Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/dnfXNbsOS-J6s_ta5NbfVfnMQ44.roa
File:                     dnfXNbsOS-J6s_ta5NbfVfnMQ44.roa (raw, json)
Hash identifier:          UmGVSj1YuQheG2Sfjtv0g799PrW3tyKKxHM/xuJl/Is=
Subject key identifier:   76:77:D7:35:BB:0E:4B:E2:7A:B3:FB:5A:E4:D6:DF:55:F9:CC:43:8E
Certificate issuer:       /CN=49f26233f5bb4226c2a7a7b9003008d19e34785b
Certificate serial:       018CC9BC259F19140BBF452111934A88B715
Authority key identifier: 49:F2:62:33:F5:BB:42:26:C2:A7:A7:B9:00:30:08:D1:9E:34:78:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SfJiM_W7QibCp6e5ADAI0Z40eFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/dnfXNbsOS-J6s_ta5NbfVfnMQ44.roa
Signing time:             Tue 02 Jan 2024 10:33:19 +0000
ROA not before:           Tue 02 Jan 2024 10:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64482
IP address blocks:        185.216.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/SfJiM_W7QibCp6e5ADAI0Z40eFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/SfJiM_W7QibCp6e5ADAI0Z40eFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SfJiM_W7QibCp6e5ADAI0Z40eFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:25:9f:19:14:0b:bf:45:21:11:93:4a:88:b7:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49f26233f5bb4226c2a7a7b9003008d19e34785b
        Validity
            Not Before: Jan  2 10:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7677d735bb0e4be27ab3fb5ae4d6df55f9cc438e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:96:62:64:77:95:e5:56:e8:fe:cb:f8:13:66:
                    80:7d:83:a0:bd:22:35:60:9b:04:4b:ab:b8:fb:8e:
                    cf:1f:b0:2f:dc:c7:2e:a3:09:03:cd:51:e2:f0:72:
                    aa:2d:23:30:55:35:60:7d:fa:c1:4b:31:16:51:31:
                    26:c0:e7:71:86:de:a1:d7:ca:52:c8:a0:a8:dd:ba:
                    1b:30:1b:91:21:0a:7f:00:3d:5b:fb:6b:14:38:e7:
                    b2:63:53:2b:89:1b:74:31:f3:01:ee:77:77:bd:fa:
                    d2:35:db:9c:79:6c:97:77:2a:89:7e:fe:4d:c5:e4:
                    47:32:90:89:c7:96:32:0d:96:e8:90:0e:9f:58:af:
                    fb:87:3c:9a:7b:a9:5f:08:07:62:14:72:4b:fb:24:
                    15:22:db:1c:be:39:4a:ce:2a:5e:d8:2b:81:b2:d1:
                    c9:44:88:b2:79:59:10:db:c3:93:b7:6a:60:0b:6c:
                    cb:87:a1:67:5e:51:0c:c3:31:96:69:63:5d:4c:c8:
                    6f:b7:81:da:67:fc:8e:32:f5:6d:3c:78:c3:4e:f5:
                    92:31:29:bd:3a:cf:46:39:25:40:54:17:18:a1:f2:
                    80:5d:c3:95:49:35:01:c3:e9:c9:91:3c:71:c4:4a:
                    2f:9c:c3:f9:b8:e5:15:36:9c:fd:e3:9c:f0:b2:1a:
                    5f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:77:D7:35:BB:0E:4B:E2:7A:B3:FB:5A:E4:D6:DF:55:F9:CC:43:8E
            X509v3 Authority Key Identifier:
