Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/_6KDBTydFe0fqIefXl6b8tH-5qc.roa
File:                     _6KDBTydFe0fqIefXl6b8tH-5qc.roa (raw, json)
Hash identifier:          bWMWZCRYsIf3zpVMM8QmBosU4qcqpJZ9HRXTadrc3H4=
Subject key identifier:   FF:A2:83:05:3C:9D:15:ED:1F:A8:87:9F:5E:5E:9B:F2:D1:FE:E6:A7
Certificate issuer:       /CN=12ef9e49fecf2509eb6769eee2cdd4a5253b71c5
Certificate serial:       018CC64AA6DACBD17D7EA8E1D8C8B49C5E57
Authority key identifier: 12:EF:9E:49:FE:CF:25:09:EB:67:69:EE:E2:CD:D4:A5:25:3B:71:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/_6KDBTydFe0fqIefXl6b8tH-5qc.roa
Signing time:             Mon 01 Jan 2024 18:30:30 +0000
ROA not before:           Mon 01 Jan 2024 18:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8628
IP address blocks:        109.121.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:a6:da:cb:d1:7d:7e:a8:e1:d8:c8:b4:9c:5e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12ef9e49fecf2509eb6769eee2cdd4a5253b71c5
        Validity
            Not Before: Jan  1 18:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffa283053c9d15ed1fa8879f5e5e9bf2d1fee6a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c3:a8:ea:7a:ff:4c:fb:dc:13:f3:6a:65:b6:
                    38:81:cf:3b:ab:d2:22:56:5c:cb:b6:ee:c1:87:67:
                    b1:1c:ff:20:c8:9f:4c:c8:c5:45:66:4f:dc:86:37:
                    69:f0:d2:7d:33:53:7a:eb:44:6b:de:0c:6c:53:b3:
                    9c:4a:9f:af:c8:5f:8d:c9:29:80:d5:35:80:41:cc:
                    24:f6:64:5c:25:e3:6d:02:fe:6d:c3:94:c3:1b:f2:
                    ce:31:ac:2c:f3:ab:0f:ff:bc:3c:0a:97:04:36:17:
                    19:04:62:04:4f:b2:c7:ef:92:75:26:83:94:f7:4e:
                    49:b2:a4:cc:f2:66:5d:23:ab:1a:90:1e:09:c1:ba:
                    0e:7b:fd:7c:b8:18:f6:82:ea:63:44:bb:65:39:35:
                    e2:af:a2:d0:ba:17:04:66:ee:38:91:75:24:50:3f:
                    01:ef:10:b2:53:8f:c1:01:53:5f:fc:b4:47:88:74:
                    51:33:d1:6d:15:53:a9:ec:c5:cf:c8:fe:8e:c2:90:
                    b9:73:39:a8:94:aa:08:51:8d:45:54:7e:84:7f:cb:
                    e7:6e:e4:62:5c:79:61:52:5a:1a:24:4f:c5:f4:a2:
                    24:49:5e:9d:6a:1b:01:96:58:a1:8a:8f:73:a1:3a:
                    1f:82:87:f2:61:34:c7:3c:dd:5b:66:79:7c:77:7d:
                    75:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:A2:83:05:3C:9D:15:ED:1F:A8:87:9F:5E:5E:9B:F2:D1:FE:E6:A7
            X509v3 Authority Key Identifier:
                keyid:12:EF:9E:49:FE:CF:25:09:EB:67:69:EE:E2:CD:D4:A5:25:3B:71:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/_6KDBTydFe0fqIefXl6b8tH-5qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:ee:9b:30:ad:e9:ea:6f:ba:a1:2a:d5:48:d7:41:c8:db:35:
