Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/CXi-FUeQUxztaSiWSsS8vkY8x98.roa
File:                     CXi-FUeQUxztaSiWSsS8vkY8x98.roa (raw, json)
Hash identifier:          xDc+ib2JfMRO+Ad2Ej8gF26zy3uMbBJF9nfpic2hoO4=
Subject key identifier:   09:78:BE:15:47:90:53:1C:ED:69:28:96:4A:C4:BC:BE:46:3C:C7:DF
Certificate issuer:       /CN=1bc3c1bef15f4bccc4e748c08957ecc229a0f1ef
Certificate serial:       018CCA2B769215B278F512F6D40112671A19
Authority key identifier: 1B:C3:C1:BE:F1:5F:4B:CC:C4:E7:48:C0:89:57:EC:C2:29:A0:F1:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G8PBvvFfS8zE50jAiVfswimg8e8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/CXi-FUeQUxztaSiWSsS8vkY8x98.roa
Signing time:             Tue 02 Jan 2024 12:34:55 +0000
ROA not before:           Tue 02 Jan 2024 12:34:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35370
IP address blocks:        160.20.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/G8PBvvFfS8zE50jAiVfswimg8e8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/G8PBvvFfS8zE50jAiVfswimg8e8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G8PBvvFfS8zE50jAiVfswimg8e8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:76:92:15:b2:78:f5:12:f6:d4:01:12:67:1a:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bc3c1bef15f4bccc4e748c08957ecc229a0f1ef
        Validity
            Not Before: Jan  2 12:34:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0978be154790531ced6928964ac4bcbe463cc7df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:60:cc:42:d8:68:a3:73:8a:dc:13:7c:45:a0:
                    d7:47:60:b8:81:d4:20:29:ba:c3:6e:8b:7d:83:d1:
                    bc:34:fb:1b:9d:c6:66:a1:23:7a:2f:a8:f6:53:b3:
                    f0:e9:af:86:7f:ff:aa:d2:0d:13:61:21:67:d7:84:
                    2a:07:d9:c6:c3:a0:a3:4f:97:69:61:c0:29:fe:8b:
                    55:3e:00:e3:fd:0d:bd:c0:fb:20:ad:70:da:c8:73:
                    f5:57:bb:0e:5f:f7:02:21:bf:14:49:d3:8c:a1:b5:
                    8d:0e:1c:91:5d:23:94:d4:92:9a:cd:85:57:16:60:
                    a7:dc:e3:8b:26:61:e5:c0:0e:a7:ab:85:98:f9:4b:
                    0c:48:1a:3a:b1:72:51:c7:d9:f4:66:b5:a2:17:de:
                    39:f3:f9:45:53:10:c7:37:77:56:89:ad:38:aa:78:
                    31:ef:d2:64:70:e9:f4:f5:39:74:18:47:94:81:bd:
                    ac:ae:f5:72:11:34:35:a7:cd:ad:e9:f2:9e:94:e6:
                    f2:b7:25:74:09:93:6d:d4:45:63:13:5d:a3:40:88:
                    3e:4b:45:ea:26:a4:e5:1f:c7:a3:7e:ed:b9:77:2d:
                    1d:b5:2d:4d:f2:38:49:10:a8:38:c8:a8:f8:d6:52:
                    03:44:45:34:a6:40:1d:d5:15:dc:ac:1d:b0:8a:70:
                    fe:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:78:BE:15:47:90:53:1C:ED:69:28:96:4A:C4:BC:BE:46:3C:C7:DF
            X509v3 Authority Key Identifier:
