 18:30:33 +0000
ROA not before:           Mon 01 Jan 2024 18:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39356
IP address blocks:        164.215.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/HWW3t7iY-q7nB2fQlxXENqg_zcI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/HWW3t7iY-q7nB2fQlxXENqg_zcI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HWW3t7iY-q7nB2fQlxXENqg_zcI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 07:03:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:b2:3f:47:d8:17:4e:00:59:49:2a:08:08:c0:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d65b7b7b898faaee70767d09715c436a83fcdc2
        Validity
            Not Before: Jan  1 18:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b78699555194e779bfedbaf30a1d8c25b5ad839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fb:77:c9:e8:76:19:a6:78:d6:a9:99:1d:22:
                    f9:78:b4:66:55:a9:b0:ec:59:26:f3:96:32:28:6a:
                    ba:e8:ff:0d:09:8b:51:8b:b9:5c:79:da:0d:e1:8d:
                    ba:6b:b4:f7:b3:78:73:43:c0:5a:59:fb:23:06:f1:
                    d1:07:50:22:de:1e:d4:ac:f6:fb:aa:aa:75:53:94:
                    0f:eb:bf:b0:f5:4c:f9:e5:76:bc:a8:cf:24:47:21:
                    8d:4a:7d:f1:47:e0:78:bf:b1:50:89:2e:51:08:2c:
                    b0:c4:67:2f:55:7c:89:d4:50:e9:ce:73:78:3f:66:
                    42:7f:38:9f:2e:98:10:f2:7c:db:bd:6c:5d:8e:ff:
                    b2:fb:a7:dc:60:85:30:b1:db:ed:9e:8a:03:d8:4d:
                    c7:3e:25:bf:d2:5c:2a:e9:e4:c9:cf:fa:01:2a:cd:
                    1e:56:39:cf:5b:c5:81:74:32:68:92:09:50:02:14:
                    b7:f8:17:ec:b6:86:3e:c5:56:ca:5c:04:54:bf:b0:
                    25:e3:79:63:fc:4c:5a:f3:07:03:77:db:bf:0a:8c:
                    1d:48:1a:68:87:bb:26:3c:c4:89:a7:3c:68:ca:73:
                    88:e2:ef:77:68:1c:48:6e:53:71:43:5c:77:d8:28:
                    c5:9a:ec:dc:7c:47:f0:37:e2:47:46:87:5c:14:ba:
                    94:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:78:69:95:55:19:4E:77:9B:FE:DB:AF:30:A1:D8:C2:5B:5A:D8:39
            X509v3 Authority Key Identifier:
                keyid:1D:65:B7:B7:B8:98:FA:AE:E7:07:67:D0:97:15:C4:36:A8:3F:CD:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HWW3t7iY-q7nB2fQlxXENqg_zcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/C3hplVUZTneb_tuvMKHYwlta2Dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/HWW3t7iY-q7nB2fQlxXENqg_zcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.215.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:55:d9:19:77:de:f5:e5:69:85:5d:ab:46:6c:c5:64:4c:5f:
         92:66:d6:f4:cc:24:05:2c:71:7a:8e:93:0c:23:84:3d:af:a5:
         7d:7b:c1:5a:30:24:82:9d:1d:d2:d4:76:d8:6a:3f:95:b5:2f:
         d7:41:98:46:a4:94:7a:6b:9c:73:12:d6:e5:15:30:39:68:8d:
         72:48:1a:bf:28:80:ce:62:be:bd:78:63:06:d5:4c:91:4f:84:
         34:f3:48:45:4d:5f:7f:7d:49:d1:72:cc:b8:3a:4a:c8:81:c3:
         0b:b7:d0:07:51:46:17:f3:1e:35:38:84:a3:e4:82:2a:b2:13:
         29:dd:a1:7e:a7:c6:47:eb:f6:f8:d7:39:13:d6:70:8b:e7:6b:
         69:ba:b9:1d:05:af:05:c9:03:6e:13:87:e4:60:9c:63:42:a9:
         b5:35:38:f5:a0:fe:7f:9a:7a:d0:01:03:61:8c:a7:3c:7c:19:
         c7:84:7f:c3:3b:3f:6b:b2:67:03:3a:1c:6c:03:05:e8:4f:23:
         c3:40:19:ab:31:57:1f:12:fc:73:03:82:91:74:86:55:6c:f0:
         8e:dc:71:b6:51:9a:59:52:1c:19:b2:3c:10:93:0a:b1:52:7e:
         ee:fc:40:05:45:72:41:71:71:30:6b:f9:18:b5:e6:3d:df:1d:
         d7:31:98:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSrI/R9gXTgBZSSoICMDCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNjViN2I3Yjg5OGZhYWVlNzA3NjdkMDk3MTVjNDM2YTgz
ZmNkYzIwHhcNMjQwMTAxMTgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjc4Njk5NTU1MTk0ZTc3OWJmZWRiYWYzMGExZDhjMjViNWFkODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtft3yeh2GaZ41qmZHSL5eLRmVamw
7Fkm85YyKGq66P8NCYtRi7lcedoN4Y26a7T3s3hzQ8BaWfsjBvHRB1Ai3h7UrPb7
qqp1U5QP67+w9Uz55Xa8qM8kRyGNSn3xR+B4v7FQiS5RCCywxGcvVXyJ1FDpznN4
P2ZCfzifLpgQ8nzbvWxdjv+y+6fcYIUwsdvtnooD2E3HPiW/0lwq6eTJz/oBKs0e
VjnPW8WBdDJokglQAhS3+BfstoY+xVbKXARUv7Al43lj/Exa8wcDd9u/CowdSBpo
h7smPMSJpzxoynOI4u93aBxIblNxQ1x32CjFmuzcfEfwN+JHRodcFLqUWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAt4aZVVGU53m/7brzCh2MJbWtg5MB8GA1UdIwQY
MBaAFB1lt7e4mPqu5wdn0JcVxDaoP83CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFdXM3Q3aVktcTduQjJmUWx4WEVOcWdfemNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9kZWFlZjEtNjI0MS00OWFiLTk4MjUt
OGZjMzczNzU3Njg0LzEvQzNocGxWVVpUbmViX3R1dk1LSFl3bHRhMkRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9kZWFlZjEtNjI0MS00OWFiLTk4MjUtOGZjMzczNzU3Njg0
LzEvSFdXM3Q3aVktcTduQjJmUWx4WEVOcWdfemNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApNdsMA0G
CSqGSIb3DQEBCwUAA4IBAQBYVdkZd9715WmFXatGbMVkTF+SZtb0zCQFLHF6jpMM
I4Q9r6V9e8FaMCSCnR3S1HbYaj+VtS/XQZhGpJR6a5xzEtblFTA5aI1ySBq/KIDO
Yr69eGMG1UyRT4Q080hFTV9/fUnRcsy4OkrIgcMLt9AHUUYX8x41OISj5IIqshMp
3aF+p8ZH6/b41zkT1nCL52tpurkdBa8FyQNuE4fkYJxjQqm1NTj1oP5/mnrQAQNh
jKc8fBnHhH/DOz9rsmcDOhxsAwXoTyPDQBmrMVcfEvxzA4KRdIZVbPCO3HG2UZpZ
UhwZsjwQkwqxUn7u/EAFRXJBcXEwa/kYteY93x3XMZgw
-----END CERTIFICATE-----