Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/_H1VHJMW8LjxUD8_c8r7yHlQQ9o.roa
File:                     _H1VHJMW8LjxUD8_c8r7yHlQQ9o.roa (raw, json)
Hash identifier:          oVEyCpzw0JEUkSRbBRsXqDnuA/04Sy9kT17G6tXEug8=
Subject key identifier:   FC:7D:55:1C:93:16:F0:B8:F1:50:3F:3F:73:CA:FB:C8:79:50:43:DA
Certificate issuer:       /CN=f4f8ec96c8ee265c3da423230a55219366dd9b28
Certificate serial:       018CC6B7AB6B17B7F3CA740F8238B270D637
Authority key identifier: F4:F8:EC:96:C8:EE:26:5C:3D:A4:23:23:0A:55:21:93:66:DD:9B:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9PjslsjuJlw9pCMjClUhk2bdmyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/_H1VHJMW8LjxUD8_c8r7yHlQQ9o.roa
Signing time:             Mon 01 Jan 2024 20:29:34 +0000
ROA not before:           Mon 01 Jan 2024 20:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39599
IP address blocks:        185.51.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/9PjslsjuJlw9pCMjClUhk2bdmyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/9PjslsjuJlw9pCMjClUhk2bdmyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9PjslsjuJlw9pCMjClUhk2bdmyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 07:04:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ab:6b:17:b7:f3:ca:74:0f:82:38:b2:70:d6:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4f8ec96c8ee265c3da423230a55219366dd9b28
        Validity
            Not Before: Jan  1 20:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc7d551c9316f0b8f1503f3f73cafbc8795043da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b4:62:e8:01:12:f1:73:37:21:82:de:58:f3:
                    ff:54:10:c3:65:83:1e:39:d0:73:1f:13:c1:70:eb:
                    73:4e:a1:63:d6:dc:4d:6b:7d:05:29:a7:82:a9:01:
                    51:3b:7e:63:e6:e9:08:94:50:64:67:df:a2:b9:a6:
                    1e:f0:4f:95:7a:f9:51:1b:1b:52:cb:d9:d2:f0:8a:
                    7b:d7:e5:90:9c:bc:ee:2b:5c:7b:1a:55:ac:66:ce:
                    a1:e9:27:65:1d:db:0a:8e:22:59:c8:0f:c1:59:29:
                    6c:bb:54:07:bb:dc:43:ca:1b:d9:5b:8f:4c:04:d2:
                    2d:5a:73:74:a9:5f:3b:65:5d:42:e4:9d:1a:b3:0a:
                    31:07:f3:dd:c2:86:a0:3a:72:bb:a9:b0:00:89:7b:
                    04:34:5b:5e:5c:df:ce:9a:17:4e:19:de:bc:1e:25:
                    8a:94:a8:0a:46:38:80:d9:fc:fc:b4:01:56:19:85:
                    06:2e:68:e1:12:ad:5d:34:6c:51:80:1b:0b:74:61:
                    e5:f8:87:af:58:42:63:68:20:bd:21:62:b4:44:da:
                    34:6f:c4:52:1b:66:64:9a:a1:17:30:67:a6:03:16:
                    e8:bc:d1:97:f3:cf:80:17:1e:31:be:4d:7a:73:fd:
                    b2:aa:17:05:f2:33:e1:6d:67:41:fe:17:c0:24:ad:
                    34:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:7D:55:1C:93:16:F0:B8:F1:50:3F:3F:73:CA:FB:C8:79:50:43:DA
            X509v3 Authority Key Identifier:
                keyid:F4:F8:EC:96:C8:EE:26:5C:3D:A4:23:23:0A:55:21:93:66:DD:9B:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9PjslsjuJlw9pCMjClUhk2bdmyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/_H1VHJMW8LjxUD8_c8r7yHlQQ9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/9PjslsjuJlw9pCMjClUhk2bdmyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:af:78:07:bd:2c:27:84:f0:67:3b:7f:d1:86:7e:86:b3:e4:
         df:ab:60:d4:f7:96:cf:4a:df:e4:e2:31:d7:1d:03:19:97:0c:
         b0:c7:84:5f:ad:15:71:5c:ec:33:0c:90:4d:ee:82:1d:55:57:
         73:34:87:13:79:b7:b1:98:12:2c:8c:88:34:f0:f4:4a:21:1d:
         94:fb:62:91:b3:95:e7:b2:c5:19:f7:f9:3f:5f:92:a0:f6:24:
         27:5a:d6:51:fe:fd:f5:2a:ea:64:0b:14:7e:2b:e9:0b:a3:2b:
         55:a5:88:03:3e:02:17:6a:f6:c7:28:90:c6:f5:ec:aa:35:fa:
         ad:5d:5c:61:b5:38:de:36:5f:72:6b:db:2b:1a:06:be:55:70:
         63:d3:0b:e5:c5:94:af:a0:43:37:62:45:fa:b4:c8:d0:99:35:
         4a:ae:87:ff:90:80:8d:74:a3:e7:b5:96:bd:db:c5:90:91:e6:
         75:9f:4c:4a:64:93:ee:94:7b:95:68:a4:73:eb:dc:c9:c8:68:
         c6:62:fb:42:70:82:e5:a7:74:d4:38:d8:01:24:b8:76:16:fe:
         03:c4:2c:8b:82:cc:6d:92:8c:30:bf:75:46:e6:65:2a:09:ba:
         04:8c:ff:c7:b6:da:98:ed:eb:e3:07:b9:82:d4:8a:68:9e:84:
         84:c2:68:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6trF7fzynQPgjiycNY3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZjhlYzk2YzhlZTI2NWMzZGE0MjMyMzBhNTUyMTkzNjZk
ZDliMjgwHhcNMjQwMTAxMjAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzdkNTUxYzkzMTZmMGI4ZjE1MDNmM2Y3M2NhZmJjODc5NTA0M2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLRi6AES8XM3IYLeWPP/VBDDZYMe
OdBzHxPBcOtzTqFj1txNa30FKaeCqQFRO35j5ukIlFBkZ9+iuaYe8E+VevlRGxtS
y9nS8Ip71+WQnLzuK1x7GlWsZs6h6SdlHdsKjiJZyA/BWSlsu1QHu9xDyhvZW49M
BNItWnN0qV87ZV1C5J0aswoxB/PdwoagOnK7qbAAiXsENFteXN/OmhdOGd68HiWK
lKgKRjiA2fz8tAFWGYUGLmjhEq1dNGxRgBsLdGHl+IevWEJjaCC9IWK0RNo0b8RS
G2ZkmqEXMGemAxbovNGX88+AFx4xvk16c/2yqhcF8jPhbWdB/hfAJK00pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPx9VRyTFvC48VA/P3PK+8h5UEPaMB8GA1UdIwQY
MBaAFPT47JbI7iZcPaQjIwpVIZNm3ZsoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVBqc2xzanVKbHc5cENNakNsVWhrMmJkbXlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS85MTU5ZGItNjE3My00MDhjLThlMWIt
OGQ0OTg4MjdmNDVjLzEvX0gxVkhKTVc4TGp4VUQ4X2M4cjd5SGxRUTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS85MTU5ZGItNjE3My00MDhjLThlMWItOGQ0OTg4MjdmNDVj
LzEvOVBqc2xzanVKbHc5cENNakNsVWhrMmJkbXlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTN1MA0G
CSqGSIb3DQEBCwUAA4IBAQCAr3gHvSwnhPBnO3/Rhn6Gs+Tfq2DU95bPSt/k4jHX
HQMZlwywx4RfrRVxXOwzDJBN7oIdVVdzNIcTebexmBIsjIg08PRKIR2U+2KRs5Xn
ssUZ9/k/X5Kg9iQnWtZR/v31KupkCxR+K+kLoytVpYgDPgIXavbHKJDG9eyqNfqt
XVxhtTjeNl9ya9srGga+VXBj0wvlxZSvoEM3YkX6tMjQmTVKrof/kICNdKPntZa9
28WQkeZ1n0xKZJPulHuVaKRz69zJyGjGYvtCcILlp3TUONgBJLh2Fv4DxCyLgsxt
kowwv3VG5mUqCboEjP/HttqY7evjB7mC1IponoSEwmjB
-----END CERTIFICATE-----