Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/89fd43-54f0-4a15-b2b1-3f3a02748c2a/1/DJjDf957_BXlLY1eZ-s8nAeCohc.roa
File:                     DJjDf957_BXlLY1eZ-s8nAeCohc.roa (raw, json)
Hash identifier:          w8Aj5mEJX0sQRtfb43J1DfE69c7i8zVdV4cX2DefEwU=
Subject key identifier:   0C:98:C3:7F:DE:7B:FC:15:E5:2D:8D:5E:67:EB:3C:9C:07:82:A2:17
Certificate issuer:       /CN=359f1e3b80551e98a16fc2bbcb7dd87c9a0efe25
Certificate serial:       018F817B2EE219FBD8C43334AD9CF2E7A3CD
Authority key identifier: 35:9F:1E:3B:80:55:1E:98:A1:6F:C2:BB:CB:7D:D8:7C:9A:0E:FE:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8eO4BVHpihb8K7y33YfJoO_iU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/89fd43-54f0-4a15-b2b1-3f3a02748c2a/1/DJjDf957_BXlLY1eZ-s8nAeCohc.roa
Signing time:             Thu 16 May 2024 12:58:04 +0000
ROA not before:           Thu 16 May 2024 12:58:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58280
IP address blocks:        45.129.224.0/22 maxlen: 22
                          2a0e:5040::/29 maxlen: 29
                          2a0f:fd00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/89fd43-54f0-4a15-b2b1-3f3a02748c2a/1/NZ8eO4BVHpihb8K7y33YfJoO_iU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/89fd43-54f0-4a15-b2b1-3f3a02748c2a/1/NZ8eO4BVHpihb8K7y33YfJoO_iU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8eO4BVHpihb8K7y33YfJoO_iU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:81:7b:2e:e2:19:fb:d8:c4:33:34:ad:9c:f2:e7:a3:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f1e3b80551e98a16fc2bbcb7dd87c9a0efe25
        Validity
            Not Before: May 16 12:58:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c98c37fde7bfc15e52d8d5e67eb3c9c0782a217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d8:a4:06:ce:f5:53:22:6c:83:44:1a:7c:b3:
                    c9:71:93:c1:10:5d:ff:48:0a:b7:58:04:c1:41:7e:
                    e6:14:69:81:e1:9a:a5:2f:d6:80:b2:03:f9:ae:d5:
                    15:cb:4b:e4:ce:de:cd:86:81:47:07:ef:f7:33:f2:
                    98:80:10:21:2b:b6:97:ed:89:9c:5a:bb:5d:de:d4:
                    04:53:ff:9d:c2:07:e9:cf:92:e0:6d:9d:09:5b:a7:
                    de:1f:b7:dc:07:ac:b0:13:15:0a:66:af:9a:72:e5:
                    5d:7d:20:12:f7:dc:5b:14:90:b6:f5:40:2a:50:fc:
                    bc:3f:b2:79:fc:03:4c:b8:44:a8:a6:10:6a:1b:74:
                    93:5b:70:40:7e:73:8e:3a:26:da:26:a5:72:04:03:
                    b8:3f:7b:05:d1:93:3b:12:3a:c8:1c:18:ef:92:aa:
                    b6:43:ef:55:60:2b:93:c1:ac:8d:ad:ed:a3:52:4e:
                    36:84:79:2f:57:33:ed:7e:7c:3a:a9:5b:ee:e5:91:
                    e9:58:8e:af:5e:24:32:22:89:a6:ee:9f:a3:b6:07:
                    17:e9:a4:fc:85:a9:40:98:4a:1c:b4:90:58:77:f3:
                    73:81:14:d4:4a:0d:81:54:02:4e:8f:03:69:6e:c1:
                    a4:c5:30:4a:69:71:6d:e9:06:36:3e:f4:04:c5:09:
                    e2:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:98:C3:7F:DE:7B:FC:15:E5:2D:8D:5E:67:EB:3C:9C:07:82:A2:17
            X509v3 Authority Key Identifier:
