Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/82129a-5263-43d2-bc63-19620615579b/1/tiScyq0fY2Fmv5ROHz5iDjgBbbA.roa
File:                     tiScyq0fY2Fmv5ROHz5iDjgBbbA.roa (raw, json)
Hash identifier:          ZpmrH6J85c6gi4zxFRi7fd4WgChU75mPCa+/X62JkJE=
Subject key identifier:   B6:24:9C:CA:AD:1F:63:61:66:BF:94:4E:1F:3E:62:0E:38:01:6D:B0
Certificate issuer:       /CN=d9527368206e3e9a5924081df63880246e5c541a
Certificate serial:       018CC349513E70D812DC815D99507F077112
Authority key identifier: D9:52:73:68:20:6E:3E:9A:59:24:08:1D:F6:38:80:24:6E:5C:54:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2VJzaCBuPppZJAgd9jiAJG5cVBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/82129a-5263-43d2-bc63-19620615579b/1/tiScyq0fY2Fmv5ROHz5iDjgBbbA.roa
Signing time:             Mon 01 Jan 2024 04:30:11 +0000
ROA not before:           Mon 01 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        140.105.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/82129a-5263-43d2-bc63-19620615579b/1/2VJzaCBuPppZJAgd9jiAJG5cVBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/82129a-5263-43d2-bc63-19620615579b/1/2VJzaCBuPppZJAgd9jiAJG5cVBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2VJzaCBuPppZJAgd9jiAJG5cVBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:51:3e:70:d8:12:dc:81:5d:99:50:7f:07:71:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9527368206e3e9a5924081df63880246e5c541a
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6249ccaad1f636166bf944e1f3e620e38016db0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:9b:9a:4e:35:60:96:9d:6b:39:f5:d4:7f:13:
                    8a:bb:74:40:2d:21:e5:aa:72:ef:c8:1f:7a:24:a8:
                    a3:cf:b8:e8:19:7c:df:ef:4d:a3:4d:52:a8:6b:e3:
                    84:63:10:e9:02:2e:8c:ed:27:0f:0c:d2:51:08:8d:
                    20:7b:fd:09:82:60:f9:11:42:49:f7:85:91:db:87:
                    06:cd:d8:19:60:ff:3f:31:63:c7:26:b3:a5:bc:54:
                    5a:fb:54:21:04:30:48:fc:aa:bc:c2:ea:3e:75:f1:
                    83:90:f0:18:4e:2f:9f:b8:84:cc:60:b5:3c:17:9b:
                    d9:8a:69:56:59:01:f9:ae:a7:fd:18:ae:6c:6f:f3:
                    bc:c3:a9:6b:d2:a3:b7:b5:7d:74:a7:7b:d0:ea:dd:
                    d2:02:7d:e9:d6:3f:78:13:91:ad:d1:75:c8:8e:c7:
                    33:07:e2:b2:ea:16:d8:c4:80:20:d6:8b:4a:0f:23:
                    5c:a1:33:9d:0a:08:88:b1:91:5f:1e:6a:1c:79:91:
                    57:18:36:66:e9:a6:4f:c8:03:ec:a4:ef:3b:af:8f:
                    e7:94:d3:56:ad:a1:e5:fa:51:cb:e0:e4:10:45:23:
                    4b:5a:76:4a:19:5a:b5:47:ef:2d:76:3c:a1:95:85:
                    e2:81:7c:6f:10:9b:36:c2:8a:4f:15:2a:97:5b:3f:
                    90:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:24:9C:CA:AD:1F:63:61:66:BF:94:4E:1F:3E:62:0E:38:01:6D:B0
            X509v3 Authority Key Identifier:
                keyid:D9:52:73:68:20:6E:3E:9A:59:24:08:1D:F6:38:80:24:6E:5C:54:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2VJzaCBuPppZJAgd9jiAJG5cVBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/82129a-5263-43d2-bc63-19620615579b/1/tiScyq0fY2Fmv5ROHz5iDjgBbbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/82129a-5263-43d2-bc63-19620615579b/1/2VJzaCBuPppZJAgd9jiAJG5cVBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.105.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ad:6f:65:b8:ae:a2:4d:45:ef:e9:ea:48:7c:0a:73:61:78:a6:
         0d:a7:f1:d1:be:55:e4:dc:6f:e4:fc:c2:9d:c4:6a:16:ba:8a:
         b3:9b:5f:da:33:8e:4e:05:ed:1b:f8:5a:b4:94:7a:86:bb:48:
         41:d6:8f:dd:81:29:4a:71:d3:4b:0d:b7:29:41:eb:f0:2d:2e:
         e6:b5:46:09:e9:44:26:1b:5c:3f:6e:bf:2e:6b:6c:0f:43:4e:
         eb:df:37:2d:1e:52:50:0e:eb:58:18:3b:70:de:64:12:4b:00:
         3d:e4:87:ff:99:7d:ae:76:e0:7b:5c:70:55:7b:33:5a:64:96:
         44:4c:c2:cc:20:f9:f9:c2:62:99:ff:91:2b:6e:ca:d4:de:79:
         c0:6e:d2:08:ab:d4:ce:fd:42:d7:de:02:df:f6:94:16:8f:4f:
         59:a0:13:1b:34:df:04:4c:5b:d2:d2:92:29:f9:1e:23:7d:21:
         16:b8:ae:00:94:d0:aa:70:70:02:bc:ab:83:43:22:3a:e1:e0:
         4a:df:bb:42:19:70:3e:01:e9:0d:05:4b:57:47:0d:2c:0a:7b:
         f7:8c:fd:5b:be:c2:13:5a:95:37:58:42:8c:1f:c6:0f:a6:75:
         f5:b8:ed:54:29:f3:11:60:71:41:53:9d:1c:98:5d:a8:4f:c8:
         d7:cb:fb:c7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDSVE+cNgS3IFdmVB/B3ESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NTI3MzY4MjA2ZTNlOWE1OTI0MDgxZGY2Mzg4MDI0NmU1
YzU0MWEwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjI0OWNjYWFkMWY2MzYxNjZiZjk0NGUxZjNlNjIwZTM4MDE2ZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZuaTjVglp1rOfXUfxOKu3RALSHl
qnLvyB96JKijz7joGXzf702jTVKoa+OEYxDpAi6M7ScPDNJRCI0ge/0JgmD5EUJJ
94WR24cGzdgZYP8/MWPHJrOlvFRa+1QhBDBI/Kq8wuo+dfGDkPAYTi+fuITMYLU8
F5vZimlWWQH5rqf9GK5sb/O8w6lr0qO3tX10p3vQ6t3SAn3p1j94E5Gt0XXIjscz
B+Ky6hbYxIAg1otKDyNcoTOdCgiIsZFfHmoceZFXGDZm6aZPyAPspO87r4/nlNNW
raHl+lHL4OQQRSNLWnZKGVq1R+8tdjyhlYXigXxvEJs2wopPFSqXWz+QLwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLYknMqtH2NhZr+UTh8+Yg44AW2wMB8GA1UdIwQY
MBaAFNlSc2ggbj6aWSQIHfY4gCRuXFQaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlZKemFDQnVQcHBaSkFnZDlqaUFKRzVjVkJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC84MjEyOWEtNTI2My00M2QyLWJjNjMt
MTk2MjA2MTU1NzliLzEvdGlTY3lxMGZZMkZtdjVST0h6NWlEamdCYmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC84MjEyOWEtNTI2My00M2QyLWJjNjMtMTk2MjA2MTU1Nzli
LzEvMlZKemFDQnVQcHBaSkFnZDlqaUFKRzVjVkJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjGkwDQYJ
KoZIhvcNAQELBQADggEBAK1vZbiuok1F7+nqSHwKc2F4pg2n8dG+VeTcb+T8wp3E
aha6irObX9ozjk4F7Rv4WrSUeoa7SEHWj92BKUpx00sNtylB6/AtLua1RgnpRCYb
XD9uvy5rbA9DTuvfNy0eUlAO61gYO3DeZBJLAD3kh/+Zfa524HtccFV7M1pklkRM
wswg+fnCYpn/kStuytTeecBu0gir1M79QtfeAt/2lBaPT1mgExs03wRMW9LSkin5
HiN9IRa4rgCU0KpwcAK8q4NDIjrh4Erfu0IZcD4B6Q0FS1dHDSwKe/eM/Vu+whNa
lTdYQowfxg+mdfW47VQp8xFgcUFTnRyYXahPyNfL+8c=
-----END CERTIFICATE-----