Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/V8QFSKivZga1fhM278ghZTZcxBg.roa
File:                     V8QFSKivZga1fhM278ghZTZcxBg.roa (raw, json)
Hash identifier:          g0zBrPdlXyBcwbqZaTTfwf7/IrTp9988KXz05fn9qdQ=
Subject key identifier:   57:C4:05:48:A8:AF:66:06:B5:7E:13:36:EF:C8:21:65:36:5C:C4:18
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       018E18E197002DFA75D0D9824F6203AF6E44
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/V8QFSKivZga1fhM278ghZTZcxBg.roa
Signing time:             Thu 07 Mar 2024 12:27:01 +0000
ROA not before:           Thu 07 Mar 2024 12:27:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202470
IP address blocks:        109.107.146.0/24 maxlen: 24
                          185.218.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 15:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:18:e1:97:00:2d:fa:75:d0:d9:82:4f:62:03:af:6e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: Mar  7 12:27:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57c40548a8af6606b57e1336efc82165365cc418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:33:c4:5f:fe:4e:f7:99:fa:ea:6d:ae:12:32:
                    ad:2c:96:1d:e9:ac:ac:8a:49:00:c3:d1:f6:66:a2:
                    18:79:75:20:b1:85:1b:41:c0:3b:fe:a8:c2:18:b0:
                    b8:c7:8f:89:b0:fd:07:c4:15:4a:84:2a:eb:94:22:
                    b1:63:1e:78:28:db:c7:d6:fd:c3:c4:93:f8:3a:ce:
                    72:57:ef:7d:32:dc:73:66:d0:93:ff:49:87:32:85:
                    ad:c9:50:a1:3a:36:c5:3c:8a:30:26:a0:01:74:3e:
                    2d:8b:e0:d3:15:0b:fd:d7:64:14:63:aa:25:f7:70:
                    00:9f:2b:9f:6f:ce:5f:4b:03:4e:cc:b6:bd:f1:0c:
                    15:12:7c:1b:02:11:78:1c:e2:59:87:9b:27:b0:d3:
                    ca:b1:1a:c4:65:d5:ed:eb:60:93:6d:5e:b4:03:44:
                    1d:a1:df:bf:d5:8f:a1:2c:94:a3:4f:13:00:d5:c2:
                    2d:05:df:b4:0d:47:42:9f:95:5c:b8:32:86:f9:cf:
                    66:22:37:46:6f:c3:e8:49:bd:ec:f1:34:92:ac:99:
                    61:31:6d:da:dd:d6:84:7d:73:63:65:18:35:dd:be:
                    f8:03:ff:17:94:93:eb:05:52:31:e9:ac:b9:c1:6b:
                    81:3d:1a:a1:0f:4b:d0:df:bd:de:4d:26:c9:70:70:
                    67:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:C4:05:48:A8:AF:66:06:B5:7E:13:36:EF:C8:21:65:36:5C:C4:18
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/V8QFSKivZga1fhM278ghZTZcxBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.146.0/24
                  185.218.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:ec:e7:aa:e5:96:f1:de:b8:c7:4f:84:5f:e5:c7:70:5a:24:
         99:0f:81:71:f0:ec:d8:f8:75:83:dc:7c:11:23:55:e7:29:71:
         5d:d5:92:83:1d:ba:01:08:42:7c:93:25:a6:0b:4a:d1:46:f2:
         4f:9e:f2:bd:2c:13:d5:31:d5:9b:96:d0:9b:95:bc:fc:ad:28:
         99:37:35:4f:a5:0d:f6:de:fb:d7:33:5a:8f:51:6c:7f:f8:b7:
         89:bb:f9:03:e2:f5:38:5f:23:f0:b4:a4:00:76:ac:78:8e:27:
         36:06:c6:21:82:2a:7d:6c:c2:c7:b7:10:39:9c:40:75:98:40:
         fc:d1:8a:d9:97:75:b2:d3:f7:c8:4b:75:c3:90:a3:55:3c:f9:
         e0:e4:97:e6:0f:18:2c:34:65:54:c2:ad:45:60:3a:0a:24:9d:
         77:ab:c6:a0:ad:a4:36:1f:9c:f9:bb:cb:50:97:a5:56:6b:06:
         b7:a7:3b:3d:2f:f7:96:6c:5b:22:39:88:29:5f:c0:51:47:9b:
         22:58:ae:08:f5:0f:bc:4a:39:46:0e:b3:15:00:c3:de:89:0b:
         30:7b:1b:47:45:ab:ff:81:7d:59:71:44:a9:05:9b:ae:10:7d:
         c0:d5:34:8a:a1:bc:39:26:11:d6:9d:8f:80:ce:bd:8c:7c:20:
         7b:c8:b6:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4Y4ZcALfp10NmCT2IDr25EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjQwMzA3MTIyNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2M0MDU0OGE4YWY2NjA2YjU3ZTEzMzZlZmM4MjE2NTM2NWNjNDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjPEX/5O95n66m2uEjKtLJYd6ays
ikkAw9H2ZqIYeXUgsYUbQcA7/qjCGLC4x4+JsP0HxBVKhCrrlCKxYx54KNvH1v3D
xJP4Os5yV+99MtxzZtCT/0mHMoWtyVChOjbFPIowJqABdD4ti+DTFQv912QUY6ol
93AAnyufb85fSwNOzLa98QwVEnwbAhF4HOJZh5snsNPKsRrEZdXt62CTbV60A0Qd
od+/1Y+hLJSjTxMA1cItBd+0DUdCn5VcuDKG+c9mIjdGb8PoSb3s8TSSrJlhMW3a
3daEfXNjZRg13b74A/8XlJPrBVIx6ay5wWuBPRqhD0vQ373eTSbJcHBn6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFfEBUior2YGtX4TNu/IIWU2XMQYMB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvVjhRRlNLaXZaZ2ExZmhNMjc4Z2haVFpjeEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbWuSAwQA
udq4MA0GCSqGSIb3DQEBCwUAA4IBAQAs7Oeq5Zbx3rjHT4Rf5cdwWiSZD4Fx8OzY
+HWD3HwRI1XnKXFd1ZKDHboBCEJ8kyWmC0rRRvJPnvK9LBPVMdWbltCblbz8rSiZ
NzVPpQ323vvXM1qPUWx/+LeJu/kD4vU4XyPwtKQAdqx4jic2BsYhgip9bMLHtxA5
nEB1mED80YrZl3Wy0/fIS3XDkKNVPPng5JfmDxgsNGVUwq1FYDoKJJ13q8agraQ2
H5z5u8tQl6VWawa3pzs9L/eWbFsiOYgpX8BRR5siWK4I9Q+8SjlGDrMVAMPeiQsw
extHRav/gX1ZcUSpBZuuEH3A1TSKobw5JhHWnY+Azr2MfCB7yLbm
-----END CERTIFICATE-----