Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/Cp35cTyxUV2fTDU_69DmYUZbd7s.roa
File:                     Cp35cTyxUV2fTDU_69DmYUZbd7s.roa (raw, json)
Hash identifier:          LLLsCynRfYgiMip2N4xECKusWOU5Rj0C0gUBvKNpt5o=
Subject key identifier:   0A:9D:F9:71:3C:B1:51:5D:9F:4C:35:3F:EB:D0:E6:61:46:5B:77:BB
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       018CC94CA7156C59293EFC90263D0487E0ED
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/Cp35cTyxUV2fTDU_69DmYUZbd7s.roa
Signing time:             Tue 02 Jan 2024 08:31:33 +0000
ROA not before:           Tue 02 Jan 2024 08:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        188.191.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a7:15:6c:59:29:3e:fc:90:26:3d:04:87:e0:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Jan  2 08:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a9df9713cb1515d9f4c353febd0e661465b77bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d6:85:9f:d2:be:a9:cb:00:6d:b3:5e:ba:57:
                    27:4e:6f:9b:16:6e:b7:a9:df:70:00:37:3a:27:b6:
                    24:15:59:1e:35:07:62:a7:74:aa:ee:7b:53:79:f1:
                    b1:43:20:26:e4:7c:c0:07:b7:46:d0:26:17:f6:b0:
                    42:b6:23:ae:17:b4:9d:d4:d1:78:d2:51:8d:3e:fd:
                    d3:8b:bf:d2:de:d0:4c:21:5d:c7:05:8f:c2:fa:0a:
                    64:67:d8:a8:9d:ec:74:4c:e8:a8:f8:74:58:24:45:
                    e3:aa:56:45:06:33:e0:0c:3a:ac:b2:83:6f:03:96:
                    5b:e4:de:7c:87:91:18:97:7e:2d:b5:10:83:28:00:
                    c6:e5:e7:bc:63:f9:fc:82:f6:aa:11:6d:08:f3:7f:
                    ff:d4:20:3b:78:58:ef:9c:4c:09:f5:c8:5e:14:05:
                    f0:ad:e0:7b:6c:8d:20:99:c0:0c:66:be:4b:ba:01:
                    2d:e0:08:15:fb:89:70:89:14:a2:13:1b:ec:61:60:
                    8c:e0:bb:e7:af:1d:c5:61:0b:2c:3c:98:3a:25:3e:
                    66:51:be:92:04:69:2d:3c:c9:5b:89:b3:b4:7d:a3:
                    e6:63:b5:b2:63:3f:88:0c:b8:8c:79:c6:b1:a2:15:
                    bf:25:3d:13:e6:66:5a:9b:b3:0a:26:96:5f:e5:08:
                    9a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:9D:F9:71:3C:B1:51:5D:9F:4C:35:3F:EB:D0:E6:61:46:5B:77:BB
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/Cp35cTyxUV2fTDU_69DmYUZbd7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:12:93:c6:6a:ae:82:17:02:68:21:61:b3:1b:0d:0d:5f:96:
         e9:b0:bf:12:29:27:57:0b:3e:39:87:a4:49:65:0a:92:b2:dc:
         1f:73:34:e5:db:a9:14:c9:a8:78:88:d1:64:6d:1c:cc:4c:c0:
         5d:51:79:ce:93:c5:b2:eb:78:f8:f0:be:91:ee:e5:a0:27:38:
         03:53:66:e7:f2:ea:a0:7a:0f:0f:c4:8d:b4:6d:a7:ad:fb:ff:
         aa:7c:20:6d:03:b2:bb:5e:cb:fd:80:8e:0c:07:42:4c:da:ff:
         04:02:4e:c4:97:ba:c3:cc:d2:47:96:5c:b3:1e:3e:3d:66:00:
         32:f0:1b:a5:13:95:21:b6:13:10:39:a9:43:14:e1:db:f5:51:
         5b:64:e5:e4:b5:44:ac:5c:50:52:fd:c3:cd:ad:f4:f3:b3:8e:
         f7:5e:fd:96:9e:cd:6b:d0:ea:db:97:25:c5:82:b0:70:90:43:
         69:c5:26:db:ef:b2:4d:a5:ab:3b:5f:47:55:99:06:2e:4f:3a:
         5a:1b:f8:a9:47:f5:05:e2:03:1a:ed:82:d4:f8:64:4d:6b:9a:
         f0:dc:fa:ab:01:d1:14:da:7e:c8:9e:17:ee:ec:2d:73:e2:56:
         f8:c9:e1:02:a3:50:d6:b7:84:29:74:ef:67:1a:90:63:b5:ae:
         45:d0:3d:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKcVbFkpPvyQJj0Eh+DtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwMTAyMDgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTlkZjk3MTNjYjE1MTVkOWY0YzM1M2ZlYmQwZTY2MTQ2NWI3N2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdaFn9K+qcsAbbNeulcnTm+bFm63
qd9wADc6J7YkFVkeNQdip3Sq7ntTefGxQyAm5HzAB7dG0CYX9rBCtiOuF7Sd1NF4
0lGNPv3Ti7/S3tBMIV3HBY/C+gpkZ9ionex0TOio+HRYJEXjqlZFBjPgDDqssoNv
A5Zb5N58h5EYl34ttRCDKADG5ee8Y/n8gvaqEW0I83//1CA7eFjvnEwJ9cheFAXw
reB7bI0gmcAMZr5LugEt4AgV+4lwiRSiExvsYWCM4Lvnrx3FYQssPJg6JT5mUb6S
BGktPMlbibO0faPmY7WyYz+IDLiMecaxohW/JT0T5mZam7MKJpZf5QiamQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqd+XE8sVFdn0w1P+vQ5mFGW3e7MB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvQ3AzNWNUeXhVVjJmVERVXzY5RG1ZVVpiZDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9sMA0G
CSqGSIb3DQEBCwUAA4IBAQAUEpPGaq6CFwJoIWGzGw0NX5bpsL8SKSdXCz45h6RJ
ZQqSstwfczTl26kUyah4iNFkbRzMTMBdUXnOk8Wy63j48L6R7uWgJzgDU2bn8uqg
eg8PxI20baet+/+qfCBtA7K7Xsv9gI4MB0JM2v8EAk7El7rDzNJHllyzHj49ZgAy
8BulE5UhthMQOalDFOHb9VFbZOXktUSsXFBS/cPNrfTzs473Xv2Wns1r0OrblyXF
grBwkENpxSbb77JNpas7X0dVmQYuTzpaG/ipR/UF4gMa7YLU+GRNa5rw3PqrAdEU
2n7Inhfu7C1z4lb4yeECo1DWt4QpdO9nGpBjta5F0D0J
-----END CERTIFICATE-----