Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/8dfcXEnHzGik_83Ev5JzuBEcSDQ.roa
File:                     8dfcXEnHzGik_83Ev5JzuBEcSDQ.roa (raw, json)
Hash identifier:          sir+1t3M1WDngxHPigqCpCTJGMMgnnssi5M+ZYc0h50=
Subject key identifier:   F1:D7:DC:5C:49:C7:CC:68:A4:FF:CD:C4:BF:92:73:B8:11:1C:48:34
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       018CEE4754E1F03EE6C1E3116476FD1C3F49
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/8dfcXEnHzGik_83Ev5JzuBEcSDQ.roa
Signing time:             Tue 09 Jan 2024 12:51:41 +0000
ROA not before:           Tue 09 Jan 2024 12:51:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        109.107.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:47:54:e1:f0:3e:e6:c1:e3:11:64:76:fd:1c:3f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Jan  9 12:51:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1d7dc5c49c7cc68a4ffcdc4bf9273b8111c4834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:24:94:ea:69:8b:04:22:42:99:f6:24:93:16:
                    1e:f0:77:2e:0a:77:bf:df:69:50:96:be:dd:cf:2a:
                    67:9a:ec:59:82:c5:db:51:e4:af:78:a4:c5:c0:bf:
                    9a:33:6f:83:72:c2:45:8c:59:5e:f1:24:db:26:6c:
                    04:43:8d:d0:e9:f0:d8:bf:53:d7:91:50:5f:c8:a9:
                    1f:41:68:b5:76:a0:81:3b:22:f4:27:97:51:af:96:
                    d4:70:03:fd:f8:c5:8a:2c:90:17:20:34:5e:95:ea:
                    2c:6c:b2:7e:b9:d8:35:6f:94:b8:73:68:a4:db:ca:
                    05:93:d5:13:65:87:ac:a3:73:80:ef:c1:d5:6a:eb:
                    0d:af:f9:57:62:c7:a9:65:7a:62:c7:40:bc:3c:7b:
                    87:0d:ab:05:f9:34:a3:d5:65:aa:ad:da:85:ca:10:
                    ad:7c:d2:bb:b0:04:71:1e:45:7b:ff:f5:2e:c2:46:
                    46:d4:fc:47:84:1b:94:31:e5:48:55:97:c7:85:e3:
                    99:5f:92:97:64:e4:2f:e2:33:89:7c:8a:8e:3b:8f:
                    55:9b:0d:de:cb:be:81:f4:d2:24:2c:f4:db:f8:2c:
                    9c:79:21:ed:f0:e8:f6:87:3b:ac:b6:57:69:24:61:
                    75:25:8b:2a:23:f4:3e:76:32:f0:dd:24:5b:09:d6:
                    fe:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D7:DC:5C:49:C7:CC:68:A4:FF:CD:C4:BF:92:73:B8:11:1C:48:34
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/8dfcXEnHzGik_83Ev5JzuBEcSDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:5b:d6:20:17:b0:a2:22:13:41:c3:cd:17:d1:59:ea:97:b1:
         f9:d2:60:8c:00:56:66:31:04:a7:36:f6:89:80:2e:63:ff:75:
         c5:ba:b1:e6:e3:b9:3e:5d:1b:c4:c8:c6:d8:5d:c7:bb:13:15:
         e9:49:46:e7:44:45:96:d6:5b:9b:62:81:e2:0a:47:d1:76:ae:
         db:e1:f8:b8:f9:77:2b:96:57:c3:2a:63:97:c0:7f:c9:f8:aa:
         ac:b4:11:ee:a4:68:ff:38:bb:b2:fb:fc:e1:30:26:df:17:90:
         32:79:1c:e0:6a:50:1a:c6:fe:2b:d1:73:2b:46:b5:ac:02:02:
         aa:0c:85:cc:32:c6:85:f8:f1:59:51:bb:06:ac:d5:c3:25:91:
         5b:c8:d7:01:32:ff:13:7f:e8:c1:3e:07:84:88:4a:f8:f9:2e:
         f7:74:b0:e8:30:f9:18:53:b4:e1:05:56:e3:10:08:2d:7b:72:
         ea:fe:09:04:f6:97:64:ec:f6:fc:68:44:5a:2d:79:47:1a:a1:
         4b:04:ad:0a:84:88:c1:36:ad:7d:ba:7b:5e:f5:fd:b8:12:39:
         e6:aa:b9:d9:90:5a:8b:18:7a:bf:d3:e8:8f:0b:4c:3c:71:c4:
         dc:dc:b3:1f:83:c0:1f:88:4c:51:c0:a3:9e:00:c3:2f:ed:28:
         49:ec:fb:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzuR1Th8D7mweMRZHb9HD9JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjQwMTA5MTI1MTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ3ZGM1YzQ5YzdjYzY4YTRmZmNkYzRiZjkyNzNiODExMWM0ODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCSU6mmLBCJCmfYkkxYe8HcuCne/
32lQlr7dzypnmuxZgsXbUeSveKTFwL+aM2+DcsJFjFle8STbJmwEQ43Q6fDYv1PX
kVBfyKkfQWi1dqCBOyL0J5dRr5bUcAP9+MWKLJAXIDReleosbLJ+udg1b5S4c2ik
28oFk9UTZYeso3OA78HVausNr/lXYsepZXpix0C8PHuHDasF+TSj1WWqrdqFyhCt
fNK7sARxHkV7//UuwkZG1PxHhBuUMeVIVZfHheOZX5KXZOQv4jOJfIqOO49Vmw3e
y76B9NIkLPTb+CyceSHt8Oj2hzustldpJGF1JYsqI/Q+djLw3SRbCdb+KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHX3FxJx8xopP/NxL+Sc7gRHEg0MB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvOGRmY1hFbkh6R2lrXzgzRXY1Snp1QkVjU0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuqMA0G
CSqGSIb3DQEBCwUAA4IBAQAmW9YgF7CiIhNBw80X0Vnql7H50mCMAFZmMQSnNvaJ
gC5j/3XFurHm47k+XRvEyMbYXce7ExXpSUbnREWW1lubYoHiCkfRdq7b4fi4+Xcr
llfDKmOXwH/J+KqstBHupGj/OLuy+/zhMCbfF5AyeRzgalAaxv4r0XMrRrWsAgKq
DIXMMsaF+PFZUbsGrNXDJZFbyNcBMv8Tf+jBPgeEiEr4+S73dLDoMPkYU7ThBVbj
EAgte3Lq/gkE9pdk7Pb8aERaLXlHGqFLBK0KhIjBNq19unte9f24EjnmqrnZkFqL
GHq/0+iPC0w8ccTc3LMfg8AfiExRwKOeAMMv7ShJ7PuW
-----END CERTIFICATE-----