Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/a067c3-6ba8-45f3-8d62-2fda6a565013/1/9QNX46TDXT_MbpihQQOdgdXRJQM.roa
File:                     9QNX46TDXT_MbpihQQOdgdXRJQM.roa (raw, json)
Hash identifier:          JuM/gQRjx2ARw/VfPIE4gZ49vBjV8NuOUprMQK/cHEQ=
Subject key identifier:   F5:03:57:E3:A4:C3:5D:3F:CC:6E:98:A1:41:03:9D:81:D5:D1:25:03
Certificate issuer:       /CN=2ee353f3503f9bff3381450035628e81a96d908f
Certificate serial:       018CC348930EC7F9EA32C3F99B5490B66928
Authority key identifier: 2E:E3:53:F3:50:3F:9B:FF:33:81:45:00:35:62:8E:81:A9:6D:90:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LuNT81A_m_8zgUUANWKOgaltkI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/a067c3-6ba8-45f3-8d62-2fda6a565013/1/9QNX46TDXT_MbpihQQOdgdXRJQM.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        134.103.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/a067c3-6ba8-45f3-8d62-2fda6a565013/1/LuNT81A_m_8zgUUANWKOgaltkI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/a067c3-6ba8-45f3-8d62-2fda6a565013/1/LuNT81A_m_8zgUUANWKOgaltkI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LuNT81A_m_8zgUUANWKOgaltkI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:93:0e:c7:f9:ea:32:c3:f9:9b:54:90:b6:69:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ee353f3503f9bff3381450035628e81a96d908f
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f50357e3a4c35d3fcc6e98a141039d81d5d12503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a4:88:3e:a0:21:9d:10:e4:af:4f:a7:5e:4d:
                    e0:81:97:05:97:01:6d:86:c2:97:34:ea:16:2d:35:
                    32:8b:2d:24:ca:a8:cf:0a:5f:90:00:c3:8e:1f:e5:
                    12:84:84:19:8e:d6:07:85:a0:aa:d7:c7:73:64:98:
                    e9:e3:ee:1e:0d:13:5b:d3:0e:00:67:7d:04:4b:f4:
                    02:63:22:0b:b3:7c:fc:56:5d:55:3e:42:95:c6:74:
                    93:ee:4d:be:9f:f8:54:96:6d:83:88:1f:c1:29:e0:
                    cc:33:5d:e4:f5:34:1a:78:bf:e3:63:0a:4a:4e:92:
                    e2:6f:92:fc:98:29:51:e8:66:96:07:fe:2b:1b:dd:
                    8e:73:d3:12:03:87:e0:eb:48:b0:c7:8c:89:31:b3:
                    86:b5:b9:9c:f2:f5:44:49:b3:99:c4:97:f6:db:fe:
                    4f:e5:77:47:66:54:b8:a1:c7:a5:07:ee:55:90:0c:
                    7f:7d:c6:30:07:b4:43:67:23:35:17:f0:9e:d7:0f:
                    ea:f9:f3:69:63:65:45:6a:b6:d4:c4:41:82:5c:a5:
                    02:f7:ef:b0:04:70:e6:21:b0:28:91:36:31:84:3d:
                    4a:fc:40:ee:dc:8b:f1:8f:a4:d3:45:3b:b9:20:f3:
                    de:85:52:8b:ff:2d:f6:8a:56:6a:31:2e:3a:3e:6a:
                    38:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:03:57:E3:A4:C3:5D:3F:CC:6E:98:A1:41:03:9D:81:D5:D1:25:03
            X509v3 Authority Key Identifier:
                keyid:2E:E3:53:F3:50:3F:9B:FF:33:81:45:00:35:62:8E:81:A9:6D:90:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LuNT81A_m_8zgUUANWKOgaltkI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/a067c3-6ba8-45f3-8d62-2fda6a565013/1/9QNX46TDXT_MbpihQQOdgdXRJQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/a067c3-6ba8-45f3-8d62-2fda6a565013/1/LuNT81A_m_8zgUUANWKOgaltkI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.103.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4d:46:84:d4:75:28:3c:4a:0f:6c:fb:2b:7b:50:5f:c2:82:bc:
         98:ae:07:f1:6a:6a:10:f3:01:a2:f7:b2:ac:aa:df:ca:c9:24:
         90:44:93:53:37:65:68:bc:4f:f0:d3:82:02:8d:2d:f5:5c:a0:
         1b:dd:c9:d0:e5:c8:ab:9e:48:0a:d9:ff:46:97:ab:0d:1d:15:
         f5:ac:6a:5d:6a:1c:fe:69:ed:85:80:e4:fa:8b:2d:d9:59:94:
         20:dd:7d:42:41:7d:30:81:b8:31:62:18:09:4d:46:33:52:f5:
         55:0c:fe:6d:b1:d3:bb:50:90:a8:32:ff:37:68:07:e0:c8:96:
         7f:51:15:12:47:d8:da:e1:d9:51:67:b2:1c:43:da:78:e1:e2:
         5a:5e:ad:ad:65:d5:68:5f:d3:15:e3:e8:6d:3d:3f:78:92:fe:
         f8:e0:d2:0b:4f:d1:3f:95:36:52:90:5d:41:98:6d:6b:7f:2b:
         fb:37:42:c9:fe:b2:d7:15:0a:55:b8:4c:91:d4:fd:9a:ba:fc:
         d5:21:0b:6a:e5:8f:cb:d5:3c:f2:09:b9:89:d0:47:1a:99:c4:
         e1:d7:0a:3f:64:b5:7c:8e:0e:b0:1f:d8:82:d2:ef:8b:6b:cf:
         83:2d:ec:98:80:71:39:0e:03:56:7e:de:e5:ed:6e:cb:a5:7d:
         1c:3d:a6:40
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDSJMOx/nqMsP5m1SQtmkoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZTM1M2YzNTAzZjliZmYzMzgxNDUwMDM1NjI4ZTgxYTk2
ZDkwOGYwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTAzNTdlM2E0YzM1ZDNmY2M2ZTk4YTE0MTAzOWQ4MWQ1ZDEyNTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KSIPqAhnRDkr0+nXk3ggZcFlwFt
hsKXNOoWLTUyiy0kyqjPCl+QAMOOH+UShIQZjtYHhaCq18dzZJjp4+4eDRNb0w4A
Z30ES/QCYyILs3z8Vl1VPkKVxnST7k2+n/hUlm2DiB/BKeDMM13k9TQaeL/jYwpK
TpLib5L8mClR6GaWB/4rG92Oc9MSA4fg60iwx4yJMbOGtbmc8vVESbOZxJf22/5P
5XdHZlS4ocelB+5VkAx/fcYwB7RDZyM1F/Ce1w/q+fNpY2VFarbUxEGCXKUC9++w
BHDmIbAokTYxhD1K/EDu3Ivxj6TTRTu5IPPehVKL/y32ilZqMS46Pmo4bwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPUDV+Okw10/zG6YoUEDnYHV0SUDMB8GA1UdIwQY
MBaAFC7jU/NQP5v/M4FFADVijoGpbZCPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHVOVDgxQV9tXzh6Z1VVQU5XS09nYWx0a0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9hMDY3YzMtNmJhOC00NWYzLThkNjIt
MmZkYTZhNTY1MDEzLzEvOVFOWDQ2VERYVF9NYnBpaFFRT2RnZFhSSlFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9hMDY3YzMtNmJhOC00NWYzLThkNjItMmZkYTZhNTY1MDEz
LzEvTHVOVDgxQV9tXzh6Z1VVQU5XS09nYWx0a0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhmcwDQYJ
KoZIhvcNAQELBQADggEBAE1GhNR1KDxKD2z7K3tQX8KCvJiuB/FqahDzAaL3sqyq
38rJJJBEk1M3ZWi8T/DTggKNLfVcoBvdydDlyKueSArZ/0aXqw0dFfWsal1qHP5p
7YWA5PqLLdlZlCDdfUJBfTCBuDFiGAlNRjNS9VUM/m2x07tQkKgy/zdoB+DIln9R
FRJH2Nrh2VFnshxD2njh4lpera1l1Whf0xXj6G09P3iS/vjg0gtP0T+VNlKQXUGY
bWt/K/s3Qsn+stcVClW4TJHU/Zq6/NUhC2rlj8vVPPIJuYnQRxqZxOHXCj9ktXyO
DrAf2ILS74trz4Mt7JiAcTkOA1Z+3uXtbsulfRw9pkA=
-----END CERTIFICATE-----