Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/n2yd8fOcYMasO8MdDYaoR_Avhv8.roa
File:                     n2yd8fOcYMasO8MdDYaoR_Avhv8.roa (raw, json)
Hash identifier:          twdeQtw1JQk2v+kMmss/UUyu6ydHc7jRlDc1C+xWDmc=
Subject key identifier:   9F:6C:9D:F1:F3:9C:60:C6:AC:3B:C3:1D:0D:86:A8:47:F0:2F:86:FF
Certificate issuer:       /CN=3deb104463e920b45542b6af1a27d5950e86e9a0
Certificate serial:       018CCA2A3023AE19EA37D57C1C48F43CBB6C
Authority key identifier: 3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/n2yd8fOcYMasO8MdDYaoR_Avhv8.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200640
IP address blocks:        37.34.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:30:23:ae:19:ea:37:d5:7c:1c:48:f4:3c:bb:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3deb104463e920b45542b6af1a27d5950e86e9a0
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f6c9df1f39c60c6ac3bc31d0d86a847f02f86ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:66:b6:f8:4e:15:b4:8f:34:29:2d:c0:3f:70:
                    f6:8f:3a:14:ec:a8:ec:7f:46:11:11:e3:23:24:91:
                    2a:4a:5f:9b:b0:6b:f2:a3:b2:8b:6a:1f:58:86:89:
                    3c:61:be:46:6c:dc:ca:5a:f0:4b:88:7d:0d:6a:84:
                    dc:b1:d7:0b:4f:07:4e:7f:c9:06:c9:71:dd:22:54:
                    9c:5f:03:03:23:ca:0e:91:04:09:ba:88:f8:0d:7c:
                    77:6a:99:c7:00:22:f9:11:9d:16:49:a7:8b:04:36:
                    9f:dd:85:ee:b4:b0:d6:ca:19:17:e6:a0:9b:9f:08:
                    e2:dc:a5:9d:0c:d8:d6:63:98:92:8f:3a:78:1d:36:
                    5f:cf:a4:64:ba:ac:90:d7:86:ea:c9:c3:84:b9:c7:
                    06:1a:45:2d:67:87:cf:d7:b3:54:79:ab:46:f4:d7:
                    da:33:a3:b8:28:fb:38:a5:0e:3a:d7:fe:f1:65:8f:
                    33:21:68:69:16:a7:e8:f8:2a:c0:76:ee:a5:0d:04:
                    3c:95:6c:d3:e8:a0:c9:e0:e3:23:0e:2b:c0:72:cd:
                    66:09:09:38:4a:1a:4a:22:4f:ff:6a:cd:a8:7c:55:
                    c1:9f:ba:db:98:73:2b:5f:e4:89:95:b5:5b:77:d2:
                    88:f1:51:1f:85:37:cf:df:6a:95:87:4e:aa:56:d1:
                    d3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:6C:9D:F1:F3:9C:60:C6:AC:3B:C3:1D:0D:86:A8:47:F0:2F:86:FF
            X509v3 Authority Key Identifier:
                keyid:3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/n2yd8fOcYMasO8MdDYaoR_Avhv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.34.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:71:87:a4:39:98:fa:bd:b4:9f:08:91:f0:b0:81:54:e5:b2:
         5e:8c:f0:ba:2a:6b:f5:83:83:fb:34:a7:0e:25:75:7f:d7:72:
         1c:35:8f:cf:58:a2:e1:72:8c:af:0e:b0:df:07:41:6f:a5:74:
         43:b9:6e:6a:e5:f8:97:97:4b:f1:51:a0:36:0a:f4:48:8b:15:
         2b:5a:b5:c2:9d:f2:ca:0b:a8:a9:1f:9d:e3:04:e8:c6:6d:e2:
         1d:53:d5:be:d5:02:87:b7:b8:c0:fc:4b:36:dd:e0:e7:3b:d1:
         d4:5f:00:17:b7:5a:72:78:28:8d:2d:f8:d0:cc:eb:d6:d6:f7:
         8e:dd:61:4b:d1:d2:0a:d7:67:99:2b:01:4c:c1:a6:68:5b:91:
         bf:31:a9:43:bb:ee:22:2e:9f:fb:15:73:1c:8e:80:fe:da:f1:
         68:d9:25:e7:3c:90:a8:71:1b:3b:21:65:a2:6b:ec:4a:63:54:
         46:fe:b1:c4:f0:13:9b:01:bc:f7:08:43:14:21:f9:79:79:b5:
         3f:31:8a:00:7e:68:3e:99:f7:e6:94:c6:71:a9:84:4b:52:15:
         e1:a3:3e:8b:d1:67:19:2b:fa:df:8a:d1:48:5d:58:3a:33:b3:
         fc:33:6c:3d:a3:f6:fd:e2:74:88:57:a5:e1:a7:da:34:91:3e:
         16:65:c1:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjAjrhnqN9V8HEj0PLtsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZWIxMDQ0NjNlOTIwYjQ1NTQyYjZhZjFhMjdkNTk1MGU4
NmU5YTAwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjZjOWRmMWYzOWM2MGM2YWMzYmMzMWQwZDg2YTg0N2YwMmY4NmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApma2+E4VtI80KS3AP3D2jzoU7Kjs
f0YREeMjJJEqSl+bsGvyo7KLah9Yhok8Yb5GbNzKWvBLiH0NaoTcsdcLTwdOf8kG
yXHdIlScXwMDI8oOkQQJuoj4DXx3apnHACL5EZ0WSaeLBDaf3YXutLDWyhkX5qCb
nwji3KWdDNjWY5iSjzp4HTZfz6RkuqyQ14bqycOEuccGGkUtZ4fP17NUeatG9Nfa
M6O4KPs4pQ461/7xZY8zIWhpFqfo+CrAdu6lDQQ8lWzT6KDJ4OMjDivAcs1mCQk4
ShpKIk//as2ofFXBn7rbmHMrX+SJlbVbd9KI8VEfhTfP32qVh06qVtHThwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9snfHznGDGrDvDHQ2GqEfwL4b/MB8GA1UdIwQY
MBaAFD3rEERj6SC0VUK2rxon1ZUOhumgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMt
MTE5ZDhiZjcxN2JiLzEvbjJ5ZDhmT2NZTWFzTzhNZERZYW9SX0F2aHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMtMTE5ZDhiZjcxN2Ji
LzEvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJSJkMA0G
CSqGSIb3DQEBCwUAA4IBAQCtcYekOZj6vbSfCJHwsIFU5bJejPC6Kmv1g4P7NKcO
JXV/13IcNY/PWKLhcoyvDrDfB0FvpXRDuW5q5fiXl0vxUaA2CvRIixUrWrXCnfLK
C6ipH53jBOjGbeIdU9W+1QKHt7jA/Es23eDnO9HUXwAXt1pyeCiNLfjQzOvW1veO
3WFL0dIK12eZKwFMwaZoW5G/MalDu+4iLp/7FXMcjoD+2vFo2SXnPJCocRs7IWWi
a+xKY1RG/rHE8BObAbz3CEMUIfl5ebU/MYoAfmg+mffmlMZxqYRLUhXhoz6L0WcZ
K/rfitFIXVg6M7P8M2w9o/b94nSIV6Xhp9o0kT4WZcG2
-----END CERTIFICATE-----