Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Dq4W0qdkZWImSTTuTZAuvoxavp0.roa
File:                     Dq4W0qdkZWImSTTuTZAuvoxavp0.roa (raw, json)
Hash identifier:          OyX5iacuWDMHYRahJA2Vj26rAJsqYuPRUyfrBT2MNN0=
Subject key identifier:   0E:AE:16:D2:A7:64:65:62:26:49:34:EE:4D:90:2E:BE:8C:5A:BE:9D
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018DBDC5EEF2409A8B30B2B80B7E92143BCA
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Dq4W0qdkZWImSTTuTZAuvoxavp0.roa
Signing time:             Sun 18 Feb 2024 19:51:21 +0000
ROA not before:           Sun 18 Feb 2024 19:51:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16589
IP address blocks:        194.135.26.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:bd:c5:ee:f2:40:9a:8b:30:b2:b8:0b:7e:92:14:3b:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Feb 18 19:51:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0eae16d2a7646562264934ee4d902ebe8c5abe9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2c:9b:8b:c2:8f:3b:4a:e8:f3:b9:a4:ef:9a:
                    4e:24:5a:08:52:82:7b:b5:f0:23:7b:ed:60:5c:9d:
                    0e:11:cb:ef:da:cf:4b:0e:f9:37:83:eb:2a:aa:b2:
                    11:9b:ce:8f:65:e3:5c:4b:80:24:33:9a:db:94:a6:
                    77:4c:12:b7:73:55:78:fb:8e:be:48:2b:e4:59:e6:
                    10:a0:55:bb:94:79:9a:23:ff:ab:8e:c0:f7:0e:73:
                    91:2f:f2:70:a9:93:ec:80:d7:ba:42:17:7a:f8:0a:
                    94:3e:14:4b:3d:3f:6d:ef:09:a4:b8:8d:1a:7e:90:
                    e0:ec:05:0c:c2:af:c1:0a:71:d7:46:97:26:79:3d:
                    7d:e0:53:78:9d:51:76:11:88:7d:b3:24:f3:ab:38:
                    7c:62:49:f5:84:bf:c1:01:1a:ef:31:0b:f4:ea:99:
                    31:6b:0e:9c:d7:c2:8d:97:97:e4:a5:5b:c1:1c:65:
                    d0:26:13:4e:54:0b:6a:92:0f:cd:8b:e2:80:c6:05:
                    51:93:35:ba:19:7a:38:8f:1e:13:8a:64:8e:b7:aa:
                    33:70:0f:6f:c2:8c:e8:d9:b3:b1:69:2c:be:27:4e:
                    2b:77:c0:97:94:c1:1a:6e:c7:72:15:e3:15:0a:ad:
                    cb:47:92:b8:bb:e5:f4:2a:80:3c:32:9a:85:44:89:
                    e4:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:AE:16:D2:A7:64:65:62:26:49:34:EE:4D:90:2E:BE:8C:5A:BE:9D
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Dq4W0qdkZWImSTTuTZAuvoxavp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.135.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:3f:12:43:da:17:cc:91:04:23:88:d6:3c:6a:d8:af:99:b7:
         6b:b2:c3:5f:e1:c1:c0:84:c3:63:b0:20:d1:ab:e9:43:38:67:
         ef:c9:ff:4a:34:57:0e:88:0e:a1:90:92:43:23:aa:20:31:6f:
         d7:45:cb:90:b1:50:fb:04:04:af:c1:e6:62:9b:ea:a4:c5:89:
         ee:4d:54:55:df:f7:a0:7f:92:a5:15:13:06:34:44:46:91:48:
         79:cc:e0:bc:9a:e3:61:fd:9c:c9:52:38:12:7a:3f:78:a8:82:
         d7:c7:e7:9b:a5:98:f5:bc:3a:2b:b4:05:27:75:e1:77:a1:2a:
         e8:54:73:03:9d:8c:24:b3:b8:5a:28:71:e5:d3:b3:e1:b4:0c:
         81:66:9b:7e:22:53:54:21:71:13:c6:de:8e:fc:f8:d1:47:6f:
         c5:83:ec:9e:1a:14:32:9f:fb:7c:3d:24:81:06:25:c0:24:80:
         f1:76:72:cf:57:e8:a0:d4:ae:5b:3a:27:8d:cb:22:c5:86:59:
         5b:98:ab:f6:96:8d:f4:68:06:49:38:14:bf:04:cb:d3:b2:30:
         ea:51:cb:f2:90:87:c7:47:37:9b:73:45:2a:d2:37:18:5a:a5:
         ca:db:59:40:ee:0a:68:9f:7e:bd:9d:cd:eb:22:ce:4d:cc:17:
         4b:85:b0:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY29xe7yQJqLMLK4C36SFDvKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMjE4MTk1MTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWFlMTZkMmE3NjQ2NTYyMjY0OTM0ZWU0ZDkwMmViZThjNWFiZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyybi8KPO0ro87mk75pOJFoIUoJ7
tfAje+1gXJ0OEcvv2s9LDvk3g+sqqrIRm86PZeNcS4AkM5rblKZ3TBK3c1V4+46+
SCvkWeYQoFW7lHmaI/+rjsD3DnORL/JwqZPsgNe6Qhd6+AqUPhRLPT9t7wmkuI0a
fpDg7AUMwq/BCnHXRpcmeT194FN4nVF2EYh9syTzqzh8Ykn1hL/BARrvMQv06pkx
aw6c18KNl5fkpVvBHGXQJhNOVAtqkg/Ni+KAxgVRkzW6GXo4jx4TimSOt6ozcA9v
wozo2bOxaSy+J04rd8CXlMEabsdyFeMVCq3LR5K4u+X0KoA8MpqFRInkawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6uFtKnZGViJkk07k2QLr6MWr6dMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvRHE0VzBxZGtaV0ltU1RUdVRaQXV2b3hhdnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwocaMA0G
CSqGSIb3DQEBCwUAA4IBAQBpPxJD2hfMkQQjiNY8ativmbdrssNf4cHAhMNjsCDR
q+lDOGfvyf9KNFcOiA6hkJJDI6ogMW/XRcuQsVD7BASvweZim+qkxYnuTVRV3/eg
f5KlFRMGNERGkUh5zOC8muNh/ZzJUjgSej94qILXx+ebpZj1vDortAUndeF3oSro
VHMDnYwks7haKHHl07PhtAyBZpt+IlNUIXETxt6O/PjRR2/Fg+yeGhQyn/t8PSSB
BiXAJIDxdnLPV+ig1K5bOieNyyLFhllbmKv2lo30aAZJOBS/BMvTsjDqUcvykIfH
Rzebc0Uq0jcYWqXK21lA7gpon369nc3rIs5NzBdLhbCP
-----END CERTIFICATE-----