Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/a2396c-2dfd-45f6-aa34-54c1dc574145/1/4k-uDchKDJDrphrTTY7iOo5OQX8.roa
File:                     4k-uDchKDJDrphrTTY7iOo5OQX8.roa (download)
Hash identifier:          H/gxUEjoJIbXPOaSxgwbwtIIvMof8Q8WFbFGccxyXBc=
Subject key identifier:   E2:4F:AE:0D:C8:4A:0C:90:EB:A6:1A:D3:4D:8E:E2:3A:8E:4E:41:7F
Certificate issuer:       /CN=686f0a4da2373205ef3445d28e260c284684b74b
Certificate serial:       A55277
Authority key identifier: 68:6F:0A:4D:A2:37:32:05:EF:34:45:D2:8E:26:0C:28:46:84:B7:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aG8KTaI3MgXvNEXSjiYMKEaEt0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/a2396c-2dfd-45f6-aa34-54c1dc574145/1/4k-uDchKDJDrphrTTY7iOo5OQX8.roa
ROA valid until:          Jul 01 00:00:00 2023 GMT
asID:                     1239
IP address blocks:
    1: 109.107.143.0/24 maxlen: 24

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10834551 (0xa55277)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=686f0a4da2373205ef3445d28e260c284684b74b
        Validity
            Not Before: Jan  1 02:56:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e24fae0dc84a0c90eba61ad34d8ee23a8e4e417f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:02:bf:82:46:3a:e3:ad:c7:38:a8:67:ea:b5:
                    85:18:61:4f:70:b0:86:16:7b:d9:91:6d:f6:1a:2b:
                    e9:59:82:c7:90:21:97:c7:c3:f5:68:f9:cd:de:ca:
                    63:5a:52:4d:7b:f0:68:6d:7e:cc:77:46:b9:9a:ef:
                    ee:ac:c5:9b:dd:5d:53:69:00:96:91:6c:4b:73:b0:
                    7f:fa:33:ee:ef:7c:7d:f1:4b:78:55:fc:74:95:bb:
                    11:88:69:1c:99:ec:0d:cf:7d:7f:8a:ba:50:23:9f:
                    20:0e:1e:c0:36:db:0b:73:4c:03:c5:24:4e:21:c3:
                    f5:48:6e:ec:6a:2c:36:f1:41:bc:42:13:a9:78:ef:
                    b8:97:b0:0b:95:14:36:09:b6:6a:4f:41:cb:0c:af:
                    6c:33:85:26:b7:ac:7b:6e:d4:9f:29:62:53:d9:34:
                    a9:f5:99:c6:16:85:e2:3d:69:f0:35:bb:1e:12:2c:
                    83:3c:a7:ca:e2:c2:0d:1a:31:e6:e1:b4:a8:04:a6:
                    0a:97:c0:4b:52:0c:f8:91:e3:21:db:c9:d2:d2:b6:
                    c1:ee:af:99:29:fe:cc:f1:75:a1:7d:58:47:37:09:
                    41:73:7e:c9:ae:a1:c8:07:06:7a:a1:85:3c:38:5f:
                    0a:14:8a:06:80:bf:09:c3:27:11:1b:77:e2:cb:f9:
                    6d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                E2:4F:AE:0D:C8:4A:0C:90:EB:A6:1A:D3:4D:8E:E2:3A:8E:4E:41:7F
            X509v3 Authority Key Identifier: 
                keyid:68:6F:0A:4D:A2:37:32:05:EF:34:45:D2:8E:26:0C:28:46:84:B7:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aG8KTaI3MgXvNEXSjiYMKEaEt0s.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/a2396c-2dfd-45f6-aa34-54c1dc574145/1/4k-uDchKDJDrphrTTY7iOo5OQX8.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/a2396c-2dfd-45f6-aa34-54c1dc574145/1/aG8KTaI3MgXvNEXSjiYMKEaEt0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:bb:88:44:7a:d6:9c:5d:35:f1:33:6b:0a:a8:ea:cf:b4:c5:
         dd:f6:80:f4:34:8c:45:a6:24:00:a4:73:a1:12:c1:96:9c:9f:
         7c:48:b7:11:6a:cf:0e:64:07:c8:54:68:29:13:fa:c5:dd:78:
         0f:93:5a:35:36:ba:20:c0:61:45:c1:9a:0c:26:a9:e3:b3:90:
         d5:0d:6d:0c:94:20:82:ae:d8:cd:a8:85:d4:c3:95:4f:69:2b:
         e0:f4:ba:5d:28:be:2c:cc:4a:e1:e1:2d:29:17:2b:c8:0a:34:
         d7:8f:5d:26:bc:a0:9a:b2:e4:07:80:84:62:b2:9f:71:6d:d6:
         12:b5:d8:40:b7:3b:1b:24:f6:b3:a4:60:6b:97:e9:af:9e:9d:
         c9:fd:93:7d:cd:31:06:28:e1:6d:ce:43:22:0a:a1:eb:3c:43:
         3c:de:98:f0:af:d0:0f:6f:88:b3:35:7c:0c:39:3f:c3:43:b7:
         7d:2a:e3:26:9c:ff:82:d4:45:7f:ba:5a:4a:b9:6a:84:b2:57:
         df:14:84:37:bb:8b:e2:d2:9c:f7:52:28:02:ee:8f:3c:ec:f9:
         07:5d:1e:8b:18:88:e1:2c:ad:a6:8f:84:47:8f:8e:70:fb:1e:
         cc:d8:b6:05:89:b5:33:31:0a:d5:bf:2d:b2:3d:75:db:17:1e:
         8e:55:23:ac
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAKVSdzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ODZmMGE0ZGEyMzczMjA1ZWYzNDQ1ZDI4ZTI2MGMyODQ2ODRiNzRiMB4XDTIyMDEw
MTAyNTYwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTI0ZmFlMGRjODRh
MGM5MGViYTYxYWQzNGQ4ZWUyM2E4ZTRlNDE3ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANUCv4JGOuOtxzioZ+q1hRhhT3CwhhZ72ZFt9hor6VmCx5Ah
l8fD9Wj5zd7KY1pSTXvwaG1+zHdGuZrv7qzFm91dU2kAlpFsS3Owf/oz7u98ffFL
eFX8dJW7EYhpHJnsDc99f4q6UCOfIA4ewDbbC3NMA8UkTiHD9Uhu7GosNvFBvEIT
qXjvuJewC5UUNgm2ak9BywyvbDOFJrese27UnyliU9k0qfWZxhaF4j1p8DW7HhIs
gzynyuLCDRox5uG0qASmCpfAS1IM+JHjIdvJ0tK2we6vmSn+zPF1oX1YRzcJQXN+
ya6hyAcGeqGFPDhfChSKBoC/CcMnERt34sv5bWsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTiT64NyEoMkOumGtNNjuI6jk5BfzAfBgNVHSMEGDAWgBRobwpNojcyBe80
RdKOJgwoRoS3SzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2FHOEtUYUkzTWdYdk5FWFNqaVlNS0VhRXQwcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWQvYTIzOTZjLTJkZmQtNDVmNi1hYTM0LTU0YzFkYzU3NDE0NS8x
LzRrLXVEY2hLREpEcnBoclRUWTdpT281T1FYOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWQv
YTIzOTZjLTJkZmQtNDVmNi1hYTM0LTU0YzFkYzU3NDE0NS8xL2FHOEtUYUkzTWdY
dk5FWFNqaVlNS0VhRXQwcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG1rjzANBgkqhkiG9w0BAQsFAAOC
AQEAXruIRHrWnF018TNrCqjqz7TF3faA9DSMRaYkAKRzoRLBlpyffEi3EWrPDmQH
yFRoKRP6xd14D5NaNTa6IMBhRcGaDCap47OQ1Q1tDJQggq7YzaiF1MOVT2kr4PS6
XSi+LMxK4eEtKRcryAo0149dJrygmrLkB4CEYrKfcW3WErXYQLc7GyT2s6Rga5fp
r56dyf2Tfc0xBijhbc5DIgqh6zxDPN6Y8K/QD2+IszV8DDk/w0O3fSrjJpz/gtRF
f7paSrlqhLJX3xSEN7uL4tKc91IoAu6PPOz5B10eixiI4Sytpo+ER4+OcPsezNi2
BYm1MzEK1b8tsj112xcejlUjrA==
-----END CERTIFICATE-----
Generated at Thu Dec 8 19:24:44 2022 by rpki-client.