Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/_YAtF3meXjl00QRm1IcIJB91KQ8.roa
File:                     _YAtF3meXjl00QRm1IcIJB91KQ8.roa (raw, json)
Hash identifier:          8yOOh4smpBXh+MxaR1PtwU+bZSbhzAqWkAz5xIZQiqk=
Subject key identifier:   FD:80:2D:17:79:9E:5E:39:74:D1:04:66:D4:87:08:24:1F:75:29:0F
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D60FC7A36D7F718FBA6010A8B2586
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/_YAtF3meXjl00QRm1IcIJB91KQ8.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198280
IP address blocks:        213.91.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:60:fc:7a:36:d7:f7:18:fb:a6:01:0a:8b:25:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd802d17799e5e3974d10466d48708241f75290f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:0d:d8:d0:4c:dc:e8:45:2c:74:f9:35:8d:01:
                    68:cd:b3:a8:a7:15:d1:13:7c:06:a5:7d:d3:a3:47:
                    88:6a:2c:12:80:57:d6:c6:f8:10:b8:0c:db:0f:61:
                    75:0b:5a:c9:50:a2:b9:77:2d:07:c3:95:45:d1:1e:
                    e6:e1:ce:51:6e:74:69:31:8a:df:c9:8a:ca:bd:5a:
                    75:ed:b9:07:8a:e8:33:ac:5c:43:a8:65:ee:ad:db:
                    37:08:38:73:04:8f:7b:f6:00:58:f9:b9:cc:b7:4e:
                    18:a6:1b:01:c3:0a:1d:9d:f4:2f:4d:5e:d1:ad:03:
                    9c:14:78:c7:1a:49:2a:8a:75:21:09:47:9c:17:36:
                    9e:75:34:e6:d2:44:66:25:7b:aa:cc:ac:c7:75:e2:
                    3a:fc:1e:27:67:a1:33:62:87:ef:a7:90:12:6c:f7:
                    ab:41:d3:ac:ea:0f:76:3e:2c:22:27:e6:6b:34:fd:
                    fb:d1:fc:fb:43:eb:a4:88:00:fa:ce:89:8a:76:5d:
                    58:55:29:0d:15:b6:f2:5b:c8:cd:a7:5b:ff:c7:5e:
                    46:2a:ec:8d:d3:63:56:9b:d4:b5:fc:fc:f9:d0:74:
                    ae:c9:46:b8:30:41:f0:33:ba:91:5f:7e:69:92:1c:
                    bb:72:10:9f:a0:dd:37:d9:02:83:d5:04:cd:42:58:
                    61:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:80:2D:17:79:9E:5E:39:74:D1:04:66:D4:87:08:24:1F:75:29:0F
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/_YAtF3meXjl00QRm1IcIJB91KQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:ff:6d:bb:41:18:df:61:75:c2:7d:36:8d:3f:6c:76:f5:72:
         7f:fb:a9:ed:e5:9e:26:c5:06:22:13:bd:63:a5:f2:1b:ed:86:
         9b:7a:55:d2:8b:8c:3f:5e:88:ba:4d:6a:89:49:cb:2e:f9:72:
         ee:fd:9d:1b:da:8c:a3:b2:da:d0:e8:4c:84:2e:ba:b7:9f:d0:
         e3:4c:f8:04:a0:b0:65:c6:4a:6d:04:8c:b7:9e:db:da:ec:7a:
         64:bf:b5:1e:a5:a1:39:32:4b:5a:75:06:2d:50:2f:f5:fc:61:
         60:cf:8f:b7:63:7d:d0:76:66:16:d6:9b:39:2a:55:17:ef:f6:
         20:e9:ee:90:6c:c4:f1:b8:6a:8c:1f:7a:42:a5:53:b1:f2:12:
         8d:9a:08:68:d6:19:d0:1f:8c:cc:a9:67:72:31:14:a9:97:27:
         30:a5:80:34:ae:b5:63:20:6e:39:c4:ee:e0:e2:33:20:db:1d:
         c2:e7:ab:45:0f:05:fc:66:b7:f8:b4:5e:52:5f:f1:0a:0f:76:
         d5:38:8d:0f:30:52:58:9c:6c:4e:64:7f:13:22:03:c2:b0:57:
         7a:81:23:c6:a3:35:a3:cd:04:d2:b2:5a:1a:03:81:af:e5:16:
         64:ac:82:56:05:b2:dc:4c:09:d9:59:00:2a:0d:96:c9:ec:87:
         8d:86:a8:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWD8ejbX9xj7pgEKiyWGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDgwMmQxNzc5OWU1ZTM5NzRkMTA0NjZkNDg3MDgyNDFmNzUyOTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiA3Y0Ezc6EUsdPk1jQFozbOopxXR
E3wGpX3To0eIaiwSgFfWxvgQuAzbD2F1C1rJUKK5dy0Hw5VF0R7m4c5RbnRpMYrf
yYrKvVp17bkHiugzrFxDqGXurds3CDhzBI979gBY+bnMt04YphsBwwodnfQvTV7R
rQOcFHjHGkkqinUhCUecFzaedTTm0kRmJXuqzKzHdeI6/B4nZ6EzYofvp5ASbPer
QdOs6g92PiwiJ+ZrNP370fz7Q+ukiAD6zomKdl1YVSkNFbbyW8jNp1v/x15GKuyN
02NWm9S1/Pz50HSuyUa4MEHwM7qRX35pkhy7chCfoN032QKD1QTNQlhhdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2ALRd5nl45dNEEZtSHCCQfdSkPMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvX1lBdEYzbWVYamwwMFFSbTFJY0lKQjkxS1E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VvnMA0G
CSqGSIb3DQEBCwUAA4IBAQBy/227QRjfYXXCfTaNP2x29XJ/+6nt5Z4mxQYiE71j
pfIb7YabelXSi4w/Xoi6TWqJScsu+XLu/Z0b2oyjstrQ6EyELrq3n9DjTPgEoLBl
xkptBIy3ntva7Hpkv7UepaE5MktadQYtUC/1/GFgz4+3Y33QdmYW1ps5KlUX7/Yg
6e6QbMTxuGqMH3pCpVOx8hKNmgho1hnQH4zMqWdyMRSplycwpYA0rrVjIG45xO7g
4jMg2x3C56tFDwX8Zrf4tF5SX/EKD3bVOI0PMFJYnGxOZH8TIgPCsFd6gSPGozWj
zQTSsloaA4Gv5RZkrIJWBbLcTAnZWQAqDZbJ7IeNhqjm
-----END CERTIFICATE-----