Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/fdce4c-2ea5-47eb-94bc-5b50ea88eeab/1/IDgJjGX2iwIYnHwwYxJ1xknr4h8.roa
File:                     IDgJjGX2iwIYnHwwYxJ1xknr4h8.roa (raw, json)
Hash identifier:          LnxgYlJ8zAuGY/xtENZzCnfBzxUIP6E7uNcII7wPHWc=
Subject key identifier:   20:38:09:8C:65:F6:8B:02:18:9C:7C:30:63:12:75:C6:49:EB:E2:1F
Certificate issuer:       /CN=89f280ae519550c7a7f4953ab27d7ae7ddeb1341
Certificate serial:       018CC94E1A09924C0A4A9FC20B221361484F
Authority key identifier: 89:F2:80:AE:51:95:50:C7:A7:F4:95:3A:B2:7D:7A:E7:DD:EB:13:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ifKArlGVUMen9JU6sn16593rE0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/fdce4c-2ea5-47eb-94bc-5b50ea88eeab/1/IDgJjGX2iwIYnHwwYxJ1xknr4h8.roa
Signing time:             Tue 02 Jan 2024 08:33:08 +0000
ROA not before:           Tue 02 Jan 2024 08:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        132.231.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/fdce4c-2ea5-47eb-94bc-5b50ea88eeab/1/ifKArlGVUMen9JU6sn16593rE0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/fdce4c-2ea5-47eb-94bc-5b50ea88eeab/1/ifKArlGVUMen9JU6sn16593rE0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ifKArlGVUMen9JU6sn16593rE0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:1a:09:92:4c:0a:4a:9f:c2:0b:22:13:61:48:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89f280ae519550c7a7f4953ab27d7ae7ddeb1341
        Validity
            Not Before: Jan  2 08:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2038098c65f68b02189c7c30631275c649ebe21f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4e:f7:4b:24:00:15:5a:9a:f4:22:0e:44:f1:
                    a5:6e:55:3d:e8:31:49:70:a4:86:8c:74:d7:73:8e:
                    cf:4e:97:92:2d:7f:30:aa:06:3a:62:6d:6c:8e:0d:
                    74:3b:85:a2:2e:84:27:13:12:d0:31:14:40:d0:e4:
                    5c:ee:3b:73:f5:84:8e:2c:0c:a9:e0:93:08:15:25:
                    87:eb:1f:ed:71:19:cd:1d:b7:ef:62:7d:0e:e7:e7:
                    ef:ed:4b:2e:70:3d:c8:2c:fc:6d:f1:e2:bb:c9:2f:
                    dd:95:7e:22:25:d1:08:4a:41:31:2f:1c:64:88:3c:
                    c4:42:5f:f4:69:1b:a0:ce:69:e4:0b:4d:31:1c:28:
                    72:69:b9:79:b6:60:e0:88:58:ef:47:69:1f:85:f6:
                    c0:a4:70:65:bd:3c:08:66:90:20:1d:a5:0f:40:cc:
                    4e:3f:ef:71:c4:1b:4d:ac:bb:31:aa:e7:90:3d:9c:
                    c4:1b:91:4a:e0:f6:bf:70:4b:e8:1b:d7:87:0a:a0:
                    2c:9e:dd:22:cb:92:e6:dc:07:e8:2b:3e:19:43:ac:
                    2f:68:14:fd:ea:df:ed:f6:d4:90:1d:2f:ed:b1:58:
                    96:a5:08:59:80:86:dd:a4:cc:34:66:a9:53:e7:9e:
                    5b:4c:96:fe:83:7b:09:86:59:38:44:59:95:7b:f0:
                    ec:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:38:09:8C:65:F6:8B:02:18:9C:7C:30:63:12:75:C6:49:EB:E2:1F
            X509v3 Authority Key Identifier:
                keyid:89:F2:80:AE:51:95:50:C7:A7:F4:95:3A:B2:7D:7A:E7:DD:EB:13:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ifKArlGVUMen9JU6sn16593rE0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/fdce4c-2ea5-47eb-94bc-5b50ea88eeab/1/IDgJjGX2iwIYnHwwYxJ1xknr4h8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/fdce4c-2ea5-47eb-94bc-5b50ea88eeab/1/ifKArlGVUMen9JU6sn16593rE0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.231.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8c:cb:42:e4:a7:90:ec:c7:d7:b8:db:da:9f:8b:0b:dc:77:e4:
         3f:07:91:f5:1d:8f:6d:ef:df:ef:18:4d:47:9e:09:49:36:ec:
         7e:ef:1c:ae:4d:06:3b:53:74:3f:18:bc:0a:bb:67:34:99:a6:
         66:f4:60:e7:24:db:8b:34:b8:24:2b:c1:94:1b:06:4c:25:6f:
         b7:2b:c8:a0:6b:48:a2:cc:b8:fd:97:7f:b5:f9:14:5e:70:74:
         46:10:f8:a0:29:5c:df:66:14:3d:0a:51:28:34:e4:b3:bd:d0:
         1a:44:e5:e6:15:ee:a3:02:71:f3:66:9f:3a:40:86:15:58:bb:
         2b:ca:6e:0c:29:13:0a:b7:a0:36:7e:c8:d0:8e:9c:76:20:0f:
         fb:2a:a7:a0:47:44:99:3c:b7:b5:51:f3:56:2c:a8:ee:cd:7d:
         17:64:6a:31:c5:66:0f:a8:07:d9:a1:81:02:1a:cd:36:88:83:
         e0:6e:6e:68:57:fd:5d:22:45:71:f3:12:1a:a8:d7:d7:84:65:
         9c:7f:a1:17:77:90:03:e3:ae:3a:27:0c:8e:7a:63:0a:9f:f6:
         82:06:ee:0c:e1:79:11:0a:45:b2:c4:1c:34:d7:ac:d0:e7:4e:
         ce:d7:7a:e1:6b:2a:c0:fb:8e:f4:24:cc:63:db:01:f5:00:fe:
         11:fb:0c:eb
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzJThoJkkwKSp/CCyITYUhPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZjI4MGFlNTE5NTUwYzdhN2Y0OTUzYWIyN2Q3YWU3ZGRl
YjEzNDEwHhcNMjQwMTAyMDgzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDM4MDk4YzY1ZjY4YjAyMTg5YzdjMzA2MzEyNzVjNjQ5ZWJlMjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE73SyQAFVqa9CIORPGlblU96DFJ
cKSGjHTXc47PTpeSLX8wqgY6Ym1sjg10O4WiLoQnExLQMRRA0ORc7jtz9YSOLAyp
4JMIFSWH6x/tcRnNHbfvYn0O5+fv7UsucD3ILPxt8eK7yS/dlX4iJdEISkExLxxk
iDzEQl/0aRugzmnkC00xHChyabl5tmDgiFjvR2kfhfbApHBlvTwIZpAgHaUPQMxO
P+9xxBtNrLsxqueQPZzEG5FK4Pa/cEvoG9eHCqAsnt0iy5Lm3AfoKz4ZQ6wvaBT9
6t/t9tSQHS/tsViWpQhZgIbdpMw0ZqlT555bTJb+g3sJhlk4RFmVe/DsHwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCA4CYxl9osCGJx8MGMSdcZJ6+IfMB8GA1UdIwQY
MBaAFInygK5RlVDHp/SVOrJ9eufd6xNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWZLQXJsR1ZVTWVuOUpVNnNuMTY1OTNyRTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9mZGNlNGMtMmVhNS00N2ViLTk0YmMt
NWI1MGVhODhlZWFiLzEvSURnSmpHWDJpd0lZbkh3d1l4SjF4a25yNGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9mZGNlNGMtMmVhNS00N2ViLTk0YmMtNWI1MGVhODhlZWFi
LzEvaWZLQXJsR1ZVTWVuOUpVNnNuMTY1OTNyRTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhOcwDQYJ
KoZIhvcNAQELBQADggEBAIzLQuSnkOzH17jb2p+LC9x35D8HkfUdj23v3+8YTUee
CUk27H7vHK5NBjtTdD8YvAq7ZzSZpmb0YOck24s0uCQrwZQbBkwlb7cryKBrSKLM
uP2Xf7X5FF5wdEYQ+KApXN9mFD0KUSg05LO90BpE5eYV7qMCcfNmnzpAhhVYuyvK
bgwpEwq3oDZ+yNCOnHYgD/sqp6BHRJk8t7VR81YsqO7NfRdkajHFZg+oB9mhgQIa
zTaIg+BubmhX/V0iRXHzEhqo19eEZZx/oRd3kAPjrjonDI56Ywqf9oIG7gzheREK
RbLEHDTXrNDnTs7XeuFrKsD7jvQkzGPbAfUA/hH7DOs=
-----END CERTIFICATE-----