Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/i0G4p4b9JoKkUGIUsPqRT_e096A.roa
File:                     i0G4p4b9JoKkUGIUsPqRT_e096A.roa (raw, json)
Hash identifier:          IScU3yYe5R3vV9AOHHfDz0qlBBeF5a71RroHFlI9obE=
Subject key identifier:   8B:41:B8:A7:86:FD:26:82:A4:50:62:14:B0:FA:91:4F:F7:B4:F7:A0
Certificate issuer:       /CN=c99135e587cbb38be1eb7b6de9c48029d045d273
Certificate serial:       019223939A2CCB9B503D5EA95E6C1DC46490
Authority key identifier: C9:91:35:E5:87:CB:B3:8B:E1:EB:7B:6D:E9:C4:80:29:D0:45:D2:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yZE15YfLs4vh63tt6cSAKdBF0nM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/i0G4p4b9JoKkUGIUsPqRT_e096A.roa
Signing time:             Tue 24 Sep 2024 10:28:48 +0000
ROA not before:           Tue 24 Sep 2024 10:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        62.108.88.0/22 maxlen: 24
                          62.108.92.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/yZE15YfLs4vh63tt6cSAKdBF0nM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/yZE15YfLs4vh63tt6cSAKdBF0nM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yZE15YfLs4vh63tt6cSAKdBF0nM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:23:93:9a:2c:cb:9b:50:3d:5e:a9:5e:6c:1d:c4:64:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c99135e587cbb38be1eb7b6de9c48029d045d273
        Validity
            Not Before: Sep 24 10:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b41b8a786fd2682a4506214b0fa914ff7b4f7a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fe:31:d9:fe:2c:91:c0:a7:80:52:93:7e:b6:
                    a3:81:3e:26:3c:f8:7f:14:49:ea:92:51:29:df:88:
                    19:12:e7:66:b9:c8:07:db:06:4c:5f:cd:fa:c1:7f:
                    15:09:1c:e6:ee:ac:ef:eb:e8:c8:f6:76:e0:e9:70:
                    47:aa:c5:b6:d1:51:16:1c:38:58:a9:1d:c1:3f:2f:
                    cc:41:e3:62:f4:fa:24:7b:09:49:67:cd:8d:20:e7:
                    8f:87:08:d2:53:b6:7a:9e:fa:fc:c2:67:98:97:ce:
                    3a:3c:3b:9e:7c:39:6d:bf:96:3a:2e:fc:27:b6:0e:
                    17:48:50:6a:9c:24:08:97:da:30:29:76:d3:a1:22:
                    03:06:f3:a8:8a:35:9f:e5:c2:56:e8:d7:33:6b:8e:
                    d4:b9:d7:86:1a:bd:c3:d3:bc:29:c8:f4:1f:a4:66:
                    11:d9:c0:04:84:b3:b8:f7:9f:0d:cb:f1:a2:38:66:
                    9f:9f:01:b3:ea:c0:fa:ba:54:8f:08:fe:3a:ba:1d:
                    b4:38:ea:25:a4:09:8c:dd:d1:17:22:0c:6f:37:93:
                    35:a6:c4:2f:84:c0:70:64:32:a1:9d:c4:b5:76:aa:
                    75:a7:d6:18:6a:4b:66:0b:6f:c0:e8:15:6a:53:92:
                    18:08:06:c6:8c:17:f2:38:60:d7:7e:0e:18:f2:32:
                    dc:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:41:B8:A7:86:FD:26:82:A4:50:62:14:B0:FA:91:4F:F7:B4:F7:A0
            X509v3 Authority Key Identifier:
                keyid:C9:91:35:E5:87:CB:B3:8B:E1:EB:7B:6D:E9:C4:80:29:D0:45:D2:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yZE15YfLs4vh63tt6cSAKdBF0nM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/i0G4p4b9JoKkUGIUsPqRT_e096A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/30951e-a309-45c3-ba16-134d953ca093/1/yZE15YfLs4vh63tt6cSAKdBF0nM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         47:db:e4:91:3c:ac:e9:f3:5a:69:c5:38:ea:79:d1:45:e2:81:
         0d:57:c1:51:3c:f1:26:b9:df:73:d4:72:b8:d3:15:0a:87:dc:
         5c:82:eb:9e:10:7c:c4:8a:1b:02:a3:55:8e:28:7b:56:20:8e:
         63:7f:d0:75:67:70:1c:5e:98:39:47:c3:57:3c:be:28:53:41:
         10:65:18:20:e8:71:f8:b4:9f:a0:72:e3:d3:cf:6b:ca:bb:7d:
         9a:a0:27:d8:4e:68:8f:8a:3f:0e:30:ef:84:bb:fe:98:b4:b9:
         42:b9:a9:b6:f2:9e:6c:a1:a5:87:2d:2c:3f:4e:ad:11:32:a4:
         3f:b7:c6:b9:00:d9:3a:a7:96:cf:7b:61:f1:34:1d:dd:5e:05:
         33:87:e9:d0:60:70:7e:0b:a1:70:b4:3a:14:58:bd:3e:d5:64:
         a4:e7:67:db:9d:93:9a:f3:01:75:13:d1:43:85:20:86:35:fa:
         23:1a:c1:b5:58:4e:4d:b3:dd:62:f0:26:df:b7:a0:84:74:75:
         e5:15:9d:18:29:6b:73:23:1d:b1:ca:71:21:b0:f7:f5:6a:ae:
         67:35:ff:36:bb:b9:08:5c:42:dd:38:a5:a8:a6:2f:d2:3d:ba:
         a0:b8:6f:cb:a5:1d:8b:97:81:da:bb:49:73:31:ca:7a:e0:9f:
         cd:17:ba:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIjk5osy5tQPV6pXmwdxGSQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OTEzNWU1ODdjYmIzOGJlMWViN2I2ZGU5YzQ4MDI5ZDA0
NWQyNzMwHhcNMjQwOTI0MTAyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjQxYjhhNzg2ZmQyNjgyYTQ1MDYyMTRiMGZhOTE0ZmY3YjRmN2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/4x2f4skcCngFKTfrajgT4mPPh/
FEnqklEp34gZEudmucgH2wZMX836wX8VCRzm7qzv6+jI9nbg6XBHqsW20VEWHDhY
qR3BPy/MQeNi9PokewlJZ82NIOePhwjSU7Z6nvr8wmeYl846PDuefDltv5Y6Lvwn
tg4XSFBqnCQIl9owKXbToSIDBvOoijWf5cJW6Ncza47UudeGGr3D07wpyPQfpGYR
2cAEhLO4958Ny/GiOGafnwGz6sD6ulSPCP46uh20OOolpAmM3dEXIgxvN5M1psQv
hMBwZDKhncS1dqp1p9YYaktmC2/A6BVqU5IYCAbGjBfyOGDXfg4Y8jLcsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFItBuKeG/SaCpFBiFLD6kU/3tPegMB8GA1UdIwQY
MBaAFMmRNeWHy7OL4et7benEgCnQRdJzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVpFMTVZZkxzNHZoNjN0dDZjU0FLZEJGMG5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8zMDk1MWUtYTMwOS00NWMzLWJhMTYt
MTM0ZDk1M2NhMDkzLzEvaTBHNHA0YjlKb0trVUdJVXNQcVJUX2UwOTZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8zMDk1MWUtYTMwOS00NWMzLWJhMTYtMTM0ZDk1M2NhMDkz
LzEveVpFMTVZZkxzNHZoNjN0dDZjU0FLZEJGMG5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPmxYMA0G
CSqGSIb3DQEBCwUAA4IBAQBH2+SRPKzp81ppxTjqedFF4oENV8FRPPEmud9z1HK4
0xUKh9xcguueEHzEihsCo1WOKHtWII5jf9B1Z3AcXpg5R8NXPL4oU0EQZRgg6HH4
tJ+gcuPTz2vKu32aoCfYTmiPij8OMO+Eu/6YtLlCuam28p5soaWHLSw/Tq0RMqQ/
t8a5ANk6p5bPe2HxNB3dXgUzh+nQYHB+C6FwtDoUWL0+1WSk52fbnZOa8wF1E9FD
hSCGNfojGsG1WE5Ns91i8Cbft6CEdHXlFZ0YKWtzIx2xynEhsPf1aq5nNf82u7kI
XELdOKWopi/SPbqguG/LpR2Ll4Hau0lzMcp64J/NF7pb
-----END CERTIFICATE-----