Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/LeEgTB-iHYqDiB9kLYxdJMiHgr0.roa
File:                     LeEgTB-iHYqDiB9kLYxdJMiHgr0.roa (raw, json)
Hash identifier:          KukJ6Yy0FRMML3fIebP2Chf/Kb7eNOVymFJkaJ2xgfU=
Subject key identifier:   2D:E1:20:4C:1F:A2:1D:8A:83:88:1F:64:2D:8C:5D:24:C8:87:82:BD
Certificate issuer:       /CN=8d842656177b4267ab55e4ba165a5ec00f5084bc
Certificate serial:       018CC5012CAC5F59F0F70B9A81D59E4DB84F
Authority key identifier: 8D:84:26:56:17:7B:42:67:AB:55:E4:BA:16:5A:5E:C0:0F:50:84:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYQmVhd7QmerVeS6FlpewA9QhLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/LeEgTB-iHYqDiB9kLYxdJMiHgr0.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198819
IP address blocks:        109.235.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/jYQmVhd7QmerVeS6FlpewA9QhLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/jYQmVhd7QmerVeS6FlpewA9QhLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYQmVhd7QmerVeS6FlpewA9QhLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2c:ac:5f:59:f0:f7:0b:9a:81:d5:9e:4d:b8:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d842656177b4267ab55e4ba165a5ec00f5084bc
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2de1204c1fa21d8a83881f642d8c5d24c88782bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ce:7b:59:a2:5c:75:33:f8:f1:6f:2c:ba:5f:
                    36:d7:61:6d:3a:2c:21:44:47:f6:1f:48:b3:a6:02:
                    52:c9:43:f2:56:99:f8:96:d3:45:4c:e1:12:04:01:
                    87:cb:f8:62:94:8b:64:f2:86:b8:05:08:e3:fd:3e:
                    da:3e:fc:d7:ea:6f:15:c3:91:ec:db:c4:93:00:8d:
                    60:4c:c2:63:fb:b2:0a:7d:c9:9e:69:fc:8d:bd:2c:
                    09:94:50:4d:ff:20:4d:25:1f:04:3d:a0:84:66:ee:
                    00:f7:5b:ac:74:c0:0b:24:2c:13:65:36:48:85:ab:
                    8b:90:70:31:d8:e3:99:05:23:b3:66:cc:22:f4:d8:
                    a3:f5:4c:35:a3:4e:1e:b1:15:98:c3:7e:1e:79:e6:
                    cd:65:eb:50:11:39:69:53:6c:09:79:a7:2a:52:83:
                    c5:fd:04:65:f4:49:23:70:a6:6a:5e:11:73:b9:a2:
                    dd:a9:a3:41:8f:ce:c2:10:ed:06:ac:2a:e0:3e:45:
                    11:17:75:ca:95:23:9e:40:ac:8a:a2:f6:06:5c:b5:
                    29:26:41:c5:5c:0a:3f:1f:92:76:3e:13:0b:c0:27:
                    ca:f8:d1:cc:5b:90:98:c4:d9:76:54:07:d0:3c:71:
                    ee:44:80:2d:87:28:96:23:14:aa:d5:89:2f:81:39:
                    de:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:E1:20:4C:1F:A2:1D:8A:83:88:1F:64:2D:8C:5D:24:C8:87:82:BD
            X509v3 Authority Key Identifier:
                keyid:8D:84:26:56:17:7B:42:67:AB:55:E4:BA:16:5A:5E:C0:0F:50:84:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYQmVhd7QmerVeS6FlpewA9QhLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/LeEgTB-iHYqDiB9kLYxdJMiHgr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/jYQmVhd7QmerVeS6FlpewA9QhLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.235.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:0d:99:d6:fb:fe:39:8f:0c:67:df:59:50:ee:fe:9f:9f:be:
         ab:09:75:b2:65:70:05:45:44:33:c0:1c:b7:fe:51:3c:fc:da:
         3b:39:b1:54:b4:3f:b6:0d:d1:19:2e:bd:da:89:44:85:28:e5:
         1a:3b:f5:45:9f:f8:be:47:dc:4a:f6:57:9a:ba:f1:d3:7f:94:
         42:5e:d0:66:0a:99:1a:a7:af:d4:1c:4d:df:e8:e1:54:5d:9b:
         33:20:5e:01:ad:0d:e9:5e:cd:af:ab:6f:31:48:d4:80:70:46:
         c3:b5:58:37:d2:9f:b1:cd:00:07:7a:e7:ea:d6:58:0a:25:52:
         8d:cc:b2:d5:e4:70:6f:45:9c:b5:c8:7a:ce:f6:ce:d1:5b:9a:
         5b:3d:d3:24:f8:5d:70:79:e8:c3:b6:f3:5e:da:c0:48:78:a5:
         52:11:b1:27:66:a0:4b:00:1b:fe:2c:c3:4d:c8:92:af:6b:f2:
         12:8b:42:05:9b:df:74:d8:8a:4e:34:ec:b7:65:a2:81:89:8d:
         94:08:f7:23:82:9f:b9:72:92:00:09:ff:b0:91:b5:cd:44:c8:
         45:4c:39:38:6d:a8:72:79:0e:b3:a9:bd:1a:be:97:e2:a7:22:
         b2:f8:28:58:df:7a:83:ea:a4:e6:52:bb:2b:47:20:d7:18:62:
         9c:83:82:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASysX1nw9wuagdWeTbhPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODQyNjU2MTc3YjQyNjdhYjU1ZTRiYTE2NWE1ZWMwMGY1
MDg0YmMwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGUxMjA0YzFmYTIxZDhhODM4ODFmNjQyZDhjNWQyNGM4ODc4MmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyM57WaJcdTP48W8sul8212FtOiwh
REf2H0izpgJSyUPyVpn4ltNFTOESBAGHy/hilItk8oa4BQjj/T7aPvzX6m8Vw5Hs
28STAI1gTMJj+7IKfcmeafyNvSwJlFBN/yBNJR8EPaCEZu4A91usdMALJCwTZTZI
hauLkHAx2OOZBSOzZswi9Nij9Uw1o04esRWYw34eeebNZetQETlpU2wJeacqUoPF
/QRl9EkjcKZqXhFzuaLdqaNBj87CEO0GrCrgPkURF3XKlSOeQKyKovYGXLUpJkHF
XAo/H5J2PhMLwCfK+NHMW5CYxNl2VAfQPHHuRIAthyiWIxSq1YkvgTnezwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3hIEwfoh2Kg4gfZC2MXSTIh4K9MB8GA1UdIwQY
MBaAFI2EJlYXe0Jnq1XkuhZaXsAPUIS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallRbVZoZDdRbWVyVmVTNkZscGV3QTlRaEx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS85MzYwZWMtOWNkMS00YzAwLTg2Njgt
OTRjMmY4MjY5ZTljLzEvTGVFZ1RCLWlIWXFEaUI5a0xZeGRKTWlIZ3IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS85MzYwZWMtOWNkMS00YzAwLTg2NjgtOTRjMmY4MjY5ZTlj
LzEvallRbVZoZDdRbWVyVmVTNkZscGV3QTlRaEx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbevRMA0G
CSqGSIb3DQEBCwUAA4IBAQAQDZnW+/45jwxn31lQ7v6fn76rCXWyZXAFRUQzwBy3
/lE8/No7ObFUtD+2DdEZLr3aiUSFKOUaO/VFn/i+R9xK9leauvHTf5RCXtBmCpka
p6/UHE3f6OFUXZszIF4BrQ3pXs2vq28xSNSAcEbDtVg30p+xzQAHeufq1lgKJVKN
zLLV5HBvRZy1yHrO9s7RW5pbPdMk+F1weejDtvNe2sBIeKVSEbEnZqBLABv+LMNN
yJKva/ISi0IFm9902IpONOy3ZaKBiY2UCPcjgp+5cpIACf+wkbXNRMhFTDk4bahy
eQ6zqb0avpfipyKy+ChY33qD6qTmUrsrRyDXGGKcg4JC
-----END CERTIFICATE-----