Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/9cv-BqKXTbv9-l3weblztzQO55Y.roa
File:                     9cv-BqKXTbv9-l3weblztzQO55Y.roa (raw, json)
Hash identifier:          XjafAMoS10c/RGPUBJmodqEwDdwY5X9XBXmJxVYXyCM=
Subject key identifier:   F5:CB:FE:06:A2:97:4D:BB:FD:FA:5D:F0:79:B9:73:B7:34:0E:E7:96
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       018CC72660C43A45011EB2DB7F53DA241368
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/9cv-BqKXTbv9-l3weblztzQO55Y.roa
Signing time:             Mon 01 Jan 2024 22:30:30 +0000
ROA not before:           Mon 01 Jan 2024 22:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202286
IP address blocks:        195.20.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:60:c4:3a:45:01:1e:b2:db:7f:53:da:24:13:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Jan  1 22:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5cbfe06a2974dbbfdfa5df079b973b7340ee796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e3:8c:c1:0b:b3:6e:4a:2d:7f:b7:de:b1:02:
                    55:15:9c:87:b8:00:ab:e1:c3:72:c8:ad:7e:e5:bb:
                    53:ba:40:3f:44:e5:89:10:b5:65:8c:e4:f2:15:bd:
                    5b:d2:01:a0:5d:b0:1d:e1:6a:89:92:3c:f6:8b:10:
                    8f:47:28:51:e1:1d:a4:b8:d2:8f:48:a5:f2:7e:d3:
                    2e:22:36:ce:0d:3a:b0:ae:da:96:a1:4b:26:91:ea:
                    93:56:ff:7e:e1:41:33:45:ed:ce:cc:65:cd:0e:5f:
                    93:01:61:56:68:56:2c:95:54:23:80:8f:9a:22:95:
                    e1:f1:57:a9:5e:4d:63:29:b3:b5:02:da:8b:e6:70:
                    c4:3a:6c:74:a5:89:25:29:45:14:04:85:90:9d:26:
                    f1:ad:a0:eb:db:a8:be:33:7c:b8:34:8b:46:b8:a1:
                    2d:4c:e3:22:17:ea:c2:62:2b:27:94:82:5a:9a:fd:
                    eb:d0:19:9c:68:a3:d6:54:97:2f:a8:57:0d:22:37:
                    dd:47:9d:b3:2c:6f:45:4a:5c:b2:31:d4:b5:30:76:
                    f2:1a:c6:53:04:ba:6d:11:22:f4:b1:9a:b4:6c:54:
                    73:1e:e2:f7:57:4f:9c:cf:52:1b:a0:e9:15:4b:c9:
                    d8:dd:16:ac:2b:e1:7e:01:5c:e8:28:69:7e:26:80:
                    6e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:CB:FE:06:A2:97:4D:BB:FD:FA:5D:F0:79:B9:73:B7:34:0E:E7:96
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/9cv-BqKXTbv9-l3weblztzQO55Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:13:24:5e:11:48:bc:7a:2e:af:36:da:e6:52:b7:c0:93:23:
         c1:2a:8c:ef:f1:3f:e7:ab:c4:ef:bd:07:75:b4:22:2b:7b:92:
         ee:72:35:bf:17:b5:7b:75:41:e3:d8:ec:9e:a0:8a:0b:b1:fc:
         f6:61:f5:b1:6c:6f:68:16:6a:2b:fb:2c:1f:14:56:66:6a:73:
         57:1d:3c:07:18:fd:b6:a6:a1:89:db:d4:57:b6:01:0b:ec:4e:
         b8:e8:b8:76:3f:85:f0:0d:c8:07:c5:bb:41:7a:43:3c:cf:32:
         ff:64:37:ab:8e:82:3e:46:69:8e:a3:48:46:f4:61:ae:dd:5c:
         3d:e0:b3:e4:00:1e:5e:87:28:b6:53:b4:38:ea:c1:b1:24:46:
         c2:ec:6e:47:9c:f1:ad:57:0e:5f:b4:cb:b0:a8:ad:66:dd:93:
         78:b2:57:ad:c5:00:39:47:80:11:82:66:86:c4:3c:c7:91:78:
         8a:a8:e8:d0:b6:89:28:3f:da:29:de:e6:7d:43:90:6c:83:27:
         20:46:59:3a:fe:88:b8:71:b1:3e:fe:cd:74:d2:fc:3b:d7:d8:
         c6:bd:2c:67:9e:c4:80:73:ef:7a:b6:17:c1:0c:0c:83:7f:a2:
         62:b6:8f:97:d7:16:85:a5:9f:fa:b4:91:52:aa:2e:93:69:0e:
         48:11:01:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJmDEOkUBHrLbf1PaJBNoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjQwMTAxMjIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWNiZmUwNmEyOTc0ZGJiZmRmYTVkZjA3OWI5NzNiNzM0MGVlNzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+OMwQuzbkotf7fesQJVFZyHuACr
4cNyyK1+5btTukA/ROWJELVljOTyFb1b0gGgXbAd4WqJkjz2ixCPRyhR4R2kuNKP
SKXyftMuIjbODTqwrtqWoUsmkeqTVv9+4UEzRe3OzGXNDl+TAWFWaFYslVQjgI+a
IpXh8VepXk1jKbO1AtqL5nDEOmx0pYklKUUUBIWQnSbxraDr26i+M3y4NItGuKEt
TOMiF+rCYisnlIJamv3r0BmcaKPWVJcvqFcNIjfdR52zLG9FSlyyMdS1MHbyGsZT
BLptESL0sZq0bFRzHuL3V0+cz1IboOkVS8nY3RasK+F+AVzoKGl+JoBuyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXL/gail027/fpd8Hm5c7c0DueWMB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEvOWN2LUJxS1hUYnY5LWwzd2VibHp0elFPNTVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxRtMA0G
CSqGSIb3DQEBCwUAA4IBAQCMEyReEUi8ei6vNtrmUrfAkyPBKozv8T/nq8TvvQd1
tCIre5LucjW/F7V7dUHj2OyeoIoLsfz2YfWxbG9oFmor+ywfFFZmanNXHTwHGP22
pqGJ29RXtgEL7E646Lh2P4XwDcgHxbtBekM8zzL/ZDerjoI+RmmOo0hG9GGu3Vw9
4LPkAB5ehyi2U7Q46sGxJEbC7G5HnPGtVw5ftMuwqK1m3ZN4sletxQA5R4ARgmaG
xDzHkXiKqOjQtokoP9op3uZ9Q5BsgycgRlk6/oi4cbE+/s100vw719jGvSxnnsSA
c+96thfBDAyDf6Jito+X1xaFpZ/6tJFSqi6TaQ5IEQH+
-----END CERTIFICATE-----