Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/119d34-407a-429e-9056-7628cbaf0ec8/1/B9MKzww61IiyLbuTlJd6o9PMRoE.roa
File:                     B9MKzww61IiyLbuTlJd6o9PMRoE.roa (raw, json)
Hash identifier:          DkkLksIxIpo43cd1h1AMlFWfpw2/0Josq6kmWIvqO+Q=
Subject key identifier:   07:D3:0A:CF:0C:3A:D4:88:B2:2D:BB:93:94:97:7A:A3:D3:CC:46:81
Certificate issuer:       /CN=ab98a8263e063b8a7bd3d7180e7a4aa64953441c
Certificate serial:       018F0AE803D08964CE68D14843732AC82041
Authority key identifier: AB:98:A8:26:3E:06:3B:8A:7B:D3:D7:18:0E:7A:4A:A6:49:53:44:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q5ioJj4GO4p709cYDnpKpklTRBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/119d34-407a-429e-9056-7628cbaf0ec8/1/B9MKzww61IiyLbuTlJd6o9PMRoE.roa
Signing time:             Tue 23 Apr 2024 12:22:08 +0000
ROA not before:           Tue 23 Apr 2024 12:22:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        193.135.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/119d34-407a-429e-9056-7628cbaf0ec8/1/q5ioJj4GO4p709cYDnpKpklTRBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/119d34-407a-429e-9056-7628cbaf0ec8/1/q5ioJj4GO4p709cYDnpKpklTRBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q5ioJj4GO4p709cYDnpKpklTRBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 12:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:e8:03:d0:89:64:ce:68:d1:48:43:73:2a:c8:20:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab98a8263e063b8a7bd3d7180e7a4aa64953441c
        Validity
            Not Before: Apr 23 12:22:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07d30acf0c3ad488b22dbb9394977aa3d3cc4681
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:2d:22:bd:f4:0d:77:0d:73:41:2c:ac:0c:22:
                    61:2e:fb:0b:50:73:63:f0:34:01:e1:d4:ed:25:1c:
                    ce:84:a3:3e:56:ee:ca:50:f6:84:04:5c:bf:52:89:
                    30:5c:34:4a:4a:82:6d:54:63:5d:88:d9:04:fc:f0:
                    1b:f8:60:3e:e3:cb:f4:bb:39:5d:0c:e2:88:51:dc:
                    b7:0f:00:2f:76:0c:0b:7b:26:ab:b2:2a:65:43:6b:
                    46:ec:f1:3e:97:55:c2:17:b9:18:f6:30:51:3b:d2:
                    a1:5e:b7:80:a2:31:ed:50:d9:75:ca:a4:98:a6:0d:
                    8b:7c:4f:2c:4b:9e:6b:94:a8:32:fe:e6:3e:fb:e1:
                    8d:a2:9c:73:1e:18:2d:3c:e3:ae:97:c4:67:b3:7b:
                    da:82:a2:14:f1:3a:fa:f6:85:ae:5d:2e:03:8e:b5:
                    47:a9:df:21:47:61:ec:cf:a0:41:e7:a2:fe:02:c9:
                    83:76:6e:16:d9:31:73:f0:dd:9f:e9:20:2c:70:a9:
                    f9:ca:8e:d5:33:e1:c0:a6:a1:b5:2e:0c:75:75:fd:
                    82:b8:4f:8d:60:82:d3:d3:ea:a9:77:1b:b7:67:36:
                    3b:1a:92:a5:cd:35:af:9c:6e:60:e8:63:45:b7:f8:
                    fd:a8:27:55:41:4c:6a:38:62:77:6c:a3:75:cb:46:
                    da:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D3:0A:CF:0C:3A:D4:88:B2:2D:BB:93:94:97:7A:A3:D3:CC:46:81
            X509v3 Authority Key Identifier:
                keyid:AB:98:A8:26:3E:06:3B:8A:7B:D3:D7:18:0E:7A:4A:A6:49:53:44:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q5ioJj4GO4p709cYDnpKpklTRBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/119d34-407a-429e-9056-7628cbaf0ec8/1/B9MKzww61IiyLbuTlJd6o9PMRoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/119d34-407a-429e-9056-7628cbaf0ec8/1/q5ioJj4GO4p709cYDnpKpklTRBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:71:58:7a:c1:02:66:38:f3:ef:14:d1:55:c4:e6:5a:2d:da:
         06:70:45:5b:8c:54:e5:13:43:28:c7:e5:d5:88:cf:12:a0:76:
         8c:6b:fc:90:10:c1:65:37:8c:39:21:00:6e:e0:a2:84:dd:56:
         ea:af:95:a9:07:a8:22:82:18:f7:b8:d9:a9:2e:d5:ad:78:54:
         8e:aa:54:58:15:57:ca:a7:10:51:2f:92:1a:10:d2:15:51:6e:
         06:64:51:ba:d9:17:77:f8:f6:c6:8c:2b:fd:2a:be:bf:3a:e1:
         b7:bf:da:13:f3:81:0a:1b:9f:b0:50:6a:07:9b:0e:db:5a:28:
         51:af:0a:0a:d8:a2:06:4f:86:1c:cd:c5:77:4c:57:6e:cb:e5:
         cf:62:36:a5:4a:e3:5a:8e:d0:24:fd:d2:f6:62:76:a4:c0:e6:
         a7:e8:45:80:da:3e:84:0f:f3:fd:a5:ed:97:fc:90:10:35:c8:
         98:3a:f6:31:02:35:52:aa:db:30:3f:83:fd:e8:17:50:3f:90:
         d5:f8:b7:02:d0:23:39:fa:16:48:a8:43:9b:cc:1c:5f:aa:a2:
         04:6a:f6:e7:3e:1c:af:37:0f:a0:a4:97:f5:f0:ac:c1:b5:a8:
         66:60:1a:d4:68:72:db:c8:08:27:66:4e:fe:a2:a7:2e:57:58:
         d7:17:56:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8K6APQiWTOaNFIQ3MqyCBBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOThhODI2M2UwNjNiOGE3YmQzZDcxODBlN2E0YWE2NDk1
MzQ0MWMwHhcNMjQwNDIzMTIyMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2QzMGFjZjBjM2FkNDg4YjIyZGJiOTM5NDk3N2FhM2QzY2M0NjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjC0ivfQNdw1zQSysDCJhLvsLUHNj
8DQB4dTtJRzOhKM+Vu7KUPaEBFy/UokwXDRKSoJtVGNdiNkE/PAb+GA+48v0uzld
DOKIUdy3DwAvdgwLeyarsiplQ2tG7PE+l1XCF7kY9jBRO9KhXreAojHtUNl1yqSY
pg2LfE8sS55rlKgy/uY+++GNopxzHhgtPOOul8Rns3vagqIU8Tr69oWuXS4DjrVH
qd8hR2Hsz6BB56L+AsmDdm4W2TFz8N2f6SAscKn5yo7VM+HApqG1Lgx1df2CuE+N
YILT0+qpdxu3ZzY7GpKlzTWvnG5g6GNFt/j9qCdVQUxqOGJ3bKN1y0baAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfTCs8MOtSIsi27k5SXeqPTzEaBMB8GA1UdIwQY
MBaAFKuYqCY+BjuKe9PXGA56SqZJU0QcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTVpb0pqNEdPNHA3MDljWURucEtwa2xUUkJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8xMTlkMzQtNDA3YS00MjllLTkwNTYt
NzYyOGNiYWYwZWM4LzEvQjlNS3p3dzYxSWl5TGJ1VGxKZDZvOVBNUm9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8xMTlkMzQtNDA3YS00MjllLTkwNTYtNzYyOGNiYWYwZWM4
LzEvcTVpb0pqNEdPNHA3MDljWURucEtwa2xUUkJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYcZMA0G
CSqGSIb3DQEBCwUAA4IBAQC8cVh6wQJmOPPvFNFVxOZaLdoGcEVbjFTlE0Mox+XV
iM8SoHaMa/yQEMFlN4w5IQBu4KKE3Vbqr5WpB6gighj3uNmpLtWteFSOqlRYFVfK
pxBRL5IaENIVUW4GZFG62Rd3+PbGjCv9Kr6/OuG3v9oT84EKG5+wUGoHmw7bWihR
rwoK2KIGT4YczcV3TFduy+XPYjalSuNajtAk/dL2YnakwOan6EWA2j6ED/P9pe2X
/JAQNciYOvYxAjVSqtswP4P96BdQP5DV+LcC0CM5+hZIqEObzBxfqqIEavbnPhyv
Nw+gpJf18KzBtahmYBrUaHLbyAgnZk7+oqcuV1jXF1b3
-----END CERTIFICATE-----