Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/X8Rt8pADmRvwqQe7CCzyS067q40.roa
File:                     X8Rt8pADmRvwqQe7CCzyS067q40.roa (raw, json)
Hash identifier:          CWPd0WDCCknwvYK0iacREh3kNOO+326roEMzPgstAJo=
Subject key identifier:   5F:C4:6D:F2:90:03:99:1B:F0:A9:07:BB:08:2C:F2:4B:4E:BB:AB:8D
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       018CC794A1814DC9EA5935DABF2B502CF0BC
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/X8Rt8pADmRvwqQe7CCzyS067q40.roa
Signing time:             Tue 02 Jan 2024 00:30:55 +0000
ROA not before:           Tue 02 Jan 2024 00:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59993
IP address blocks:        109.197.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a1:81:4d:c9:ea:59:35:da:bf:2b:50:2c:f0:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 00:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fc46df29003991bf0a907bb082cf24b4ebbab8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:50:c6:20:40:08:12:74:9b:9b:01:ef:07:9b:
                    d9:5d:d2:bf:8b:ad:23:f7:d9:49:9f:fc:ac:70:51:
                    7b:2f:8e:3e:c5:b1:1b:2c:9d:c9:0b:02:6b:1f:8d:
                    42:bd:5c:6f:ef:a8:cb:cc:14:05:7a:d6:29:8c:a5:
                    51:ea:4e:02:72:db:bf:fb:3f:62:04:59:c2:5d:26:
                    1e:27:a4:9e:47:fb:80:d8:05:c7:40:c3:f7:7a:74:
                    cd:28:32:4d:4f:ba:f3:ca:53:74:b7:fb:b2:71:93:
                    7b:7f:6d:03:fc:4a:c5:16:e9:83:a1:96:f4:e7:e5:
                    70:b1:29:bc:94:61:12:22:6e:6a:74:13:ca:57:99:
                    bd:39:98:bb:35:6a:fa:bb:ab:18:5a:05:95:88:01:
                    c0:4e:c8:28:ec:89:1b:08:93:75:7a:3c:4d:bb:c6:
                    80:b8:ab:71:4d:47:53:bb:63:85:04:09:55:40:4c:
                    d0:df:bd:5a:5b:24:d3:11:ef:19:c4:da:aa:0e:d9:
                    2f:7a:ac:49:1e:f9:6f:b6:1c:df:c7:6f:8b:f2:b1:
                    60:fb:ad:73:fe:cf:ef:5a:cb:fe:11:88:d8:c0:40:
                    86:7f:11:a8:ec:88:d5:82:e4:38:75:ad:37:6b:3b:
                    04:51:4c:35:3e:e2:7b:82:2d:42:79:c6:0f:63:50:
                    41:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C4:6D:F2:90:03:99:1B:F0:A9:07:BB:08:2C:F2:4B:4E:BB:AB:8D
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/X8Rt8pADmRvwqQe7CCzyS067q40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.197.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:c6:f5:0e:69:41:61:fa:90:9b:ec:a3:2e:27:8c:fa:58:a4:
         fa:b0:57:7f:a2:f4:44:8b:2f:ae:69:d6:9c:5b:18:8d:0c:2b:
         de:fe:45:70:3d:25:98:ea:73:05:66:73:a2:8e:e0:c6:0e:6d:
         72:3d:d5:d6:00:da:f0:4d:9a:db:ed:b2:d3:0a:8f:f8:9d:23:
         af:62:ea:36:a5:a4:68:9c:08:1b:7d:47:aa:85:29:51:89:94:
         79:d5:82:14:50:da:10:9f:26:d4:a6:5d:d2:3e:88:ff:55:62:
         1a:2b:8d:74:25:7e:4d:53:2f:83:a7:09:09:85:07:4f:3a:49:
         cb:2e:20:13:53:df:53:41:d2:7f:ed:9e:de:fc:30:70:83:17:
         37:94:a9:18:b7:22:a7:de:65:08:a5:0d:dd:ce:89:ee:d4:a7:
         5e:44:37:d0:e5:9d:74:74:7a:67:44:52:3a:4d:55:d9:d6:fb:
         95:5b:07:f1:e8:94:cd:c8:48:ca:14:77:a9:75:97:78:5a:19:
         fd:d5:24:34:ec:6c:80:ec:47:8a:91:35:b0:93:58:a2:54:7a:
         24:70:31:6d:e5:87:84:89:11:e6:76:52:b9:20:b2:73:83:dd:
         ee:54:8e:2a:f3:d9:1c:0d:d0:e7:85:59:b2:8b:a0:6b:da:e8:
         c9:bc:91:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlKGBTcnqWTXavytQLPC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjQwMTAyMDAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmM0NmRmMjkwMDM5OTFiZjBhOTA3YmIwODJjZjI0YjRlYmJhYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFDGIEAIEnSbmwHvB5vZXdK/i60j
99lJn/yscFF7L44+xbEbLJ3JCwJrH41CvVxv76jLzBQFetYpjKVR6k4Cctu/+z9i
BFnCXSYeJ6SeR/uA2AXHQMP3enTNKDJNT7rzylN0t/uycZN7f20D/ErFFumDoZb0
5+VwsSm8lGESIm5qdBPKV5m9OZi7NWr6u6sYWgWViAHATsgo7IkbCJN1ejxNu8aA
uKtxTUdTu2OFBAlVQEzQ371aWyTTEe8ZxNqqDtkveqxJHvlvthzfx2+L8rFg+61z
/s/vWsv+EYjYwECGfxGo7IjVguQ4da03azsEUUw1PuJ7gi1CecYPY1BBSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/EbfKQA5kb8KkHuwgs8ktOu6uNMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvWDhSdDhwQURtUnZ3cVFlN0NDenlTMDY3cTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbcXRMA0G
CSqGSIb3DQEBCwUAA4IBAQBKxvUOaUFh+pCb7KMuJ4z6WKT6sFd/ovREiy+uadac
WxiNDCve/kVwPSWY6nMFZnOijuDGDm1yPdXWANrwTZrb7bLTCo/4nSOvYuo2paRo
nAgbfUeqhSlRiZR51YIUUNoQnybUpl3SPoj/VWIaK410JX5NUy+DpwkJhQdPOknL
LiATU99TQdJ/7Z7e/DBwgxc3lKkYtyKn3mUIpQ3dzonu1KdeRDfQ5Z10dHpnRFI6
TVXZ1vuVWwfx6JTNyEjKFHepdZd4Whn91SQ07GyA7EeKkTWwk1iiVHokcDFt5YeE
iRHmdlK5ILJzg93uVI4q89kcDdDnhVmyi6Br2ujJvJF9
-----END CERTIFICATE-----