Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/aa5cc0-bb56-4b47-b7c1-44f41d9e1277/1/CQ6NizvI3LK-YBUuGJ9E_EYc1uE.roa
File:                     CQ6NizvI3LK-YBUuGJ9E_EYc1uE.roa (raw, json)
Hash identifier:          Yg79kKGE9Ruy0nWKlkwlRRX69ZmxYPh2HxdpvFYF+Ro=
Subject key identifier:   09:0E:8D:8B:3B:C8:DC:B2:BE:60:15:2E:18:9F:44:FC:46:1C:D6:E1
Certificate issuer:       /CN=e069ab6f09572afb46e9f8e9a0639d820b969422
Certificate serial:       018CC2DB2E9CBFCF47EE26CF5B6659335DFB
Authority key identifier: E0:69:AB:6F:09:57:2A:FB:46:E9:F8:E9:A0:63:9D:82:0B:96:94:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4GmrbwlXKvtG6fjpoGOdgguWlCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/aa5cc0-bb56-4b47-b7c1-44f41d9e1277/1/CQ6NizvI3LK-YBUuGJ9E_EYc1uE.roa
Signing time:             Mon 01 Jan 2024 02:29:53 +0000
ROA not before:           Mon 01 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        194.15.138.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/aa5cc0-bb56-4b47-b7c1-44f41d9e1277/1/4GmrbwlXKvtG6fjpoGOdgguWlCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/aa5cc0-bb56-4b47-b7c1-44f41d9e1277/1/4GmrbwlXKvtG6fjpoGOdgguWlCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4GmrbwlXKvtG6fjpoGOdgguWlCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2e:9c:bf:cf:47:ee:26:cf:5b:66:59:33:5d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e069ab6f09572afb46e9f8e9a0639d820b969422
        Validity
            Not Before: Jan  1 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=090e8d8b3bc8dcb2be60152e189f44fc461cd6e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:81:26:ea:15:88:cb:0a:c4:9d:53:0a:3c:bf:
                    0f:e5:be:ae:9c:b0:4e:9c:13:91:44:1c:22:30:94:
                    74:19:8a:0a:df:c8:a1:68:17:c3:7f:37:ae:4d:c3:
                    ae:44:a7:e7:1c:20:88:93:0a:8e:f6:97:5c:3c:30:
                    2f:04:15:20:a2:72:d2:b8:83:52:ec:8d:f9:c1:2a:
                    80:fe:58:2c:08:75:22:4f:d8:86:51:a4:cf:d7:32:
                    bc:5d:37:66:d9:75:2c:2f:cc:c3:36:18:cf:ca:97:
                    10:db:74:b2:cf:38:ef:d0:5f:c1:fa:a5:15:12:a7:
                    3f:98:3d:62:94:3a:5a:9c:f6:a2:7e:2e:ea:ee:64:
                    5a:74:56:1c:e1:b3:26:15:6b:52:28:1d:41:f3:55:
                    27:7f:0d:b9:3d:86:10:10:9b:4c:38:07:4b:fe:d4:
                    fa:02:ce:70:40:74:4e:4c:c0:50:95:2e:d8:ca:9e:
                    a1:ed:01:36:8a:4d:73:29:58:7e:cb:cb:3c:28:e2:
                    c1:10:e4:cf:da:79:5f:0e:bf:bc:21:e1:85:f5:83:
                    56:f2:50:02:d0:63:06:67:62:4c:9d:8a:45:df:9a:
                    72:c7:24:a7:17:ef:94:77:77:a1:bc:c9:bf:19:83:
                    ba:3d:a1:a5:1a:3e:b9:9a:61:89:72:76:ae:70:52:
                    67:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:0E:8D:8B:3B:C8:DC:B2:BE:60:15:2E:18:9F:44:FC:46:1C:D6:E1
            X509v3 Authority Key Identifier:
                keyid:E0:69:AB:6F:09:57:2A:FB:46:E9:F8:E9:A0:63:9D:82:0B:96:94:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4GmrbwlXKvtG6fjpoGOdgguWlCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/aa5cc0-bb56-4b47-b7c1-44f41d9e1277/1/CQ6NizvI3LK-YBUuGJ9E_EYc1uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/aa5cc0-bb56-4b47-b7c1-44f41d9e1277/1/4GmrbwlXKvtG6fjpoGOdgguWlCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:a2:7b:c0:45:aa:c7:95:a9:fc:68:9e:05:c4:78:14:26:22:
         d9:70:22:16:64:97:c9:00:74:b1:0c:4a:3f:0e:8f:e0:91:90:
         c7:b4:ae:9d:11:f0:4f:ad:7a:42:ae:a8:9c:02:f0:cf:3c:6a:
         e1:31:0f:f5:0f:7c:a4:02:0e:11:75:7d:be:66:fa:e5:dc:b5:
         42:b9:20:2f:3a:e2:15:40:02:7a:df:c6:2a:76:62:48:0f:ed:
         68:9e:98:ee:4f:4e:a5:a7:c4:db:48:34:a1:b7:a0:dd:41:04:
         ab:70:85:65:aa:64:1a:4b:df:db:61:fd:c3:86:2a:2c:5a:d6:
         12:9b:b5:c9:9b:30:7c:fa:71:90:cc:45:09:64:b3:af:a3:24:
         89:36:83:94:4e:c0:59:57:7e:57:8a:07:b8:76:06:e5:99:bb:
         8b:55:99:41:07:c8:87:b1:47:be:2c:3a:88:55:b7:56:c6:42:
         ad:1e:3e:c4:72:a7:bd:86:aa:c9:4d:35:ff:b3:e0:51:dc:16:
         52:99:85:7e:85:56:e5:4e:a1:86:db:20:19:b6:4f:37:91:c2:
         82:0c:a0:b6:a7:76:d7:de:13:6c:7b:2b:c0:24:97:c7:57:21:
         fc:94:32:01:df:38:9a:31:33:e0:24:36:f9:56:20:8b:31:1a:
         00:21:f8:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2y6cv89H7ibPW2ZZM137MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNjlhYjZmMDk1NzJhZmI0NmU5ZjhlOWEwNjM5ZDgyMGI5
Njk0MjIwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTBlOGQ4YjNiYzhkY2IyYmU2MDE1MmUxODlmNDRmYzQ2MWNkNmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYEm6hWIywrEnVMKPL8P5b6unLBO
nBORRBwiMJR0GYoK38ihaBfDfzeuTcOuRKfnHCCIkwqO9pdcPDAvBBUgonLSuINS
7I35wSqA/lgsCHUiT9iGUaTP1zK8XTdm2XUsL8zDNhjPypcQ23Syzzjv0F/B+qUV
Eqc/mD1ilDpanPaifi7q7mRadFYc4bMmFWtSKB1B81Unfw25PYYQEJtMOAdL/tT6
As5wQHROTMBQlS7Yyp6h7QE2ik1zKVh+y8s8KOLBEOTP2nlfDr+8IeGF9YNW8lAC
0GMGZ2JMnYpF35pyxySnF++Ud3ehvMm/GYO6PaGlGj65mmGJcnaucFJnpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkOjYs7yNyyvmAVLhifRPxGHNbhMB8GA1UdIwQY
MBaAFOBpq28JVyr7Run46aBjnYILlpQiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEdtcmJ3bFhLdnRHNmZqcG9HT2RnZ3VXbENJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9hYTVjYzAtYmI1Ni00YjQ3LWI3YzEt
NDRmNDFkOWUxMjc3LzEvQ1E2Tml6dkkzTEstWUJVdUdKOUVfRVljMXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9hYTVjYzAtYmI1Ni00YjQ3LWI3YzEtNDRmNDFkOWUxMjc3
LzEvNEdtcmJ3bFhLdnRHNmZqcG9HT2RnZ3VXbENJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwg+KMA0G
CSqGSIb3DQEBCwUAA4IBAQCHonvARarHlan8aJ4FxHgUJiLZcCIWZJfJAHSxDEo/
Do/gkZDHtK6dEfBPrXpCrqicAvDPPGrhMQ/1D3ykAg4RdX2+Zvrl3LVCuSAvOuIV
QAJ638YqdmJID+1onpjuT06lp8TbSDSht6DdQQSrcIVlqmQaS9/bYf3DhiosWtYS
m7XJmzB8+nGQzEUJZLOvoySJNoOUTsBZV35Xige4dgblmbuLVZlBB8iHsUe+LDqI
VbdWxkKtHj7Ecqe9hqrJTTX/s+BR3BZSmYV+hVblTqGG2yAZtk83kcKCDKC2p3bX
3hNseyvAJJfHVyH8lDIB3ziaMTPgJDb5ViCLMRoAIfhO
-----END CERTIFICATE-----