Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/VZrWHA2Z49zW5BumWriYZk7-orI.roa
File:                     VZrWHA2Z49zW5BumWriYZk7-orI.roa (raw, json)
Hash identifier:          +oOnygqRxu9ctCk8OewQU5wIO/+IrzElbzbSoSkqqps=
Subject key identifier:   55:9A:D6:1C:0D:99:E3:DC:D6:E4:1B:A6:5A:B8:98:66:4E:FE:A2:B2
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018DC972CB7C23ACCA3DFA7A91B25156B985
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/VZrWHA2Z49zW5BumWriYZk7-orI.roa
Signing time:             Wed 21 Feb 2024 02:15:59 +0000
ROA not before:           Wed 21 Feb 2024 02:15:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        91.217.162.0/24 maxlen: 24
                          91.217.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c9:72:cb:7c:23:ac:ca:3d:fa:7a:91:b2:51:56:b9:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Feb 21 02:15:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=559ad61c0d99e3dcd6e41ba65ab898664efea2b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:46:5f:cb:5b:e8:0d:53:f9:84:1f:17:46:5a:
                    4b:86:45:45:f1:ef:1d:9f:06:93:5a:b6:8f:fc:dc:
                    31:2f:75:68:19:ed:93:de:e5:c1:78:3c:d7:8b:b5:
                    14:4a:ad:7f:b1:01:7e:6e:2e:5e:56:31:8a:db:7e:
                    ad:40:7b:e2:a2:46:5b:cb:5f:4d:0c:b2:6d:8c:34:
                    8c:61:12:07:53:54:83:2d:e0:32:fa:af:30:95:47:
                    9f:b9:b0:76:2f:6e:08:c2:a1:82:4c:ed:f4:9f:08:
                    4d:de:46:0a:68:5f:10:3d:43:09:f5:63:39:21:2c:
                    1c:d9:12:93:ca:d6:4e:4f:06:e3:3f:28:cd:93:53:
                    db:a4:73:f0:f3:f5:09:31:9b:84:da:e8:43:a8:19:
                    1b:69:1c:3d:76:bf:3e:b6:56:42:96:a0:bf:3b:3d:
                    f7:4a:72:11:da:60:40:67:5c:4e:ce:83:91:f0:f3:
                    d6:ce:91:8d:51:bd:fb:f6:00:66:80:09:56:10:0e:
                    da:1d:67:24:3d:ba:ef:0c:1f:38:8e:3d:0c:d6:1e:
                    1b:81:a0:77:63:42:26:ec:24:ba:89:49:98:a2:cb:
                    21:ab:07:47:44:f2:43:ee:38:30:63:39:5d:cf:c9:
                    07:79:be:1d:97:ab:21:e0:ca:10:d4:68:43:fa:d8:
                    56:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:9A:D6:1C:0D:99:E3:DC:D6:E4:1B:A6:5A:B8:98:66:4E:FE:A2:B2
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/VZrWHA2Z49zW5BumWriYZk7-orI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.162.0/24
                  91.217.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:53:f2:b9:46:0f:d4:83:89:c0:40:36:85:90:f3:ee:34:2e:
         4e:d8:b5:35:4a:0f:a7:a1:ae:c5:88:be:4d:75:ca:12:be:44:
         84:29:1d:c5:cf:45:3d:cd:70:df:b7:1d:42:7d:14:1f:4b:a6:
         f4:ce:28:91:7e:f4:fb:96:50:5e:73:7a:4e:99:e8:bf:a3:45:
         df:2b:bd:13:87:b5:ac:39:f3:9f:5a:a5:7f:0f:71:b8:c5:f4:
         7a:3c:fb:d4:5d:fb:fc:aa:ec:28:54:49:44:f2:21:17:27:b7:
         b7:5f:3c:41:ce:c2:73:ad:51:a4:90:bb:2f:56:23:5c:c2:f7:
         d6:b6:98:27:42:a8:e0:cc:1f:1b:25:dc:a9:6e:22:4f:b6:df:
         35:68:8b:3b:dd:94:eb:a4:27:5c:b7:52:49:c6:f7:e6:ea:ba:
         05:2f:6a:fe:ee:6a:2f:a8:2c:cc:0c:fe:ef:2b:9f:0b:12:07:
         af:0b:50:73:e2:75:ae:7a:09:c1:cd:eb:1c:17:1e:d3:16:4b:
         a7:52:11:29:34:d5:61:a4:fd:50:c5:11:0d:82:b7:29:03:73:
         0a:ac:7f:9b:ba:de:63:86:cf:c5:84:65:39:a4:47:34:cb:00:
         ca:a2:1c:97:aa:96:c3:df:c2:27:b1:6a:38:a7:0b:dc:a4:68:
         a4:8c:b6:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3Jcst8I6zKPfp6kbJRVrmFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMjIxMDIxNTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTlhZDYxYzBkOTllM2RjZDZlNDFiYTY1YWI4OTg2NjRlZmVhMmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikZfy1voDVP5hB8XRlpLhkVF8e8d
nwaTWraP/NwxL3VoGe2T3uXBeDzXi7UUSq1/sQF+bi5eVjGK236tQHviokZby19N
DLJtjDSMYRIHU1SDLeAy+q8wlUefubB2L24IwqGCTO30nwhN3kYKaF8QPUMJ9WM5
ISwc2RKTytZOTwbjPyjNk1PbpHPw8/UJMZuE2uhDqBkbaRw9dr8+tlZClqC/Oz33
SnIR2mBAZ1xOzoOR8PPWzpGNUb379gBmgAlWEA7aHWckPbrvDB84jj0M1h4bgaB3
Y0Im7CS6iUmYosshqwdHRPJD7jgwYzldz8kHeb4dl6sh4MoQ1GhD+thW/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFWa1hwNmePc1uQbplq4mGZO/qKyMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvVlpyV0hBMlo0OXpXNUJ1bVdyaVlaazctb3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9miAwQA
W9mnMA0GCSqGSIb3DQEBCwUAA4IBAQCoU/K5Rg/Ug4nAQDaFkPPuNC5O2LU1Sg+n
oa7FiL5NdcoSvkSEKR3Fz0U9zXDftx1CfRQfS6b0ziiRfvT7llBec3pOmei/o0Xf
K70Th7WsOfOfWqV/D3G4xfR6PPvUXfv8quwoVElE8iEXJ7e3XzxBzsJzrVGkkLsv
ViNcwvfWtpgnQqjgzB8bJdypbiJPtt81aIs73ZTrpCdct1JJxvfm6roFL2r+7mov
qCzMDP7vK58LEgevC1Bz4nWuegnBzescFx7TFkunUhEpNNVhpP1QxRENgrcpA3MK
rH+but5jhs/FhGU5pEc0ywDKohyXqpbD38InsWo4pwvcpGikjLaf
-----END CERTIFICATE-----