Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/678964-d802-48f9-96f1-e3bfa72d7ef8/1/V0QdJIrM7Rtur5EoahPSUGHRgsw.roa
File:                     V0QdJIrM7Rtur5EoahPSUGHRgsw.roa (raw, json)
Hash identifier:          RoMSsLp41wjQ/w0oDuKkH37UaR7r1RMGNQnnbGUQfDE=
Subject key identifier:   57:44:1D:24:8A:CC:ED:1B:6E:AF:91:28:6A:13:D2:50:61:D1:82:CC
Certificate issuer:       /CN=dedb20030901ff2df4ebd1f49e4891cb28fe0730
Certificate serial:       018CC8DF73EBF7684A40ACD74BD1B8A0C19C
Authority key identifier: DE:DB:20:03:09:01:FF:2D:F4:EB:D1:F4:9E:48:91:CB:28:FE:07:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3tsgAwkB_y3069H0nkiRyyj-BzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/678964-d802-48f9-96f1-e3bfa72d7ef8/1/V0QdJIrM7Rtur5EoahPSUGHRgsw.roa
Signing time:             Tue 02 Jan 2024 06:32:16 +0000
ROA not before:           Tue 02 Jan 2024 06:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        185.92.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/678964-d802-48f9-96f1-e3bfa72d7ef8/1/3tsgAwkB_y3069H0nkiRyyj-BzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/678964-d802-48f9-96f1-e3bfa72d7ef8/1/3tsgAwkB_y3069H0nkiRyyj-BzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3tsgAwkB_y3069H0nkiRyyj-BzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:73:eb:f7:68:4a:40:ac:d7:4b:d1:b8:a0:c1:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dedb20030901ff2df4ebd1f49e4891cb28fe0730
        Validity
            Not Before: Jan  2 06:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57441d248acced1b6eaf91286a13d25061d182cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:98:0d:e7:f9:30:00:f9:86:be:11:f3:ed:e6:
                    73:c5:9d:ca:8c:83:84:b9:0a:3a:6f:53:b5:41:91:
                    e2:a2:eb:eb:56:74:74:3b:f4:3e:3c:79:4c:b3:86:
                    b9:44:0b:4c:5b:f1:7b:04:7b:66:f3:8c:5f:26:b5:
                    57:00:51:b9:9e:c3:07:29:24:60:0f:3b:af:8b:74:
                    93:df:f5:28:61:c0:d9:10:64:97:13:58:03:5c:59:
                    2a:07:8a:3a:9f:32:95:e0:c2:0f:05:fe:6a:00:80:
                    fa:00:5f:86:aa:40:1b:54:9b:2f:93:10:e7:67:a4:
                    5a:97:4c:75:a3:30:dd:4e:37:0f:eb:a2:06:ee:99:
                    09:0b:11:d4:e3:f0:3a:2c:e5:c8:e2:d0:e1:b4:c1:
                    2c:13:27:8b:ed:9d:a7:a4:0b:e2:87:a7:09:ad:e3:
                    8f:28:2e:dd:2c:30:15:69:b7:1e:32:8e:88:42:eb:
                    14:31:98:9d:e4:cd:67:6d:13:e9:bd:38:3c:71:a9:
                    49:29:55:28:01:f0:13:13:f1:9f:4b:5a:05:2b:d0:
                    07:75:06:00:a4:2a:37:40:b0:d5:26:80:6c:5f:d9:
                    7d:24:66:c4:42:5e:ea:b7:e9:17:c5:ee:71:f1:89:
                    9a:04:7a:e1:67:84:09:17:d4:53:0c:bc:90:f7:6f:
                    3a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:44:1D:24:8A:CC:ED:1B:6E:AF:91:28:6A:13:D2:50:61:D1:82:CC
            X509v3 Authority Key Identifier:
                keyid:DE:DB:20:03:09:01:FF:2D:F4:EB:D1:F4:9E:48:91:CB:28:FE:07:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3tsgAwkB_y3069H0nkiRyyj-BzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/678964-d802-48f9-96f1-e3bfa72d7ef8/1/V0QdJIrM7Rtur5EoahPSUGHRgsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/678964-d802-48f9-96f1-e3bfa72d7ef8/1/3tsgAwkB_y3069H0nkiRyyj-BzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:70:46:fc:01:b4:a1:01:d7:dd:e6:96:09:01:3e:36:20:2c:
         ff:c1:43:9b:f6:38:29:bf:d9:3e:bd:fb:0d:9f:ef:9e:3e:fe:
         87:fc:a0:59:a9:23:53:9d:05:bf:2f:4f:45:f7:e4:a5:6a:83:
         d8:aa:12:d1:10:30:aa:a4:a2:0a:1c:a4:1a:e1:e0:84:13:52:
         f2:90:9f:00:81:3a:c2:9f:18:db:a0:30:26:37:f1:f6:a1:05:
         31:31:81:b5:60:d0:5c:0c:44:14:75:7d:3c:b3:7a:f9:1a:f1:
         05:f3:e6:fe:cf:b3:7d:d7:88:c5:cb:3f:dd:c8:e7:0a:a4:cd:
         96:4b:01:3b:53:63:69:1c:4c:6a:bb:9d:1c:dd:6d:4a:20:1d:
         49:58:7b:c4:9f:28:07:53:f5:04:1a:b7:bc:d4:c9:6e:5e:22:
         82:d6:08:49:0c:7c:bc:88:72:47:68:a2:0f:24:18:0e:21:a5:
         69:6e:33:37:23:ef:fe:4e:c3:64:89:80:8a:c7:98:f7:3e:ae:
         bc:aa:4a:d8:ad:b7:e4:81:b3:1f:60:1c:cc:16:99:cd:94:9a:
         64:5c:47:56:cf:00:dd:f2:fa:15:b8:d0:0f:77:ea:16:35:7b:
         98:9e:7a:75:ca:c6:fd:33:87:47:9e:d2:d0:35:a3:bd:b0:71:
         e7:68:1b:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33Pr92hKQKzXS9G4oMGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZGIyMDAzMDkwMWZmMmRmNGViZDFmNDllNDg5MWNiMjhm
ZTA3MzAwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzQ0MWQyNDhhY2NlZDFiNmVhZjkxMjg2YTEzZDI1MDYxZDE4MmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpgN5/kwAPmGvhHz7eZzxZ3KjIOE
uQo6b1O1QZHiouvrVnR0O/Q+PHlMs4a5RAtMW/F7BHtm84xfJrVXAFG5nsMHKSRg
Dzuvi3ST3/UoYcDZEGSXE1gDXFkqB4o6nzKV4MIPBf5qAID6AF+GqkAbVJsvkxDn
Z6Ral0x1ozDdTjcP66IG7pkJCxHU4/A6LOXI4tDhtMEsEyeL7Z2npAvih6cJreOP
KC7dLDAVabceMo6IQusUMZid5M1nbRPpvTg8calJKVUoAfATE/GfS1oFK9AHdQYA
pCo3QLDVJoBsX9l9JGbEQl7qt+kXxe5x8YmaBHrhZ4QJF9RTDLyQ92861wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdEHSSKzO0bbq+RKGoT0lBh0YLMMB8GA1UdIwQY
MBaAFN7bIAMJAf8t9OvR9J5Ikcso/gcwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3RzZ0F3a0JfeTMwNjlIMG5raVJ5eWotQnpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82Nzg5NjQtZDgwMi00OGY5LTk2ZjEt
ZTNiZmE3MmQ3ZWY4LzEvVjBRZEpJck03UnR1cjVFb2FoUFNVR0hSZ3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82Nzg5NjQtZDgwMi00OGY5LTk2ZjEtZTNiZmE3MmQ3ZWY4
LzEvM3RzZ0F3a0JfeTMwNjlIMG5raVJ5eWotQnpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVwNMA0G
CSqGSIb3DQEBCwUAA4IBAQBacEb8AbShAdfd5pYJAT42ICz/wUOb9jgpv9k+vfsN
n++ePv6H/KBZqSNTnQW/L09F9+SlaoPYqhLREDCqpKIKHKQa4eCEE1LykJ8AgTrC
nxjboDAmN/H2oQUxMYG1YNBcDEQUdX08s3r5GvEF8+b+z7N914jFyz/dyOcKpM2W
SwE7U2NpHExqu50c3W1KIB1JWHvEnygHU/UEGre81MluXiKC1ghJDHy8iHJHaKIP
JBgOIaVpbjM3I+/+TsNkiYCKx5j3Pq68qkrYrbfkgbMfYBzMFpnNlJpkXEdWzwDd
8voVuNAPd+oWNXuYnnp1ysb9M4dHntLQNaO9sHHnaBva
-----END CERTIFICATE-----