Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/ncgp8pS-LeqyJJCXmAzpm9zx1w4.roa
File:                     ncgp8pS-LeqyJJCXmAzpm9zx1w4.roa (raw, json)
Hash identifier:          KyNxVAZB5t/KeQqDiwZordl2HiSMjCAUULYph3XPWLU=
Subject key identifier:   9D:C8:29:F2:94:BE:2D:EA:B2:24:90:97:98:0C:E9:9B:DC:F1:D7:0E
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019427B5AC5C8ED9C2927A704AC1E1C5F254
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/ncgp8pS-LeqyJJCXmAzpm9zx1w4.roa
Signing time:             Thu 02 Jan 2025 15:50:05 +0000
ROA not before:           Thu 02 Jan 2025 15:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15596
IP address blocks:        109.122.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ac:5c:8e:d9:c2:92:7a:70:4a:c1:e1:c5:f2:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 15:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9dc829f294be2deab2249097980ce99bdcf1d70e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:da:b5:34:4d:25:a9:c9:1a:47:99:88:2b:4b:
                    9b:a8:a3:ad:4d:66:13:6b:0a:e8:4c:20:82:22:fe:
                    60:80:3d:c8:c0:89:86:66:11:3d:b8:ea:a4:6f:a7:
                    e1:62:da:f6:21:a6:03:b3:ef:39:90:1c:9f:f8:6b:
                    16:64:c0:37:68:44:e7:3e:eb:a7:5f:c8:3c:0a:78:
                    17:81:7e:b7:63:86:7c:11:18:81:73:b7:64:b1:d5:
                    2e:f5:31:3e:d6:c7:c6:1d:82:aa:42:1c:23:88:cb:
                    81:ec:66:f3:fa:5e:c0:f2:f0:32:49:51:dd:ca:20:
                    38:b2:7a:2b:fd:0d:40:3b:fa:cb:90:e5:bd:19:92:
                    33:f4:e2:de:54:85:18:c2:6c:1b:74:3d:bf:99:57:
                    46:57:d9:39:df:05:22:8e:61:d9:14:9e:88:d0:be:
                    6b:ec:1c:19:01:a9:a3:c0:43:2b:57:25:7b:df:ba:
                    1c:f4:e7:f5:c0:dd:98:4f:a9:8f:1e:0d:47:89:df:
                    cf:8d:75:f2:ee:85:bc:72:44:ad:a2:05:ba:af:8a:
                    e8:33:f7:52:41:8a:f5:29:66:bc:af:90:98:b3:02:
                    c7:8a:82:62:b2:4b:2f:3e:8d:52:64:28:77:9b:03:
                    1d:29:e1:79:9c:ce:98:f5:03:3d:63:9d:29:b8:83:
                    1c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C8:29:F2:94:BE:2D:EA:B2:24:90:97:98:0C:E9:9B:DC:F1:D7:0E
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/ncgp8pS-LeqyJJCXmAzpm9zx1w4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         32:bd:78:c8:47:b0:a5:08:ba:7a:4b:43:5c:36:13:7c:b0:ce:
         b7:34:70:59:7f:bb:f5:c6:3a:4c:43:42:09:96:9a:eb:a3:1d:
         fa:ab:3c:bc:0d:8c:2f:01:15:b3:eb:44:17:f6:70:05:7b:44:
         fc:a3:df:db:00:f5:10:7e:5f:8c:90:c4:b3:61:2d:04:0b:c7:
         67:1a:a2:38:29:4e:00:8d:c4:40:2c:fb:36:06:ba:25:90:d2:
         d7:08:dc:70:b0:3d:62:cf:9f:e7:f0:a9:2b:d7:bb:e8:64:b8:
         e1:8c:13:01:20:01:72:e2:94:42:4e:a7:64:7c:4f:f8:cb:79:
         c9:c7:a3:93:be:a5:5b:7d:e7:56:c6:80:75:34:65:63:76:f7:
         18:27:e8:3c:85:39:57:15:9e:6b:7b:92:1a:9a:35:b9:05:5a:
         a2:5e:b3:5b:18:e9:a0:18:95:61:ce:6b:2e:b1:cc:94:75:61:
         12:28:f8:37:f1:28:9f:c5:de:c9:e8:19:41:1c:7d:49:15:e6:
         a5:b9:89:a4:7b:da:ab:9d:5c:f3:43:f8:bd:6a:16:cb:e0:0c:
         df:18:5a:55:4b:62:a5:dd:5b:e0:5d:57:1d:b5:0c:ae:03:75:
         ce:24:0d:f6:a7:98:37:a7:9a:93:26:97:1c:af:27:e1:24:d1:
         a8:39:dc:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntaxcjtnCknpwSsHhxfJUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwMTAyMTU1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGM4MjlmMjk0YmUyZGVhYjIyNDkwOTc5ODBjZTk5YmRjZjFkNzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydq1NE0lqckaR5mIK0ubqKOtTWYT
awroTCCCIv5ggD3IwImGZhE9uOqkb6fhYtr2IaYDs+85kByf+GsWZMA3aETnPuun
X8g8CngXgX63Y4Z8ERiBc7dksdUu9TE+1sfGHYKqQhwjiMuB7Gbz+l7A8vAySVHd
yiA4snor/Q1AO/rLkOW9GZIz9OLeVIUYwmwbdD2/mVdGV9k53wUijmHZFJ6I0L5r
7BwZAamjwEMrVyV737oc9Of1wN2YT6mPHg1Hid/PjXXy7oW8ckStogW6r4roM/dS
QYr1KWa8r5CYswLHioJisksvPo1SZCh3mwMdKeF5nM6Y9QM9Y50puIMcwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3IKfKUvi3qsiSQl5gM6Zvc8dcOMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvbmNncDhwUy1MZXF5SkpDWG1BenBtOXp4MXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbXo4MA0G
CSqGSIb3DQEBCwUAA4IBAQAyvXjIR7ClCLp6S0NcNhN8sM63NHBZf7v1xjpMQ0IJ
lprrox36qzy8DYwvARWz60QX9nAFe0T8o9/bAPUQfl+MkMSzYS0EC8dnGqI4KU4A
jcRALPs2BrolkNLXCNxwsD1iz5/n8Kkr17voZLjhjBMBIAFy4pRCTqdkfE/4y3nJ
x6OTvqVbfedWxoB1NGVjdvcYJ+g8hTlXFZ5re5IamjW5BVqiXrNbGOmgGJVhzmsu
scyUdWESKPg38Sifxd7J6BlBHH1JFealuYmke9qrnVzzQ/i9ahbL4AzfGFpVS2Kl
3VvgXVcdtQyuA3XOJA32p5g3p5qTJpccryfhJNGoOdzy
-----END CERTIFICATE-----