Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/bTBH0Ey8mfNclPT8nJHOIGhxkZc.roa
File:                     bTBH0Ey8mfNclPT8nJHOIGhxkZc.roa (raw, json)
Hash identifier:          75dIjuGrNJrGWF16H7RJVXVTUYqAHnsLxy0NJFria2Y=
Subject key identifier:   6D:30:47:D0:4C:BC:99:F3:5C:94:F4:FC:9C:91:CE:20:68:71:91:97
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       018CC86F3703A254F44E41DE5ABD33E7E572
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/bTBH0Ey8mfNclPT8nJHOIGhxkZc.roa
Signing time:             Tue 02 Jan 2024 04:29:40 +0000
ROA not before:           Tue 02 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        109.107.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:37:03:a2:54:f4:4e:41:de:5a:bd:33:e7:e5:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d3047d04cbc99f35c94f4fc9c91ce2068719197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a8:2e:4e:29:40:8e:9d:cf:49:5b:c4:ac:44:
                    b0:49:a8:dc:a8:d6:fb:6d:6b:81:b2:1e:7c:b4:2c:
                    e5:a4:b8:6c:70:21:47:6b:71:b9:9a:ad:ed:b6:62:
                    2a:e5:3a:6d:c2:1d:0c:57:c4:08:d9:af:10:6d:6e:
                    2f:26:45:3e:17:fc:ac:df:95:b9:86:b7:b9:67:e3:
                    c6:b9:ec:ed:f7:66:1a:47:0b:ff:30:4f:7d:8f:2c:
                    42:9d:d7:f1:56:2f:f6:69:44:46:50:18:d1:14:db:
                    ea:6d:cb:32:2f:ad:4b:34:1c:d7:33:78:e6:ee:4d:
                    61:96:e4:94:50:e6:db:a1:8a:f1:95:77:ab:31:c5:
                    26:a5:e7:7f:70:b5:2b:dd:25:5f:75:b1:23:75:e7:
                    57:a5:26:53:de:d4:38:c1:e4:61:9e:18:73:76:13:
                    43:c0:95:ff:61:fe:8a:4f:a3:eb:b1:89:e8:b9:80:
                    58:28:7e:79:9d:89:ea:5b:6e:6e:ad:e1:fb:f3:9d:
                    56:aa:e1:61:c5:eb:35:1f:52:8d:8f:cf:83:2e:94:
                    d8:b1:c0:9c:b8:6b:b1:f3:be:69:63:a4:d2:29:a0:
                    05:06:57:f5:b8:7a:50:af:65:70:a5:f7:4f:b1:22:
                    d0:af:0f:87:ec:d4:42:b4:7a:2f:b4:fe:03:40:8a:
                    e2:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:30:47:D0:4C:BC:99:F3:5C:94:F4:FC:9C:91:CE:20:68:71:91:97
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/bTBH0Ey8mfNclPT8nJHOIGhxkZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:02:21:76:57:cc:c8:3c:4d:44:ff:78:95:6d:8c:fd:4e:73:
         98:e0:34:3f:10:6c:00:c7:80:c1:2b:7d:af:f4:81:1e:4e:6f:
         11:05:a1:11:cf:40:91:b0:84:9e:f2:7b:95:6c:e5:70:37:ef:
         f2:80:58:1c:06:18:2d:1c:fa:ee:1e:af:e5:d1:3d:70:93:e3:
         f0:0d:1e:b2:02:23:e2:d7:72:af:6d:9a:bb:b1:04:c5:fa:44:
         0d:d7:6c:a6:19:68:bf:aa:63:da:cc:4f:c2:19:4b:ef:9a:4b:
         45:2a:f5:a4:13:17:78:b3:1d:55:4b:03:1b:d1:80:06:37:7a:
         63:55:94:a4:b2:43:0c:bb:1b:29:40:cd:a5:e8:1c:5d:ac:1c:
         86:6c:bb:73:9c:f2:50:0a:b7:4f:2f:03:49:a7:0d:9b:5d:74:
         78:92:df:06:71:39:50:86:fe:d7:32:0c:06:e6:23:2f:1a:40:
         9c:40:9d:25:f4:bf:6d:3f:08:54:44:a5:66:d4:bf:f5:53:0b:
         29:dc:73:d8:61:d3:d4:64:de:af:89:26:82:8a:64:dd:43:ac:
         1b:72:fa:61:5c:ed:2e:23:7b:1a:5d:99:ae:bc:86:f2:35:db:
         1c:71:b4:5a:f0:d6:b2:7f:fa:e6:e6:bc:cf:88:b9:9d:07:c6:
         68:71:47:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzcDolT0TkHeWr0z5+VyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwMTAyMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDMwNDdkMDRjYmM5OWYzNWM5NGY0ZmM5YzkxY2UyMDY4NzE5MTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKguTilAjp3PSVvErESwSajcqNb7
bWuBsh58tCzlpLhscCFHa3G5mq3ttmIq5Tptwh0MV8QI2a8QbW4vJkU+F/ys35W5
hre5Z+PGuezt92YaRwv/ME99jyxCndfxVi/2aURGUBjRFNvqbcsyL61LNBzXM3jm
7k1hluSUUObboYrxlXerMcUmped/cLUr3SVfdbEjdedXpSZT3tQ4weRhnhhzdhND
wJX/Yf6KT6PrsYnouYBYKH55nYnqW25ureH7851WquFhxes1H1KNj8+DLpTYscCc
uGux875pY6TSKaAFBlf1uHpQr2VwpfdPsSLQrw+H7NRCtHovtP4DQIriXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0wR9BMvJnzXJT0/JyRziBocZGXMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvYlRCSDBFeThtZk5jbFBUOG5KSE9JR2h4a1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuEMA0G
CSqGSIb3DQEBCwUAA4IBAQAdAiF2V8zIPE1E/3iVbYz9TnOY4DQ/EGwAx4DBK32v
9IEeTm8RBaERz0CRsISe8nuVbOVwN+/ygFgcBhgtHPruHq/l0T1wk+PwDR6yAiPi
13KvbZq7sQTF+kQN12ymGWi/qmPazE/CGUvvmktFKvWkExd4sx1VSwMb0YAGN3pj
VZSkskMMuxspQM2l6BxdrByGbLtznPJQCrdPLwNJpw2bXXR4kt8GcTlQhv7XMgwG
5iMvGkCcQJ0l9L9tPwhURKVm1L/1Uwsp3HPYYdPUZN6viSaCimTdQ6wbcvphXO0u
I3saXZmuvIbyNdsccbRa8Nayf/rm5rzPiLmdB8ZocUcz
-----END CERTIFICATE-----