Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/Rv0rf_-DC9cDhMBMfjZb_X1Vlaw.roa
File:                     Rv0rf_-DC9cDhMBMfjZb_X1Vlaw.roa (raw, json)
Hash identifier:          kRE2Rom1QsKmij3L16jyNRW/npzAs8WqltK+1Dj8H0I=
Subject key identifier:   46:FD:2B:7F:FF:83:0B:D7:03:84:C0:4C:7E:36:5B:FD:7D:55:95:AC
Certificate issuer:       /CN=8106d994a1219257a3cec9ed91cd189bc3d93b0b
Certificate serial:       018CC3B67D230BBD0F8125C8202A590D9F6F
Authority key identifier: 81:06:D9:94:A1:21:92:57:A3:CE:C9:ED:91:CD:18:9B:C3:D9:3B:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQbZlKEhklejzsntkc0Ym8PZOws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/Rv0rf_-DC9cDhMBMfjZb_X1Vlaw.roa
Signing time:             Mon 01 Jan 2024 06:29:25 +0000
ROA not before:           Mon 01 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        134.221.0.0/16 maxlen: 16
                          192.43.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/gQbZlKEhklejzsntkc0Ym8PZOws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/gQbZlKEhklejzsntkc0Ym8PZOws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQbZlKEhklejzsntkc0Ym8PZOws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7d:23:0b:bd:0f:81:25:c8:20:2a:59:0d:9f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8106d994a1219257a3cec9ed91cd189bc3d93b0b
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46fd2b7fff830bd70384c04c7e365bfd7d5595ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:71:60:a7:d3:aa:ac:df:e3:91:ae:13:2d:9e:
                    e7:cc:b4:64:72:c6:a0:ae:f4:f6:49:3a:ef:a4:26:
                    9e:99:ad:c1:51:02:e8:83:80:b6:78:3c:45:7a:9f:
                    82:3f:c8:70:0b:55:74:72:9d:51:20:9c:19:af:a3:
                    3e:58:17:fb:3d:53:75:9a:7d:b6:b2:0c:3c:80:be:
                    15:27:63:25:3e:ad:4a:a0:83:1a:1a:79:58:91:4d:
                    bc:6e:50:df:c9:e3:78:c7:90:17:c3:a2:8d:eb:37:
                    0d:3b:1a:0b:27:f5:f7:14:e1:6a:fe:bc:15:5a:e0:
                    b3:3d:ee:e0:97:9f:f1:0b:a7:5d:2f:d3:c7:06:b5:
                    08:fd:a8:df:65:9a:59:4a:e6:a6:04:9f:cd:60:55:
                    0b:b3:82:63:67:21:4a:04:e3:ee:f8:a5:a8:6c:db:
                    dc:fc:50:75:0d:4b:5e:9f:f8:6e:e8:b8:f9:f8:c7:
                    42:ae:d8:e7:24:f0:e1:9b:d6:6e:82:ac:27:96:15:
                    e2:e8:e8:22:ef:bf:a9:a0:d3:c4:64:1d:37:18:13:
                    9b:a7:c3:d2:72:27:33:f0:a6:df:82:e6:74:47:71:
                    ee:3b:d3:c3:a8:89:a8:e0:fc:fd:a6:05:6a:61:db:
                    3f:dc:ab:d6:d5:ae:5d:2f:34:14:5a:95:51:d4:e4:
                    80:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:FD:2B:7F:FF:83:0B:D7:03:84:C0:4C:7E:36:5B:FD:7D:55:95:AC
            X509v3 Authority Key Identifier:
