Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/1I9Y2eT9qRfiaGCqOCKF4eR8zFg.roa
File:                     1I9Y2eT9qRfiaGCqOCKF4eR8zFg.roa (raw, json)
Hash identifier:          QDKthJY/wQarLsZeuwPLcrhYvhcS1yGYjPVrqB2aceI=
Subject key identifier:   D4:8F:58:D9:E4:FD:A9:17:E2:68:60:AA:38:22:85:E1:E4:7C:CC:58
Certificate issuer:       /CN=39ca5065043d28a2adc36383a1df7d3bec81ce8d
Certificate serial:       018CC72768833642702032073A8101BE8022
Authority key identifier: 39:CA:50:65:04:3D:28:A2:AD:C3:63:83:A1:DF:7D:3B:EC:81:CE:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OcpQZQQ9KKKtw2ODod99O-yBzo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/1I9Y2eT9qRfiaGCqOCKF4eR8zFg.roa
Signing time:             Mon 01 Jan 2024 22:31:37 +0000
ROA not before:           Mon 01 Jan 2024 22:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206860
IP address blocks:        85.202.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/OcpQZQQ9KKKtw2ODod99O-yBzo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/OcpQZQQ9KKKtw2ODod99O-yBzo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OcpQZQQ9KKKtw2ODod99O-yBzo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:68:83:36:42:70:20:32:07:3a:81:01:be:80:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39ca5065043d28a2adc36383a1df7d3bec81ce8d
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d48f58d9e4fda917e26860aa382285e1e47ccc58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:20:40:c0:de:0c:23:67:a5:8d:8f:de:c0:fd:
                    0c:b4:df:14:b0:5a:07:66:aa:a1:4c:bf:5c:59:c7:
                    3d:0d:0b:48:f7:eb:4b:cc:ad:32:bc:a6:8e:4a:5a:
                    46:b7:09:9c:a5:7c:78:08:90:f7:88:b0:76:f0:4d:
                    51:5a:83:7e:51:96:71:a8:57:71:1a:90:2d:5e:14:
                    c5:90:b0:bc:2c:f9:45:e1:76:cd:9b:96:8e:c5:1b:
                    bd:b9:89:7f:09:cb:ad:8b:4e:e4:2e:fd:16:e3:b6:
                    fc:d4:03:1f:ba:75:0d:91:70:a1:51:35:0f:47:2a:
                    21:34:2d:fb:f7:5a:c9:a1:e7:a2:82:e0:4e:9b:06:
                    98:55:d1:82:53:63:a5:ad:81:8e:fe:f3:78:7a:71:
                    61:c2:64:be:5d:70:0b:17:45:c7:41:e2:f3:f7:dd:
                    26:3d:2c:ea:b0:77:ad:e1:68:08:1f:22:a9:29:bf:
                    33:e5:49:75:47:e7:34:f5:26:da:40:16:2c:a5:b7:
                    43:c3:f6:b4:d1:df:5f:e5:15:a1:a5:25:35:91:69:
                    2c:7e:6d:ac:43:c8:53:21:cd:d8:19:33:0b:c7:f1:
                    81:62:39:69:11:e6:4e:cf:d9:49:e4:bc:57:cd:9c:
                    44:70:e3:3d:a3:db:fe:c9:91:e4:af:41:4b:9a:4f:
                    03:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:8F:58:D9:E4:FD:A9:17:E2:68:60:AA:38:22:85:E1:E4:7C:CC:58
            X509v3 Authority Key Identifier:
