Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/9csm7MBjdoSIKc-xprL6er_FG4g.roa
File:                     9csm7MBjdoSIKc-xprL6er_FG4g.roa (raw, json)
Hash identifier:          WNLIEpJCdBPbD0EozK+o6Ye9QchGWm3E053SjolVsrA=
Subject key identifier:   F5:CB:26:EC:C0:63:76:84:88:29:CF:B1:A6:B2:FA:7A:BF:C5:1B:88
Certificate issuer:       /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial:       01914847A13E86649E8197CA8A14A16C31FA
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/9csm7MBjdoSIKc-xprL6er_FG4g.roa
Signing time:             Mon 12 Aug 2024 20:28:59 +0000
ROA not before:           Mon 12 Aug 2024 20:28:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216127
IP address blocks:        109.237.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:48:47:a1:3e:86:64:9e:81:97:ca:8a:14:a1:6c:31:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
        Validity
            Not Before: Aug 12 20:28:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5cb26ecc06376848829cfb1a6b2fa7abfc51b88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ad:e5:dc:0a:0d:52:3e:3b:e8:2b:2e:fe:8f:
                    e3:1e:b5:c6:a9:21:1d:ee:74:ef:34:48:f5:72:a8:
                    9e:b4:c5:f8:a9:4f:b6:fe:9e:7b:aa:e3:64:fc:9e:
                    c7:9f:14:20:b9:fc:bb:1a:f9:d2:69:eb:78:6e:35:
                    af:c3:c5:d6:78:73:6c:9f:d9:fe:af:b2:e8:ac:d9:
                    bd:78:a6:01:0e:a0:49:b3:62:eb:94:3d:c7:8b:cc:
                    d4:30:23:2a:d8:71:67:70:f2:37:eb:9c:98:7b:63:
                    fd:34:5b:8a:5b:39:c8:d3:78:35:25:72:23:88:e9:
                    ea:50:13:15:72:f1:06:57:6e:52:15:b4:ae:57:f9:
                    58:24:b8:d6:e6:67:d5:78:1b:58:21:ab:b2:29:06:
                    77:ef:01:3b:dc:3e:5f:c5:5a:bc:02:d7:69:fc:17:
                    06:0d:d6:8d:dd:56:00:48:57:0f:13:f3:2b:95:07:
                    02:a8:d8:05:62:41:b0:98:42:e4:92:15:3f:a1:d6:
                    ab:b9:4e:4d:f2:c0:ab:23:a3:e5:8f:e2:1f:fb:f2:
                    5f:ab:d7:dc:33:a5:ae:83:dd:f3:23:e7:80:dd:f9:
                    50:81:66:ae:27:a9:16:82:04:95:59:d5:f2:ff:1c:
                    1e:a2:53:06:d6:da:7a:6c:30:9d:aa:6a:be:68:bf:
                    86:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:CB:26:EC:C0:63:76:84:88:29:CF:B1:A6:B2:FA:7A:BF:C5:1B:88
            X509v3 Authority Key Identifier:
                keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/9csm7MBjdoSIKc-xprL6er_FG4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.237.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:43:fa:81:0d:4b:6a:11:e7:37:ba:21:83:05:63:70:ee:41:
         e6:17:a3:81:fd:63:aa:ea:22:af:f0:21:19:c8:92:6e:fa:1d:
         3d:7a:15:2c:ad:e0:66:86:3b:24:4b:9b:30:cf:5e:8b:95:3c:
         cf:88:9a:57:5b:68:f7:e9:dd:fc:64:d7:0d:e9:be:5c:c5:4f:
         f2:8d:dc:a0:98:9e:d9:31:e0:02:1e:09:6b:c2:a4:50:b2:09:
         bb:f1:1d:68:ed:e7:a3:ba:e3:e6:bc:8c:de:ce:5b:bd:a3:4a:
         c0:bf:ae:33:c8:86:e6:a5:ad:36:6d:3a:bd:f3:a4:47:00:7f:
         62:c6:7a:b1:b3:7c:d8:fd:9d:c0:15:6f:04:b4:40:7b:54:c1:
         44:e0:de:9a:e3:5d:97:8c:b0:6d:33:a2:87:85:2a:15:8a:37:
         30:b9:9c:dc:93:d7:cf:60:a9:24:16:a2:f0:35:6b:81:00:93:
         79:c0:bb:8a:2f:da:f9:d1:ba:5d:19:54:d9:e2:45:68:0c:a1:
         88:1c:f9:07:04:1d:94:b9:e7:b5:48:f0:db:7f:0c:c1:24:0a:
         b0:77:ae:71:86:43:c2:43:cc:2f:c9:df:2e:b5:2a:50:09:91:
         80:e6:87:06:82:a4:f2:3d:5f:14:9d:d8:be:f7:1e:21:2c:f6:
         24:ca:23:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFIR6E+hmSegZfKihShbDH6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjQwODEyMjAyODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWNiMjZlY2MwNjM3Njg0ODgyOWNmYjFhNmIyZmE3YWJmYzUxYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAla3l3AoNUj476Csu/o/jHrXGqSEd
7nTvNEj1cqietMX4qU+2/p57quNk/J7HnxQgufy7GvnSaet4bjWvw8XWeHNsn9n+
r7LorNm9eKYBDqBJs2LrlD3Hi8zUMCMq2HFncPI365yYe2P9NFuKWznI03g1JXIj
iOnqUBMVcvEGV25SFbSuV/lYJLjW5mfVeBtYIauyKQZ37wE73D5fxVq8Atdp/BcG
DdaN3VYASFcPE/MrlQcCqNgFYkGwmELkkhU/odaruU5N8sCrI6Plj+If+/Jfq9fc
M6Wug93zI+eA3flQgWauJ6kWggSVWdXy/xweolMG1tp6bDCdqmq+aL+G9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXLJuzAY3aEiCnPsaay+nq/xRuIMB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEvOWNzbTdNQmpkb1NJS2MteHByTDZlcl9GRzRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbe1hMA0G
CSqGSIb3DQEBCwUAA4IBAQAVQ/qBDUtqEec3uiGDBWNw7kHmF6OB/WOq6iKv8CEZ
yJJu+h09ehUsreBmhjskS5swz16LlTzPiJpXW2j36d38ZNcN6b5cxU/yjdygmJ7Z
MeACHglrwqRQsgm78R1o7eejuuPmvIzezlu9o0rAv64zyIbmpa02bTq986RHAH9i
xnqxs3zY/Z3AFW8EtEB7VMFE4N6a412XjLBtM6KHhSoVijcwuZzck9fPYKkkFqLw
NWuBAJN5wLuKL9r50bpdGVTZ4kVoDKGIHPkHBB2Uuee1SPDbfwzBJAqwd65xhkPC
Q8wvyd8utSpQCZGA5ocGgqTyPV8Undi+9x4hLPYkyiPs
-----END CERTIFICATE-----