Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gJn-OQeKJxutv5D_ezA7-ILqokM.roa
File:                     gJn-OQeKJxutv5D_ezA7-ILqokM.roa (raw, json)
Hash identifier:          wwEogFGoyh9pIfRmOksnibq7a2d8vIvR4sx0rY7daYM=
Subject key identifier:   80:99:FE:39:07:8A:27:1B:AD:BF:90:FF:7B:30:3B:F8:82:EA:A2:43
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E625BC5332911AA7503AB8D40DB200AA9
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gJn-OQeKJxutv5D_ezA7-ILqokM.roa
Signing time:             Thu 21 Mar 2024 18:52:45 +0000
ROA not before:           Thu 21 Mar 2024 18:52:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        109.176.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:62:5b:c5:33:29:11:aa:75:03:ab:8d:40:db:20:0a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 21 18:52:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8099fe39078a271badbf90ff7b303bf882eaa243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:9a:de:2f:a1:0b:4d:58:dc:f2:b6:bf:1b:4c:
                    fd:a6:bf:2c:05:ef:d3:08:45:a8:f8:f0:9b:8f:87:
                    3d:e3:75:d2:dc:88:84:b0:b1:79:9a:ff:77:20:e1:
                    bc:d3:97:8d:c9:ac:f1:f5:a3:4e:e3:8e:54:0e:be:
                    d3:ee:c9:82:62:ad:69:8c:db:36:6c:02:7f:00:c4:
                    a3:94:26:57:50:01:81:dc:2d:52:c1:03:a0:d6:10:
                    98:3a:a0:73:1e:0c:f8:f1:58:cf:15:93:e5:f8:91:
                    71:57:9b:75:22:f1:ff:6b:fe:63:f2:ba:43:a0:dd:
                    5c:6d:21:3c:7b:fe:2d:0e:1b:9d:79:61:ad:88:b2:
                    f8:03:5c:a9:5b:79:76:bf:52:50:7d:c9:ae:b4:b2:
                    03:9e:73:5f:da:e4:d8:dc:40:d9:5a:cf:88:b0:37:
                    ab:fc:cc:01:59:59:12:fa:e8:b3:f9:74:78:00:b3:
                    77:62:d3:64:fe:c0:3d:9d:01:f0:44:3b:97:4e:12:
                    7c:34:27:ac:b5:d9:d3:e9:a9:72:3d:2d:eb:c4:07:
                    45:c4:70:06:b2:8f:41:cb:80:54:9d:0f:26:78:0e:
                    6b:bf:ad:79:53:16:3f:f7:b4:2c:7f:c7:be:18:20:
                    8a:e2:92:27:d1:6d:e6:47:8a:af:04:b3:78:8b:0c:
                    db:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:99:FE:39:07:8A:27:1B:AD:BF:90:FF:7B:30:3B:F8:82:EA:A2:43
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gJn-OQeKJxutv5D_ezA7-ILqokM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:c8:b1:b6:f9:6c:75:04:b8:1a:62:43:f6:4a:0a:41:6d:d7:
         2d:f7:4a:ea:c6:5c:0b:cb:b7:55:d5:f0:5e:55:9b:79:75:73:
         60:61:54:dd:da:ef:c7:cf:be:80:2c:5e:ca:6e:16:9f:a6:08:
         83:d4:63:af:b1:a3:b9:47:66:8c:ea:b6:b3:42:c6:ad:f1:3e:
         43:09:fa:6c:d6:39:85:14:14:3d:db:e6:57:72:28:26:37:d1:
         16:9c:bb:3c:d0:b3:1e:e5:b0:dd:9f:35:4d:00:59:3b:e1:91:
         89:cc:6c:97:14:3e:bd:3f:09:61:e9:27:96:90:a3:36:5d:eb:
         bf:3f:d8:c4:1d:53:1d:1c:a1:07:60:ca:9d:55:2f:9c:c0:da:
         d7:3d:0b:04:ff:36:24:76:80:c8:56:66:c7:78:fc:ff:70:12:
         d6:5b:df:f9:40:8e:8e:48:20:a5:ef:86:ef:c1:06:e4:8b:a0:
         4c:8a:5c:df:1a:08:12:15:bf:98:b5:98:2a:a8:9f:4d:c2:aa:
         d6:0f:25:03:8c:ef:52:b8:91:df:8d:57:21:92:52:8f:a2:d0:
         b9:52:b8:60:cc:73:bf:50:35:98:2a:88:cd:eb:a0:7d:4e:e4:
         67:43:18:c4:8e:a6:20:f6:98:dd:df:70:08:28:b8:11:be:be:
         32:f9:ae:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5iW8UzKRGqdQOrjUDbIAqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzIxMTg1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDk5ZmUzOTA3OGEyNzFiYWRiZjkwZmY3YjMwM2JmODgyZWFhMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpreL6ELTVjc8ra/G0z9pr8sBe/T
CEWo+PCbj4c943XS3IiEsLF5mv93IOG805eNyazx9aNO445UDr7T7smCYq1pjNs2
bAJ/AMSjlCZXUAGB3C1SwQOg1hCYOqBzHgz48VjPFZPl+JFxV5t1IvH/a/5j8rpD
oN1cbSE8e/4tDhudeWGtiLL4A1ypW3l2v1JQfcmutLIDnnNf2uTY3EDZWs+IsDer
/MwBWVkS+uiz+XR4ALN3YtNk/sA9nQHwRDuXThJ8NCestdnT6alyPS3rxAdFxHAG
so9By4BUnQ8meA5rv615UxY/97Qsf8e+GCCK4pIn0W3mR4qvBLN4iwzbDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICZ/jkHiicbrb+Q/3swO/iC6qJDMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ0puLU9RZUtKeHV0djVEX2V6QTctSUxxb2tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbAPMA0G
CSqGSIb3DQEBCwUAA4IBAQAIyLG2+Wx1BLgaYkP2SgpBbdct90rqxlwLy7dV1fBe
VZt5dXNgYVTd2u/Hz76ALF7KbhafpgiD1GOvsaO5R2aM6razQsat8T5DCfps1jmF
FBQ92+ZXcigmN9EWnLs80LMe5bDdnzVNAFk74ZGJzGyXFD69Pwlh6SeWkKM2Xeu/
P9jEHVMdHKEHYMqdVS+cwNrXPQsE/zYkdoDIVmbHePz/cBLWW9/5QI6OSCCl74bv
wQbki6BMilzfGggSFb+YtZgqqJ9NwqrWDyUDjO9SuJHfjVchklKPotC5UrhgzHO/
UDWYKojN66B9TuRnQxjEjqYg9pjd33AIKLgRvr4y+a4Y
-----END CERTIFICATE-----