Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/93f6ee-05ea-4f31-9af6-dfc5cc64a81e/1/l_0MJDzpXRAE31FngTgzf-xJ7gc.roa
File:                     l_0MJDzpXRAE31FngTgzf-xJ7gc.roa (raw, json)
Hash identifier:          lAoA++udVTtvQvDJ9ilV/XlMB+CHv2TOfsb1XlQcFfs=
Subject key identifier:   97:FD:0C:24:3C:E9:5D:10:04:DF:51:67:81:38:33:7F:EC:49:EE:07
Certificate issuer:       /CN=3ec8c20e65dcd33ff8a5e3c30a645925c5c9f95f
Certificate serial:       018CC8DE7BE62DB1ADD93A8764AD84B0403F
Authority key identifier: 3E:C8:C2:0E:65:DC:D3:3F:F8:A5:E3:C3:0A:64:59:25:C5:C9:F9:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsjCDmXc0z_4pePDCmRZJcXJ-V8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/93f6ee-05ea-4f31-9af6-dfc5cc64a81e/1/l_0MJDzpXRAE31FngTgzf-xJ7gc.roa
Signing time:             Tue 02 Jan 2024 06:31:13 +0000
ROA not before:           Tue 02 Jan 2024 06:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44756
IP address blocks:        62.100.128.0/19 maxlen: 24
                          188.130.0.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/93f6ee-05ea-4f31-9af6-dfc5cc64a81e/1/PsjCDmXc0z_4pePDCmRZJcXJ-V8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/93f6ee-05ea-4f31-9af6-dfc5cc64a81e/1/PsjCDmXc0z_4pePDCmRZJcXJ-V8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsjCDmXc0z_4pePDCmRZJcXJ-V8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:7b:e6:2d:b1:ad:d9:3a:87:64:ad:84:b0:40:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec8c20e65dcd33ff8a5e3c30a645925c5c9f95f
        Validity
            Not Before: Jan  2 06:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97fd0c243ce95d1004df51678138337fec49ee07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a9:b7:c0:13:40:f0:05:9b:f8:2b:54:7d:33:
                    3c:c9:ad:96:00:03:87:7f:b8:ac:b7:80:68:6b:4d:
                    3e:1a:25:64:f6:be:2c:5b:c0:73:73:1e:45:f9:ce:
                    89:80:ce:26:48:38:fd:05:c6:7d:4a:f8:98:d1:2d:
                    00:d7:d5:60:1d:c0:e6:76:38:48:5b:64:53:19:1a:
                    ba:8f:a7:fe:00:8f:38:c7:eb:e4:c4:e6:e5:37:bb:
                    80:c9:ae:ee:db:b4:02:9b:9b:e7:c1:50:c3:0a:9e:
                    89:c8:6c:6a:3b:4b:5b:97:9d:2b:25:4a:63:3a:ed:
                    59:22:63:37:ae:08:d1:b0:ab:9c:d2:76:0a:99:be:
                    ea:37:0e:8d:d8:16:55:20:7b:c6:0d:8d:54:c1:e6:
                    7d:9c:a1:5b:56:8f:8a:7d:24:34:d9:b6:11:7d:dd:
                    4a:b1:fc:b2:33:55:54:65:6a:41:f0:a2:4c:75:86:
                    45:31:5a:03:ea:6e:42:1c:60:d5:7f:2e:6f:f6:92:
                    ec:20:88:42:0f:ae:b1:56:80:70:69:6d:e9:d0:14:
                    b4:87:d4:82:e2:84:49:15:22:30:c5:7d:b4:6a:0d:
                    a2:a2:8c:c4:aa:8a:fe:25:ab:97:96:7e:7a:b7:eb:
                    7c:c8:0a:c6:01:66:4c:70:f6:6d:7e:dd:a0:dc:e9:
                    a2:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:FD:0C:24:3C:E9:5D:10:04:DF:51:67:81:38:33:7F:EC:49:EE:07
            X509v3 Authority Key Identifier:
                keyid:3E:C8:C2:0E:65:DC:D3:3F:F8:A5:E3:C3:0A:64:59:25:C5:C9:F9:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsjCDmXc0z_4pePDCmRZJcXJ-V8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/93f6ee-05ea-4f31-9af6-dfc5cc64a81e/1/l_0MJDzpXRAE31FngTgzf-xJ7gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/93f6ee-05ea-4f31-9af6-dfc5cc64a81e/1/PsjCDmXc0z_4pePDCmRZJcXJ-V8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.100.128.0/19
                  188.130.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         98:d6:06:d4:a4:6d:26:8b:ec:28:0c:57:91:e6:16:ae:fd:1b:
         d5:7d:25:8a:38:a2:9f:b6:1e:e1:17:56:24:ca:fb:4a:5b:c2:
         4d:fe:d0:fd:8b:96:9a:ac:ea:2e:fb:57:e1:7c:8e:6a:d0:65:
         d4:2d:59:8b:a2:41:0c:0b:cb:4a:a0:cd:02:f8:a5:94:9a:a9:
         a3:64:19:eb:77:65:be:23:c6:4f:ff:e1:05:68:20:55:22:8a:
         80:cb:f4:fa:39:3f:f7:29:0d:5c:7b:c2:4e:9e:de:64:dd:57:
         72:cb:5d:fc:ac:4e:f0:ed:a4:17:38:c0:eb:78:6d:58:ef:2a:
         c2:1e:43:a3:80:2a:1c:5c:72:58:43:4a:e4:1b:51:88:72:b9:
         bf:8b:40:56:9f:bc:7a:fd:87:ef:c3:eb:2a:26:03:24:1c:ce:
         ac:b4:0a:eb:cf:8f:48:91:cc:e6:ef:dc:be:dc:3f:b5:29:48:
         50:70:59:f0:4b:5e:0a:57:17:e9:1e:21:a3:8b:1e:6b:cf:cb:
         60:e6:da:ff:ae:b6:fb:47:2c:14:96:27:94:3d:a0:23:60:e3:
         d7:a0:10:af:7a:ad:c3:5b:58:87:1a:10:06:13:b0:1b:20:88:
         48:37:c6:e7:0e:e9:83:bd:dd:17:c7:e7:be:c8:e0:ba:3e:bb:
         58:31:cf:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3nvmLbGt2TqHZK2EsEA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzhjMjBlNjVkY2QzM2ZmOGE1ZTNjMzBhNjQ1OTI1YzVj
OWY5NWYwHhcNMjQwMTAyMDYzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2ZkMGMyNDNjZTk1ZDEwMDRkZjUxNjc4MTM4MzM3ZmVjNDllZTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtam3wBNA8AWb+CtUfTM8ya2WAAOH
f7ist4Boa00+GiVk9r4sW8Bzcx5F+c6JgM4mSDj9BcZ9SviY0S0A19VgHcDmdjhI
W2RTGRq6j6f+AI84x+vkxOblN7uAya7u27QCm5vnwVDDCp6JyGxqO0tbl50rJUpj
Ou1ZImM3rgjRsKuc0nYKmb7qNw6N2BZVIHvGDY1UweZ9nKFbVo+KfSQ02bYRfd1K
sfyyM1VUZWpB8KJMdYZFMVoD6m5CHGDVfy5v9pLsIIhCD66xVoBwaW3p0BS0h9SC
4oRJFSIwxX20ag2ioozEqor+JauXln56t+t8yArGAWZMcPZtft2g3OmifwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJf9DCQ86V0QBN9RZ4E4M3/sSe4HMB8GA1UdIwQY
MBaAFD7Iwg5l3NM/+KXjwwpkWSXFyflfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNqQ0RtWGMwel80cGVQRENtUlpKY1hKLVY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85M2Y2ZWUtMDVlYS00ZjMxLTlhZjYt
ZGZjNWNjNjRhODFlLzEvbF8wTUpEenBYUkFFMzFGbmdUZ3pmLXhKN2djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85M2Y2ZWUtMDVlYS00ZjMxLTlhZjYtZGZjNWNjNjRhODFl
LzEvUHNqQ0RtWGMwel80cGVQRENtUlpKY1hKLVY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFPmSAAwQH
vIIAMA0GCSqGSIb3DQEBCwUAA4IBAQCY1gbUpG0mi+woDFeR5hau/RvVfSWKOKKf
th7hF1YkyvtKW8JN/tD9i5aarOou+1fhfI5q0GXULVmLokEMC8tKoM0C+KWUmqmj
ZBnrd2W+I8ZP/+EFaCBVIoqAy/T6OT/3KQ1ce8JOnt5k3Vdyy138rE7w7aQXOMDr
eG1Y7yrCHkOjgCocXHJYQ0rkG1GIcrm/i0BWn7x6/Yfvw+sqJgMkHM6stArrz49I
kczm79y+3D+1KUhQcFnwS14KVxfpHiGjix5rz8tg5tr/rrb7RywUlieUPaAjYOPX
oBCveq3DW1iHGhAGE7AbIIhIN8bnDumDvd0Xx+e+yOC6PrtYMc+N
-----END CERTIFICATE-----