Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/IZccUdNenRqU6Z3Vx3kDDgh1z6I.roa
File:                     IZccUdNenRqU6Z3Vx3kDDgh1z6I.roa (raw, json)
Hash identifier:          F0fmFAV9JxscMj/+AzQT5DcS5zPFJP2+XCaWAXB7sVw=
Subject key identifier:   21:97:1C:51:D3:5E:9D:1A:94:E9:9D:D5:C7:79:03:0E:08:75:CF:A2
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       01934FF5D25044A8BDC4FB903068C1071800
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/IZccUdNenRqU6Z3Vx3kDDgh1z6I.roa
Signing time:             Thu 21 Nov 2024 18:22:10 +0000
ROA not before:           Thu 21 Nov 2024 18:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214526
IP address blocks:        109.122.240.0/20 maxlen: 24
                          109.122.249.0/24 maxlen: 24
                          109.122.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4f:f5:d2:50:44:a8:bd:c4:fb:90:30:68:c1:07:18:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Nov 21 18:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21971c51d35e9d1a94e99dd5c779030e0875cfa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0b:b9:3b:da:07:fd:6e:54:b7:62:10:e6:40:
                    78:3b:b1:c9:5c:2c:0f:b9:17:92:1a:64:5e:cb:38:
                    32:82:31:d6:96:34:18:4c:00:b2:66:2f:52:8d:dc:
                    eb:a4:dc:40:35:df:8c:02:ba:bc:95:78:a8:d2:e0:
                    6a:6d:56:2c:ee:52:06:e0:ca:0a:48:45:d6:b0:16:
                    4f:40:c3:4f:ea:a2:f0:37:cf:d9:bc:82:5e:c1:40:
                    a2:cd:a8:7e:c3:bf:d4:7f:7b:5a:9d:b7:85:f7:ad:
                    42:b4:fe:9c:eb:af:96:3c:ee:11:82:47:f7:2f:ad:
                    ab:ce:86:40:fc:5f:a7:24:29:37:bb:77:ef:43:88:
                    de:52:f9:37:4c:a1:cb:c7:0e:38:55:93:63:c6:e0:
                    6a:b5:ab:d4:ac:d6:7f:60:1a:22:a6:fb:9f:58:7e:
                    4d:17:7a:cb:23:ce:b0:87:f8:ee:ab:9b:ee:e7:73:
                    4d:f2:1c:81:3d:53:f7:35:70:61:02:08:82:f7:42:
                    d2:45:87:cf:c3:90:c3:8b:8f:92:9d:5f:fd:96:c7:
                    b2:82:53:fd:8f:4b:75:ad:d9:a7:6a:e3:e5:7a:7c:
                    dd:73:60:10:35:8e:e1:09:ce:30:7c:3e:2f:f1:0e:
                    d4:1b:5b:d3:46:d2:80:97:03:8f:3f:00:16:a7:74:
                    a2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:97:1C:51:D3:5E:9D:1A:94:E9:9D:D5:C7:79:03:0E:08:75:CF:A2
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/IZccUdNenRqU6Z3Vx3kDDgh1z6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0e:d9:ce:77:8c:52:04:0d:29:a1:23:ff:c9:c8:2e:60:12:ba:
         4a:93:18:ac:a5:f4:33:1e:50:54:fa:92:27:a9:3d:9e:e9:69:
         cf:74:2f:36:ae:3a:71:c0:b6:de:c0:34:67:1c:17:23:88:72:
         e6:c3:e8:21:1e:1d:b1:76:b5:96:c1:d3:11:3b:aa:0c:14:1c:
         a9:fb:2e:b2:24:3f:4d:31:66:1c:ed:a0:af:6f:7f:d0:58:bb:
         6f:00:20:4c:7c:a3:7b:8f:32:d0:41:d8:4c:e0:18:d4:e8:65:
         49:aa:55:cd:b4:c4:ac:52:cb:f7:60:63:88:d7:29:ec:e7:82:
         7d:74:31:7b:89:76:7e:ff:8c:48:72:8a:e7:b5:8f:f0:2c:e2:
         b2:de:5a:4a:c2:0e:3c:ef:c6:8c:cf:49:15:0e:b6:ac:bf:19:
         2f:db:bd:14:db:c8:85:ab:45:de:df:54:9d:89:30:31:d1:17:
         9f:a7:2f:95:80:e9:22:db:cf:cc:eb:fa:cc:e8:79:52:21:e9:
         c7:7a:bc:1d:95:25:a0:1f:61:b8:f1:72:da:5f:2c:f1:d4:f2:
         f3:e4:c2:b1:44:ee:ab:73:a6:53:20:c9:94:a7:5c:9e:d4:43:
         82:c5:4c:1a:03:d0:9f:4a:a8:fa:a0:d8:a5:ff:fa:5d:10:67:
         ff:93:c8:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNP9dJQRKi9xPuQMGjBBxgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQxMTIxMTgyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTk3MWM1MWQzNWU5ZDFhOTRlOTlkZDVjNzc5MDMwZTA4NzVjZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAu5O9oH/W5Ut2IQ5kB4O7HJXCwP
uReSGmReyzgygjHWljQYTACyZi9SjdzrpNxANd+MArq8lXio0uBqbVYs7lIG4MoK
SEXWsBZPQMNP6qLwN8/ZvIJewUCizah+w7/Uf3tanbeF961CtP6c66+WPO4Rgkf3
L62rzoZA/F+nJCk3u3fvQ4jeUvk3TKHLxw44VZNjxuBqtavUrNZ/YBoipvufWH5N
F3rLI86wh/juq5vu53NN8hyBPVP3NXBhAgiC90LSRYfPw5DDi4+SnV/9lseyglP9
j0t1rdmnauPlenzdc2AQNY7hCc4wfD4v8Q7UG1vTRtKAlwOPPwAWp3Si1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGXHFHTXp0alOmd1cd5Aw4Idc+iMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvSVpjY1VkTmVuUnFVNlozVngza0REZ2gxejZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEbXrwMA0G
CSqGSIb3DQEBCwUAA4IBAQAO2c53jFIEDSmhI//JyC5gErpKkxispfQzHlBU+pIn
qT2e6WnPdC82rjpxwLbewDRnHBcjiHLmw+ghHh2xdrWWwdMRO6oMFByp+y6yJD9N
MWYc7aCvb3/QWLtvACBMfKN7jzLQQdhM4BjU6GVJqlXNtMSsUsv3YGOI1yns54J9
dDF7iXZ+/4xIcorntY/wLOKy3lpKwg4878aMz0kVDrasvxkv270U28iFq0Xe31Sd
iTAx0Refpy+VgOki28/M6/rM6HlSIenHerwdlSWgH2G48XLaXyzx1PLz5MKxRO6r
c6ZTIMmUp1ye1EOCxUwaA9CfSqj6oNil//pdEGf/k8ia
-----END CERTIFICATE-----