         d4:8e:58:26:4b:8b:6d:58:9d:79:15:86:bf:49:e9:4b:8a:ea:
         11:12:ac:7f:c3:e2:69:4f:43:d3:fa:85:79:41:7f:7e:6d:62:
         a2:e9:38:2c:f1:3c:5f:3c:ba:e7:29:f4:3b:6d:32:15:35:fa:
         4e:f1:1e:93:77:70:9a:55:2b:8a:c0:8a:22:c9:4b:9c:0d:4f:
         bb:1d:f7:50:c5:d3:73:13:e9:a1:77:af:fb:93:c3:fe:ab:53:
         1c:d2:a4:75:62:8b:0a:ad:17:6d:2b:6d:16:82:09:9b:c6:f6:
         84:36:7b:de:cb:cd:50:85:e1:e2:be:f0:50:98:a2:45:6e:aa:
         56:0c:4c:ec:06:2d:fb:b6:a6:9f:2a:4c:17:1b:f3:6e:ef:f2:
         7e:20:ca:e6:df:22:ea:37:bf:28:f5:18:03:e2:a8:3c:dc:59:
         f8:2a:ca:19:ca:54:cf:f3:d5:7d:15:f4:a7:a9:11:06:08:a0:
         f4:eb:57:03:12:f7:de:fd:63:db:d3:13:4f:c6:8c:b0:59:33:
         e7:82:90:f3:42:d0:1b:fc:b5:5a:e2:7a:ab:38:e6:61:e8:bb:
         39:93:c8:b0:41:03:58:00:df:cf:dc:39:db:aa:c2:a7:39:25:
         95:ca:16:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSqbay9F9fqjh2Mi0nF5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZWY5ZTQ5ZmVjZjI1MDllYjY3NjllZWUyY2RkNGE1MjUz
YjcxYzUwHhcNMjQwMTAxMTgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmEyODMwNTNjOWQxNWVkMWZhODg3OWY1ZTVlOWJmMmQxZmVlNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMOo6nr/TPvcE/NqZbY4gc87q9Ii
VlzLtu7Bh2exHP8gyJ9MyMVFZk/chjdp8NJ9M1N660Rr3gxsU7OcSp+vyF+NySmA
1TWAQcwk9mRcJeNtAv5tw5TDG/LOMaws86sP/7w8CpcENhcZBGIET7LH75J1JoOU
905JsqTM8mZdI6sakB4JwboOe/18uBj2gupjRLtlOTXir6LQuhcEZu44kXUkUD8B
7xCyU4/BAVNf/LRHiHRRM9FtFVOp7MXPyP6OwpC5czmolKoIUY1FVH6Ef8vnbuRi
XHlhUloaJE/F9KIkSV6dahsBllihio9zoTofgofyYTTHPN1bZnl8d3112wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+igwU8nRXtH6iHn15em/LR/uanMB8GA1UdIwQY
MBaAFBLvnkn+zyUJ62dp7uLN1KUlO3HFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXUtZVNmN1BKUW5yWjJudTRzM1VwU1U3Y2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS85YzI3YzItZmRiZS00ZTM5LWJhOTIt
MWQ1ZDk0NWEwNWEzLzEvXzZLREJUeWRGZTBmcUllZlhsNmI4dEgtNXFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS85YzI3YzItZmRiZS00ZTM5LWJhOTItMWQ1ZDk0NWEwNWEz
LzEvRXUtZVNmN1BKUW5yWjJudTRzM1VwU1U3Y2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXmFMA0G
CSqGSIb3DQEBCwUAA4IBAQCR7pswrenqb7qhKtVI10HI2zXUjlgmS4ttWJ15FYa/
SelLiuoREqx/w+JpT0PT+oV5QX9+bWKi6Tgs8TxfPLrnKfQ7bTIVNfpO8R6Td3Ca
VSuKwIoiyUucDU+7HfdQxdNzE+mhd6/7k8P+q1Mc0qR1YosKrRdtK20WggmbxvaE
Nnvey81QheHivvBQmKJFbqpWDEzsBi37tqafKkwXG/Nu7/J+IMrm3yLqN78o9RgD
4qg83Fn4KsoZylTP89V9FfSnqREGCKD061cDEvfe/WPb0xNPxoywWTPngpDzQtAb
/LVa4nqrOOZh6Ls5k8iwQQNYAN/P3DnbqsKnOSWVyhYK
-----END CERTIFICATE-----