                keyid:35:9F:1E:3B:80:55:1E:98:A1:6F:C2:BB:CB:7D:D8:7C:9A:0E:FE:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8eO4BVHpihb8K7y33YfJoO_iU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/89fd43-54f0-4a15-b2b1-3f3a02748c2a/1/DJjDf957_BXlLY1eZ-s8nAeCohc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/89fd43-54f0-4a15-b2b1-3f3a02748c2a/1/NZ8eO4BVHpihb8K7y33YfJoO_iU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.224.0/22
                IPv6:
                  2a0e:5040::/29
                  2a0f:fd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:4e:8c:6d:c6:5c:1d:fa:6d:41:2f:a4:d8:c2:c8:36:9f:44:
         fc:da:e6:fc:2e:9f:9a:52:53:0d:df:6c:11:f4:d7:0b:cc:db:
         f1:fb:6d:d6:ba:13:1d:e6:57:1b:ca:1f:95:5e:81:45:0e:72:
         0e:03:ae:73:9a:05:60:4f:5a:15:b4:87:0f:e7:89:55:4a:22:
         6e:05:7f:f2:07:a5:54:7e:6a:b1:2d:0e:4a:f3:8f:12:71:a8:
         31:1d:54:f0:f3:74:03:e2:78:6e:d0:4a:a6:58:60:3d:8c:e1:
         d4:1b:99:fc:8e:6f:25:30:9f:f2:d3:0a:26:3a:96:0b:05:03:
         5e:04:eb:cd:de:b8:da:e0:97:1c:ec:17:1a:09:c0:f7:d1:e6:
         14:4b:72:9d:c3:80:dd:2d:7e:07:da:b2:ed:5d:9b:86:24:f9:
         f4:6d:e0:bc:91:60:83:f8:b1:6f:cc:81:26:40:71:eb:c5:52:
         b2:29:f4:c4:32:42:c0:33:3d:c5:0c:2a:a8:5f:b3:00:93:fe:
         c1:d9:57:0f:d4:4a:9a:73:73:bd:2a:8c:64:76:b3:fe:dd:35:
         a4:69:e9:8e:60:6c:aa:1e:42:b8:6d:f1:7f:84:6f:88:f9:53:
         a4:91:87:13:be:17:b3:b8:2b:aa:05:8e:3c:88:9a:68:84:33:
         6b:1f:fc:75
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAY+Bey7iGfvYxDM0rZzy56PNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYxZTNiODA1NTFlOThhMTZmYzJiYmNiN2RkODdjOWEw
ZWZlMjUwHhcNMjQwNTE2MTI1ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzk4YzM3ZmRlN2JmYzE1ZTUyZDhkNWU2N2ViM2M5YzA3ODJhMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdikBs71UyJsg0QafLPJcZPBEF3/
SAq3WATBQX7mFGmB4ZqlL9aAsgP5rtUVy0vkzt7NhoFHB+/3M/KYgBAhK7aX7Ymc
Wrtd3tQEU/+dwgfpz5LgbZ0JW6feH7fcB6ywExUKZq+acuVdfSAS99xbFJC29UAq
UPy8P7J5/ANMuESophBqG3STW3BAfnOOOibaJqVyBAO4P3sF0ZM7EjrIHBjvkqq2
Q+9VYCuTwayNre2jUk42hHkvVzPtfnw6qVvu5ZHpWI6vXiQyIomm7p+jtgcX6aT8
halAmEoctJBYd/NzgRTUSg2BVAJOjwNpbsGkxTBKaXFt6QY2PvQExQniuQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFAyYw3/ee/wV5S2NXmfrPJwHgqIXMB8GA1UdIwQY
MBaAFDWfHjuAVR6YoW/Cu8t92HyaDv4lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4ZU80QlZIcGloYjhLN3kzM1lmSm9PX2lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS84OWZkNDMtNTRmMC00YTE1LWIyYjEt
M2YzYTAyNzQ4YzJhLzEvREpqRGY5NTdfQlhsTFkxZVotczhuQWVDb2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS84OWZkNDMtNTRmMC00YTE1LWIyYjEtM2YzYTAyNzQ4YzJh
LzEvTlo4ZU80QlZIcGloYjhLN3kzM1lmSm9PX2lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCLYHgMBQE
AgACMA4DBQMqDlBAAwUDKg/9ADANBgkqhkiG9w0BAQsFAAOCAQEAn06MbcZcHfpt
QS+k2MLINp9E/Nrm/C6fmlJTDd9sEfTXC8zb8ftt1roTHeZXG8oflV6BRQ5yDgOu
c5oFYE9aFbSHD+eJVUoibgV/8gelVH5qsS0OSvOPEnGoMR1U8PN0A+J4btBKplhg
PYzh1BuZ/I5vJTCf8tMKJjqWCwUDXgTrzd642uCXHOwXGgnA99HmFEtyncOA3S1+
B9qy7V2bhiT59G3gvJFgg/ixb8yBJkBx68VSsin0xDJCwDM9xQwqqF+zAJP+wdlX
D9RKmnNzvSqMZHaz/t01pGnpjmBsqh5CuG3xf4RviPlTpJGHE74Xs7grqgWOPIia
aIQzax/8dQ==
-----END CERTIFICATE-----