                keyid:81:06:D9:94:A1:21:92:57:A3:CE:C9:ED:91:CD:18:9B:C3:D9:3B:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQbZlKEhklejzsntkc0Ym8PZOws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/Rv0rf_-DC9cDhMBMfjZb_X1Vlaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/gQbZlKEhklejzsntkc0Ym8PZOws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.221.0.0/16
                  192.43.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:c1:fb:fe:3b:09:a2:96:7e:6b:b5:2f:24:f9:27:e0:1c:53:
         02:ce:c7:44:ed:a0:99:36:4e:05:2d:14:a0:72:9d:ac:6a:6b:
         42:dd:b4:6e:ff:b2:47:2b:0d:42:94:50:79:04:83:26:f6:02:
         d6:e8:a1:bc:9e:81:69:4c:a6:47:5c:d3:1f:a2:61:73:07:e7:
         e6:96:ab:dd:e5:48:7b:69:df:bb:ee:3e:e0:5d:47:9d:eb:85:
         33:86:f0:8f:1a:2f:36:ba:39:82:51:ce:f8:f9:9c:a7:e3:81:
         58:7f:ed:76:68:af:45:96:4d:65:db:38:6f:8b:b6:ac:57:64:
         02:cb:3a:44:eb:e1:62:8a:a2:aa:1c:00:60:fd:33:5f:0c:ef:
         45:30:52:2d:cf:c0:ae:1e:a2:24:83:8c:ac:19:09:10:01:25:
         5c:91:53:ab:e1:08:c7:bd:70:97:84:0d:e4:98:d1:07:44:83:
         8b:11:ac:b4:71:a8:23:0c:0a:cd:65:38:bb:7c:d7:7f:26:36:
         e3:3e:2a:a2:46:cb:af:f4:ad:8c:18:13:c7:b9:53:8c:a4:2f:
         8f:e4:49:0e:9e:38:83:71:e1:78:09:2c:e5:7f:09:a1:55:87:
         b8:3e:60:49:ef:e4:18:a7:fe:d1:12:2e:99:0b:84:cf:50:41:
         c1:e3:f8:1d
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzDtn0jC70PgSXIICpZDZ9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMDZkOTk0YTEyMTkyNTdhM2NlYzllZDkxY2QxODliYzNk
OTNiMGIwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmZkMmI3ZmZmODMwYmQ3MDM4NGMwNGM3ZTM2NWJmZDdkNTU5NWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3Fgp9OqrN/jka4TLZ7nzLRkcsag
rvT2STrvpCaema3BUQLog4C2eDxFep+CP8hwC1V0cp1RIJwZr6M+WBf7PVN1mn22
sgw8gL4VJ2MlPq1KoIMaGnlYkU28blDfyeN4x5AXw6KN6zcNOxoLJ/X3FOFq/rwV
WuCzPe7gl5/xC6ddL9PHBrUI/ajfZZpZSuamBJ/NYFULs4JjZyFKBOPu+KWobNvc
/FB1DUten/hu6Lj5+MdCrtjnJPDhm9ZugqwnlhXi6Ogi77+poNPEZB03GBObp8PS
cicz8KbfguZ0R3HuO9PDqImo4Pz9pgVqYds/3KvW1a5dLzQUWpVR1OSAxwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFEb9K3//gwvXA4TATH42W/19VZWsMB8GA1UdIwQY
MBaAFIEG2ZShIZJXo87J7ZHNGJvD2TsLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1FiWmxLRWhrbGVqenNudGtjMFltOFBaT3dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy82OWRjNmEtZTkxZS00YjNhLTkzNGEt
YjM1NGI3OGNjOTY5LzEvUnYwcmZfLURDOWNEaE1CTWZqWmJfWDFWbGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy82OWRjNmEtZTkxZS00YjNhLTkzNGEtYjM1NGI3OGNjOTY5
LzEvZ1FiWmxLRWhrbGVqenNudGtjMFltOFBaT3dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAht0DBADA
K9QwDQYJKoZIhvcNAQELBQADggEBACjB+/47CaKWfmu1LyT5J+AcUwLOx0TtoJk2
TgUtFKBynaxqa0LdtG7/skcrDUKUUHkEgyb2AtboobyegWlMpkdc0x+iYXMH5+aW
q93lSHtp37vuPuBdR53rhTOG8I8aLza6OYJRzvj5nKfjgVh/7XZor0WWTWXbOG+L
tqxXZALLOkTr4WKKoqocAGD9M18M70UwUi3PwK4eoiSDjKwZCRABJVyRU6vhCMe9
cJeEDeSY0QdEg4sRrLRxqCMMCs1lOLt8138mNuM+KqJGy6/0rYwYE8e5U4ykL4/k
SQ6eOINx4XgJLOV/CaFVh7g+YEnv5Bin/tESLpkLhM9QQcHj+B0=
-----END CERTIFICATE-----