Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/1fce93-02ea-4f99-99c2-08c2123580ed/1/0FPPBtsN210U9TcyUOoD4vT2QPY.roa
File:                     0FPPBtsN210U9TcyUOoD4vT2QPY.roa (raw, json)
Hash identifier:          fG8Q0h59H0I6+//7X6/ScKzAsNXNuiLvMcAt229Ohto=
Subject key identifier:   D0:53:CF:06:DB:0D:DB:5D:14:F5:37:32:50:EA:03:E2:F4:F6:40:F6
Certificate issuer:       /CN=05899f3976487038a3fa6343952b14b4d072b33d
Certificate serial:       019421441151241E2C1AC51801D099FB603A
Authority key identifier: 05:89:9F:39:76:48:70:38:A3:FA:63:43:95:2B:14:B4:D0:72:B3:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BYmfOXZIcDij-mNDlSsUtNBysz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/1fce93-02ea-4f99-99c2-08c2123580ed/1/0FPPBtsN210U9TcyUOoD4vT2QPY.roa
Signing time:             Wed 01 Jan 2025 09:48:16 +0000
ROA not before:           Wed 01 Jan 2025 09:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44090
IP address blocks:        109.70.237.0/24 maxlen: 24
                          185.179.168.0/22 maxlen: 22
                          2a0a:74c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/1fce93-02ea-4f99-99c2-08c2123580ed/1/BYmfOXZIcDij-mNDlSsUtNBysz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/1fce93-02ea-4f99-99c2-08c2123580ed/1/BYmfOXZIcDij-mNDlSsUtNBysz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BYmfOXZIcDij-mNDlSsUtNBysz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:11:51:24:1e:2c:1a:c5:18:01:d0:99:fb:60:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05899f3976487038a3fa6343952b14b4d072b33d
        Validity
            Not Before: Jan  1 09:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d053cf06db0ddb5d14f5373250ea03e2f4f640f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:77:a3:18:ab:4a:05:f5:66:2f:fd:b4:5d:7e:
                    ab:6e:98:62:d2:3d:cd:18:fc:8c:b7:0b:da:03:ad:
                    d8:f8:79:8e:6c:ce:7f:7e:f7:e6:1d:77:ae:9c:80:
                    d8:4a:2b:8e:67:e7:ac:00:2a:c1:80:89:0e:9d:6d:
                    a9:3c:b5:a3:a8:48:26:2e:16:6c:19:04:3a:a3:f8:
                    04:7e:3f:64:d6:59:4f:86:97:0d:90:97:b6:f6:63:
                    13:3c:a8:7a:3d:67:dd:92:cd:48:5b:7b:4f:6b:c9:
                    76:96:f6:87:ea:ef:54:46:76:f4:1f:dd:99:0b:e5:
                    61:08:d5:89:0b:ed:ea:c1:ba:fe:a4:9c:4f:6a:ca:
                    90:52:3e:d4:f7:0e:75:2e:ac:e5:2e:e0:b4:63:34:
                    76:c1:4d:bf:c8:23:f3:38:80:5d:06:99:04:34:8f:
                    c4:2a:d7:8b:46:a8:6d:4b:b0:97:35:70:92:ee:24:
                    4e:be:06:75:09:96:01:c2:c1:08:af:ce:e4:d6:92:
                    cd:f4:33:31:94:c1:a9:ca:c3:3c:ec:78:e5:93:b8:
                    60:31:72:21:66:6a:18:c3:c9:c3:5e:b6:23:04:22:
                    f7:58:d1:4f:94:87:d2:97:79:2e:ab:9b:68:78:bf:
                    42:f3:d1:3a:86:7b:ee:05:f1:1a:3f:b4:a5:58:5a:
                    fa:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:53:CF:06:DB:0D:DB:5D:14:F5:37:32:50:EA:03:E2:F4:F6:40:F6
            X509v3 Authority Key Identifier:
                keyid:05:89:9F:39:76:48:70:38:A3:FA:63:43:95:2B:14:B4:D0:72:B3:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BYmfOXZIcDij-mNDlSsUtNBysz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/1fce93-02ea-4f99-99c2-08c2123580ed/1/0FPPBtsN210U9TcyUOoD4vT2QPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/1fce93-02ea-4f99-99c2-08c2123580ed/1/BYmfOXZIcDij-mNDlSsUtNBysz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.237.0/24
                  185.179.168.0/22
                IPv6:
                  2a0a:74c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:e7:c9:24:6b:1a:c9:9a:bf:89:bf:df:e1:b3:5c:66:e9:98:
         9b:10:45:39:fe:68:4e:65:a2:d7:69:b2:0d:34:2b:60:59:c6:
         1c:ec:c0:5d:26:dc:e9:69:69:48:30:7b:83:a2:14:9b:c2:4a:
         81:e2:6b:7d:d7:8b:a9:0d:cc:52:57:72:8e:58:a2:c2:b4:9e:
         fd:d7:c3:d2:d4:8e:8c:c1:51:eb:94:dc:32:f5:d1:e5:4b:05:
         ee:89:6a:c2:a1:dc:b9:c2:e3:69:61:bd:06:80:fa:3b:6d:a7:
         49:e7:bb:b5:4d:ba:9f:26:c6:2e:b1:9a:47:a2:12:e7:83:49:
         80:c0:aa:c0:a9:42:8c:ea:75:ed:fa:c7:0f:3b:db:0e:f8:2b:
         7b:69:9b:1d:27:d1:31:51:4d:24:48:09:29:6a:5e:38:9c:1b:
         cc:21:b0:4f:ef:09:5a:2b:ae:d2:29:e5:74:b4:f2:20:f6:91:
         20:7a:fa:5d:4c:d2:06:7c:13:18:cb:c4:13:6c:85:cd:55:67:
         e3:2d:f3:a1:47:eb:1d:b9:5e:53:29:6e:c2:7c:d3:48:36:a4:
         48:6b:ce:ed:c9:63:ab:21:37:a3:4f:2d:a9:4b:0c:67:13:ef:
         55:9f:60:9c:28:74:92:6f:84:3d:a8:65:5a:2f:ca:fd:20:87:
         fe:2f:02:71
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhRBFRJB4sGsUYAdCZ+2A6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ODk5ZjM5NzY0ODcwMzhhM2ZhNjM0Mzk1MmIxNGI0ZDA3
MmIzM2QwHhcNMjUwMTAxMDk0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDUzY2YwNmRiMGRkYjVkMTRmNTM3MzI1MGVhMDNlMmY0ZjY0MGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXejGKtKBfVmL/20XX6rbphi0j3N
GPyMtwvaA63Y+HmObM5/fvfmHXeunIDYSiuOZ+esACrBgIkOnW2pPLWjqEgmLhZs
GQQ6o/gEfj9k1llPhpcNkJe29mMTPKh6PWfdks1IW3tPa8l2lvaH6u9URnb0H92Z
C+VhCNWJC+3qwbr+pJxPasqQUj7U9w51LqzlLuC0YzR2wU2/yCPzOIBdBpkENI/E
KteLRqhtS7CXNXCS7iROvgZ1CZYBwsEIr87k1pLN9DMxlMGpysM87Hjlk7hgMXIh
ZmoYw8nDXrYjBCL3WNFPlIfSl3kuq5toeL9C89E6hnvuBfEaP7SlWFr6IQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNBTzwbbDdtdFPU3MlDqA+L09kD2MB8GA1UdIwQY
MBaAFAWJnzl2SHA4o/pjQ5UrFLTQcrM9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlltZk9YWkljRGlqLW1ORGxTc1V0TkJ5c3owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8xZmNlOTMtMDJlYS00Zjk5LTk5YzIt
MDhjMjEyMzU4MGVkLzEvMEZQUEJ0c04yMTBVOVRjeVVPb0Q0dlQyUVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8xZmNlOTMtMDJlYS00Zjk5LTk5YzItMDhjMjEyMzU4MGVk
LzEvQlltZk9YWkljRGlqLW1ORGxTc1V0TkJ5c3owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAbUbtAwQC
ubOoMA0EAgACMAcDBQAqCnTAMA0GCSqGSIb3DQEBCwUAA4IBAQAW58kkaxrJmr+J
v9/hs1xm6ZibEEU5/mhOZaLXabINNCtgWcYc7MBdJtzpaWlIMHuDohSbwkqB4mt9
14upDcxSV3KOWKLCtJ7918PS1I6MwVHrlNwy9dHlSwXuiWrCody5wuNpYb0GgPo7
badJ57u1TbqfJsYusZpHohLng0mAwKrAqUKM6nXt+scPO9sO+Ct7aZsdJ9ExUU0k
SAkpal44nBvMIbBP7wlaK67SKeV0tPIg9pEgevpdTNIGfBMYy8QTbIXNVWfjLfOh
R+sduV5TKW7CfNNINqRIa87tyWOrITejTy2pSwxnE+9Vn2CcKHSSb4Q9qGVaL8r9
IIf+LwJx
-----END CERTIFICATE-----