Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/360b17-7e17-451b-abd5-85a534f180fd/1/oU28c1s-ycsQLCFqJgR6MeIP1zM.roa
File:                     oU28c1s-ycsQLCFqJgR6MeIP1zM.roa (raw, json)
Hash identifier:          7c/AJUIOTJ0l8YYqt7pZwb0ES63c+/e50yfRYmJkgJc=
Subject key identifier:   A1:4D:BC:73:5B:3E:C9:CB:10:2C:21:6A:26:04:7A:31:E2:0F:D7:33
Certificate issuer:       /CN=28ac9edd240bfc4520ce0bc9b245963d24e2bfe2
Certificate serial:       018CC8DF1A4B0F449CA4954F4A6790079B2C
Authority key identifier: 28:AC:9E:DD:24:0B:FC:45:20:CE:0B:C9:B2:45:96:3D:24:E2:BF:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KKye3SQL_EUgzgvJskWWPSTiv-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/360b17-7e17-451b-abd5-85a534f180fd/1/oU28c1s-ycsQLCFqJgR6MeIP1zM.roa
Signing time:             Tue 02 Jan 2024 06:31:53 +0000
ROA not before:           Tue 02 Jan 2024 06:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60945
IP address blocks:        92.60.44.0/22 maxlen: 24
                          91.218.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/360b17-7e17-451b-abd5-85a534f180fd/1/KKye3SQL_EUgzgvJskWWPSTiv-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/360b17-7e17-451b-abd5-85a534f180fd/1/KKye3SQL_EUgzgvJskWWPSTiv-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KKye3SQL_EUgzgvJskWWPSTiv-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 06:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:1a:4b:0f:44:9c:a4:95:4f:4a:67:90:07:9b:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28ac9edd240bfc4520ce0bc9b245963d24e2bfe2
        Validity
            Not Before: Jan  2 06:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a14dbc735b3ec9cb102c216a26047a31e20fd733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:64:9f:81:a6:0a:b5:68:18:24:97:ff:f2:59:
                    d1:b2:72:b0:09:1b:f5:72:4d:d6:08:3f:e7:f2:6f:
                    d1:32:9e:92:6e:12:aa:49:ef:3f:0d:a8:68:e6:72:
                    83:98:a0:5d:b4:34:75:45:71:37:30:1d:7b:94:2a:
                    6b:55:ff:bd:c8:f1:b2:8b:50:24:4e:e5:11:35:e0:
                    28:08:fb:78:3d:e5:70:33:e5:69:a6:40:a4:53:3e:
                    23:49:b0:96:a5:de:94:85:a0:6f:2b:71:e2:48:f0:
                    5c:e0:86:85:94:14:a1:04:33:6f:5c:78:47:55:2a:
                    28:99:76:41:c0:21:0e:b4:85:a3:a5:ab:96:57:19:
                    15:08:e5:8f:a9:a4:a3:66:a1:a9:4f:96:22:45:6c:
                    64:f9:d5:08:af:1b:c7:81:73:10:cc:7c:7a:df:ea:
                    35:87:4d:e0:4e:f8:eb:f2:58:9f:76:ac:42:ca:31:
                    c6:2f:97:62:29:4f:66:c4:c0:c8:3f:b4:7d:bd:a8:
                    8a:a5:24:ef:e1:93:da:67:9f:f2:2f:ce:aa:7d:0e:
                    14:eb:31:6e:f9:35:2f:ab:b6:88:c7:0a:c5:86:63:
                    0e:90:37:eb:56:93:0c:cd:b8:37:5e:7e:0b:08:89:
                    09:6c:c4:13:d5:02:95:51:9c:1a:8d:f4:f3:84:12:
                    f8:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:4D:BC:73:5B:3E:C9:CB:10:2C:21:6A:26:04:7A:31:E2:0F:D7:33
            X509v3 Authority Key Identifier:
