Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/7a806c-2f08-47d9-9cc9-658d4c4628ad/1/PtYg8NsPFam4H-8wwLyW6LPJNgs.roa
File:                     PtYg8NsPFam4H-8wwLyW6LPJNgs.roa (raw, json)
Hash identifier:          VPsJAjNMVVs2DdyddMo4WX15qcOAKrUh8VZtkFimACc=
Subject key identifier:   3E:D6:20:F0:DB:0F:15:A9:B8:1F:EF:30:C0:BC:96:E8:B3:C9:36:0B
Certificate issuer:       /CN=a08e41cbfdefad0bb0e297247acc1a201d2df4a0
Certificate serial:       018CCA2A2FA87F5127D1BD2B5FAABF1ECB2A
Authority key identifier: A0:8E:41:CB:FD:EF:AD:0B:B0:E2:97:24:7A:CC:1A:20:1D:2D:F4:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oI5By_3vrQuw4pckeswaIB0t9KA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/7a806c-2f08-47d9-9cc9-658d4c4628ad/1/PtYg8NsPFam4H-8wwLyW6LPJNgs.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211606
IP address blocks:        185.254.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/7a806c-2f08-47d9-9cc9-658d4c4628ad/1/oI5By_3vrQuw4pckeswaIB0t9KA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/7a806c-2f08-47d9-9cc9-658d4c4628ad/1/oI5By_3vrQuw4pckeswaIB0t9KA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oI5By_3vrQuw4pckeswaIB0t9KA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2f:a8:7f:51:27:d1:bd:2b:5f:aa:bf:1e:cb:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a08e41cbfdefad0bb0e297247acc1a201d2df4a0
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ed620f0db0f15a9b81fef30c0bc96e8b3c9360b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:02:ed:1e:0b:01:b3:a2:cd:61:83:d3:b6:65:
                    1d:02:d2:f9:11:34:ee:5a:d5:6e:a2:b9:d0:50:b9:
                    3b:c3:10:22:e5:4f:ca:12:9b:2a:62:b5:1d:e2:b4:
                    5f:09:aa:0a:40:cf:a0:3b:9a:c5:df:8d:7e:b9:6d:
                    04:b5:8d:2a:2e:4d:5d:23:20:89:02:a0:8e:38:30:
                    a2:4d:a9:ae:78:34:1a:5e:ea:7d:f8:f4:ea:92:0e:
                    ee:08:f6:9f:c5:be:d8:18:d4:8b:c5:95:81:0c:31:
                    5f:00:7b:14:ea:8a:48:f0:54:88:0b:ec:db:a7:55:
                    a2:1a:34:8b:59:f6:f0:93:93:a9:3e:75:0c:6a:1f:
                    af:9d:ad:c5:8c:92:9b:cf:4f:cf:8c:06:da:3e:0d:
                    0f:1d:e8:98:33:40:95:af:28:fe:f7:2c:a7:bc:e6:
                    3b:f3:be:0a:97:fe:d8:e6:60:99:1f:7e:49:e2:07:
                    05:a8:1a:b9:97:09:41:3d:0b:44:b0:eb:51:91:17:
                    da:48:97:29:fe:97:5d:d0:da:a9:0a:ae:f7:f3:93:
                    67:f4:b3:40:a5:00:93:ce:02:d4:af:29:76:2e:75:
                    76:92:0c:0f:cf:53:f8:bc:3a:83:1c:ff:9a:8e:0a:
                    99:d8:33:07:dc:ff:b5:a2:54:95:2b:06:fe:6b:58:
                    77:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:D6:20:F0:DB:0F:15:A9:B8:1F:EF:30:C0:BC:96:E8:B3:C9:36:0B
            X509v3 Authority Key Identifier:
                keyid:A0:8E:41:CB:FD:EF:AD:0B:B0:E2:97:24:7A:CC:1A:20:1D:2D:F4:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oI5By_3vrQuw4pckeswaIB0t9KA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/7a806c-2f08-47d9-9cc9-658d4c4628ad/1/PtYg8NsPFam4H-8wwLyW6LPJNgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/7a806c-2f08-47d9-9cc9-658d4c4628ad/1/oI5By_3vrQuw4pckeswaIB0t9KA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:d3:4e:3f:b0:b1:73:c0:d2:c9:fe:4f:a7:52:25:e1:1a:41:
         c4:d6:65:27:85:47:7a:af:f2:e5:2f:4f:df:91:43:a4:45:6d:
         fc:74:7a:17:d2:f3:91:0b:cd:3b:3f:4a:53:7b:a4:57:4b:3a:
         e1:59:88:de:64:98:fc:15:53:5f:27:82:14:04:65:c5:2e:89:
         12:de:86:af:a6:dd:84:70:96:71:59:00:e5:f5:69:c2:12:13:
         73:58:e7:58:b3:cc:77:01:f3:21:10:d7:32:07:45:d9:dc:17:
         22:9c:24:85:02:4a:f7:3b:dc:46:4b:b2:f6:32:c4:c1:1f:5c:
         4e:38:69:d7:5d:bd:16:b8:77:39:55:62:d7:34:cd:fd:17:7f:
         59:50:b1:51:bb:9d:31:19:46:90:ce:4b:ee:d4:88:92:4a:41:
         2b:c6:75:b6:77:38:93:a0:17:a6:5c:e9:a6:d6:c6:fa:ea:13:
         65:93:52:d7:a4:b4:1e:ba:b8:26:58:d0:aa:ab:d2:3f:18:9f:
         47:28:27:e8:31:70:e9:14:e1:88:36:0a:eb:19:b6:71:b6:57:
         14:98:36:e5:03:e1:84:dd:bb:3f:47:87:e7:32:e1:2e:ea:30:
         db:71:16:e7:e3:19:cb:4b:23:2f:9b:41:ef:2d:7f:c1:8e:ba:
         21:71:d8:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKi+of1En0b0rX6q/HssqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwOGU0MWNiZmRlZmFkMGJiMGUyOTcyNDdhY2MxYTIwMWQy
ZGY0YTAwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWQ2MjBmMGRiMGYxNWE5YjgxZmVmMzBjMGJjOTZlOGIzYzkzNjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhALtHgsBs6LNYYPTtmUdAtL5ETTu
WtVuornQULk7wxAi5U/KEpsqYrUd4rRfCaoKQM+gO5rF341+uW0EtY0qLk1dIyCJ
AqCOODCiTamueDQaXup9+PTqkg7uCPafxb7YGNSLxZWBDDFfAHsU6opI8FSIC+zb
p1WiGjSLWfbwk5OpPnUMah+vna3FjJKbz0/PjAbaPg0PHeiYM0CVryj+9yynvOY7
874Kl/7Y5mCZH35J4gcFqBq5lwlBPQtEsOtRkRfaSJcp/pdd0NqpCq7385Nn9LNA
pQCTzgLUryl2LnV2kgwPz1P4vDqDHP+ajgqZ2DMH3P+1olSVKwb+a1h3rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7WIPDbDxWpuB/vMMC8luizyTYLMB8GA1UdIwQY
MBaAFKCOQcv9760LsOKXJHrMGiAdLfSgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0k1QnlfM3ZyUXV3NHBja2Vzd2FJQjB0OUtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC83YTgwNmMtMmYwOC00N2Q5LTljYzkt
NjU4ZDRjNDYyOGFkLzEvUHRZZzhOc1BGYW00SC04d3dMeVc2TFBKTmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC83YTgwNmMtMmYwOC00N2Q5LTljYzktNjU4ZDRjNDYyOGFk
LzEvb0k1QnlfM3ZyUXV3NHBja2Vzd2FJQjB0OUtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf55MA0G
CSqGSIb3DQEBCwUAA4IBAQC9004/sLFzwNLJ/k+nUiXhGkHE1mUnhUd6r/LlL0/f
kUOkRW38dHoX0vORC807P0pTe6RXSzrhWYjeZJj8FVNfJ4IUBGXFLokS3oavpt2E
cJZxWQDl9WnCEhNzWOdYs8x3AfMhENcyB0XZ3BcinCSFAkr3O9xGS7L2MsTBH1xO
OGnXXb0WuHc5VWLXNM39F39ZULFRu50xGUaQzkvu1IiSSkErxnW2dziToBemXOmm
1sb66hNlk1LXpLQeurgmWNCqq9I/GJ9HKCfoMXDpFOGINgrrGbZxtlcUmDblA+GE
3bs/R4fnMuEu6jDbcRbn4xnLSyMvm0HvLX/Bjrohcdg4
-----END CERTIFICATE-----