                keyid:39:CA:50:65:04:3D:28:A2:AD:C3:63:83:A1:DF:7D:3B:EC:81:CE:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OcpQZQQ9KKKtw2ODod99O-yBzo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/1I9Y2eT9qRfiaGCqOCKF4eR8zFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/OcpQZQQ9KKKtw2ODod99O-yBzo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:82:a6:51:a2:af:7b:a9:c0:da:db:65:22:06:59:04:06:dc:
         69:3b:46:3f:48:d8:37:75:c5:d5:a3:4c:a3:b3:bb:b6:23:59:
         36:21:0a:31:d2:4c:1f:59:0f:c9:ee:ab:07:3c:ec:58:f6:b2:
         b2:25:1f:fb:49:4f:ed:28:fb:65:aa:ce:c5:fb:6a:f6:5c:a2:
         0a:d3:29:64:f1:8b:b4:fa:b9:b7:f0:20:71:9f:65:0a:0c:a1:
         18:65:ed:94:09:95:fc:cf:98:3d:5b:40:87:41:29:70:6f:89:
         8b:ed:73:d2:f0:6a:a9:a4:af:08:c0:d5:27:a4:d9:85:ad:ec:
         ca:19:34:c0:75:4c:91:9f:bd:c4:9f:df:0c:52:6a:03:9f:6c:
         b8:74:e7:9a:16:ef:33:5b:4b:d8:97:5b:ce:61:50:10:aa:d0:
         83:90:7b:b5:22:63:7d:06:41:67:14:2e:53:6e:1f:44:34:f0:
         e0:ea:ea:42:3a:36:f5:07:58:ea:64:00:f5:5d:8a:ae:13:53:
         84:f9:44:3f:07:37:24:01:2a:40:ca:53:49:60:ff:8e:5b:2b:
         d1:73:5e:94:2f:11:b5:bc:6a:91:f0:34:21:41:c7:28:e8:66:
         eb:1f:4a:89:b2:f5:d0:5a:9c:9b:e2:39:a8:05:53:fa:b9:47:
         6f:70:50:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2iDNkJwIDIHOoEBvoAiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5Y2E1MDY1MDQzZDI4YTJhZGMzNjM4M2ExZGY3ZDNiZWM4
MWNlOGQwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDhmNThkOWU0ZmRhOTE3ZTI2ODYwYWEzODIyODVlMWU0N2NjYzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiBAwN4MI2eljY/ewP0MtN8UsFoH
ZqqhTL9cWcc9DQtI9+tLzK0yvKaOSlpGtwmcpXx4CJD3iLB28E1RWoN+UZZxqFdx
GpAtXhTFkLC8LPlF4XbNm5aOxRu9uYl/Ccuti07kLv0W47b81AMfunUNkXChUTUP
RyohNC3791rJoeeiguBOmwaYVdGCU2OlrYGO/vN4enFhwmS+XXALF0XHQeLz990m
PSzqsHet4WgIHyKpKb8z5Ul1R+c09SbaQBYspbdDw/a00d9f5RWhpSU1kWksfm2s
Q8hTIc3YGTMLx/GBYjlpEeZOz9lJ5LxXzZxEcOM9o9v+yZHkr0FLmk8DeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSPWNnk/akX4mhgqjgiheHkfMxYMB8GA1UdIwQY
MBaAFDnKUGUEPSiircNjg6HffTvsgc6NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2NwUVpRUTlLS0t0dzJPRG9kOTlPLXlCem8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8zNDdjMzQtOTZkOC00MTg0LWE2Njgt
ODcwYWNmZWNiY2RmLzEvMUk5WTJlVDlxUmZpYUdDcU9DS0Y0ZVI4ekZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8zNDdjMzQtOTZkOC00MTg0LWE2NjgtODcwYWNmZWNiY2Rm
LzEvT2NwUVpRUTlLS0t0dzJPRG9kOTlPLXlCem8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcrJMA0G
CSqGSIb3DQEBCwUAA4IBAQCngqZRoq97qcDa22UiBlkEBtxpO0Y/SNg3dcXVo0yj
s7u2I1k2IQox0kwfWQ/J7qsHPOxY9rKyJR/7SU/tKPtlqs7F+2r2XKIK0ylk8Yu0
+rm38CBxn2UKDKEYZe2UCZX8z5g9W0CHQSlwb4mL7XPS8GqppK8IwNUnpNmFrezK
GTTAdUyRn73En98MUmoDn2y4dOeaFu8zW0vYl1vOYVAQqtCDkHu1ImN9BkFnFC5T
bh9ENPDg6upCOjb1B1jqZAD1XYquE1OE+UQ/BzckASpAylNJYP+OWyvRc16ULxG1
vGqR8DQhQcco6GbrH0qJsvXQWpyb4jmoBVP6uUdvcFBU
-----END CERTIFICATE-----