Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/CWe8vVWeMRK2L9oBSx2G68RTHLs.roa
File:                     CWe8vVWeMRK2L9oBSx2G68RTHLs.roa (raw, json)
Hash identifier:          gJ9/eWAWZfFMnkyMrJU0DT1E5agmnU2S6qyXSmyHO+k=
Subject key identifier:   09:67:BC:BD:55:9E:31:12:B6:2F:DA:01:4B:1D:86:EB:C4:53:1C:BB
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       01925E194DAD37C5DF2A46C620C6B7BA8956
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/CWe8vVWeMRK2L9oBSx2G68RTHLs.roa
Signing time:             Sat 05 Oct 2024 19:12:49 +0000
ROA not before:           Sat 05 Oct 2024 19:12:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210538
IP address blocks:        160.20.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5e:19:4d:ad:37:c5:df:2a:46:c6:20:c6:b7:ba:89:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Oct  5 19:12:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0967bcbd559e3112b62fda014b1d86ebc4531cbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ad:ec:06:63:ec:dc:60:65:b1:4a:8b:33:f8:
                    53:e4:6b:6c:e2:0e:ed:08:c1:b9:f4:40:02:85:f1:
                    df:29:f9:61:fa:dd:a8:af:60:d5:43:02:c8:01:be:
                    e1:92:dd:e5:be:01:24:d4:8c:36:5f:3f:f1:16:80:
                    68:a0:2c:b1:dc:81:d5:14:90:6e:4a:31:57:35:9b:
                    a5:36:c3:b7:c5:ac:2b:6b:0e:1d:f4:f5:08:e0:90:
                    5c:02:9c:c0:6c:87:c8:6f:e4:6a:4d:15:61:8a:01:
                    ee:db:6e:6d:cb:2d:22:50:7c:62:58:7e:5a:2b:d8:
                    96:dd:59:77:55:17:03:30:f7:f8:1d:9c:75:94:d0:
                    25:f9:0d:d1:31:e7:3b:c8:a0:a4:6b:0e:8e:2a:7e:
                    5b:ce:88:26:0a:6d:0c:4f:7b:7f:f5:5a:7a:93:d7:
                    eb:b7:fe:76:22:5f:49:1a:f2:a3:f3:3b:03:ad:1d:
                    d7:cb:4a:cb:16:35:7c:61:94:54:bc:00:c9:05:8c:
                    c3:3d:ea:95:93:53:12:20:c3:74:93:23:b6:03:d1:
                    3d:f3:d2:a7:62:63:6f:08:e9:19:24:41:4d:3b:ac:
                    f0:fe:61:b1:6d:ac:32:21:2f:e5:13:11:e6:88:76:
                    c6:3d:77:3b:e2:b5:d8:92:46:38:6b:3e:39:eb:18:
                    7c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:67:BC:BD:55:9E:31:12:B6:2F:DA:01:4B:1D:86:EB:C4:53:1C:BB
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/CWe8vVWeMRK2L9oBSx2G68RTHLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:c5:ad:11:f9:11:56:d9:2f:05:2b:ec:08:ba:20:c8:c2:42:
         25:56:41:6e:8f:e8:ce:18:a6:40:da:c6:71:0b:a6:1f:4c:1d:
         4d:de:4b:d8:9e:88:ed:ac:3e:ae:5b:4f:63:9a:77:17:14:ad:
         df:21:b2:79:34:7c:df:5e:0e:a0:b7:af:0d:d7:da:50:79:dd:
         54:29:d0:90:fa:aa:83:cf:e1:99:fe:fe:a6:46:f4:f1:8f:e8:
         0d:d5:ea:56:7c:b5:ae:36:0e:47:b3:68:01:c0:d8:55:38:8f:
         42:db:8b:b6:2e:ef:83:4f:5d:bf:00:5f:1b:4d:de:2c:de:02:
         bc:2e:42:cb:e7:d1:89:b5:c2:56:34:7a:47:0a:b6:f7:17:e2:
         d9:05:fa:76:df:1b:a3:78:79:0e:b7:a7:75:a1:aa:69:35:0c:
         f3:71:2d:44:ff:e9:9c:2f:43:75:21:d3:d9:dc:6f:32:61:b7:
         0b:fb:0d:08:5c:96:ac:b1:29:95:87:21:35:2b:a1:e1:36:8c:
         b4:5e:d5:84:57:84:da:89:19:a5:ca:48:e5:0e:55:99:e9:4d:
         ed:b0:b5:3a:86:48:ca:35:c8:ea:90:fe:db:4c:59:0b:da:af:
         61:d5:dc:d9:02:d5:37:8a:6a:f2:c4:23:03:29:60:96:8e:b5:
         7b:de:88:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJeGU2tN8XfKkbGIMa3uolWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQxMDA1MTkxMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTY3YmNiZDU1OWUzMTEyYjYyZmRhMDE0YjFkODZlYmM0NTMxY2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsq3sBmPs3GBlsUqLM/hT5Gts4g7t
CMG59EAChfHfKflh+t2or2DVQwLIAb7hkt3lvgEk1Iw2Xz/xFoBooCyx3IHVFJBu
SjFXNZulNsO3xawraw4d9PUI4JBcApzAbIfIb+RqTRVhigHu225tyy0iUHxiWH5a
K9iW3Vl3VRcDMPf4HZx1lNAl+Q3RMec7yKCkaw6OKn5bzogmCm0MT3t/9Vp6k9fr
t/52Il9JGvKj8zsDrR3Xy0rLFjV8YZRUvADJBYzDPeqVk1MSIMN0kyO2A9E989Kn
YmNvCOkZJEFNO6zw/mGxbawyIS/lExHmiHbGPXc74rXYkkY4az456xh82QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlnvL1VnjESti/aAUsdhuvEUxy7MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvQ1dlOHZWV2VNUksyTDlvQlN4Mkc2OFJUSExzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoBRsMA0G
CSqGSIb3DQEBCwUAA4IBAQBXxa0R+RFW2S8FK+wIuiDIwkIlVkFuj+jOGKZA2sZx
C6YfTB1N3kvYnojtrD6uW09jmncXFK3fIbJ5NHzfXg6gt68N19pQed1UKdCQ+qqD
z+GZ/v6mRvTxj+gN1epWfLWuNg5Hs2gBwNhVOI9C24u2Lu+DT12/AF8bTd4s3gK8
LkLL59GJtcJWNHpHCrb3F+LZBfp23xujeHkOt6d1oappNQzzcS1E/+mcL0N1IdPZ
3G8yYbcL+w0IXJassSmVhyE1K6HhNoy0XtWEV4TaiRmlykjlDlWZ6U3tsLU6hkjK
NcjqkP7bTFkL2q9h1dzZAtU3imryxCMDKWCWjrV73ojV
-----END CERTIFICATE-----