Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/8J4iOMMcJPfSkbMZKZUBEG7_ci8.roa
File:                     8J4iOMMcJPfSkbMZKZUBEG7_ci8.roa (raw, json)
Hash identifier:          BfpetzQagcd/YjYwV9JTPUZAg/uLbpBO9aIjUBzUYBM=
Subject key identifier:   F0:9E:22:38:C3:1C:24:F7:D2:91:B3:19:29:95:01:10:6E:FF:72:2F
Certificate issuer:       /CN=2ee6d560a08a013f3fe0e66dadaf6fd02beaf43f
Certificate serial:       018CC9BCE5F231A68D487FBD1D84588F0710
Authority key identifier: 2E:E6:D5:60:A0:8A:01:3F:3F:E0:E6:6D:AD:AF:6F:D0:2B:EA:F4:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LubVYKCKAT8_4OZtra9v0Cvq9D8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/8J4iOMMcJPfSkbMZKZUBEG7_ci8.roa
Signing time:             Tue 02 Jan 2024 10:34:09 +0000
ROA not before:           Tue 02 Jan 2024 10:34:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203269
IP address blocks:        37.10.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/LubVYKCKAT8_4OZtra9v0Cvq9D8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/LubVYKCKAT8_4OZtra9v0Cvq9D8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LubVYKCKAT8_4OZtra9v0Cvq9D8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e5:f2:31:a6:8d:48:7f:bd:1d:84:58:8f:07:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ee6d560a08a013f3fe0e66dadaf6fd02beaf43f
        Validity
            Not Before: Jan  2 10:34:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f09e2238c31c24f7d291b319299501106eff722f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:eb:8d:24:18:67:88:62:54:59:96:15:13:6a:
                    c2:dc:7c:db:ab:0d:cb:fe:13:19:09:4f:fe:37:ea:
                    79:90:85:a2:74:1c:fa:4f:b0:62:42:f8:2b:5a:25:
                    c9:c9:86:9d:d9:ed:c0:50:b7:70:2e:dc:86:27:3e:
                    c8:e2:34:04:4a:9b:1c:44:bd:88:d9:96:9b:40:02:
                    7e:d0:f4:17:b3:3a:16:21:8c:9d:32:cd:8b:3d:53:
                    19:20:58:c5:f9:bd:f6:f9:5b:a3:17:96:0e:78:4a:
                    1e:41:2e:75:cd:c4:30:18:99:35:22:33:8b:10:23:
                    15:b4:fd:6f:89:52:3e:87:db:a5:35:a9:fd:7d:e0:
                    be:e4:b3:05:f8:3e:b5:6e:5c:2d:33:91:89:51:f8:
                    be:15:6c:33:fb:bc:d1:08:aa:a7:cf:e2:72:17:80:
                    0f:1e:c7:ad:74:3c:23:2c:1c:e4:4f:a8:ee:cf:85:
                    e2:86:64:81:fd:fe:57:04:46:62:1a:0e:b3:7b:95:
                    fa:a7:15:3a:cd:18:55:f1:29:44:63:ab:52:9b:bd:
                    c7:e7:05:64:6d:dc:42:01:91:63:31:b2:59:c0:ee:
                    a2:92:e6:bf:51:f6:3d:d4:be:dd:e8:6d:70:33:a9:
                    ad:00:3a:f7:c8:10:f5:3a:00:e1:e5:d2:38:81:f4:
                    49:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:9E:22:38:C3:1C:24:F7:D2:91:B3:19:29:95:01:10:6E:FF:72:2F
            X509v3 Authority Key Identifier:
                keyid:2E:E6:D5:60:A0:8A:01:3F:3F:E0:E6:6D:AD:AF:6F:D0:2B:EA:F4:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LubVYKCKAT8_4OZtra9v0Cvq9D8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/8J4iOMMcJPfSkbMZKZUBEG7_ci8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c00a5b-6a59-41dd-b13b-73495fc08fc4/1/LubVYKCKAT8_4OZtra9v0Cvq9D8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.10.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:c0:65:63:de:70:df:92:16:f9:b3:3e:3c:3d:69:bc:7d:28:
         b8:49:42:78:d7:83:0d:dd:d6:a3:96:96:61:b9:45:eb:c4:09:
         3f:4c:8e:c1:b3:1a:17:43:f4:e4:b9:21:79:3d:e4:ca:e2:3e:
         4b:43:b2:0c:2e:b5:d2:df:c2:6a:bd:56:0f:ba:d8:b1:6b:e4:
         fc:60:fb:ca:c0:7d:de:b5:c8:cd:fe:ab:b4:41:bb:d0:55:2f:
         34:69:92:25:69:80:69:ed:cb:8d:c7:98:45:f0:8d:6e:09:3c:
         78:82:9a:28:e2:e3:30:e4:42:18:92:3a:5f:34:0f:2a:46:5b:
         81:9a:91:f6:58:52:df:c6:70:7e:83:09:77:ee:ae:26:a3:ae:
         98:b5:c6:a5:1c:5e:8e:e5:86:81:29:bb:70:d7:4b:c2:32:21:
         8a:2d:f3:95:66:2c:e5:e8:32:af:82:00:ae:78:5a:0b:f3:4a:
         9d:bc:b6:59:dd:aa:ab:e3:00:c2:f9:38:7c:cd:3c:0c:5f:c3:
         8f:e3:0c:5d:af:f9:0e:26:39:a3:df:96:4d:13:7d:67:5d:f0:
         ae:dc:49:45:c1:c9:29:44:01:84:e8:c3:ba:f4:c1:d3:eb:b6:
         1f:d9:36:a8:a4:3f:59:5c:c6:8b:3a:97:2f:2f:21:33:3a:3d:
         42:9c:28:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvOXyMaaNSH+9HYRYjwcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZTZkNTYwYTA4YTAxM2YzZmUwZTY2ZGFkYWY2ZmQwMmJl
YWY0M2YwHhcNMjQwMTAyMTAzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDllMjIzOGMzMWMyNGY3ZDI5MWIzMTkyOTk1MDExMDZlZmY3MjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleuNJBhniGJUWZYVE2rC3Hzbqw3L
/hMZCU/+N+p5kIWidBz6T7BiQvgrWiXJyYad2e3AULdwLtyGJz7I4jQESpscRL2I
2ZabQAJ+0PQXszoWIYydMs2LPVMZIFjF+b32+VujF5YOeEoeQS51zcQwGJk1IjOL
ECMVtP1viVI+h9ulNan9feC+5LMF+D61blwtM5GJUfi+FWwz+7zRCKqnz+JyF4AP
HsetdDwjLBzkT6juz4XihmSB/f5XBEZiGg6ze5X6pxU6zRhV8SlEY6tSm73H5wVk
bdxCAZFjMbJZwO6ikua/UfY91L7d6G1wM6mtADr3yBD1OgDh5dI4gfRJMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCeIjjDHCT30pGzGSmVARBu/3IvMB8GA1UdIwQY
MBaAFC7m1WCgigE/P+Dmba2vb9Ar6vQ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHViVllLQ0tBVDhfNE9adHJhOXYwQ3ZxOUQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9jMDBhNWItNmE1OS00MWRkLWIxM2It
NzM0OTVmYzA4ZmM0LzEvOEo0aU9NTWNKUGZTa2JNWktaVUJFRzdfY2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9jMDBhNWItNmE1OS00MWRkLWIxM2ItNzM0OTVmYzA4ZmM0
LzEvTHViVllLQ0tBVDhfNE9adHJhOXYwQ3ZxOUQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJQpqMA0G
CSqGSIb3DQEBCwUAA4IBAQBZwGVj3nDfkhb5sz48PWm8fSi4SUJ414MN3dajlpZh
uUXrxAk/TI7BsxoXQ/TkuSF5PeTK4j5LQ7IMLrXS38JqvVYPutixa+T8YPvKwH3e
tcjN/qu0QbvQVS80aZIlaYBp7cuNx5hF8I1uCTx4gpoo4uMw5EIYkjpfNA8qRluB
mpH2WFLfxnB+gwl37q4mo66YtcalHF6O5YaBKbtw10vCMiGKLfOVZizl6DKvggCu
eFoL80qdvLZZ3aqr4wDC+Th8zTwMX8OP4wxdr/kOJjmj35ZNE31nXfCu3ElFwckp
RAGE6MO69MHT67Yf2TaopD9ZXMaLOpcvLyEzOj1CnCjY
-----END CERTIFICATE-----