Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/I4xUJiLUXglxL7G_HliBs781B-o.roa
File:                     I4xUJiLUXglxL7G_HliBs781B-o.roa (raw, json)
Hash identifier:          3+KDdfCxOc6PkMNHSQ6+ZguqlZg0XzA9cDjnmO8j1BI=
Subject key identifier:   23:8C:54:26:22:D4:5E:09:71:2F:B1:BF:1E:58:81:B3:BF:35:07:EA
Certificate issuer:       /CN=8267fb4a0b677b8377907b82fb1fb8810a2fef08
Certificate serial:       018CC26D41BD0642FAB6966D2B9D5EC22D36
Authority key identifier: 82:67:FB:4A:0B:67:7B:83:77:90:7B:82:FB:1F:B8:81:0A:2F:EF:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmf7Sgtne4N3kHuC-x-4gQov7wg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/I4xUJiLUXglxL7G_HliBs781B-o.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200630
IP address blocks:        109.69.36.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/gmf7Sgtne4N3kHuC-x-4gQov7wg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/gmf7Sgtne4N3kHuC-x-4gQov7wg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmf7Sgtne4N3kHuC-x-4gQov7wg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 13:30:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:41:bd:06:42:fa:b6:96:6d:2b:9d:5e:c2:2d:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8267fb4a0b677b8377907b82fb1fb8810a2fef08
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=238c542622d45e09712fb1bf1e5881b3bf3507ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ab:f3:39:85:f8:df:2f:1c:0e:2e:d2:fc:6b:
                    9a:ee:cd:77:6c:5f:af:3f:4a:55:d7:95:7b:a4:2a:
                    8d:36:92:a5:b7:54:cf:05:6c:70:ec:8b:e5:e9:38:
                    45:08:86:4f:72:45:36:e8:6b:b7:6e:68:47:0d:10:
                    a9:e3:ae:c5:7b:25:1a:e3:81:c8:38:06:3f:c7:24:
                    d7:4a:21:b9:53:11:f2:3f:3a:eb:c5:b8:46:df:e9:
                    52:3e:3c:26:29:e0:d0:35:25:45:12:e1:b1:5e:fb:
                    58:33:3d:ba:82:83:f9:11:29:bf:cc:ca:99:b5:8b:
                    74:1b:4f:1a:d8:a9:8c:6d:b5:28:0d:56:62:b8:f6:
                    54:12:e2:ea:75:50:8e:da:d0:3e:24:3b:64:ef:88:
                    97:2a:38:36:31:5e:86:8a:06:ec:e9:15:6a:01:de:
                    fa:54:9e:4e:be:7d:16:ce:26:ad:3f:f6:5b:5a:bd:
                    62:83:26:29:3d:87:cc:bd:79:0d:24:a7:a7:fc:82:
                    cd:dd:e7:e5:ba:13:fb:f9:4d:17:fb:6c:cf:9a:92:
                    b4:9d:31:67:13:54:21:c7:6f:60:2c:1a:3b:47:69:
                    dc:80:6e:dd:a6:8a:ed:74:86:fc:65:91:aa:63:e2:
                    db:17:4f:03:e5:5e:f8:1c:fc:07:6d:12:ac:82:b0:
                    72:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:8C:54:26:22:D4:5E:09:71:2F:B1:BF:1E:58:81:B3:BF:35:07:EA
            X509v3 Authority Key Identifier:
                keyid:82:67:FB:4A:0B:67:7B:83:77:90:7B:82:FB:1F:B8:81:0A:2F:EF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmf7Sgtne4N3kHuC-x-4gQov7wg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/I4xUJiLUXglxL7G_HliBs781B-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/gmf7Sgtne4N3kHuC-x-4gQov7wg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.69.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:c6:6f:ab:29:92:1e:3a:d9:14:37:c5:8f:3f:6e:36:f3:fd:
         a8:7d:fb:cc:ce:3a:8f:5e:0c:4e:02:65:3c:44:af:b4:90:e6:
         a3:09:37:a3:86:d9:3e:7b:88:89:4b:97:5d:47:64:83:13:ab:
         53:ef:fa:3c:50:bb:aa:cc:10:ed:04:e3:de:57:cf:26:af:d8:
         34:ea:43:92:09:7b:fb:cf:53:c7:ed:6a:7c:dd:9e:b0:cd:08:
         3f:14:df:52:c3:da:cf:36:64:c3:51:cc:f3:df:80:f7:8b:15:
         1a:38:2a:eb:f7:e4:6f:2d:09:72:b5:08:54:05:94:7e:46:ee:
         d9:87:72:fe:db:a6:63:0c:6f:f6:a7:25:a3:7a:9d:9c:71:4c:
         e3:e7:aa:ed:49:c2:f2:d4:ed:73:97:e2:31:c2:ae:8c:44:ff:
         ac:99:83:c9:bc:d8:68:a4:c3:80:d1:56:1c:ae:06:59:4a:c4:
         a0:a4:46:ff:76:34:80:2a:c8:3f:3a:4c:89:7e:b6:32:9b:ad:
         9e:d9:56:dc:70:cd:d1:d3:4d:dc:f0:79:b0:61:fe:49:32:1f:
         e2:32:24:c7:62:8a:d0:ff:ba:aa:b4:c9:6b:5b:c7:8d:71:8e:
         6a:43:79:38:79:03:82:08:16:94:56:35:62:1e:4b:53:b6:8a:
         f3:09:0e:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUG9BkL6tpZtK51ewi02MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjdmYjRhMGI2NzdiODM3NzkwN2I4MmZiMWZiODgxMGEy
ZmVmMDgwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzhjNTQyNjIyZDQ1ZTA5NzEyZmIxYmYxZTU4ODFiM2JmMzUwN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qvzOYX43y8cDi7S/Gua7s13bF+v
P0pV15V7pCqNNpKlt1TPBWxw7Ivl6ThFCIZPckU26Gu3bmhHDRCp467FeyUa44HI
OAY/xyTXSiG5UxHyPzrrxbhG3+lSPjwmKeDQNSVFEuGxXvtYMz26goP5ESm/zMqZ
tYt0G08a2KmMbbUoDVZiuPZUEuLqdVCO2tA+JDtk74iXKjg2MV6Gigbs6RVqAd76
VJ5Ovn0WziatP/ZbWr1igyYpPYfMvXkNJKen/ILN3efluhP7+U0X+2zPmpK0nTFn
E1Qhx29gLBo7R2ncgG7dportdIb8ZZGqY+LbF08D5V74HPwHbRKsgrByZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOMVCYi1F4JcS+xvx5YgbO/NQfqMB8GA1UdIwQY
MBaAFIJn+0oLZ3uDd5B7gvsfuIEKL+8IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21mN1NndG5lNE4za0h1Qy14LTRnUW92N3dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8wZGRhNDItNTNhNS00YWJhLTg2YWUt
NjM5ZTE0ZDA0ZGU2LzEvSTR4VUppTFVYZ2x4TDdHX0hsaUJzNzgxQi1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8wZGRhNDItNTNhNS00YWJhLTg2YWUtNjM5ZTE0ZDA0ZGU2
LzEvZ21mN1NndG5lNE4za0h1Qy14LTRnUW92N3dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbUUkMA0G
CSqGSIb3DQEBCwUAA4IBAQC4xm+rKZIeOtkUN8WPP2428/2offvMzjqPXgxOAmU8
RK+0kOajCTejhtk+e4iJS5ddR2SDE6tT7/o8ULuqzBDtBOPeV88mr9g06kOSCXv7
z1PH7Wp83Z6wzQg/FN9Sw9rPNmTDUczz34D3ixUaOCrr9+RvLQlytQhUBZR+Ru7Z
h3L+26ZjDG/2pyWjep2ccUzj56rtScLy1O1zl+Ixwq6MRP+smYPJvNhopMOA0VYc
rgZZSsSgpEb/djSAKsg/OkyJfrYym62e2VbccM3R003c8HmwYf5JMh/iMiTHYorQ
/7qqtMlrW8eNcY5qQ3k4eQOCCBaUVjViHktTtorzCQ6Q
-----END CERTIFICATE-----