Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/gI-xICbFdbJ0YHoKcVDOrmEyzp4.roa
File:                     gI-xICbFdbJ0YHoKcVDOrmEyzp4.roa (raw, json)
Hash identifier:          SWuY7yveVQ4FsxLDDUqlI8nmGFiefhbOAzxTnFbTdw8=
Subject key identifier:   80:8F:B1:20:26:C5:75:B2:74:60:7A:0A:71:50:CE:AE:61:32:CE:9E
Certificate issuer:       /CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
Certificate serial:       018CC26D020388A196C4F35EA3D921F7FFB7
Authority key identifier: 60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/gI-xICbFdbJ0YHoKcVDOrmEyzp4.roa
Signing time:             Mon 01 Jan 2024 00:29:32 +0000
ROA not before:           Mon 01 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210392
IP address blocks:        109.95.66.0/24 maxlen: 24
                          109.95.65.0/24 maxlen: 24
                          109.95.68.0/24 maxlen: 24
                          109.95.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:02:03:88:a1:96:c4:f3:5e:a3:d9:21:f7:ff:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
        Validity
            Not Before: Jan  1 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=808fb12026c575b274607a0a7150ceae6132ce9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:13:70:93:7a:1c:16:e6:2a:84:b4:b0:8a:bd:
                    ed:cc:ec:75:c4:06:29:ef:ae:38:5b:69:cd:b4:cb:
                    70:d5:85:ce:59:5c:ed:ac:b8:e9:05:3b:8f:78:fc:
                    6c:b9:f3:bc:08:41:50:f7:f1:4c:c7:94:cb:3a:07:
                    c6:00:5e:a8:ac:d3:97:76:62:42:28:13:63:5d:47:
                    e2:79:9b:75:e1:0a:76:ca:18:a0:07:2f:60:0a:e4:
                    52:c8:81:49:04:25:53:6b:b9:d0:57:6a:af:ce:e5:
                    19:d4:1c:8d:94:f7:e7:6a:65:d8:fc:0e:95:9d:da:
                    26:50:60:58:e1:16:b9:f4:fd:f8:00:a2:93:73:6c:
                    4c:7e:c0:67:50:cd:84:dd:b1:b0:43:99:ec:cb:62:
                    af:71:7a:be:85:ce:88:54:e0:02:09:f1:1d:6d:9f:
                    bd:97:7b:19:35:09:8e:37:38:bb:73:43:a2:0c:7d:
                    ce:17:fe:3d:73:f4:8d:35:6a:73:89:92:7f:dd:df:
                    f7:a7:42:4d:1d:69:bf:4f:d1:62:e8:18:c3:5e:a1:
                    09:20:fa:3f:41:f2:4c:bd:9f:2f:19:83:93:14:8c:
                    cf:73:ce:a8:e2:71:cd:d8:7a:43:fa:bf:5d:75:1f:
                    a9:89:14:50:91:e0:08:01:2d:a7:89:dd:b1:83:96:
                    62:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:8F:B1:20:26:C5:75:B2:74:60:7A:0A:71:50:CE:AE:61:32:CE:9E
            X509v3 Authority Key Identifier:
                keyid:60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/gI-xICbFdbJ0YHoKcVDOrmEyzp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.65.0-109.95.68.255

    Signature Algorithm: sha256WithRSAEncryption
         33:6b:5e:8c:93:b0:5c:d8:7b:86:ff:ec:e9:c7:49:48:63:14:
         dd:eb:d0:df:07:6a:c4:dd:6c:a6:44:55:9b:df:f9:1e:9f:47:
         76:05:7f:3c:d1:b0:0d:e6:28:a7:35:fd:e3:c8:c3:87:36:77:
         77:f2:97:ad:70:86:47:57:37:2b:fd:d3:94:c2:7f:37:42:d9:
         b7:dd:ed:14:00:8a:61:ba:f1:e3:29:bd:2e:7e:9b:95:1b:17:
         21:5c:d0:d0:09:cc:b2:bb:f6:8b:85:5c:79:dd:4c:ad:63:ad:
         0c:21:53:ed:31:53:7e:9b:ef:90:5c:ef:3b:3f:63:d0:9d:99:
         6f:f6:f7:7f:e9:24:3b:a8:70:e0:a8:3a:11:1f:d3:e3:ac:70:
         70:7d:05:6b:92:72:9a:0b:2e:4b:c0:f0:d7:bb:fb:71:21:19:
         88:1c:62:76:3d:d5:12:ac:55:fd:46:44:34:5a:36:8c:db:5e:
         bf:f1:09:9e:1a:27:9c:86:16:3c:94:83:bc:62:76:ab:b7:f8:
         21:0d:e9:b4:ba:28:57:d0:e4:61:b3:41:51:9f:43:80:8a:d1:
         76:84:8b:af:3f:9a:ae:5f:be:8f:b7:3f:b0:31:5b:ba:b6:11:
         88:d0:92:e9:2a:57:69:a5:b0:e8:94:6f:33:fa:71:72:c3:c5:
         27:cd:e6:81
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzCbQIDiKGWxPNeo9kh9/+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZWJkNGY3YWMzZDI0OTIwZGUxYzFmZjExODVkOTUwN2U5
YWQwNzgwHhcNMjQwMTAxMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDhmYjEyMDI2YzU3NWIyNzQ2MDdhMGE3MTUwY2VhZTYxMzJjZTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxNwk3ocFuYqhLSwir3tzOx1xAYp
7644W2nNtMtw1YXOWVztrLjpBTuPePxsufO8CEFQ9/FMx5TLOgfGAF6orNOXdmJC
KBNjXUfieZt14Qp2yhigBy9gCuRSyIFJBCVTa7nQV2qvzuUZ1ByNlPfnamXY/A6V
ndomUGBY4Ra59P34AKKTc2xMfsBnUM2E3bGwQ5nsy2KvcXq+hc6IVOACCfEdbZ+9
l3sZNQmONzi7c0OiDH3OF/49c/SNNWpziZJ/3d/3p0JNHWm/T9Fi6BjDXqEJIPo/
QfJMvZ8vGYOTFIzPc86o4nHN2HpD+r9ddR+piRRQkeAIAS2nid2xg5ZiRwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFICPsSAmxXWydGB6CnFQzq5hMs6eMB8GA1UdIwQY
MBaAFGDr1PesPSSSDeHB/xGF2VB+mtB4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgt
ODdkM2IwMjNkOTE5LzEvZ0kteElDYkZkYkowWUhvS2NWRE9ybUV5enA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgtODdkM2IwMjNkOTE5
LzEvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABtX0ED
BABtX0QwDQYJKoZIhvcNAQELBQADggEBADNrXoyTsFzYe4b/7OnHSUhjFN3r0N8H
asTdbKZEVZvf+R6fR3YFfzzRsA3mKKc1/ePIw4c2d3fyl61whkdXNyv905TCfzdC
2bfd7RQAimG68eMpvS5+m5UbFyFc0NAJzLK79ouFXHndTK1jrQwhU+0xU36b75Bc
7zs/Y9CdmW/293/pJDuocOCoOhEf0+OscHB9BWuScpoLLkvA8Ne7+3EhGYgcYnY9
1RKsVf1GRDRaNozbXr/xCZ4aJ5yGFjyUg7xidqu3+CEN6bS6KFfQ5GGzQVGfQ4CK
0XaEi68/mq5fvo+3P7AxW7q2EYjQkukqV2mlsOiUbzP6cXLDxSfN5oE=
-----END CERTIFICATE-----