                keyid:28:AC:9E:DD:24:0B:FC:45:20:CE:0B:C9:B2:45:96:3D:24:E2:BF:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KKye3SQL_EUgzgvJskWWPSTiv-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/360b17-7e17-451b-abd5-85a534f180fd/1/oU28c1s-ycsQLCFqJgR6MeIP1zM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/360b17-7e17-451b-abd5-85a534f180fd/1/KKye3SQL_EUgzgvJskWWPSTiv-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.58.0/24
                  92.60.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:30:30:db:07:6a:85:e7:46:0d:48:dd:19:f0:18:1d:ea:12:
         06:4c:7f:6b:34:36:81:cd:60:9e:05:fc:0e:7f:ce:80:ed:84:
         0b:3a:80:3d:b4:c3:1d:d9:3d:21:50:76:93:9c:20:74:81:6d:
         f7:fa:96:2f:d1:2f:1a:a5:2b:93:15:3a:4c:62:63:05:4d:74:
         16:e6:79:44:32:7d:17:4d:44:da:40:6c:af:8b:97:d4:45:2b:
         25:6d:47:99:61:5b:2a:f1:38:43:a8:03:77:71:2a:23:5f:dd:
         93:71:65:a5:5f:44:da:1e:f1:03:0d:09:eb:ef:14:7c:a7:a6:
         5c:6c:2e:70:98:ae:b4:79:5c:5d:5c:38:0a:ec:69:56:48:99:
         92:24:0c:46:56:04:ee:55:e4:86:3d:5c:b6:56:87:79:bd:73:
         6c:b4:a7:7b:f1:6b:ff:24:d4:20:84:2c:b8:49:68:1b:f8:56:
         f3:b2:52:5d:26:ea:6f:51:de:f8:d7:f7:27:a6:b1:95:00:b8:
         dd:42:c9:6b:02:79:a6:eb:d6:21:99:45:5a:2a:23:47:72:ea:
         5b:22:f1:66:af:63:99:d4:bf:d5:45:f1:49:bd:50:a5:2e:58:
         81:09:9d:5e:43:4a:4c:3b:ea:14:e2:0b:3a:68:9d:ec:41:fa:
         11:fe:d5:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3xpLD0ScpJVPSmeQB5ssMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YWM5ZWRkMjQwYmZjNDUyMGNlMGJjOWIyNDU5NjNkMjRl
MmJmZTIwHhcNMjQwMTAyMDYzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTRkYmM3MzViM2VjOWNiMTAyYzIxNmEyNjA0N2EzMWUyMGZkNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmSfgaYKtWgYJJf/8lnRsnKwCRv1
ck3WCD/n8m/RMp6SbhKqSe8/Daho5nKDmKBdtDR1RXE3MB17lCprVf+9yPGyi1Ak
TuURNeAoCPt4PeVwM+VppkCkUz4jSbCWpd6UhaBvK3HiSPBc4IaFlBShBDNvXHhH
VSoomXZBwCEOtIWjpauWVxkVCOWPqaSjZqGpT5YiRWxk+dUIrxvHgXMQzHx63+o1
h03gTvjr8lifdqxCyjHGL5diKU9mxMDIP7R9vaiKpSTv4ZPaZ5/yL86qfQ4U6zFu
+TUvq7aIxwrFhmMOkDfrVpMMzbg3Xn4LCIkJbMQT1QKVUZwajfTzhBL4cQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKFNvHNbPsnLECwhaiYEejHiD9czMB8GA1UdIwQY
MBaAFCisnt0kC/xFIM4LybJFlj0k4r/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0t5ZTNTUUxfRVVnemd2SnNrV1dQU1Rpdi1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zNjBiMTctN2UxNy00NTFiLWFiZDUt
ODVhNTM0ZjE4MGZkLzEvb1UyOGMxcy15Y3NRTENGcUpnUjZNZUlQMXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zNjBiMTctN2UxNy00NTFiLWFiZDUtODVhNTM0ZjE4MGZk
LzEvS0t5ZTNTUUxfRVVnemd2SnNrV1dQU1Rpdi1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9o6AwQC
XDwsMA0GCSqGSIb3DQEBCwUAA4IBAQB8MDDbB2qF50YNSN0Z8Bgd6hIGTH9rNDaB
zWCeBfwOf86A7YQLOoA9tMMd2T0hUHaTnCB0gW33+pYv0S8apSuTFTpMYmMFTXQW
5nlEMn0XTUTaQGyvi5fURSslbUeZYVsq8ThDqAN3cSojX92TcWWlX0TaHvEDDQnr
7xR8p6ZcbC5wmK60eVxdXDgK7GlWSJmSJAxGVgTuVeSGPVy2Vod5vXNstKd78Wv/
JNQghCy4SWgb+FbzslJdJupvUd741/cnprGVALjdQslrAnmm69YhmUVaKiNHcupb
IvFmr2OZ1L/VRfFJvVClLliBCZ1eQ0pMO+oU4gs6aJ3sQfoR/tVm
-----END CERTIFICATE-----