Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/taYmOKM_zoKnTGD087-63pS9n3g.roa
File:                     taYmOKM_zoKnTGD087-63pS9n3g.roa (raw, json)
Hash identifier:          rjDZRrsJ8UOAFZ6DM/Izs4tvDX23jcDWDBOiLBi/w6U=
Subject key identifier:   B5:A6:26:38:A3:3F:CE:82:A7:4C:60:F4:F3:BF:BA:DE:94:BD:9F:78
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DB7CEA77614EBC2642E0DE84D2E92
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/taYmOKM_zoKnTGD087-63pS9n3g.roa
Signing time:             Tue 02 Jan 2024 08:32:42 +0000
ROA not before:           Tue 02 Jan 2024 08:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209835
IP address blocks:        109.167.12.0/24 maxlen: 24
                          176.56.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:b7:ce:a7:76:14:eb:c2:64:2e:0d:e8:4d:2e:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5a62638a33fce82a74c60f4f3bfbade94bd9f78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:54:56:e6:95:f7:09:d6:19:a9:10:b7:c1:a8:
                    97:e7:73:0d:b6:64:99:ab:9e:32:5c:4f:09:ab:15:
                    d3:e5:fe:d2:69:85:10:d3:f5:9f:2f:14:fb:d9:ba:
                    78:77:b3:35:f6:fb:d0:60:80:3f:8f:b7:ec:a0:a7:
                    85:45:63:c2:f2:ab:a6:32:6b:7f:a0:c1:62:a2:ba:
                    64:e1:36:02:d3:76:a3:78:82:3b:b7:89:25:a0:c3:
                    13:50:24:15:5e:b0:65:7d:b3:eb:f6:86:6f:3a:3b:
                    3b:32:5e:a4:2a:34:50:19:56:6c:42:4a:d5:06:b7:
                    68:2d:3d:db:2b:42:f2:c0:b7:56:01:2b:bb:a9:79:
                    15:b5:28:46:db:24:aa:9a:b7:53:4c:ea:ce:ec:b6:
                    7f:74:2e:0b:27:05:65:f1:98:f5:24:ed:0d:c1:a2:
                    7b:1b:b6:49:db:41:ca:96:b2:23:25:8b:8e:d6:0f:
                    99:24:59:b5:df:16:b0:0d:c2:7c:9b:f4:8c:f7:cd:
                    39:72:94:e6:c5:96:3f:8f:ee:60:52:92:e0:b9:b1:
                    74:c8:f0:68:97:cc:3c:94:a1:6a:b7:06:1b:c9:cf:
                    31:93:b3:b0:c3:a0:25:48:6d:06:3f:43:95:ee:44:
                    ac:cb:c2:81:c5:dc:4a:0c:80:7b:a6:24:ff:01:a1:
                    80:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:A6:26:38:A3:3F:CE:82:A7:4C:60:F4:F3:BF:BA:DE:94:BD:9F:78
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/taYmOKM_zoKnTGD087-63pS9n3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.167.12.0/24
                  176.56.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:e9:0a:f7:a5:a8:2c:e1:bc:99:c3:d7:fa:7b:0a:bc:79:c4:
         18:f5:a6:5a:52:d6:15:33:13:2b:71:4b:82:2b:4b:b8:03:84:
         7a:37:a5:64:0b:55:4e:7e:79:0e:00:53:80:35:ff:96:c3:19:
         77:61:e1:e8:4e:83:9b:5d:0c:35:10:39:35:78:09:9f:cf:1d:
         d5:e9:86:b1:a9:31:65:c3:dd:6d:7b:05:d3:a5:cf:56:b6:a3:
         e9:5f:82:8e:d1:36:46:ba:33:b4:d0:92:c5:49:78:df:e0:49:
         ef:e8:05:5a:31:cb:5e:3c:10:e9:63:28:4e:3a:b9:6b:b3:dc:
         79:e7:38:22:9f:2a:9d:00:12:45:7d:d6:30:85:44:bd:a6:a3:
         c7:d4:51:38:2c:bd:b4:72:b0:e8:00:10:eb:f6:0c:86:fc:7f:
         d5:58:98:d3:21:7b:17:66:8c:3a:bd:8e:c8:e0:6a:5b:00:fa:
         ba:bb:60:ff:ed:3a:db:13:78:35:6c:c8:4d:a1:27:46:ae:2c:
         d3:9f:26:05:91:4a:17:3c:fa:1a:7c:5d:bf:00:1b:64:68:21:
         c7:26:b4:15:84:ee:39:6c:82:0c:65:72:36:f7:74:67:43:e9:
         5c:47:85:68:6b:47:41:a5:9a:ae:7f:0f:e4:21:25:80:b2:45:
         9e:84:f7:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTbfOp3YU68JkLg3oTS6SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWE2MjYzOGEzM2ZjZTgyYTc0YzYwZjRmM2JmYmFkZTk0YmQ5Zjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1RW5pX3CdYZqRC3waiX53MNtmSZ
q54yXE8JqxXT5f7SaYUQ0/WfLxT72bp4d7M19vvQYIA/j7fsoKeFRWPC8qumMmt/
oMFiorpk4TYC03ajeII7t4kloMMTUCQVXrBlfbPr9oZvOjs7Ml6kKjRQGVZsQkrV
BrdoLT3bK0LywLdWASu7qXkVtShG2ySqmrdTTOrO7LZ/dC4LJwVl8Zj1JO0NwaJ7
G7ZJ20HKlrIjJYuO1g+ZJFm13xawDcJ8m/SM9805cpTmxZY/j+5gUpLgubF0yPBo
l8w8lKFqtwYbyc8xk7Oww6AlSG0GP0OV7kSsy8KBxdxKDIB7piT/AaGAAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLWmJjijP86Cp0xg9PO/ut6UvZ94MB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvdGFZbU9LTV96b0tuVEdEMDg3LTYzcFM5bjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbacMAwQA
sDh3MA0GCSqGSIb3DQEBCwUAA4IBAQCv6Qr3pags4byZw9f6ewq8ecQY9aZaUtYV
MxMrcUuCK0u4A4R6N6VkC1VOfnkOAFOANf+Wwxl3YeHoToObXQw1EDk1eAmfzx3V
6YaxqTFlw91tewXTpc9WtqPpX4KO0TZGujO00JLFSXjf4Env6AVaMctePBDpYyhO
Orlrs9x55zginyqdABJFfdYwhUS9pqPH1FE4LL20crDoABDr9gyG/H/VWJjTIXsX
Zow6vY7I4GpbAPq6u2D/7TrbE3g1bMhNoSdGrizTnyYFkUoXPPoafF2/ABtkaCHH
JrQVhO45bIIMZXI293RnQ+lcR4Voa0dBpZqufw/kISWAskWehPd7
-----END CERTIFICATE-----