Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/agDMXNJphtBXBNgCbfDvnXRDODY.roa
File:                     agDMXNJphtBXBNgCbfDvnXRDODY.roa (raw, json)
Hash identifier:          uS8X2S16kJ1bwHEa7EQtRIMpGqmgTM0dQWwuGMRge0Y=
Subject key identifier:   6A:00:CC:5C:D2:69:86:D0:57:04:D8:02:6D:F0:EF:9D:74:43:38:36
Certificate issuer:       /CN=ce704858b643266f7c7107721c98f2ba93dd5265
Certificate serial:       0192C9D6E66DE50FD922986E02F03F8916E2
Authority key identifier: CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/agDMXNJphtBXBNgCbfDvnXRDODY.roa
Signing time:             Sat 26 Oct 2024 17:19:16 +0000
ROA not before:           Sat 26 Oct 2024 17:19:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.200.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c9:d6:e6:6d:e5:0f:d9:22:98:6e:02:f0:3f:89:16:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce704858b643266f7c7107721c98f2ba93dd5265
        Validity
            Not Before: Oct 26 17:19:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a00cc5cd26986d05704d8026df0ef9d74433836
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:24:9d:4c:cb:4a:1b:1f:a7:cf:70:7e:a9:40:
                    b5:d9:66:e4:a2:ff:cb:8f:51:9b:65:ab:8f:07:9e:
                    4e:bc:4d:d6:71:e0:df:2c:79:f3:81:f2:e0:7a:ee:
                    b1:a8:5f:a2:fd:c5:66:69:dc:c0:6b:a1:83:06:e2:
                    1f:78:94:83:7b:42:e3:a6:16:15:e3:6a:7f:f5:52:
                    31:9f:3d:9c:34:23:fb:10:95:61:17:d9:ca:d9:8d:
                    8d:ba:d5:26:8f:53:72:85:8d:49:d2:ed:ab:a0:30:
                    c0:f4:85:5b:a5:6c:a2:33:2f:1f:de:2c:a7:5c:dd:
                    2b:97:fb:24:f2:90:d5:24:7d:9e:e9:2f:31:07:20:
                    11:b9:54:40:83:5c:01:b6:68:54:81:c0:8f:75:4e:
                    4d:fc:27:01:21:71:33:3e:87:e2:44:d8:a8:5f:62:
                    ef:13:fd:39:ee:d8:ca:b4:fd:92:0b:87:e8:44:6a:
                    78:d6:f1:6f:74:d8:3e:44:48:a0:b9:fe:30:4a:5e:
                    01:bb:ca:12:02:13:45:13:d4:99:25:d9:2a:1f:ab:
                    2a:4c:6d:77:33:d3:ee:a7:be:de:a3:f8:7e:ef:b5:
                    8f:37:14:69:af:d3:6c:99:9a:58:73:a3:64:54:19:
                    f8:87:9a:f1:3f:d5:e3:a7:43:39:f9:d4:72:4d:73:
                    53:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:00:CC:5C:D2:69:86:D0:57:04:D8:02:6D:F0:EF:9D:74:43:38:36
            X509v3 Authority Key Identifier:
                keyid:CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/agDMXNJphtBXBNgCbfDvnXRDODY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:f2:7c:f6:24:5f:88:24:31:6b:23:bb:0c:fe:ab:32:6f:04:
         1d:73:ff:d1:62:21:e8:e9:d9:ad:0d:9a:41:4e:5e:4d:6b:f2:
         37:3d:63:47:bd:4c:7c:81:23:63:29:78:99:f7:81:f8:0c:21:
         14:92:70:af:c3:7d:60:21:1e:00:a4:95:bb:71:d5:72:41:5e:
         30:df:b0:16:c5:5d:c9:4c:65:90:79:bc:20:95:2f:7b:f5:d1:
         52:6e:e3:dc:0c:7b:66:a5:12:90:0a:3f:e9:7a:b7:30:db:e9:
         49:5d:e5:69:1a:d0:bd:aa:df:72:0a:78:f9:b7:1f:72:3d:77:
         06:42:69:b7:78:6c:3a:24:c9:a6:fa:66:2b:f5:66:f4:7c:26:
         35:9f:7c:b1:34:2d:96:71:1a:2b:ab:e8:a3:88:50:da:9b:8b:
         91:a9:a7:a8:3c:a0:0b:01:ff:92:7e:d3:25:f6:a6:d5:18:12:
         47:35:42:8e:94:cb:c4:fa:4c:3e:01:e9:44:6c:04:1a:57:db:
         f5:dc:db:36:93:6a:bd:d0:f4:ee:db:e7:aa:44:b7:4c:9d:e5:
         a1:73:2b:de:a9:60:18:3f:68:5a:0b:ad:ca:4e:51:03:da:fe:
         f9:e5:27:c3:9c:31:80:33:1f:93:91:25:e9:46:f2:e2:9b:d3:
         23:a9:1e:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLJ1uZt5Q/ZIphuAvA/iRbiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNzA0ODU4YjY0MzI2NmY3YzcxMDc3MjFjOThmMmJhOTNk
ZDUyNjUwHhcNMjQxMDI2MTcxOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTAwY2M1Y2QyNjk4NmQwNTcwNGQ4MDI2ZGYwZWY5ZDc0NDMzODM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SSdTMtKGx+nz3B+qUC12Wbkov/L
j1GbZauPB55OvE3WceDfLHnzgfLgeu6xqF+i/cVmadzAa6GDBuIfeJSDe0LjphYV
42p/9VIxnz2cNCP7EJVhF9nK2Y2NutUmj1NyhY1J0u2roDDA9IVbpWyiMy8f3iyn
XN0rl/sk8pDVJH2e6S8xByARuVRAg1wBtmhUgcCPdU5N/CcBIXEzPofiRNioX2Lv
E/057tjKtP2SC4foRGp41vFvdNg+REiguf4wSl4Bu8oSAhNFE9SZJdkqH6sqTG13
M9Pup77eo/h+77WPNxRpr9NsmZpYc6NkVBn4h5rxP9Xjp0M5+dRyTXNTvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGoAzFzSaYbQVwTYAm3w7510Qzg2MB8GA1UdIwQY
MBaAFM5wSFi2QyZvfHEHchyY8rqT3VJlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0Yzkt
MzhmODBkNjk2MWVjLzEvYWdETVhOSnBodEJYQk5nQ2JmRHZuWFJET0RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0YzktMzhmODBkNjk2MWVj
LzEvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucgNMA0G
CSqGSIb3DQEBCwUAA4IBAQAs8nz2JF+IJDFrI7sM/qsybwQdc//RYiHo6dmtDZpB
Tl5Na/I3PWNHvUx8gSNjKXiZ94H4DCEUknCvw31gIR4ApJW7cdVyQV4w37AWxV3J
TGWQebwglS979dFSbuPcDHtmpRKQCj/percw2+lJXeVpGtC9qt9yCnj5tx9yPXcG
Qmm3eGw6JMmm+mYr9Wb0fCY1n3yxNC2WcRorq+ijiFDam4uRqaeoPKALAf+SftMl
9qbVGBJHNUKOlMvE+kw+AelEbAQaV9v13Ns2k2q90PTu2+eqRLdMneWhcyveqWAY
P2haC63KTlED2v755SfDnDGAMx+TkSXpRvLim9MjqR5+
-----END CERTIFICATE-----