Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/cxNMQwy2Q_o4mUF8XKFrXH0_HUI.roa
File:                     cxNMQwy2Q_o4mUF8XKFrXH0_HUI.roa (raw, json)
Hash identifier:          NxQ8LzmfIkJUQms7/ueGvTgu4BwK9Yg78IyInW5Lu50=
Subject key identifier:   73:13:4C:43:0C:B6:43:FA:38:99:41:7C:5C:A1:6B:5C:7D:3F:1D:42
Certificate issuer:       /CN=940b9e18eeb094d912deb595dc7aac8661b0d6c7
Certificate serial:       018CC801161CFA11664FE1160DA42A9C03FE
Authority key identifier: 94:0B:9E:18:EE:B0:94:D9:12:DE:B5:95:DC:7A:AC:86:61:B0:D6:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lAueGO6wlNkS3rWV3HqshmGw1sc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/cxNMQwy2Q_o4mUF8XKFrXH0_HUI.roa
Signing time:             Tue 02 Jan 2024 02:29:23 +0000
ROA not before:           Tue 02 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204861
IP address blocks:        185.121.106.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/lAueGO6wlNkS3rWV3HqshmGw1sc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/lAueGO6wlNkS3rWV3HqshmGw1sc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lAueGO6wlNkS3rWV3HqshmGw1sc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:16:1c:fa:11:66:4f:e1:16:0d:a4:2a:9c:03:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=940b9e18eeb094d912deb595dc7aac8661b0d6c7
        Validity
            Not Before: Jan  2 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73134c430cb643fa3899417c5ca16b5c7d3f1d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8f:93:38:73:03:ea:b0:4a:1d:4b:67:a8:c7:
                    48:59:60:82:33:e6:39:5f:3b:f0:7e:d0:49:e0:0b:
                    ad:d5:d8:71:42:e2:bd:4d:db:75:2a:ba:dd:e1:49:
                    e1:7f:3a:98:e8:ed:8b:79:c1:67:79:d8:a0:91:83:
                    24:48:19:34:ef:cf:39:82:c7:d9:0c:e9:18:0f:f1:
                    2f:2c:4b:d7:2c:b3:81:5d:e8:1c:fb:fa:2c:7a:83:
                    6d:33:72:3e:7e:80:09:4c:26:e7:5a:a3:33:84:b9:
                    3f:34:38:ef:45:da:67:43:be:a4:9f:ba:3e:87:5c:
                    10:6f:06:a8:be:b5:c2:d0:d8:d5:20:dd:91:4a:fa:
                    85:78:e7:26:0a:bc:d2:32:93:88:39:69:b1:de:21:
                    d7:54:72:92:c7:d3:7e:94:7a:2b:82:82:23:f4:0c:
                    2b:21:ca:a0:4e:82:a5:28:b2:5c:04:ca:5a:92:fb:
                    35:dd:ac:1b:c7:14:b2:cc:99:e2:95:86:60:01:af:
                    29:72:67:5b:00:7a:87:1f:5c:7d:f3:79:64:56:3c:
                    a7:06:ce:25:93:89:0e:ee:e4:e2:04:a3:c2:31:79:
                    14:d4:41:ea:3d:94:64:8f:f5:a8:26:e7:af:97:12:
                    a2:e3:72:bd:78:80:7e:ba:e8:1c:5c:eb:60:6b:0d:
                    ec:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:13:4C:43:0C:B6:43:FA:38:99:41:7C:5C:A1:6B:5C:7D:3F:1D:42
            X509v3 Authority Key Identifier:
