Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/90172a-969b-46da-8088-791a62d2d8ab/1/6SPzOT2WL2Q0Gm9HwJqr2xmtNnQ.roa
File:                     6SPzOT2WL2Q0Gm9HwJqr2xmtNnQ.roa (raw, json)
Hash identifier:          3OEcuCk49V0R5s2lNl2ZRyo81GnXPNJATBiJsFhVK18=
Subject key identifier:   E9:23:F3:39:3D:96:2F:64:34:1A:6F:47:C0:9A:AB:DB:19:AD:36:74
Certificate issuer:       /CN=9992b53426fb614d9a5a6d83f400566a660c9dd2
Certificate serial:       018CC7272E366258E9FE921BF8D853986193
Authority key identifier: 99:92:B5:34:26:FB:61:4D:9A:5A:6D:83:F4:00:56:6A:66:0C:9D:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mZK1NCb7YU2aWm2D9ABWamYMndI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/90172a-969b-46da-8088-791a62d2d8ab/1/6SPzOT2WL2Q0Gm9HwJqr2xmtNnQ.roa
Signing time:             Mon 01 Jan 2024 22:31:22 +0000
ROA not before:           Mon 01 Jan 2024 22:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50572
IP address blocks:        91.223.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/90172a-969b-46da-8088-791a62d2d8ab/1/mZK1NCb7YU2aWm2D9ABWamYMndI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/90172a-969b-46da-8088-791a62d2d8ab/1/mZK1NCb7YU2aWm2D9ABWamYMndI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mZK1NCb7YU2aWm2D9ABWamYMndI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2e:36:62:58:e9:fe:92:1b:f8:d8:53:98:61:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9992b53426fb614d9a5a6d83f400566a660c9dd2
        Validity
            Not Before: Jan  1 22:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e923f3393d962f64341a6f47c09aabdb19ad3674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:66:09:ff:d8:03:3d:d0:b3:11:af:78:c1:1b:
                    76:ff:7a:1f:3e:01:61:9d:b7:ad:3b:22:c3:f6:8c:
                    83:d4:52:45:89:42:ec:4e:f5:ce:5a:05:2d:b6:7f:
                    9b:e6:49:29:87:29:6e:65:b1:f4:e7:6a:72:ac:9f:
                    de:88:0c:e1:37:cb:44:bb:00:03:45:7e:22:a7:ed:
                    82:08:16:54:49:48:bd:11:32:4b:3a:c0:27:54:5b:
                    4f:8a:85:67:cf:13:93:50:b7:47:89:8d:88:16:87:
                    c1:df:57:b3:e9:e5:cc:ec:58:d6:bf:fe:1e:0a:99:
                    25:b9:71:28:6c:5a:d1:ae:6e:c1:cc:5a:4d:ed:04:
                    ca:67:73:70:9e:81:51:73:54:8c:78:78:fd:94:93:
                    26:d7:9f:eb:c6:dd:a9:be:98:7b:d9:36:ba:58:08:
                    0e:3d:e2:09:ae:25:94:99:ee:8c:d8:01:f3:8d:9b:
                    0d:66:ba:24:e7:ea:da:0b:68:73:e7:d8:25:d6:cc:
                    3d:a4:33:66:c4:fe:b5:81:e8:fe:75:f4:30:0c:c3:
                    8b:a8:d0:35:88:c7:f8:90:7e:b1:30:f0:60:c9:f3:
                    e8:62:bd:7b:5f:94:9b:41:5b:f1:ef:d2:4a:0c:e4:
                    72:bb:65:71:c4:16:83:5f:d0:90:0d:a5:7a:d2:99:
                    da:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:23:F3:39:3D:96:2F:64:34:1A:6F:47:C0:9A:AB:DB:19:AD:36:74
            X509v3 Authority Key Identifier:
                keyid:99:92:B5:34:26:FB:61:4D:9A:5A:6D:83:F4:00:56:6A:66:0C:9D:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mZK1NCb7YU2aWm2D9ABWamYMndI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/90172a-969b-46da-8088-791a62d2d8ab/1/6SPzOT2WL2Q0Gm9HwJqr2xmtNnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/90172a-969b-46da-8088-791a62d2d8ab/1/mZK1NCb7YU2aWm2D9ABWamYMndI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:93:5b:10:af:f0:44:54:f7:86:7d:77:83:38:90:2e:22:00:
         1c:32:df:f4:6f:aa:54:86:aa:65:42:31:fa:ee:18:32:e7:34:
         48:71:8a:46:71:b9:e3:a7:1a:a7:0c:e3:c4:3b:e8:14:a8:dd:
         cf:58:d1:41:00:e3:1c:a3:0f:4c:fd:87:f5:8d:5b:77:46:c5:
         57:dd:37:8a:1f:9e:5f:5f:ea:c5:f3:4a:39:2f:2a:be:f3:4b:
         dc:45:3e:b8:c2:fd:a3:95:c9:8d:0c:03:f5:1f:9d:13:8c:9e:
         ee:30:98:40:16:2c:da:bc:9e:c3:fb:96:08:b0:88:62:3c:db:
         ae:62:fd:94:50:7d:ff:ae:c4:7c:14:77:2e:99:4a:9c:fc:80:
         ba:fa:66:78:da:ee:33:77:fb:32:d6:a7:f3:79:38:2c:57:15:
         3f:21:bf:54:93:c5:f7:12:65:b3:7a:98:bd:6d:7a:76:ec:c5:
         3b:cc:f6:ff:e2:72:e0:ce:ad:5b:15:a0:97:7f:75:1c:6a:42:
         de:d2:3f:37:a5:b2:64:18:16:88:43:a8:fc:69:12:f1:31:e1:
         7a:48:41:1f:36:7c:ed:58:0e:62:81:86:f5:9c:7d:72:77:51:
         36:63:77:6c:1f:f2:fd:77:ff:dd:d5:e7:a6:ef:9e:01:1b:ac:
         ab:73:81:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJy42Yljp/pIb+NhTmGGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5OTJiNTM0MjZmYjYxNGQ5YTVhNmQ4M2Y0MDA1NjZhNjYw
YzlkZDIwHhcNMjQwMTAxMjIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTIzZjMzOTNkOTYyZjY0MzQxYTZmNDdjMDlhYWJkYjE5YWQzNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmYJ/9gDPdCzEa94wRt2/3ofPgFh
nbetOyLD9oyD1FJFiULsTvXOWgUttn+b5kkphyluZbH052pyrJ/eiAzhN8tEuwAD
RX4ip+2CCBZUSUi9ETJLOsAnVFtPioVnzxOTULdHiY2IFofB31ez6eXM7FjWv/4e
CpkluXEobFrRrm7BzFpN7QTKZ3NwnoFRc1SMeHj9lJMm15/rxt2pvph72Ta6WAgO
PeIJriWUme6M2AHzjZsNZrok5+raC2hz59gl1sw9pDNmxP61gej+dfQwDMOLqNA1
iMf4kH6xMPBgyfPoYr17X5SbQVvx79JKDORyu2VxxBaDX9CQDaV60pnaywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkj8zk9li9kNBpvR8Caq9sZrTZ0MB8GA1UdIwQY
MBaAFJmStTQm+2FNmlptg/QAVmpmDJ3SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVpLMU5DYjdZVTJhV20yRDlBQldhbVlNbmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC85MDE3MmEtOTY5Yi00NmRhLTgwODgt
NzkxYTYyZDJkOGFiLzEvNlNQek9UMldMMlEwR205SHdKcXIyeG10Tm5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC85MDE3MmEtOTY5Yi00NmRhLTgwODgtNzkxYTYyZDJkOGFi
LzEvbVpLMU5DYjdZVTJhV20yRDlBQldhbVlNbmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW98vMA0G
CSqGSIb3DQEBCwUAA4IBAQCuk1sQr/BEVPeGfXeDOJAuIgAcMt/0b6pUhqplQjH6
7hgy5zRIcYpGcbnjpxqnDOPEO+gUqN3PWNFBAOMcow9M/Yf1jVt3RsVX3TeKH55f
X+rF80o5Lyq+80vcRT64wv2jlcmNDAP1H50TjJ7uMJhAFizavJ7D+5YIsIhiPNuu
Yv2UUH3/rsR8FHcumUqc/IC6+mZ42u4zd/sy1qfzeTgsVxU/Ib9Uk8X3EmWzepi9
bXp27MU7zPb/4nLgzq1bFaCXf3UcakLe0j83pbJkGBaIQ6j8aRLxMeF6SEEfNnzt
WA5igYb1nH1yd1E2Y3dsH/L9d//d1eem754BG6yrc4HR
-----END CERTIFICATE-----