Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/ZwT8rF973W0eMJ_88GVxs5m40DM.roa
File:                     ZwT8rF973W0eMJ_88GVxs5m40DM.roa (raw, json)
Hash identifier:          nwJyJofI1rerYEyyIWsYRIgEiSBO21tZdBTLsFwJjds=
Subject key identifier:   67:04:FC:AC:5F:7B:DD:6D:1E:30:9F:FC:F0:65:71:B3:99:B8:D0:33
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       018CC94D905649EAAA49A436A763FB70FA94
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/ZwT8rF973W0eMJ_88GVxs5m40DM.roa
Signing time:             Tue 02 Jan 2024 08:32:32 +0000
ROA not before:           Tue 02 Jan 2024 08:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32181
IP address blocks:        91.238.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Jun 2024 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:90:56:49:ea:aa:49:a4:36:a7:63:fb:70:fa:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Jan  2 08:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6704fcac5f7bdd6d1e309ffcf06571b399b8d033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c6:28:c9:5d:04:c1:91:29:73:a5:3c:2e:5f:
                    d0:47:83:4b:8e:72:26:c3:22:ed:be:60:54:b9:5b:
                    f9:09:c1:9c:82:f9:0d:05:5a:8c:5c:cd:86:ec:fa:
                    e1:81:1a:2b:af:c3:a6:c7:7d:42:67:2f:df:8c:56:
                    a2:67:84:21:3b:16:af:22:7f:5d:1c:72:54:1f:42:
                    7d:4b:88:e1:50:00:5e:51:f1:bc:ce:49:d5:2b:29:
                    06:61:79:be:af:b7:5e:20:59:3e:7c:ef:51:12:e4:
                    eb:10:a3:ac:79:a1:6e:ca:f2:8b:8c:de:1f:51:03:
                    64:c2:14:00:18:2c:eb:a7:9a:0c:50:69:6f:b2:76:
                    43:0d:3b:75:2c:08:38:9e:19:4d:6b:67:97:70:13:
                    40:38:2d:cd:39:ac:65:17:f7:0a:ef:de:6e:61:0b:
                    a2:a6:d9:00:02:53:32:9c:18:a1:92:98:46:e8:1c:
                    7d:9e:86:33:31:c2:e2:75:1a:f4:8f:47:59:40:05:
                    d2:f6:1b:aa:0e:38:bb:f0:2a:c3:0c:9b:5a:0c:57:
                    1a:2c:c2:e7:1e:78:1d:1e:56:63:74:e6:51:82:81:
                    eb:87:25:61:68:cd:08:14:84:2d:e8:0e:5a:7c:dd:
                    8d:d3:5d:84:ac:91:1a:c6:a6:f7:a9:23:9f:bf:b9:
                    9e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:04:FC:AC:5F:7B:DD:6D:1E:30:9F:FC:F0:65:71:B3:99:B8:D0:33
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/ZwT8rF973W0eMJ_88GVxs5m40DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:4d:49:d4:74:ee:78:72:45:c2:a8:ba:f0:31:01:d5:c0:f7:
         1b:c9:0f:af:96:d9:3a:d2:3a:88:95:1b:51:4d:0f:aa:32:69:
         5b:a3:3e:e7:e6:b5:83:8c:a0:a4:0a:69:40:43:f5:c1:02:44:
         05:8d:be:26:35:45:aa:5e:e1:e5:43:e0:97:a3:d7:30:1c:7d:
         7a:95:8d:38:8d:6a:1a:ba:0a:8a:f9:7d:ef:24:68:ae:0e:d9:
         50:43:a5:62:bc:83:64:84:35:a1:9c:7b:25:b3:ee:8b:b0:3a:
         a4:cf:77:76:da:2a:4e:e2:c4:ef:12:a8:f8:61:f6:2d:12:9a:
         54:83:6a:1c:8a:a9:0b:8a:ad:5c:3e:44:c1:bb:53:b4:a8:a4:
         6a:c1:71:a4:b0:8f:b0:c8:dd:a9:72:fd:c0:0b:1d:b6:df:fa:
         53:a1:83:fa:cd:99:99:96:4d:b7:a9:40:07:a3:63:11:7e:6c:
         aa:9b:2c:ab:3b:eb:7e:40:03:e9:9e:32:f0:ca:a5:c6:ed:f4:
         25:88:97:c4:9e:d9:e0:33:46:de:2f:15:56:47:1e:06:98:23:
         17:76:77:65:88:96:4c:4a:bb:d0:18:3c:c6:27:74:8d:56:d8:
         ba:a2:0b:a4:37:72:25:63:45:72:85:4c:38:07:ea:29:fc:6d:
         d7:a2:8f:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTZBWSeqqSaQ2p2P7cPqUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjQwMTAyMDgzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzA0ZmNhYzVmN2JkZDZkMWUzMDlmZmNmMDY1NzFiMzk5YjhkMDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcYoyV0EwZEpc6U8Ll/QR4NLjnIm
wyLtvmBUuVv5CcGcgvkNBVqMXM2G7PrhgRorr8Omx31CZy/fjFaiZ4QhOxavIn9d
HHJUH0J9S4jhUABeUfG8zknVKykGYXm+r7deIFk+fO9REuTrEKOseaFuyvKLjN4f
UQNkwhQAGCzrp5oMUGlvsnZDDTt1LAg4nhlNa2eXcBNAOC3NOaxlF/cK795uYQui
ptkAAlMynBihkphG6Bx9noYzMcLidRr0j0dZQAXS9huqDji78CrDDJtaDFcaLMLn
HngdHlZjdOZRgoHrhyVhaM0IFIQt6A5afN2N012ErJEaxqb3qSOfv7mehQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcE/Kxfe91tHjCf/PBlcbOZuNAzMB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvWndUOHJGOTczVzBlTUpfODhHVnhzNW00MERNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYtMjdmYmM5OWVhM2M2
LzEvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+5HMA0G
CSqGSIb3DQEBCwUAA4IBAQB2TUnUdO54ckXCqLrwMQHVwPcbyQ+vltk60jqIlRtR
TQ+qMmlboz7n5rWDjKCkCmlAQ/XBAkQFjb4mNUWqXuHlQ+CXo9cwHH16lY04jWoa
ugqK+X3vJGiuDtlQQ6VivINkhDWhnHsls+6LsDqkz3d22ipO4sTvEqj4YfYtEppU
g2ociqkLiq1cPkTBu1O0qKRqwXGksI+wyN2pcv3ACx223/pToYP6zZmZlk23qUAH
o2MRfmyqmyyrO+t+QAPpnjLwyqXG7fQliJfEntngM0beLxVWRx4GmCMXdndliJZM
SrvQGDzGJ3SNVti6ogukN3IlY0VyhUw4B+op/G3Xoo84
-----END CERTIFICATE-----