                keyid:94:0B:9E:18:EE:B0:94:D9:12:DE:B5:95:DC:7A:AC:86:61:B0:D6:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lAueGO6wlNkS3rWV3HqshmGw1sc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/cxNMQwy2Q_o4mUF8XKFrXH0_HUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/lAueGO6wlNkS3rWV3HqshmGw1sc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:c4:79:23:47:92:0f:d0:3b:45:0e:07:1c:d5:f5:ca:64:c6:
         de:40:21:5b:4e:55:1c:3a:2b:9b:89:88:98:dd:f5:a9:4f:1b:
         33:99:1c:48:81:59:70:29:ad:3e:0f:e6:20:cf:34:2c:ba:9a:
         f1:01:0d:98:21:7e:5e:28:b9:94:9b:27:4f:5c:05:30:d8:ea:
         6e:e0:de:7f:92:df:01:45:72:45:cb:9f:43:8f:e9:12:80:71:
         43:c4:0a:e5:9b:77:68:e4:95:ea:ab:5c:c9:45:eb:da:8d:4c:
         ea:56:20:cb:9a:25:2b:69:d0:9d:b7:3d:e3:75:a8:41:ca:04:
         5e:94:b8:03:90:cc:31:de:a7:2c:32:e9:b4:70:4a:8c:f7:c6:
         28:67:c4:df:a2:e7:a2:3f:de:40:9d:e5:56:be:82:32:ba:42:
         c3:03:9a:a0:89:a9:62:61:c0:f9:fd:cc:8a:04:d5:a3:2b:95:
         9b:99:48:82:66:b5:c6:1b:8e:3e:d6:76:0f:31:a0:66:38:f7:
         e4:e3:65:cd:28:e3:3a:eb:b7:49:35:f1:7a:cd:8c:be:22:db:
         ce:43:a3:34:e8:66:df:fb:d6:6c:fe:6c:5a:49:7e:93:bd:35:
         63:40:76:02:cd:ab:ae:51:c1:cb:c2:2d:7b:78:a8:f9:77:e9:
         9b:0e:d6:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARYc+hFmT+EWDaQqnAP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGI5ZTE4ZWViMDk0ZDkxMmRlYjU5NWRjN2FhYzg2NjFi
MGQ2YzcwHhcNMjQwMTAyMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzEzNGM0MzBjYjY0M2ZhMzg5OTQxN2M1Y2ExNmI1YzdkM2YxZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAso+TOHMD6rBKHUtnqMdIWWCCM+Y5
XzvwftBJ4Aut1dhxQuK9Tdt1Krrd4UnhfzqY6O2LecFnedigkYMkSBk07885gsfZ
DOkYD/EvLEvXLLOBXegc+/oseoNtM3I+foAJTCbnWqMzhLk/NDjvRdpnQ76kn7o+
h1wQbwaovrXC0NjVIN2RSvqFeOcmCrzSMpOIOWmx3iHXVHKSx9N+lHorgoIj9Awr
IcqgToKlKLJcBMpakvs13awbxxSyzJnilYZgAa8pcmdbAHqHH1x983lkVjynBs4l
k4kO7uTiBKPCMXkU1EHqPZRkj/WoJuevlxKi43K9eIB+uugcXOtgaw3smwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMTTEMMtkP6OJlBfFyha1x9Px1CMB8GA1UdIwQY
MBaAFJQLnhjusJTZEt61ldx6rIZhsNbHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEF1ZUdPNndsTmtTM3JXVjNIcXNobUd3MXNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84YTcwN2EtNWNlZC00Yzc1LWFlMzgt
NTY1OTZiZWVkMWM3LzEvY3hOTVF3eTJRX280bVVGOFhLRnJYSDBfSFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84YTcwN2EtNWNlZC00Yzc1LWFlMzgtNTY1OTZiZWVkMWM3
LzEvbEF1ZUdPNndsTmtTM3JXVjNIcXNobUd3MXNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXlqMA0G
CSqGSIb3DQEBCwUAA4IBAQAtxHkjR5IP0DtFDgcc1fXKZMbeQCFbTlUcOiubiYiY
3fWpTxszmRxIgVlwKa0+D+YgzzQsuprxAQ2YIX5eKLmUmydPXAUw2Opu4N5/kt8B
RXJFy59Dj+kSgHFDxArlm3do5JXqq1zJRevajUzqViDLmiUradCdtz3jdahBygRe
lLgDkMwx3qcsMum0cEqM98YoZ8TfoueiP95AneVWvoIyukLDA5qgialiYcD5/cyK
BNWjK5WbmUiCZrXGG44+1nYPMaBmOPfk42XNKOM667dJNfF6zYy+ItvOQ6M06Gbf
+9Zs/mxaSX6TvTVjQHYCzauuUcHLwi17eKj5d+mbDtYO
-----END CERTIFICATE-----