Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/khUpPTlAK16q9UF739ux37dwVaM.roa
File:                     khUpPTlAK16q9UF739ux37dwVaM.roa (raw, json)
Hash identifier:          Lu+axrlD+3EOey4QtLiZIZ0XPrtCbDROCU1Acb0dC9Y=
Subject key identifier:   92:15:29:3D:39:40:2B:5E:AA:F5:41:7B:DF:DB:B1:DF:B7:70:55:A3
Certificate issuer:       /CN=12ef9e49fecf2509eb6769eee2cdd4a5253b71c5
Certificate serial:       018CC64AA7929C63DF44D9D43777CD9044D8
Authority key identifier: 12:EF:9E:49:FE:CF:25:09:EB:67:69:EE:E2:CD:D4:A5:25:3B:71:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/khUpPTlAK16q9UF739ux37dwVaM.roa
Signing time:             Mon 01 Jan 2024 18:30:30 +0000
ROA not before:           Mon 01 Jan 2024 18:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41292
IP address blocks:        109.121.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:a7:92:9c:63:df:44:d9:d4:37:77:cd:90:44:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12ef9e49fecf2509eb6769eee2cdd4a5253b71c5
        Validity
            Not Before: Jan  1 18:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9215293d39402b5eaaf5417bdfdbb1dfb77055a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ff:5c:6a:44:05:7e:f7:99:9f:4d:db:1c:96:
                    28:6c:30:f2:da:bf:15:65:cf:8e:ef:3c:28:b6:46:
                    56:13:ae:e7:b7:06:e8:8e:2f:bd:1f:f4:b9:4e:36:
                    03:c0:d6:2a:e8:f2:87:2c:54:11:54:75:34:83:d9:
                    ae:47:89:46:a8:b4:87:1f:76:ac:36:2e:22:c3:5d:
                    9d:2b:27:c4:d5:a0:f5:96:a5:70:d8:06:e8:84:ab:
                    8c:ed:19:60:77:c8:9c:5f:5b:f0:27:94:eb:a8:fb:
                    95:d6:e3:d7:4b:70:15:fd:2d:95:be:3a:7d:f6:07:
                    df:a8:9a:a8:39:57:07:b2:cd:2f:ee:76:54:da:d0:
                    76:dd:3f:62:9d:eb:a1:b7:2c:b8:91:dc:ac:d2:c9:
                    ae:bc:9d:f0:2a:39:43:42:eb:06:04:74:d4:e8:99:
                    af:20:24:28:8a:1e:c7:f4:a4:c9:49:2c:1e:1b:42:
                    b2:ad:24:0c:dd:84:4a:66:9f:65:55:59:90:e1:c5:
                    80:39:ad:b2:19:c9:4b:72:3c:8a:71:89:1b:2b:2e:
                    a5:4d:f5:d3:ea:98:af:3a:62:3c:3f:92:da:6a:79:
                    f3:00:6f:2b:9f:e9:6f:bd:2c:91:ea:e5:7b:40:b8:
                    f2:22:69:02:f2:76:ea:79:2b:19:97:d9:1a:d2:23:
                    43:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:15:29:3D:39:40:2B:5E:AA:F5:41:7B:DF:DB:B1:DF:B7:70:55:A3
            X509v3 Authority Key Identifier:
                keyid:12:EF:9E:49:FE:CF:25:09:EB:67:69:EE:E2:CD:D4:A5:25:3B:71:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/khUpPTlAK16q9UF739ux37dwVaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:6b:18:0a:be:e0:3f:57:9e:ac:1c:bc:db:a0:2a:0b:18:4b:
         e1:d0:da:ce:c0:06:a5:8b:f2:4c:55:02:a5:12:a8:f5:f8:04:
         53:ad:a4:ba:22:e3:e2:67:67:ba:8f:80:54:a5:e2:4a:2f:47:
         bf:36:aa:b7:d8:1a:e9:ea:76:4c:cf:fe:68:5c:29:e9:78:dd:
         85:16:32:ea:38:08:9a:be:86:73:c6:c8:7d:43:c4:da:8f:ea:
         af:3e:c6:02:d9:5f:47:19:6f:4b:ab:0f:3a:9e:65:e0:ec:ca:
         1b:55:25:09:2e:a0:fb:94:01:e2:90:08:c4:94:37:a0:e8:e5:
         3a:50:34:0b:f9:f6:1d:92:bf:34:10:d4:27:0b:54:54:b7:c7:
         21:57:20:33:55:1d:bf:6f:10:ae:9b:a7:43:2f:3f:09:20:64:
         e3:37:b3:c6:28:0f:61:59:a9:a2:74:69:88:42:48:bb:1f:31:
         6e:f7:d6:e1:98:c2:20:3f:f8:18:15:8e:ee:91:92:f0:58:4e:
         70:ac:52:f0:7f:9f:59:6e:96:0d:69:ce:38:9c:83:90:28:a4:
         85:d8:97:b6:e2:43:71:a5:a7:c5:5c:26:65:87:72:0d:73:81:
         22:bd:5d:22:3d:13:d8:4f:df:63:0a:25:ec:47:8c:e2:b5:74:
         91:92:6f:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSqeSnGPfRNnUN3fNkETYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZWY5ZTQ5ZmVjZjI1MDllYjY3NjllZWUyY2RkNGE1MjUz
YjcxYzUwHhcNMjQwMTAxMTgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjE1MjkzZDM5NDAyYjVlYWFmNTQxN2JkZmRiYjFkZmI3NzA1NWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlP9cakQFfveZn03bHJYobDDy2r8V
Zc+O7zwotkZWE67ntwboji+9H/S5TjYDwNYq6PKHLFQRVHU0g9muR4lGqLSHH3as
Ni4iw12dKyfE1aD1lqVw2AbohKuM7Rlgd8icX1vwJ5TrqPuV1uPXS3AV/S2Vvjp9
9gffqJqoOVcHss0v7nZU2tB23T9ineuhtyy4kdys0smuvJ3wKjlDQusGBHTU6Jmv
ICQoih7H9KTJSSweG0KyrSQM3YRKZp9lVVmQ4cWAOa2yGclLcjyKcYkbKy6lTfXT
6pivOmI8P5LaannzAG8rn+lvvSyR6uV7QLjyImkC8nbqeSsZl9ka0iNDLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIVKT05QCteqvVBe9/bsd+3cFWjMB8GA1UdIwQY
MBaAFBLvnkn+zyUJ62dp7uLN1KUlO3HFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXUtZVNmN1BKUW5yWjJudTRzM1VwU1U3Y2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS85YzI3YzItZmRiZS00ZTM5LWJhOTIt
MWQ1ZDk0NWEwNWEzLzEva2hVcFBUbEFLMTZxOVVGNzM5dXgzN2R3VmFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS85YzI3YzItZmRiZS00ZTM5LWJhOTItMWQ1ZDk0NWEwNWEz
LzEvRXUtZVNmN1BKUW5yWjJudTRzM1VwU1U3Y2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXmfMA0G
CSqGSIb3DQEBCwUAA4IBAQBiaxgKvuA/V56sHLzboCoLGEvh0NrOwAali/JMVQKl
Eqj1+ARTraS6IuPiZ2e6j4BUpeJKL0e/Nqq32Brp6nZMz/5oXCnpeN2FFjLqOAia
voZzxsh9Q8Taj+qvPsYC2V9HGW9Lqw86nmXg7MobVSUJLqD7lAHikAjElDeg6OU6
UDQL+fYdkr80ENQnC1RUt8chVyAzVR2/bxCum6dDLz8JIGTjN7PGKA9hWamidGmI
Qki7HzFu99bhmMIgP/gYFY7ukZLwWE5wrFLwf59ZbpYNac44nIOQKKSF2Je24kNx
pafFXCZlh3INc4EivV0iPRPYT99jCiXsR4zitXSRkm+W
-----END CERTIFICATE-----