Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/P-wRpDD_4FREzde1CksThLCd5fI.roa
File:                     P-wRpDD_4FREzde1CksThLCd5fI.roa (raw, json)
Hash identifier:          VQ8zN8Uvpw7va2TRrkm2HcgCv5WdSq6ydHOcT0K0K2U=
Subject key identifier:   3F:EC:11:A4:30:FF:E0:54:44:CD:D7:B5:0A:4B:13:84:B0:9D:E5:F2
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       018FA1F200310A11993D1D9A3058CBEFCEE8
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/P-wRpDD_4FREzde1CksThLCd5fI.roa
Signing time:             Wed 22 May 2024 20:15:42 +0000
ROA not before:           Wed 22 May 2024 20:15:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200508
IP address blocks:        91.149.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a1:f2:00:31:0a:11:99:3d:1d:9a:30:58:cb:ef:ce:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: May 22 20:15:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fec11a430ffe05444cdd7b50a4b1384b09de5f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d6:bd:88:4b:fd:4f:e4:46:30:59:58:ad:b8:
                    d4:d9:13:b4:c5:d4:28:db:43:f6:25:53:44:1c:9c:
                    4b:af:b8:61:af:7e:ed:9b:1b:6a:c4:75:f5:f1:26:
                    8d:91:ab:6d:f6:5b:a7:d1:b4:e6:c3:ee:a3:83:ea:
                    7c:42:02:f8:ef:81:34:a6:ca:e0:fd:d9:02:23:e4:
                    00:e8:2f:eb:8a:85:12:dd:28:a0:fa:db:6c:88:47:
                    5e:86:15:36:29:07:ce:8d:68:ba:cd:4b:cc:c8:63:
                    ba:14:43:93:ea:d7:a0:7c:21:66:0f:d2:fc:3d:4c:
                    0f:45:59:16:52:30:16:48:a6:5b:c3:da:8a:7b:dd:
                    82:5a:c2:24:a4:be:b5:42:3c:22:ff:f8:81:4f:20:
                    21:0f:56:06:bf:3c:f8:5a:49:41:79:19:02:d9:e5:
                    8e:a1:c8:7a:74:02:f3:22:e6:d7:20:ed:82:36:99:
                    66:6c:dc:fb:d7:03:a6:2a:1a:8c:0a:59:fe:44:52:
                    de:e9:c0:3f:dc:65:c2:ac:92:b0:e7:ee:fa:a6:63:
                    4c:0d:90:a6:a3:67:18:05:d9:1e:5d:30:d1:5d:09:
                    28:62:3e:be:5d:cd:52:65:c7:53:2c:53:e3:d9:1f:
                    2a:14:9b:ad:e9:8f:c8:c1:d3:77:ea:57:d1:05:6e:
                    07:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:EC:11:A4:30:FF:E0:54:44:CD:D7:B5:0A:4B:13:84:B0:9D:E5:F2
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/P-wRpDD_4FREzde1CksThLCd5fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:2c:35:60:84:3c:2d:0e:d6:d8:71:f8:c0:30:94:8c:6f:8b:
         08:4b:ab:2b:be:2b:86:6c:da:d9:3f:8c:c4:2a:05:8c:d7:57:
         d8:77:33:29:ac:02:cd:57:87:b6:b3:a4:4e:74:34:73:d9:64:
         ab:4c:42:68:b2:55:f9:a2:19:ba:a2:5a:05:9f:5b:3f:58:c2:
         04:5d:ff:04:6d:b3:b7:b2:a5:da:7a:83:5a:49:c7:eb:a6:1a:
         b6:cd:cd:0e:d4:01:5f:f7:8e:c0:85:e3:a4:de:28:4f:51:4a:
         43:bb:23:37:b1:1f:31:fc:d0:e6:04:13:28:eb:cb:cf:91:76:
         db:d3:35:0b:ce:42:17:74:5f:3c:f5:df:ff:8c:64:01:da:aa:
         72:0b:f8:6e:bd:47:58:b7:6c:ee:76:a6:75:d3:9a:c9:ea:39:
         8c:94:d6:04:70:11:92:01:33:5c:54:17:a1:a5:c0:32:27:80:
         51:62:27:72:ec:6b:25:82:39:ff:a5:17:da:f8:3f:42:67:6d:
         4a:f1:12:8a:ad:3e:66:18:26:bd:f1:da:52:5c:ee:e5:b8:3e:
         c7:87:2a:4a:3b:20:28:fb:84:89:2c:72:d7:63:56:8a:c8:86:
         2c:f1:b3:94:32:d9:ce:0a:1f:06:eb:d1:90:cb:48:05:31:a0:
         98:19:42:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+h8gAxChGZPR2aMFjL787oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjQwNTIyMjAxNTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmVjMTFhNDMwZmZlMDU0NDRjZGQ3YjUwYTRiMTM4NGIwOWRlNWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49a9iEv9T+RGMFlYrbjU2RO0xdQo
20P2JVNEHJxLr7hhr37tmxtqxHX18SaNkatt9lun0bTmw+6jg+p8QgL474E0psrg
/dkCI+QA6C/rioUS3Sig+ttsiEdehhU2KQfOjWi6zUvMyGO6FEOT6tegfCFmD9L8
PUwPRVkWUjAWSKZbw9qKe92CWsIkpL61Qjwi//iBTyAhD1YGvzz4WklBeRkC2eWO
och6dALzIubXIO2CNplmbNz71wOmKhqMCln+RFLe6cA/3GXCrJKw5+76pmNMDZCm
o2cYBdkeXTDRXQkoYj6+Xc1SZcdTLFPj2R8qFJut6Y/IwdN36lfRBW4HHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/sEaQw/+BURM3XtQpLE4SwneXyMB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvUC13UnBERF80RlJFemRlMUNrc1RoTENkNWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5XjMA0G
CSqGSIb3DQEBCwUAA4IBAQAcLDVghDwtDtbYcfjAMJSMb4sIS6srviuGbNrZP4zE
KgWM11fYdzMprALNV4e2s6ROdDRz2WSrTEJoslX5ohm6oloFn1s/WMIEXf8EbbO3
sqXaeoNaScfrphq2zc0O1AFf947AheOk3ihPUUpDuyM3sR8x/NDmBBMo68vPkXbb
0zULzkIXdF889d//jGQB2qpyC/huvUdYt2zudqZ105rJ6jmMlNYEcBGSATNcVBeh
pcAyJ4BRYidy7Gslgjn/pRfa+D9CZ21K8RKKrT5mGCa98dpSXO7luD7HhypKOyAo
+4SJLHLXY1aKyIYs8bOUMtnOCh8G69GQy0gFMaCYGULO
-----END CERTIFICATE-----