Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/_4feJt_t3NEHL0Z99_1tPOCeSww.roa
File:                     _4feJt_t3NEHL0Z99_1tPOCeSww.roa (raw, json)
Hash identifier:          ZNrLa6LiQoSGKGiCcV4rT0+Jpw5ep09iBum4Gs6YUt4=
Subject key identifier:   FF:87:DE:26:DF:ED:DC:D1:07:2F:46:7D:F7:FD:6D:3C:E0:9E:4B:0C
Certificate issuer:       /CN=c90edd10e6d9062215bfd64e45b3bf8a6b996379
Certificate serial:       018FF2C141246AC18BFDB41C65DB5AC92DFC
Authority key identifier: C9:0E:DD:10:E6:D9:06:22:15:BF:D6:4E:45:B3:BF:8A:6B:99:63:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yQ7dEObZBiIVv9ZORbO_imuZY3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/_4feJt_t3NEHL0Z99_1tPOCeSww.roa
Signing time:             Fri 07 Jun 2024 12:51:42 +0000
ROA not before:           Fri 07 Jun 2024 12:51:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        23.239.128.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/yQ7dEObZBiIVv9ZORbO_imuZY3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/yQ7dEObZBiIVv9ZORbO_imuZY3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yQ7dEObZBiIVv9ZORbO_imuZY3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f2:c1:41:24:6a:c1:8b:fd:b4:1c:65:db:5a:c9:2d:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c90edd10e6d9062215bfd64e45b3bf8a6b996379
        Validity
            Not Before: Jun  7 12:51:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff87de26dfeddcd1072f467df7fd6d3ce09e4b0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d4:42:5c:32:a5:bb:5a:98:3d:63:d1:fe:dd:
                    71:f4:5e:c7:c7:89:2c:21:e3:a2:0f:34:04:9c:fc:
                    f6:03:3c:71:9f:f0:d4:87:91:5a:61:d2:b6:be:ad:
                    f6:c5:37:4f:da:41:e7:3b:fb:02:8d:da:c9:97:c2:
                    b6:4e:85:a7:64:0d:e1:73:af:16:33:3c:51:d9:dd:
                    21:79:ad:5d:7e:aa:a3:7a:d4:ee:fd:48:db:a6:78:
                    b3:d4:1f:c2:a4:60:37:93:f0:ad:fa:e6:e0:65:62:
                    ed:87:20:cc:6f:11:ea:45:5a:aa:ea:9a:24:dc:50:
                    e0:90:f6:26:78:ea:b3:57:70:37:af:4d:48:d1:7f:
                    cb:b6:69:3a:f7:a5:f6:7d:07:84:26:11:be:09:40:
                    13:20:5b:1e:a1:fe:6f:ed:66:21:a3:ab:eb:ee:e4:
                    48:49:1e:d2:48:da:af:92:09:b1:2b:d4:7a:60:e8:
                    7c:a4:22:8d:ea:eb:d7:02:2b:22:0e:94:ba:fb:30:
                    6b:3a:93:b1:9e:82:2c:92:75:7b:4a:53:a4:29:d6:
                    35:9f:6b:ae:3f:24:73:05:db:92:de:03:a5:f8:b1:
                    10:99:96:17:d4:83:38:b9:0b:dd:d5:1a:1f:2c:eb:
                    a8:d9:a3:05:93:d4:5b:84:1c:13:ba:28:62:e7:62:
                    07:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:87:DE:26:DF:ED:DC:D1:07:2F:46:7D:F7:FD:6D:3C:E0:9E:4B:0C
            X509v3 Authority Key Identifier:
                keyid:C9:0E:DD:10:E6:D9:06:22:15:BF:D6:4E:45:B3:BF:8A:6B:99:63:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yQ7dEObZBiIVv9ZORbO_imuZY3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/_4feJt_t3NEHL0Z99_1tPOCeSww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/yQ7dEObZBiIVv9ZORbO_imuZY3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.239.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0c:c4:62:9a:c7:fc:c5:b9:a5:c9:b1:eb:ed:a6:06:69:e5:78:
         fd:30:97:35:81:bd:ed:f6:18:12:ff:0a:6a:e5:a9:cf:37:b0:
         cc:89:ca:21:8d:1f:1b:f2:e9:1e:26:33:b8:bd:a8:bb:08:fc:
         82:68:ad:ed:72:35:5e:e9:48:59:62:d9:60:8d:34:27:25:1f:
         53:a0:09:76:0c:25:f0:5e:35:f9:05:da:71:e6:cb:51:bb:e0:
         be:30:0a:f5:76:2d:e6:8c:69:c9:af:b3:dd:57:f5:65:b2:8c:
         3c:a4:89:e4:fe:cc:e3:29:37:dc:75:3a:a8:4f:82:35:a6:57:
         8a:a4:47:4a:b1:ca:80:28:e8:b9:08:1e:3c:2e:13:3d:57:da:
         f3:92:ef:9d:1b:b7:1a:68:d4:83:99:95:24:62:ff:2a:73:71:
         e5:74:27:09:02:29:49:ef:c5:45:48:02:8d:4a:75:f0:e6:fc:
         99:be:97:82:87:c6:db:40:ac:53:93:26:f0:c3:58:6c:27:2d:
         0c:c2:9b:29:43:84:65:ea:7a:d1:87:a3:5f:9a:ce:83:3d:3d:
         57:c9:6c:13:46:0a:be:27:b8:e2:3a:4b:67:2f:48:d1:90:61:
         ab:b2:74:db:56:d1:ed:f9:ff:9b:f0:d4:e1:72:9f:3d:c2:9e:
         10:08:f1:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/ywUEkasGL/bQcZdtayS38MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MGVkZDEwZTZkOTA2MjIxNWJmZDY0ZTQ1YjNiZjhhNmI5
OTYzNzkwHhcNMjQwNjA3MTI1MTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjg3ZGUyNmRmZWRkY2QxMDcyZjQ2N2RmN2ZkNmQzY2UwOWU0YjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9RCXDKlu1qYPWPR/t1x9F7Hx4ks
IeOiDzQEnPz2Azxxn/DUh5FaYdK2vq32xTdP2kHnO/sCjdrJl8K2ToWnZA3hc68W
MzxR2d0hea1dfqqjetTu/Ujbpniz1B/CpGA3k/Ct+ubgZWLthyDMbxHqRVqq6pok
3FDgkPYmeOqzV3A3r01I0X/Ltmk696X2fQeEJhG+CUATIFseof5v7WYho6vr7uRI
SR7SSNqvkgmxK9R6YOh8pCKN6uvXAisiDpS6+zBrOpOxnoIsknV7SlOkKdY1n2uu
PyRzBduS3gOl+LEQmZYX1IM4uQvd1RofLOuo2aMFk9RbhBwTuihi52IHwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+H3ibf7dzRBy9Gfff9bTzgnksMMB8GA1UdIwQY
MBaAFMkO3RDm2QYiFb/WTkWzv4prmWN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVE3ZEVPYlpCaUlWdjlaT1JiT19pbXVaWTNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS82NDgzYzItMzkyMS00YzZlLTkzNzMt
MzFhNGRhNjFkNTc2LzEvXzRmZUp0X3QzTkVITDBaOTlfMXRQT0NlU3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS82NDgzYzItMzkyMS00YzZlLTkzNzMtMzFhNGRhNjFkNTc2
LzEveVE3ZEVPYlpCaUlWdjlaT1JiT19pbXVaWTNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFF++AMA0G
CSqGSIb3DQEBCwUAA4IBAQAMxGKax/zFuaXJsevtpgZp5Xj9MJc1gb3t9hgS/wpq
5anPN7DMicohjR8b8ukeJjO4vai7CPyCaK3tcjVe6UhZYtlgjTQnJR9ToAl2DCXw
XjX5Bdpx5stRu+C+MAr1di3mjGnJr7PdV/Vlsow8pInk/szjKTfcdTqoT4I1pleK
pEdKscqAKOi5CB48LhM9V9rzku+dG7caaNSDmZUkYv8qc3HldCcJAilJ78VFSAKN
SnXw5vyZvpeCh8bbQKxTkybww1hsJy0MwpspQ4Rl6nrRh6Nfms6DPT1XyWwTRgq+
J7jiOktnL0jRkGGrsnTbVtHt+f+b8NThcp89wp4QCPHh
-----END CERTIFICATE-----