Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/OU0cv3nKYaib5bOSkCrAQimVRFE.roa
File:                     OU0cv3nKYaib5bOSkCrAQimVRFE.roa (raw, json)
Hash identifier:          2iK2z/J47JcslUPTE/dIloP0jrUlfqfwIkwUBn9rwi0=
Subject key identifier:   39:4D:1C:BF:79:CA:61:A8:9B:E5:B3:92:90:2A:C0:42:29:95:44:51
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       018CC56EF20F9A2DDF02E3FC3CE19051C17F
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/OU0cv3nKYaib5bOSkCrAQimVRFE.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42878
IP address blocks:        109.160.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f2:0f:9a:2d:df:02:e3:fc:3c:e1:90:51:c1:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=394d1cbf79ca61a89be5b392902ac04229954451
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:58:1e:fe:98:20:d8:fb:e2:7b:a8:77:ae:4d:
                    bb:91:ce:c3:0d:1b:f4:9a:73:80:29:c4:19:e0:63:
                    a9:9e:61:43:4f:95:5d:0f:cc:cf:20:d3:5c:0d:bf:
                    06:eb:2d:bb:17:82:b4:84:7f:49:c8:c2:06:42:26:
                    71:9c:c4:e6:02:95:e0:77:fa:0a:87:75:2c:ec:9f:
                    70:1e:45:a1:61:f9:8a:c6:59:1a:e9:e9:7a:d2:70:
                    0b:ce:86:86:71:bf:45:30:c1:0c:ed:5d:54:f9:93:
                    71:b4:50:fa:87:b4:c5:fd:8a:13:0f:f6:e2:a6:d0:
                    be:f5:c1:0b:32:4a:bf:8c:6d:d3:17:2e:ce:bf:b9:
                    36:a6:72:b6:44:23:0e:55:87:8d:79:f3:ff:1b:1d:
                    ff:b6:ea:9f:1b:e1:8f:63:54:9c:10:0a:02:84:19:
                    f9:1c:bf:ac:ef:25:4d:cf:e5:19:8c:9d:82:1e:91:
                    09:4d:1e:23:c4:6f:56:fe:a4:c0:e0:e1:8f:ad:f2:
                    55:52:c1:59:66:a0:75:9d:f7:65:43:28:50:c9:bf:
                    46:c6:ac:aa:10:11:c8:92:76:c2:97:8e:1e:87:62:
                    36:71:10:04:a6:a6:3e:38:bb:20:c6:a2:fe:f0:ac:
                    08:17:6f:58:05:81:a3:80:bf:cf:bc:19:55:ea:d1:
                    d6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:4D:1C:BF:79:CA:61:A8:9B:E5:B3:92:90:2A:C0:42:29:95:44:51
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/OU0cv3nKYaib5bOSkCrAQimVRFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.160.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:c0:d0:39:a9:07:a5:d3:2b:73:c9:39:2c:32:11:4e:84:d2:
         58:85:ce:87:9c:26:03:1b:1a:19:d4:d6:cc:27:39:ad:0e:b4:
         f4:ae:7d:9e:74:64:5c:2d:ae:85:01:bf:42:29:9e:fa:ed:62:
         b4:06:24:66:cf:58:d5:53:bf:64:57:c2:08:be:6d:c7:51:23:
         dc:8c:02:26:77:be:47:60:06:e4:f3:56:e7:65:a0:31:aa:df:
         bb:b2:7f:c7:6e:dc:4b:f0:ce:31:ed:f7:a1:75:ad:d4:63:a7:
         2d:eb:96:f9:3c:d9:bd:39:24:6a:8e:d1:ab:5a:13:be:19:06:
         eb:64:63:13:be:80:22:9b:c4:46:53:2a:94:28:e3:37:f6:f4:
         6b:2f:1c:04:ea:03:74:6c:5b:13:d5:95:70:f7:03:9a:6b:d0:
         94:67:31:64:55:5b:eb:e0:7a:05:37:13:f7:10:20:7c:3d:a9:
         3f:cd:53:0d:a7:93:b1:2c:4e:b5:dc:af:36:1c:bc:9e:fa:b0:
         38:56:53:52:82:7c:11:96:e4:73:5e:92:52:98:0d:db:c5:62:
         36:2b:f9:2c:d9:b1:b6:d3:e8:ba:50:c6:2d:5b:90:3e:02:b2:
         7d:4e:9b:50:38:03:f8:1a:4c:d3:09:b6:d4:fc:29:c3:a6:db:
         8f:df:17:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvIPmi3fAuP8POGQUcF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTRkMWNiZjc5Y2E2MWE4OWJlNWIzOTI5MDJhYzA0MjI5OTU0NDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVge/pgg2Pvie6h3rk27kc7DDRv0
mnOAKcQZ4GOpnmFDT5VdD8zPINNcDb8G6y27F4K0hH9JyMIGQiZxnMTmApXgd/oK
h3Us7J9wHkWhYfmKxlka6el60nALzoaGcb9FMMEM7V1U+ZNxtFD6h7TF/YoTD/bi
ptC+9cELMkq/jG3TFy7Ov7k2pnK2RCMOVYeNefP/Gx3/tuqfG+GPY1ScEAoChBn5
HL+s7yVNz+UZjJ2CHpEJTR4jxG9W/qTA4OGPrfJVUsFZZqB1nfdlQyhQyb9Gxqyq
EBHIknbCl44eh2I2cRAEpqY+OLsgxqL+8KwIF29YBYGjgL/PvBlV6tHWTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlNHL95ymGom+WzkpAqwEIplURRMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvT1UwY3YzbktZYWliNWJPU2tDckFRaW1WUkZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbaB2MA0G
CSqGSIb3DQEBCwUAA4IBAQAXwNA5qQel0ytzyTksMhFOhNJYhc6HnCYDGxoZ1NbM
JzmtDrT0rn2edGRcLa6FAb9CKZ767WK0BiRmz1jVU79kV8IIvm3HUSPcjAImd75H
YAbk81bnZaAxqt+7sn/HbtxL8M4x7fehda3UY6ct65b5PNm9OSRqjtGrWhO+GQbr
ZGMTvoAim8RGUyqUKOM39vRrLxwE6gN0bFsT1ZVw9wOaa9CUZzFkVVvr4HoFNxP3
ECB8Pak/zVMNp5OxLE613K82HLye+rA4VlNSgnwRluRzXpJSmA3bxWI2K/ks2bG2
0+i6UMYtW5A+ArJ9TptQOAP4GkzTCbbU/CnDptuP3xft
-----END CERTIFICATE-----