Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/01cb70-518b-441b-b3da-646d7eee0a0f/1/YUHdc9sOrd0KEVdRmLCPPgaAS0g.roa
File:                     YUHdc9sOrd0KEVdRmLCPPgaAS0g.roa (raw, json)
Hash identifier:          ik61WbcF9h0Av6aGCJHCsLXKZCppDl5mkGScVzoz01c=
Subject key identifier:   61:41:DD:73:DB:0E:AD:DD:0A:11:57:51:98:B0:8F:3E:06:80:4B:48
Certificate issuer:       /CN=a8fb831f5bd6c0c20b8e09be511c21be7dc5deba
Certificate serial:       018CEC17EF9E753E88FAABC37EEA35B97FD7
Authority key identifier: A8:FB:83:1F:5B:D6:C0:C2:0B:8E:09:BE:51:1C:21:BE:7D:C5:DE:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qPuDH1vWwMILjgm-URwhvn3F3ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/01cb70-518b-441b-b3da-646d7eee0a0f/1/YUHdc9sOrd0KEVdRmLCPPgaAS0g.roa
Signing time:             Tue 09 Jan 2024 02:40:40 +0000
ROA not before:           Tue 09 Jan 2024 02:40:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56845
IP address blocks:        91.228.40.0/24 maxlen: 24
                          91.228.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/01cb70-518b-441b-b3da-646d7eee0a0f/1/qPuDH1vWwMILjgm-URwhvn3F3ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/01cb70-518b-441b-b3da-646d7eee0a0f/1/qPuDH1vWwMILjgm-URwhvn3F3ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qPuDH1vWwMILjgm-URwhvn3F3ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ec:17:ef:9e:75:3e:88:fa:ab:c3:7e:ea:35:b9:7f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8fb831f5bd6c0c20b8e09be511c21be7dc5deba
        Validity
            Not Before: Jan  9 02:40:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6141dd73db0eaddd0a11575198b08f3e06804b48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:8e:d5:51:eb:24:a3:4f:88:19:de:63:28:55:
                    37:aa:46:f6:40:01:59:bf:ce:80:f4:fe:3b:98:10:
                    88:87:41:f1:30:73:74:4a:65:c5:45:5f:93:16:77:
                    04:1d:62:0e:8e:6a:b3:95:9e:3f:a9:d5:e0:6e:dd:
                    7a:85:0d:43:f5:19:8e:90:33:9c:e1:d5:00:0b:06:
                    52:fb:f6:2b:64:0e:62:42:3f:a9:52:fd:38:ee:0e:
                    83:96:81:3e:68:09:05:88:4b:1b:cf:20:f4:c7:d6:
                    fe:1b:1d:a8:14:52:60:20:7b:33:d9:b9:96:dd:c8:
                    f0:48:49:36:b2:8a:6f:b1:dc:06:f2:d2:5e:63:5a:
                    0a:69:ca:f3:d8:7a:3d:61:0c:16:4a:a4:e5:f7:a2:
                    27:97:64:7b:0c:ec:4a:ec:be:42:f1:99:0a:f2:e9:
                    c4:fa:77:8d:42:cf:e8:01:f1:a1:07:09:90:16:58:
                    6f:34:33:bd:87:1c:2a:b7:4b:cb:66:aa:49:b0:6e:
                    7c:22:65:88:8d:68:39:b0:3a:ce:6e:91:c2:67:20:
                    9d:e4:4f:84:8f:62:66:07:dd:bb:2b:87:e3:11:32:
                    74:c7:1c:c2:cd:84:ba:3e:b2:37:0e:a7:90:94:dc:
                    d2:22:c1:64:d8:ff:8f:d5:10:77:00:f7:a1:32:58:
                    05:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:41:DD:73:DB:0E:AD:DD:0A:11:57:51:98:B0:8F:3E:06:80:4B:48
            X509v3 Authority Key Identifier:
                keyid:A8:FB:83:1F:5B:D6:C0:C2:0B:8E:09:BE:51:1C:21:BE:7D:C5:DE:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qPuDH1vWwMILjgm-URwhvn3F3ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/01cb70-518b-441b-b3da-646d7eee0a0f/1/YUHdc9sOrd0KEVdRmLCPPgaAS0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/01cb70-518b-441b-b3da-646d7eee0a0f/1/qPuDH1vWwMILjgm-URwhvn3F3ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:40:f9:e4:e1:cc:f2:34:ca:97:82:ab:a7:c7:61:1a:41:7f:
         cc:e8:c0:26:a5:42:e4:ea:3c:f5:37:0e:01:8d:67:70:01:2a:
         0b:f7:7f:88:50:e1:d3:47:02:ea:04:12:4e:5b:c7:84:9f:48:
         22:7f:9a:1f:ef:88:1c:e4:e6:a3:af:d7:4d:a8:b9:72:eb:01:
         61:36:e9:d3:b8:45:d5:d1:71:f7:38:53:45:58:c0:b1:bd:d6:
         d9:79:07:b3:08:05:23:d6:fe:c6:8c:47:81:2b:34:ee:bf:cf:
         c2:be:26:3f:e9:a6:b6:b8:a8:c7:78:dc:fd:da:26:29:a4:66:
         43:40:c9:1a:44:b1:76:5c:ad:85:40:33:83:3a:d7:07:56:60:
         5f:1a:5e:75:2f:4d:39:f9:c0:49:cf:77:5f:8d:10:2a:4c:51:
         d8:96:e2:68:17:a9:a0:1a:0b:5e:69:6d:70:93:c1:06:b3:1b:
         be:38:ca:df:c3:38:bf:cd:8d:a7:2e:99:a5:25:fb:12:dc:9b:
         1f:93:44:9f:8e:4a:e7:11:ea:ef:54:5c:e9:c7:38:88:31:7a:
         75:21:38:7a:bf:19:91:3f:67:b8:0c:34:b3:41:ea:c5:fe:c2:
         1d:8c:f0:6a:77:18:97:f8:f8:d3:af:43:4a:4b:8d:d5:08:65:
         3a:20:fa:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzsF++edT6I+qvDfuo1uX/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZmI4MzFmNWJkNmMwYzIwYjhlMDliZTUxMWMyMWJlN2Rj
NWRlYmEwHhcNMjQwMTA5MDI0MDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTQxZGQ3M2RiMGVhZGRkMGExMTU3NTE5OGIwOGYzZTA2ODA0YjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhY7VUesko0+IGd5jKFU3qkb2QAFZ
v86A9P47mBCIh0HxMHN0SmXFRV+TFncEHWIOjmqzlZ4/qdXgbt16hQ1D9RmOkDOc
4dUACwZS+/YrZA5iQj+pUv047g6DloE+aAkFiEsbzyD0x9b+Gx2oFFJgIHsz2bmW
3cjwSEk2sopvsdwG8tJeY1oKacrz2Ho9YQwWSqTl96Inl2R7DOxK7L5C8ZkK8unE
+neNQs/oAfGhBwmQFlhvNDO9hxwqt0vLZqpJsG58ImWIjWg5sDrObpHCZyCd5E+E
j2JmB927K4fjETJ0xxzCzYS6PrI3DqeQlNzSIsFk2P+P1RB3APehMlgFJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFB3XPbDq3dChFXUZiwjz4GgEtIMB8GA1UdIwQY
MBaAFKj7gx9b1sDCC44JvlEcIb59xd66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVB1REgxdld3TUlMamdtLVVSd2h2bjNGM3JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8wMWNiNzAtNTE4Yi00NDFiLWIzZGEt
NjQ2ZDdlZWUwYTBmLzEvWVVIZGM5c09yZDBLRVZkUm1MQ1BQZ2FBUzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8wMWNiNzAtNTE4Yi00NDFiLWIzZGEtNjQ2ZDdlZWUwYTBm
LzEvcVB1REgxdld3TUlMamdtLVVSd2h2bjNGM3JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+QoMA0G
CSqGSIb3DQEBCwUAA4IBAQBRQPnk4czyNMqXgqunx2EaQX/M6MAmpULk6jz1Nw4B
jWdwASoL93+IUOHTRwLqBBJOW8eEn0gif5of74gc5Oajr9dNqLly6wFhNunTuEXV
0XH3OFNFWMCxvdbZeQezCAUj1v7GjEeBKzTuv8/CviY/6aa2uKjHeNz92iYppGZD
QMkaRLF2XK2FQDODOtcHVmBfGl51L005+cBJz3dfjRAqTFHYluJoF6mgGgteaW1w
k8EGsxu+OMrfwzi/zY2nLpmlJfsS3Jsfk0SfjkrnEervVFzpxziIMXp1ITh6vxmR
P2e4DDSzQerF/sIdjPBqdxiX+PjTr0NKS43VCGU6IPoO
-----END CERTIFICATE-----