Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/D62Ed7ZWMGuNOSmvFeQ7zGhqhso.roa
File:                     D62Ed7ZWMGuNOSmvFeQ7zGhqhso.roa (raw, json)
Hash identifier:          19bPsS4jBZLdGkHhb/ZOmxjzGihc+etI1197+DV8rEI=
Subject key identifier:   0F:AD:84:77:B6:56:30:6B:8D:39:29:AF:15:E4:3B:CC:68:6A:86:CA
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       018CC6B929C92FC901017B3742352F91A2D2
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/D62Ed7ZWMGuNOSmvFeQ7zGhqhso.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208046
IP address blocks:        185.196.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:29:c9:2f:c9:01:01:7b:37:42:35:2f:91:a2:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fad8477b656306b8d3929af15e43bcc686a86ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ab:73:5f:e6:b8:8a:f9:bc:02:09:ab:fc:cf:
                    fd:6b:de:4e:8f:b8:46:ec:c1:62:bb:e7:4c:f2:66:
                    99:3b:92:cc:b6:c0:20:cf:51:f5:66:d0:a0:71:5d:
                    bf:c1:c4:aa:e4:7f:5c:93:c8:a8:c8:d6:8a:45:0e:
                    37:c0:99:be:9f:a0:d2:eb:84:bc:b5:2a:de:81:c3:
                    6f:f3:84:13:ff:7d:19:aa:0a:da:4f:b3:f1:bd:bd:
                    ca:34:c2:39:ad:6b:b6:a3:5b:5e:13:e3:ec:d5:f7:
                    c1:48:99:7e:49:28:8d:82:79:76:22:b7:4f:bd:d2:
                    37:03:61:89:e1:ef:a2:f1:90:b2:02:79:67:b0:c7:
                    3a:c9:55:3f:94:3c:a3:af:a9:af:c8:b0:0e:0e:96:
                    7e:94:0d:dd:92:e7:08:ab:75:3e:21:15:82:21:74:
                    45:b9:93:07:22:96:49:f8:eb:4b:b1:ff:0b:12:b0:
                    92:23:2d:0a:b5:3a:fe:ba:68:8f:44:5e:e1:2a:8d:
                    1c:f5:5f:0d:c9:c3:4d:dd:8e:60:79:b2:0d:82:70:
                    90:58:32:52:94:98:f8:04:a9:09:48:0e:e5:b1:ae:
                    7e:4c:c6:94:e4:99:54:57:eb:32:db:c4:fd:67:9e:
                    4a:16:e3:55:6f:86:09:eb:a9:6a:cb:60:0e:98:f2:
                    e7:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:AD:84:77:B6:56:30:6B:8D:39:29:AF:15:E4:3B:CC:68:6A:86:CA
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/D62Ed7ZWMGuNOSmvFeQ7zGhqhso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:47:0f:2d:b4:b1:f7:a3:25:8d:73:5a:d6:1c:ea:39:5c:77:
         36:ba:d8:4a:f0:49:9f:eb:f6:f5:7c:c7:fc:c3:c6:26:6c:29:
         46:2a:1f:52:f4:8a:c0:b7:ea:91:18:26:0a:63:50:d3:3b:cd:
         75:07:7b:46:3c:e9:91:d1:30:0a:a7:48:83:76:b6:c0:bf:3c:
         db:6c:35:50:9f:06:e9:46:d5:7d:d7:91:2a:4d:56:7f:d5:89:
         f7:16:19:9a:09:af:99:ba:3a:98:7a:39:5e:01:7e:75:51:2f:
         d6:8e:c6:cf:47:cf:63:8d:83:ff:2f:57:43:db:50:c7:cf:b9:
         a4:c3:63:32:13:4e:b9:79:40:1e:d7:30:1f:ad:2d:57:6f:3d:
         a1:cb:3d:7e:9a:30:70:de:10:e9:a9:1e:57:99:b9:ea:ae:a8:
         b6:d7:aa:05:8e:ca:15:4a:04:8c:34:34:76:28:f5:cc:8e:ad:
         2e:7b:ac:11:ad:30:36:d0:95:0f:a9:7d:67:51:5e:14:85:5d:
         30:ff:d5:81:b2:c2:55:72:a6:6f:7b:1b:10:27:9e:52:7a:87:
         3d:b0:bc:58:61:05:c7:e2:8a:1d:8d:be:d2:6d:4a:a2:21:58:
         8d:72:b1:d4:cf:be:34:09:18:96:f9:28:7d:74:fa:91:3b:51:
         8e:1e:da:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSnJL8kBAXs3QjUvkaLSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmFkODQ3N2I2NTYzMDZiOGQzOTI5YWYxNWU0M2JjYzY4NmE4NmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKtzX+a4ivm8Agmr/M/9a95Oj7hG
7MFiu+dM8maZO5LMtsAgz1H1ZtCgcV2/wcSq5H9ck8ioyNaKRQ43wJm+n6DS64S8
tSregcNv84QT/30ZqgraT7Pxvb3KNMI5rWu2o1teE+Ps1ffBSJl+SSiNgnl2IrdP
vdI3A2GJ4e+i8ZCyAnlnsMc6yVU/lDyjr6mvyLAODpZ+lA3dkucIq3U+IRWCIXRF
uZMHIpZJ+OtLsf8LErCSIy0KtTr+umiPRF7hKo0c9V8NycNN3Y5gebINgnCQWDJS
lJj4BKkJSA7lsa5+TMaU5JlUV+sy28T9Z55KFuNVb4YJ66lqy2AOmPLnhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+thHe2VjBrjTkprxXkO8xoaobKMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvRDYyRWQ3WldNR3VOT1NtdkZlUTd6R2hxaHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucTcMA0G
CSqGSIb3DQEBCwUAA4IBAQCDRw8ttLH3oyWNc1rWHOo5XHc2uthK8Emf6/b1fMf8
w8YmbClGKh9S9IrAt+qRGCYKY1DTO811B3tGPOmR0TAKp0iDdrbAvzzbbDVQnwbp
RtV915EqTVZ/1Yn3FhmaCa+ZujqYejleAX51US/WjsbPR89jjYP/L1dD21DHz7mk
w2MyE065eUAe1zAfrS1Xbz2hyz1+mjBw3hDpqR5Xmbnqrqi216oFjsoVSgSMNDR2
KPXMjq0ue6wRrTA20JUPqX1nUV4UhV0w/9WBssJVcqZvexsQJ55Seoc9sLxYYQXH
4oodjb7SbUqiIViNcrHUz740CRiW+Sh9dPqRO1GOHtpt
-----END CERTIFICATE-----