Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/32b61c-ce82-463c-8f64-2775de5202fb/1/l6iV3AiKfJ2Hjm6_ssWn98sx0IY.roa
File:                     l6iV3AiKfJ2Hjm6_ssWn98sx0IY.roa (raw, json)
Hash identifier:          2eIlpLUEGU7unQsoTNsr6I109gKlnx/jB8u4anix078=
Subject key identifier:   97:A8:95:DC:08:8A:7C:9D:87:8E:6E:BF:B2:C5:A7:F7:CB:31:D0:86
Certificate issuer:       /CN=9e4274f139bd669aaef774d6503b28d996637bbd
Certificate serial:       018CC86F87C14ABEEE5D7385B2374E294D95
Authority key identifier: 9E:42:74:F1:39:BD:66:9A:AE:F7:74:D6:50:3B:28:D9:96:63:7B:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkJ08Tm9Zpqu93TWUDso2ZZje70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/32b61c-ce82-463c-8f64-2775de5202fb/1/l6iV3AiKfJ2Hjm6_ssWn98sx0IY.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9136
IP address blocks:        46.17.108.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/32b61c-ce82-463c-8f64-2775de5202fb/1/nkJ08Tm9Zpqu93TWUDso2ZZje70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/32b61c-ce82-463c-8f64-2775de5202fb/1/nkJ08Tm9Zpqu93TWUDso2ZZje70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkJ08Tm9Zpqu93TWUDso2ZZje70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:87:c1:4a:be:ee:5d:73:85:b2:37:4e:29:4d:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e4274f139bd669aaef774d6503b28d996637bbd
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97a895dc088a7c9d878e6ebfb2c5a7f7cb31d086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:dc:b7:bd:19:2a:ab:c6:88:4c:c1:f8:14:91:
                    04:b6:0a:57:e7:5c:c3:0c:33:a7:c7:aa:21:2e:18:
                    9c:61:11:8d:d3:aa:13:f9:ae:29:fe:ca:2d:a7:5e:
                    12:78:62:d4:25:19:7d:de:ee:e5:d7:e7:58:c3:55:
                    6b:07:73:2a:33:72:41:c3:e2:32:85:ae:3b:67:e7:
                    23:6e:7c:59:8b:72:a7:4d:fe:f8:85:55:e7:e6:a1:
                    18:aa:26:2f:0e:81:32:9e:7f:58:86:06:1b:3d:bc:
                    32:bc:82:ef:d3:16:81:b8:51:be:cd:1a:2d:ea:08:
                    e4:d2:84:bf:af:45:ec:7f:b3:2b:c6:a1:c4:72:a9:
                    27:3b:4d:ce:d3:ea:92:61:82:47:80:31:db:6d:73:
                    e3:62:94:78:53:b1:57:52:5d:73:f1:88:a2:19:2b:
                    90:5f:5e:27:d0:6e:c6:1d:0d:3a:c3:47:96:7a:23:
                    18:26:19:2a:5a:85:62:bb:eb:43:61:2d:27:f3:af:
                    b2:10:10:c6:bf:d7:11:1b:f0:16:e1:e3:f8:87:de:
                    a1:46:ce:5d:b0:de:66:04:47:9b:d6:0f:1b:d0:13:
                    04:be:f5:6e:c0:a4:78:b9:38:80:f9:96:81:76:96:
                    5a:46:18:be:92:2b:4f:55:4a:64:e4:11:07:63:f5:
                    9e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:A8:95:DC:08:8A:7C:9D:87:8E:6E:BF:B2:C5:A7:F7:CB:31:D0:86
            X509v3 Authority Key Identifier:
                keyid:9E:42:74:F1:39:BD:66:9A:AE:F7:74:D6:50:3B:28:D9:96:63:7B:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkJ08Tm9Zpqu93TWUDso2ZZje70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/32b61c-ce82-463c-8f64-2775de5202fb/1/l6iV3AiKfJ2Hjm6_ssWn98sx0IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/32b61c-ce82-463c-8f64-2775de5202fb/1/nkJ08Tm9Zpqu93TWUDso2ZZje70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:5f:a1:fd:05:ea:a6:a3:cb:53:ca:11:f4:42:f2:57:e6:12:
         9c:16:fc:f5:35:7e:5a:fb:a0:1a:c8:c0:00:9e:c7:4f:2f:16:
         2e:36:a8:c4:33:00:37:4c:83:cd:16:8b:2a:30:97:8f:c2:94:
         8a:66:d3:24:8e:e9:b8:6f:b6:e1:29:82:db:ac:e7:a9:5f:5b:
         25:a9:d0:52:37:84:58:5d:e6:e4:80:a6:05:1e:14:68:c3:1f:
         c5:36:60:bd:db:ba:dc:f0:ef:e3:3b:46:10:51:41:8b:f3:40:
         b7:59:94:5b:e1:d8:d8:2a:fc:51:78:39:17:04:59:bf:9c:ef:
         df:3d:a1:9c:30:90:6f:ac:d5:af:13:73:f0:d5:07:5e:6b:d8:
         3c:d4:62:2b:26:45:e4:4a:93:fb:23:91:55:b8:3d:a5:81:85:
         1f:72:b0:9f:ca:5b:bf:32:50:0a:44:c5:f8:02:95:c8:26:b9:
         0d:cb:33:0f:34:0d:8c:82:59:9f:4c:b1:3b:e2:13:73:73:a8:
         e4:db:ab:81:07:3f:56:0a:60:1d:b7:b6:71:ca:ed:16:2c:d5:
         1e:7f:6a:ee:46:21:27:c2:65:40:ec:db:f8:ae:c9:e2:a7:66:
         19:fa:80:18:5c:96:07:9d:14:a2:69:30:90:21:bc:00:98:c5:
         13:2c:e2:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4fBSr7uXXOFsjdOKU2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDI3NGYxMzliZDY2OWFhZWY3NzRkNjUwM2IyOGQ5OTY2
MzdiYmQwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2E4OTVkYzA4OGE3YzlkODc4ZTZlYmZiMmM1YTdmN2NiMzFkMDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09y3vRkqq8aITMH4FJEEtgpX51zD
DDOnx6ohLhicYRGN06oT+a4p/sotp14SeGLUJRl93u7l1+dYw1VrB3MqM3JBw+Iy
ha47Z+cjbnxZi3KnTf74hVXn5qEYqiYvDoEynn9YhgYbPbwyvILv0xaBuFG+zRot
6gjk0oS/r0Xsf7MrxqHEcqknO03O0+qSYYJHgDHbbXPjYpR4U7FXUl1z8YiiGSuQ
X14n0G7GHQ06w0eWeiMYJhkqWoViu+tDYS0n86+yEBDGv9cRG/AW4eP4h96hRs5d
sN5mBEeb1g8b0BMEvvVuwKR4uTiA+ZaBdpZaRhi+kitPVUpk5BEHY/WehwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJeoldwIinydh45uv7LFp/fLMdCGMB8GA1UdIwQY
MBaAFJ5CdPE5vWaarvd01lA7KNmWY3u9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtKMDhUbTlacHF1OTNUV1VEc28yWlpqZTcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8zMmI2MWMtY2U4Mi00NjNjLThmNjQt
Mjc3NWRlNTIwMmZiLzEvbDZpVjNBaUtmSjJIam02X3NzV245OHN4MElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8zMmI2MWMtY2U4Mi00NjNjLThmNjQtMjc3NWRlNTIwMmZi
LzEvbmtKMDhUbTlacHF1OTNUV1VEc28yWlpqZTcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLhFsMA0G
CSqGSIb3DQEBCwUAA4IBAQApX6H9Beqmo8tTyhH0QvJX5hKcFvz1NX5a+6AayMAA
nsdPLxYuNqjEMwA3TIPNFosqMJePwpSKZtMkjum4b7bhKYLbrOepX1slqdBSN4RY
XebkgKYFHhRowx/FNmC927rc8O/jO0YQUUGL80C3WZRb4djYKvxReDkXBFm/nO/f
PaGcMJBvrNWvE3Pw1Qdea9g81GIrJkXkSpP7I5FVuD2lgYUfcrCfylu/MlAKRMX4
ApXIJrkNyzMPNA2MglmfTLE74hNzc6jk26uBBz9WCmAdt7Zxyu0WLNUef2ruRiEn
wmVA7Nv4rsnip2YZ+oAYXJYHnRSiaTCQIbwAmMUTLOI5
-----END CERTIFICATE-----