                keyid:49:F2:62:33:F5:BB:42:26:C2:A7:A7:B9:00:30:08:D1:9E:34:78:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SfJiM_W7QibCp6e5ADAI0Z40eFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/dnfXNbsOS-J6s_ta5NbfVfnMQ44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8fdf6d-cba6-4494-9028-577e9935bd75/1/SfJiM_W7QibCp6e5ADAI0Z40eFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:45:b4:4d:10:db:5d:66:45:6f:ca:43:42:16:1e:f1:1f:2e:
         19:7f:d0:b9:0a:03:d4:fa:0f:5a:c4:82:35:e3:9e:d6:df:78:
         38:25:96:92:7b:5e:dc:18:e5:f7:11:1d:ca:26:6b:1c:6e:e1:
         26:61:19:ae:64:a8:b8:e2:18:12:bc:5c:7f:0c:9f:19:94:cc:
         3b:ea:b4:14:15:5c:5c:c9:77:fd:8e:86:4b:65:88:fa:4f:d1:
         aa:09:95:9e:2f:62:bc:01:28:bc:6c:cb:81:a2:6b:50:bc:b4:
         63:6a:76:a9:46:6a:d1:df:d8:91:87:2d:0c:56:13:ec:e2:c2:
         0f:ce:43:be:12:e5:8c:04:bb:30:ba:a6:d8:c4:ea:62:da:95:
         fc:3f:49:a3:5d:c7:2b:76:e3:d3:e6:5f:c2:46:f9:da:cd:c3:
         db:75:60:8e:4a:6c:2e:01:ef:5f:cd:50:45:7a:3e:39:b9:49:
         ce:28:56:15:2e:02:fd:cd:c0:f8:30:11:b9:73:89:33:c7:1a:
         57:ae:1d:67:6a:da:d4:e4:e3:58:4d:91:30:d7:b5:22:82:60:
         39:17:22:e0:09:29:87:f0:c2:65:37:de:8e:3a:38:d7:f2:51:
         cd:d7:5b:82:5c:5a:93:d6:64:03:a9:04:30:64:4f:90:e6:9b:
         df:1a:da:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCWfGRQLv0UhEZNKiLcVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZjI2MjMzZjViYjQyMjZjMmE3YTdiOTAwMzAwOGQxOWUz
NDc4NWIwHhcNMjQwMTAyMTAzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njc3ZDczNWJiMGU0YmUyN2FiM2ZiNWFlNGQ2ZGY1NWY5Y2M0MzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pZiZHeV5Vbo/sv4E2aAfYOgvSI1
YJsES6u4+47PH7Av3McuowkDzVHi8HKqLSMwVTVgffrBSzEWUTEmwOdxht6h18pS
yKCo3bobMBuRIQp/AD1b+2sUOOeyY1MriRt0MfMB7nd3vfrSNduceWyXdyqJfv5N
xeRHMpCJx5YyDZbokA6fWK/7hzyae6lfCAdiFHJL+yQVItscvjlKzipe2CuBstHJ
RIiyeVkQ28OTt2pgC2zLh6FnXlEMwzGWaWNdTMhvt4HaZ/yOMvVtPHjDTvWSMSm9
Os9GOSVAVBcYofKAXcOVSTUBw+nJkTxxxEovnMP5uOUVNpz945zwshpfSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZ31zW7DkvierP7WuTW31X5zEOOMB8GA1UdIwQY
MBaAFEnyYjP1u0ImwqenuQAwCNGeNHhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2ZKaU1fVzdRaWJDcDZlNUFEQUkwWjQwZUZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84ZmRmNmQtY2JhNi00NDk0LTkwMjgt
NTc3ZTk5MzViZDc1LzEvZG5mWE5ic09TLUo2c190YTVOYmZWZm5NUTQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84ZmRmNmQtY2JhNi00NDk0LTkwMjgtNTc3ZTk5MzViZDc1
LzEvU2ZKaU1fVzdRaWJDcDZlNUFEQUkwWjQwZUZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudgKMA0G
CSqGSIb3DQEBCwUAA4IBAQClRbRNENtdZkVvykNCFh7xHy4Zf9C5CgPU+g9axII1
457W33g4JZaSe17cGOX3ER3KJmscbuEmYRmuZKi44hgSvFx/DJ8ZlMw76rQUFVxc
yXf9joZLZYj6T9GqCZWeL2K8ASi8bMuBomtQvLRjanapRmrR39iRhy0MVhPs4sIP
zkO+EuWMBLswuqbYxOpi2pX8P0mjXccrduPT5l/CRvnazcPbdWCOSmwuAe9fzVBF
ej45uUnOKFYVLgL9zcD4MBG5c4kzxxpXrh1natrU5ONYTZEw17UigmA5FyLgCSmH
8MJlN96OOjjX8lHN11uCXFqT1mQDqQQwZE+Q5pvfGtoa
-----END CERTIFICATE-----