Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/_FrXU6Wkf3mHSPICoCAMktkmmJM.roa
File:                     _FrXU6Wkf3mHSPICoCAMktkmmJM.roa (raw, json)
Hash identifier:          twM8u5KM5Opy5uT/f/vpbuxgJU3zqoS3QCro0uS5RR0=
Subject key identifier:   FC:5A:D7:53:A5:A4:7F:79:87:48:F2:02:A0:20:0C:92:D9:26:98:93
Certificate issuer:       /CN=80e6205c2a210f57fb71f27f3c4baaeb53dd5e33
Certificate serial:       018CC424489AA46E10486B79C7EFC88EE945
Authority key identifier: 80:E6:20:5C:2A:21:0F:57:FB:71:F2:7F:3C:4B:AA:EB:53:DD:5E:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gOYgXCohD1f7cfJ_PEuq61PdXjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/_FrXU6Wkf3mHSPICoCAMktkmmJM.roa
Signing time:             Mon 01 Jan 2024 08:29:21 +0000
ROA not before:           Mon 01 Jan 2024 08:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8685
IP address blocks:        91.208.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/gOYgXCohD1f7cfJ_PEuq61PdXjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/gOYgXCohD1f7cfJ_PEuq61PdXjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gOYgXCohD1f7cfJ_PEuq61PdXjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:48:9a:a4:6e:10:48:6b:79:c7:ef:c8:8e:e9:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80e6205c2a210f57fb71f27f3c4baaeb53dd5e33
        Validity
            Not Before: Jan  1 08:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc5ad753a5a47f798748f202a0200c92d9269893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f1:f6:37:85:80:b7:9c:b8:08:f6:25:8f:ed:
                    76:fc:61:e9:80:ec:0c:25:44:b6:c7:43:5c:dd:de:
                    5a:70:f5:97:17:b3:1f:bb:94:ed:7e:96:24:95:da:
                    af:a9:4f:53:2c:32:07:4f:45:9d:1e:1d:e5:96:af:
                    72:2d:e5:c1:38:f2:9c:81:8b:88:22:43:ca:3c:9f:
                    ab:2e:28:cf:bd:c4:6e:61:38:51:72:f1:74:cd:bb:
                    fd:d6:14:ec:43:68:87:a6:be:ee:6b:10:06:7a:ed:
                    4b:3e:c4:cd:86:dd:b6:7d:d0:2e:3a:86:10:ec:c2:
                    0a:12:50:09:62:6d:d9:a1:08:8b:fd:74:94:af:d5:
                    18:21:02:12:7f:04:59:fe:b5:d0:77:76:c8:1b:de:
                    15:5b:9b:2b:b9:67:82:5f:dc:05:4d:ac:b3:cc:33:
                    6b:15:06:2e:3b:d5:78:ee:db:50:e2:02:d5:db:ed:
                    51:9b:38:67:fb:f2:d0:d5:be:46:53:22:75:16:a3:
                    6c:06:5a:d3:7c:e1:16:9b:5b:f9:2c:cd:4b:ae:b3:
                    64:98:b8:c5:1f:1f:1f:a0:d2:9c:1a:2d:b1:2c:cc:
                    d7:12:56:f0:49:c8:31:86:9f:c1:81:d5:81:b2:13:
                    65:98:c4:4a:41:02:4e:5e:c0:c5:b4:e0:65:d7:c4:
                    e5:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:5A:D7:53:A5:A4:7F:79:87:48:F2:02:A0:20:0C:92:D9:26:98:93
            X509v3 Authority Key Identifier:
                keyid:80:E6:20:5C:2A:21:0F:57:FB:71:F2:7F:3C:4B:AA:EB:53:DD:5E:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gOYgXCohD1f7cfJ_PEuq61PdXjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/_FrXU6Wkf3mHSPICoCAMktkmmJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/gOYgXCohD1f7cfJ_PEuq61PdXjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:00:f2:b5:21:2a:a3:c4:a0:5e:09:5c:8b:6b:23:82:6d:9f:
         34:fb:4f:da:72:c9:2b:14:59:3a:a5:cd:06:47:98:b2:5d:e7:
         f3:96:04:51:85:b8:19:75:c1:39:23:82:56:b4:37:12:8e:57:
         96:0f:6c:55:6a:45:b6:2e:11:8c:f6:3b:8f:89:8b:1e:1d:0a:
         55:da:75:dd:f5:36:5e:d5:29:40:ff:31:8f:de:2a:fc:32:0d:
         5e:2e:18:18:c8:e0:57:3b:9c:22:08:6b:f1:c3:3f:e8:d1:a0:
         49:95:57:46:1d:aa:95:21:5f:b0:f3:41:3c:12:f4:9d:bf:e8:
         59:f8:70:0d:75:60:dc:2e:d3:64:89:66:b9:70:71:e0:c4:d8:
         d4:47:c8:20:d8:a9:68:c1:08:15:90:6e:24:65:2b:9a:23:91:
         b6:fd:ad:5b:4b:ab:7e:66:23:8c:52:df:6a:bc:9f:8a:e0:36:
         66:d2:49:2d:45:c3:ab:b6:8d:75:de:b5:64:e9:ca:19:02:ef:
         a0:bf:72:c4:8a:03:63:b2:63:ce:d0:0a:94:61:6d:64:ec:51:
         72:e8:cc:5c:16:f6:99:c7:db:e2:f1:ae:e1:32:5e:dc:e5:51:
         d5:54:f9:3d:6e:9b:c4:e0:b3:10:7d:3e:ed:b3:9e:5b:55:7d:
         01:97:8b:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJEiapG4QSGt5x+/IjulFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZTYyMDVjMmEyMTBmNTdmYjcxZjI3ZjNjNGJhYWViNTNk
ZDVlMzMwHhcNMjQwMTAxMDgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzVhZDc1M2E1YTQ3Zjc5ODc0OGYyMDJhMDIwMGM5MmQ5MjY5ODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPH2N4WAt5y4CPYlj+12/GHpgOwM
JUS2x0Nc3d5acPWXF7Mfu5TtfpYkldqvqU9TLDIHT0WdHh3llq9yLeXBOPKcgYuI
IkPKPJ+rLijPvcRuYThRcvF0zbv91hTsQ2iHpr7uaxAGeu1LPsTNht22fdAuOoYQ
7MIKElAJYm3ZoQiL/XSUr9UYIQISfwRZ/rXQd3bIG94VW5sruWeCX9wFTayzzDNr
FQYuO9V47ttQ4gLV2+1Rmzhn+/LQ1b5GUyJ1FqNsBlrTfOEWm1v5LM1LrrNkmLjF
Hx8foNKcGi2xLMzXElbwScgxhp/BgdWBshNlmMRKQQJOXsDFtOBl18TlCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxa11OlpH95h0jyAqAgDJLZJpiTMB8GA1UdIwQY
MBaAFIDmIFwqIQ9X+3HyfzxLqutT3V4zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ09ZZ1hDb2hEMWY3Y2ZKX1BFdXE2MVBkWGpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8xZjc0ZTQtZGM2OC00YjJlLThlYjEt
N2I4ZDdlZTlmNDExLzEvX0ZyWFU2V2tmM21IU1BJQ29DQU1rdGttbUpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8xZjc0ZTQtZGM2OC00YjJlLThlYjEtN2I4ZDdlZTlmNDEx
LzEvZ09ZZ1hDb2hEMWY3Y2ZKX1BFdXE2MVBkWGpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BGMA0G
CSqGSIb3DQEBCwUAA4IBAQCQAPK1ISqjxKBeCVyLayOCbZ80+0/acskrFFk6pc0G
R5iyXefzlgRRhbgZdcE5I4JWtDcSjleWD2xVakW2LhGM9juPiYseHQpV2nXd9TZe
1SlA/zGP3ir8Mg1eLhgYyOBXO5wiCGvxwz/o0aBJlVdGHaqVIV+w80E8EvSdv+hZ
+HANdWDcLtNkiWa5cHHgxNjUR8gg2KlowQgVkG4kZSuaI5G2/a1bS6t+ZiOMUt9q
vJ+K4DZm0kktRcOrto113rVk6coZAu+gv3LEigNjsmPO0AqUYW1k7FFy6MxcFvaZ
x9vi8a7hMl7c5VHVVPk9bpvE4LMQfT7ts55bVX0Bl4sx
-----END CERTIFICATE-----