Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/ktcN_1CUp7LaLxP99XlfX2aR3JY.roa
File:                     ktcN_1CUp7LaLxP99XlfX2aR3JY.roa (raw, json)
Hash identifier:          A4GSKwqS/3qXXX5KzVNih95wvOg7T1xafYwJVI0/Hp0=
Subject key identifier:   92:D7:0D:FF:50:94:A7:B2:DA:2F:13:FD:F5:79:5F:5F:66:91:DC:96
Certificate issuer:       /CN=d673d849b7d5047376d57e6f796f0018b70b4506
Certificate serial:       019423698B038F90F97790615F19987CCD12
Authority key identifier: D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/ktcN_1CUp7LaLxP99XlfX2aR3JY.roa
Signing time:             Wed 01 Jan 2025 19:48:26 +0000
ROA not before:           Wed 01 Jan 2025 19:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208323
IP address blocks:        109.70.100.0/24 maxlen: 24
                          2a03:e600:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 22:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:8b:03:8f:90:f9:77:90:61:5f:19:98:7c:cd:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d673d849b7d5047376d57e6f796f0018b70b4506
        Validity
            Not Before: Jan  1 19:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92d70dff5094a7b2da2f13fdf5795f5f6691dc96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d3:51:b5:a0:86:87:01:09:48:85:6f:d1:26:
                    1e:85:c6:c5:f1:8c:ea:33:60:48:25:d7:29:ba:52:
                    8d:c9:98:1f:1c:5b:7e:3c:29:28:76:39:be:e2:67:
                    cc:a5:e3:6e:5d:1b:c9:92:14:a7:b4:0d:fa:ba:b4:
                    c4:b1:cf:fa:27:26:fd:2b:b3:bd:00:d8:9d:fb:69:
                    13:5e:57:e7:a1:c2:5c:ba:5a:fa:80:cc:09:55:41:
                    f9:bd:7e:df:5f:35:b7:38:aa:01:77:e4:97:b7:53:
                    80:d4:5d:38:ed:8d:11:8d:4a:52:75:09:3f:0a:ca:
                    cb:f6:17:5a:79:ab:f2:3c:35:ea:16:b3:33:61:19:
                    7c:f4:2a:42:85:7a:6d:a5:8a:55:be:76:75:34:92:
                    43:ef:80:32:44:a0:2a:f8:e7:19:26:fb:28:f6:4b:
                    80:66:22:b8:d3:a8:99:d0:31:f9:2d:47:ec:e6:67:
                    1b:06:1f:bd:47:ac:63:59:9b:8e:67:d0:6c:b4:df:
                    52:a6:de:a4:5b:da:e3:f3:58:07:45:71:4a:3c:fd:
                    8d:5e:f4:d3:f0:78:1b:b4:4d:e4:76:c7:d0:98:5e:
                    24:a0:a5:b3:23:cb:e4:24:39:16:ee:a1:32:5e:a4:
                    67:7a:b7:16:31:01:86:5c:e0:b9:e1:95:a4:1b:7e:
                    53:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:D7:0D:FF:50:94:A7:B2:DA:2F:13:FD:F5:79:5F:5F:66:91:DC:96
            X509v3 Authority Key Identifier:
                keyid:D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/ktcN_1CUp7LaLxP99XlfX2aR3JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.100.0/24
                IPv6:
                  2a03:e600:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:23:9c:80:c6:9d:86:24:5a:e2:77:0d:33:83:b9:bd:28:69:
         e2:7b:38:3f:64:87:30:8f:29:f1:77:0a:82:a8:ab:63:9f:e2:
         3c:4c:d7:26:5d:b6:b9:45:41:22:e0:a3:7d:b9:f3:87:63:09:
         4f:6e:db:88:fb:c6:d5:d1:ca:6b:5f:5f:13:eb:2a:41:19:59:
         0e:0c:04:b4:9f:a1:02:1c:f2:47:c2:e8:26:7d:5e:d3:03:57:
         1b:24:e1:bb:07:73:6a:43:61:7f:59:14:f8:42:55:7f:bb:b9:
         20:01:0f:ac:1c:e7:5a:34:3e:e3:4c:8e:4a:00:75:2c:2b:1c:
         25:67:5f:ca:01:d8:5d:e3:8e:03:1c:82:9c:09:dd:2a:b3:b0:
         ab:f9:a7:54:b7:0a:61:97:26:1e:5d:34:17:90:86:93:da:ff:
         a2:9e:7a:3f:4f:c7:e9:b3:7b:26:24:7f:10:d7:dc:92:af:1b:
         78:b6:7c:98:e8:82:e4:1c:90:73:a1:f5:f2:cc:b1:6e:82:3a:
         d6:f8:70:c3:02:8b:1d:00:75:35:4b:d8:23:94:80:75:c1:05:
         a8:0e:d8:c0:97:e0:aa:20:45:97:b7:d5:a6:45:3a:56:18:c6:
         d3:58:52:80:7e:86:27:8c:7e:6a:af:16:74:45:e8:4f:ac:f1:
         dd:3f:4f:fc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQjaYsDj5D5d5BhXxmYfM0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzNkODQ5YjdkNTA0NzM3NmQ1N2U2Zjc5NmYwMDE4Yjcw
YjQ1MDYwHhcNMjUwMTAxMTk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmQ3MGRmZjUwOTRhN2IyZGEyZjEzZmRmNTc5NWY1ZjY2OTFkYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytNRtaCGhwEJSIVv0SYehcbF8Yzq
M2BIJdcpulKNyZgfHFt+PCkodjm+4mfMpeNuXRvJkhSntA36urTEsc/6Jyb9K7O9
ANid+2kTXlfnocJculr6gMwJVUH5vX7fXzW3OKoBd+SXt1OA1F047Y0RjUpSdQk/
CsrL9hdaeavyPDXqFrMzYRl89CpChXptpYpVvnZ1NJJD74AyRKAq+OcZJvso9kuA
ZiK406iZ0DH5LUfs5mcbBh+9R6xjWZuOZ9BstN9Spt6kW9rj81gHRXFKPP2NXvTT
8HgbtE3kdsfQmF4koKWzI8vkJDkW7qEyXqRnercWMQGGXOC54ZWkG35TQQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJLXDf9QlKey2i8T/fV5X19mkdyWMB8GA1UdIwQY
MBaAFNZz2Em31QRzdtV+b3lvABi3C0UGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgt
OGVlYjc1N2NmNTQ1LzEva3RjTl8xQ1VwN0xhTHhQOTlYbGZYMmFSM0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgtOGVlYjc1N2NmNTQ1
LzEvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAbUZkMA8E
AgACMAkDBwAqA+YAAQAwDQYJKoZIhvcNAQELBQADggEBAJ8jnIDGnYYkWuJ3DTOD
ub0oaeJ7OD9khzCPKfF3CoKoq2Of4jxM1yZdtrlFQSLgo32584djCU9u24j7xtXR
ymtfXxPrKkEZWQ4MBLSfoQIc8kfC6CZ9XtMDVxsk4bsHc2pDYX9ZFPhCVX+7uSAB
D6wc51o0PuNMjkoAdSwrHCVnX8oB2F3jjgMcgpwJ3SqzsKv5p1S3CmGXJh5dNBeQ
hpPa/6Keej9Px+mzeyYkfxDX3JKvG3i2fJjoguQckHOh9fLMsW6COtb4cMMCix0A
dTVL2COUgHXBBagO2MCX4KogRZe31aZFOlYYxtNYUoB+hieMfmqvFnRF6E+s8d0/
T/w=
-----END CERTIFICATE-----