Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/09Dmh-GqNnFLlOxqYqDZCRkuWEI.roa
File:                     09Dmh-GqNnFLlOxqYqDZCRkuWEI.roa (raw, json)
Hash identifier:          SL8cjPmiTlUn0kkdSyGuBaObW6MtXDFbYESf8K0Ca90=
Subject key identifier:   D3:D0:E6:87:E1:AA:36:71:4B:94:EC:6A:62:A0:D9:09:19:2E:58:42
Certificate issuer:       /CN=9b2e80a141c974f6da8f40274338fdacee42a770
Certificate serial:       018CC4922AA76B8A3DC125F54B6F3B8D3F15
Authority key identifier: 9B:2E:80:A1:41:C9:74:F6:DA:8F:40:27:43:38:FD:AC:EE:42:A7:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/my6AoUHJdPbaj0AnQzj9rO5Cp3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/09Dmh-GqNnFLlOxqYqDZCRkuWEI.roa
Signing time:             Mon 01 Jan 2024 10:29:22 +0000
ROA not before:           Mon 01 Jan 2024 10:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31543
IP address blocks:        195.60.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/my6AoUHJdPbaj0AnQzj9rO5Cp3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/my6AoUHJdPbaj0AnQzj9rO5Cp3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/my6AoUHJdPbaj0AnQzj9rO5Cp3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2a:a7:6b:8a:3d:c1:25:f5:4b:6f:3b:8d:3f:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b2e80a141c974f6da8f40274338fdacee42a770
        Validity
            Not Before: Jan  1 10:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3d0e687e1aa36714b94ec6a62a0d909192e5842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:24:8a:9f:cc:69:f9:85:5a:3f:0f:cb:81:16:
                    58:18:b6:6b:42:3f:b9:e2:36:71:08:16:e3:dc:bc:
                    56:34:8a:f3:88:b5:aa:18:08:3b:a9:29:b7:b5:68:
                    32:3b:05:4d:93:93:3c:cd:15:b6:b3:65:1c:20:1a:
                    5c:b0:4d:7d:c6:49:39:68:d5:11:11:4e:60:b0:29:
                    b5:01:73:38:bb:b3:59:e4:46:22:86:65:1a:99:43:
                    13:2d:69:bb:87:e5:ae:b1:36:b6:88:4a:d5:03:9a:
                    51:0a:c6:8f:f5:b8:98:0f:ce:a2:e6:1c:af:e3:97:
                    c2:4e:63:ec:11:26:eb:bc:e9:7a:e3:a8:b5:d9:ef:
                    7b:11:cf:08:76:52:3b:fc:fe:a6:8d:10:2d:f5:88:
                    3a:cb:df:70:ad:f0:6a:e0:31:28:16:a6:a8:c2:48:
                    2e:94:6b:02:0f:69:43:ae:32:77:8a:23:7c:ba:13:
                    29:dc:99:a4:0d:56:12:0d:97:60:50:a0:d7:75:fe:
                    75:bb:f9:a2:83:da:2d:27:14:d3:68:87:0a:ba:ae:
                    1e:bb:7e:54:ab:13:e4:d1:31:2d:cd:11:93:57:e2:
                    96:18:62:db:4c:bd:dd:5f:64:ba:75:77:f7:06:db:
                    91:ce:37:f1:6f:79:d0:da:4a:c2:20:94:59:1e:9f:
                    c7:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D0:E6:87:E1:AA:36:71:4B:94:EC:6A:62:A0:D9:09:19:2E:58:42
            X509v3 Authority Key Identifier:
                keyid:9B:2E:80:A1:41:C9:74:F6:DA:8F:40:27:43:38:FD:AC:EE:42:A7:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/my6AoUHJdPbaj0AnQzj9rO5Cp3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/09Dmh-GqNnFLlOxqYqDZCRkuWEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/my6AoUHJdPbaj0AnQzj9rO5Cp3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:8e:18:65:14:ce:7d:bb:44:b9:ba:1f:f7:19:6e:07:d4:4e:
         1e:3f:5f:9c:46:06:f9:1b:ee:15:56:f6:cd:da:30:cb:d9:e0:
         2b:66:3c:69:10:e5:d4:a7:0b:39:10:43:4f:fa:cf:cc:14:d7:
         b3:e3:1a:82:6c:de:d7:0a:1d:7a:75:a3:b9:04:be:f3:67:00:
         1e:7b:a4:19:d8:cf:1a:07:1b:03:86:5f:6f:6e:06:64:b1:fc:
         a1:46:f7:2c:01:d0:67:de:c0:25:75:5d:81:08:2c:c9:8a:fc:
         5f:53:ee:f3:33:c7:41:c9:13:b9:23:fe:b5:a7:cb:0d:aa:d2:
         fb:c9:6e:9d:d2:1a:bf:d9:56:95:6c:a2:c4:38:15:bd:ce:df:
         5c:4b:5f:15:53:57:f3:3f:bd:2c:03:b7:27:42:b0:c9:8a:5f:
         a6:92:d4:bc:3b:53:dc:d6:dc:22:a8:cd:bf:c5:22:74:57:25:
         bc:cc:4a:b6:f5:3d:5f:de:31:86:29:b2:c6:23:48:63:be:76:
         35:82:6b:4d:4c:05:9b:f0:53:38:20:87:d5:cb:6a:de:49:ee:
         be:0d:d4:07:7c:52:f5:5c:10:12:00:d2:c3:db:66:56:63:16:
         99:1f:a6:37:30:d0:52:63:00:7a:e8:ca:2d:06:a7:92:a9:f5:
         b9:8f:a5:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkiqna4o9wSX1S287jT8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMmU4MGExNDFjOTc0ZjZkYThmNDAyNzQzMzhmZGFjZWU0
MmE3NzAwHhcNMjQwMTAxMTAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2QwZTY4N2UxYWEzNjcxNGI5NGVjNmE2MmEwZDkwOTE5MmU1ODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkySKn8xp+YVaPw/LgRZYGLZrQj+5
4jZxCBbj3LxWNIrziLWqGAg7qSm3tWgyOwVNk5M8zRW2s2UcIBpcsE19xkk5aNUR
EU5gsCm1AXM4u7NZ5EYihmUamUMTLWm7h+WusTa2iErVA5pRCsaP9biYD86i5hyv
45fCTmPsESbrvOl646i12e97Ec8IdlI7/P6mjRAt9Yg6y99wrfBq4DEoFqaowkgu
lGsCD2lDrjJ3iiN8uhMp3JmkDVYSDZdgUKDXdf51u/mig9otJxTTaIcKuq4eu35U
qxPk0TEtzRGTV+KWGGLbTL3dX2S6dXf3BtuRzjfxb3nQ2krCIJRZHp/HawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPQ5ofhqjZxS5TsamKg2QkZLlhCMB8GA1UdIwQY
MBaAFJsugKFByXT22o9AJ0M4/azuQqdwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXk2QW9VSEpkUGJhajBBblF6ajlyTzVDcDNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9mYWFiYmMtODFiYS00OTc3LTg5MjMt
Y2M5M2IxMDUwZGU3LzEvMDlEbWgtR3FObkZMbE94cVlxRFpDUmt1V0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9mYWFiYmMtODFiYS00OTc3LTg5MjMtY2M5M2IxMDUwZGU3
LzEvbXk2QW9VSEpkUGJhajBBblF6ajlyTzVDcDNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzxCMA0G
CSqGSIb3DQEBCwUAA4IBAQABjhhlFM59u0S5uh/3GW4H1E4eP1+cRgb5G+4VVvbN
2jDL2eArZjxpEOXUpws5EENP+s/MFNez4xqCbN7XCh16daO5BL7zZwAee6QZ2M8a
BxsDhl9vbgZksfyhRvcsAdBn3sAldV2BCCzJivxfU+7zM8dByRO5I/61p8sNqtL7
yW6d0hq/2VaVbKLEOBW9zt9cS18VU1fzP70sA7cnQrDJil+mktS8O1Pc1twiqM2/
xSJ0VyW8zEq29T1f3jGGKbLGI0hjvnY1gmtNTAWb8FM4IIfVy2reSe6+DdQHfFL1
XBASANLD22ZWYxaZH6Y3MNBSYwB66MotBqeSqfW5j6XD
-----END CERTIFICATE-----