Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/krXwwb-bwuruVcePkMxU28MmddY.roa
File:                     krXwwb-bwuruVcePkMxU28MmddY.roa (raw, json)
Hash identifier:          cfkOVGrUjenTk+igtEzUnc5tH1/J3UQy5YkMWdGyOjc=
Subject key identifier:   92:B5:F0:C1:BF:9B:C2:EA:EE:55:C7:8F:90:CC:54:DB:C3:26:75:D6
Certificate issuer:       /CN=699c581aff3d0a90178cfab565a388ccd9bc01ce
Certificate serial:       018CCA28ECC9506CC438A435CE30B78A5116
Authority key identifier: 69:9C:58:1A:FF:3D:0A:90:17:8C:FA:B5:65:A3:88:CC:D9:BC:01:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/krXwwb-bwuruVcePkMxU28MmddY.roa
Signing time:             Tue 02 Jan 2024 12:32:08 +0000
ROA not before:           Tue 02 Jan 2024 12:32:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208708
IP address blocks:        109.110.192.0/20 maxlen: 20
                          109.110.208.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:ec:c9:50:6c:c4:38:a4:35:ce:30:b7:8a:51:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=699c581aff3d0a90178cfab565a388ccd9bc01ce
        Validity
            Not Before: Jan  2 12:32:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92b5f0c1bf9bc2eaee55c78f90cc54dbc32675d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:af:32:5e:05:8c:e7:20:b7:d7:12:37:ed:a4:
                    a2:b2:6d:a7:d8:2e:b4:c9:2e:07:03:67:3e:27:f4:
                    14:57:24:b7:09:73:49:5d:7d:55:05:d2:a3:ab:a8:
                    f9:6e:a7:b0:74:4a:67:1c:c3:af:83:59:25:28:8e:
                    5d:9d:84:49:f0:73:b2:24:4d:d6:3b:6b:fc:0f:a1:
                    3b:0b:d1:d5:da:1c:7c:a3:1a:68:eb:ea:77:11:aa:
                    00:9f:52:aa:88:4e:9d:de:b5:c3:86:00:ba:10:2c:
                    da:b0:00:03:5d:45:55:21:2e:24:cf:d4:19:4c:f9:
                    bb:47:61:5e:6d:72:8f:d0:88:03:23:ed:92:9c:b3:
                    6b:c2:9e:3b:b0:13:d4:27:de:e3:f0:a7:f9:74:60:
                    f8:59:2b:2a:4e:c3:d0:74:5d:fe:e3:70:5f:96:45:
                    f5:6a:e1:37:19:bf:3f:dd:a7:db:85:6b:81:75:e8:
                    54:a4:52:0b:82:76:67:54:3a:03:1e:0a:eb:0d:0c:
                    b9:2a:6a:5e:59:5d:f9:7e:7a:30:f5:a2:e9:f5:5f:
                    c0:5b:7c:52:56:72:bd:47:d6:70:b2:90:15:1f:c1:
                    99:c3:81:af:14:36:6d:be:3e:b0:ae:f4:02:89:5c:
                    d3:97:a8:7d:25:14:60:50:cf:26:dd:56:26:3b:80:
                    a3:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:B5:F0:C1:BF:9B:C2:EA:EE:55:C7:8F:90:CC:54:DB:C3:26:75:D6
            X509v3 Authority Key Identifier:
                keyid:69:9C:58:1A:FF:3D:0A:90:17:8C:FA:B5:65:A3:88:CC:D9:BC:01:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/krXwwb-bwuruVcePkMxU28MmddY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         59:19:11:ee:ac:46:b6:2c:ec:5c:ee:90:90:cd:e2:e3:8d:a8:
         9c:5d:f4:d1:90:28:3e:65:2c:3f:5a:5f:d6:1c:02:d2:cb:5b:
         1a:3b:31:d8:21:39:cd:b4:8c:03:b2:ce:f2:89:bf:f0:9a:c8:
         80:6e:90:da:40:72:4e:a0:21:fb:12:f8:22:13:57:9d:64:c9:
         3b:24:33:a5:71:a2:7c:1a:cf:cc:af:78:dd:b1:21:9d:c8:c4:
         ab:35:bf:22:c0:c6:f9:cf:3d:6c:1b:29:4f:54:d1:d9:71:6c:
         23:fa:3a:a1:5f:5a:03:97:78:d2:81:34:88:a1:09:e2:09:62:
         ca:ef:91:ab:18:2d:55:93:62:96:71:71:38:5b:0f:a9:1e:6a:
         d9:c8:2d:c2:82:91:3b:b2:30:cc:91:79:b9:3e:51:bc:b8:cf:
         99:c8:9c:ec:b3:f9:1f:c2:0a:3b:04:04:6d:91:bf:d1:a9:e3:
         ee:4b:0d:5b:95:27:23:7a:f9:79:59:20:19:50:05:08:7e:1d:
         cf:62:bb:72:21:81:1c:56:f7:23:f8:b0:c2:6d:c3:23:f5:84:
         3d:c8:4a:d2:46:20:ce:fa:86:35:fd:4a:ec:b8:e5:8a:71:eb:
         d9:3f:5c:0e:d6:a3:8d:a0:f7:e8:d7:33:8e:88:b0:c3:db:e8:
         07:6a:31:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKOzJUGzEOKQ1zjC3ilEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OWM1ODFhZmYzZDBhOTAxNzhjZmFiNTY1YTM4OGNjZDli
YzAxY2UwHhcNMjQwMTAyMTIzMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmI1ZjBjMWJmOWJjMmVhZWU1NWM3OGY5MGNjNTRkYmMzMjY3NWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0q8yXgWM5yC31xI37aSism2n2C60
yS4HA2c+J/QUVyS3CXNJXX1VBdKjq6j5bqewdEpnHMOvg1klKI5dnYRJ8HOyJE3W
O2v8D6E7C9HV2hx8oxpo6+p3EaoAn1KqiE6d3rXDhgC6ECzasAADXUVVIS4kz9QZ
TPm7R2FebXKP0IgDI+2SnLNrwp47sBPUJ97j8Kf5dGD4WSsqTsPQdF3+43BflkX1
auE3Gb8/3afbhWuBdehUpFILgnZnVDoDHgrrDQy5KmpeWV35fnow9aLp9V/AW3xS
VnK9R9ZwspAVH8GZw4GvFDZtvj6wrvQCiVzTl6h9JRRgUM8m3VYmO4CjfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJK18MG/m8Lq7lXHj5DMVNvDJnXWMB8GA1UdIwQY
MBaAFGmcWBr/PQqQF4z6tWWjiMzZvAHOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVp4WUd2ODlDcEFYalBxMVphT0l6Tm04QWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9mYjlkNWUtYTYyOC00ZjIzLTg4YTUt
ZTVkZGQyYmI1MWM1LzEva3JYd3diLWJ3dXJ1VmNlUGtNeFUyOE1tZGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9mYjlkNWUtYTYyOC00ZjIzLTg4YTUtZTVkZGQyYmI1MWM1
LzEvYVp4WUd2ODlDcEFYalBxMVphT0l6Tm04QWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFbW7AMA0G
CSqGSIb3DQEBCwUAA4IBAQBZGRHurEa2LOxc7pCQzeLjjaicXfTRkCg+ZSw/Wl/W
HALSy1saOzHYITnNtIwDss7yib/wmsiAbpDaQHJOoCH7EvgiE1edZMk7JDOlcaJ8
Gs/Mr3jdsSGdyMSrNb8iwMb5zz1sGylPVNHZcWwj+jqhX1oDl3jSgTSIoQniCWLK
75GrGC1Vk2KWcXE4Ww+pHmrZyC3CgpE7sjDMkXm5PlG8uM+ZyJzss/kfwgo7BARt
kb/RqePuSw1blScjevl5WSAZUAUIfh3PYrtyIYEcVvcj+LDCbcMj9YQ9yErSRiDO
+oY1/UrsuOWKcevZP1wO1qONoPfo1zOOiLDD2+gHajG5
-----END CERTIFICATE-----