                keyid:1B:C3:C1:BE:F1:5F:4B:CC:C4:E7:48:C0:89:57:EC:C2:29:A0:F1:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G8PBvvFfS8zE50jAiVfswimg8e8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/CXi-FUeQUxztaSiWSsS8vkY8x98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/bc94df-7259-42d1-822a-3d9810098703/1/G8PBvvFfS8zE50jAiVfswimg8e8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:dd:c2:24:95:64:db:dd:2f:86:b5:09:07:d9:8d:14:68:08:
         a7:4d:39:5c:9a:7e:65:0f:96:bd:a3:e8:e5:57:59:78:59:85:
         59:3e:44:8e:c2:3f:33:a4:0b:41:3b:3f:fd:d2:7b:e0:f5:60:
         46:34:a5:eb:2d:69:f6:a4:d1:a0:42:25:d4:ab:32:1f:70:ea:
         76:84:a8:ea:23:a4:16:fb:aa:fe:f1:4b:ce:9b:d4:6d:7c:ef:
         ff:ac:67:ab:0d:e6:33:74:34:0e:77:66:9d:49:f4:36:b1:a7:
         73:52:69:e2:8e:f1:6c:1d:23:e0:6f:22:d2:31:68:dd:1c:85:
         73:76:65:29:97:51:69:01:f3:bd:44:4a:71:ac:17:e7:ca:1f:
         7e:a7:64:75:35:94:50:ae:78:b3:a0:a1:94:78:c7:02:c9:ff:
         96:dd:bc:e7:74:8b:fa:6b:2c:d0:f2:09:ff:61:1c:f5:ad:da:
         9f:f9:fb:96:6f:af:fa:77:42:e1:c4:d0:3e:ed:b8:4b:71:66:
         1d:f2:a8:9f:13:6c:1a:a8:37:83:b3:43:59:2e:ac:e6:58:ef:
         93:88:0b:10:ab:47:6c:10:51:20:5b:fd:fa:f0:f8:c2:3a:68:
         c5:5f:8c:f7:96:ce:f7:a9:af:f7:2c:96:69:cc:6b:99:ca:43:
         47:fe:20:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK3aSFbJ49RL21AESZxoZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYzNjMWJlZjE1ZjRiY2NjNGU3NDhjMDg5NTdlY2MyMjlh
MGYxZWYwHhcNMjQwMTAyMTIzNDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTc4YmUxNTQ3OTA1MzFjZWQ2OTI4OTY0YWM0YmNiZTQ2M2NjN2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGDMQthoo3OK3BN8RaDXR2C4gdQg
KbrDbot9g9G8NPsbncZmoSN6L6j2U7Pw6a+Gf/+q0g0TYSFn14QqB9nGw6CjT5dp
YcAp/otVPgDj/Q29wPsgrXDayHP1V7sOX/cCIb8USdOMobWNDhyRXSOU1JKazYVX
FmCn3OOLJmHlwA6nq4WY+UsMSBo6sXJRx9n0ZrWiF9458/lFUxDHN3dWia04qngx
79JkcOn09Tl0GEeUgb2srvVyETQ1p82t6fKelObytyV0CZNt1EVjE12jQIg+S0Xq
JqTlH8ejfu25dy0dtS1N8jhJEKg4yKj41lIDREU0pkAd1RXcrB2winD+7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAl4vhVHkFMc7WkolkrEvL5GPMffMB8GA1UdIwQY
MBaAFBvDwb7xX0vMxOdIwIlX7MIpoPHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzhQQnZ2RmZTOHpFNTBqQWlWZnN3aW1nOGU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9iYzk0ZGYtNzI1OS00MmQxLTgyMmEt
M2Q5ODEwMDk4NzAzLzEvQ1hpLUZVZVFVeHp0YVNpV1NzUzh2a1k4eDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9iYzk0ZGYtNzI1OS00MmQxLTgyMmEtM2Q5ODEwMDk4NzAz
LzEvRzhQQnZ2RmZTOHpFNTBqQWlWZnN3aW1nOGU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCoBRkMA0G
CSqGSIb3DQEBCwUAA4IBAQBY3cIklWTb3S+GtQkH2Y0UaAinTTlcmn5lD5a9o+jl
V1l4WYVZPkSOwj8zpAtBOz/90nvg9WBGNKXrLWn2pNGgQiXUqzIfcOp2hKjqI6QW
+6r+8UvOm9RtfO//rGerDeYzdDQOd2adSfQ2sadzUmnijvFsHSPgbyLSMWjdHIVz
dmUpl1FpAfO9REpxrBfnyh9+p2R1NZRQrnizoKGUeMcCyf+W3bzndIv6ayzQ8gn/
YRz1rdqf+fuWb6/6d0LhxNA+7bhLcWYd8qifE2waqDeDs0NZLqzmWO+TiAsQq0ds
EFEgW/368PjCOmjFX4z3ls73qa/3LJZpzGuZykNH/iBV
-----END CERTIFICATE-----