Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/e05dff-be12-4e82-873d-d31a33fc5e99/1/7GfjlaY7Bh9zJUaGfPzT94NC0os.roa
File:                     7GfjlaY7Bh9zJUaGfPzT94NC0os.roa (raw, json)
Hash identifier:          qiFhvgjszjG39C7gw30utlpg5AcGeE60Xbb+zjLbM4k=
Subject key identifier:   EC:67:E3:95:A6:3B:06:1F:73:25:46:86:7C:FC:D3:F7:83:42:D2:8B
Certificate issuer:       /CN=46224dc9396e580ff7120f257353a70c72379c93
Certificate serial:       018CC6B795EC48995AD4F7831C6BCF5B17F0
Authority key identifier: 46:22:4D:C9:39:6E:58:0F:F7:12:0F:25:73:53:A7:0C:72:37:9C:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RiJNyTluWA_3Eg8lc1OnDHI3nJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/e05dff-be12-4e82-873d-d31a33fc5e99/1/7GfjlaY7Bh9zJUaGfPzT94NC0os.roa
Signing time:             Mon 01 Jan 2024 20:29:29 +0000
ROA not before:           Mon 01 Jan 2024 20:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31704
IP address blocks:        91.216.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/e05dff-be12-4e82-873d-d31a33fc5e99/1/RiJNyTluWA_3Eg8lc1OnDHI3nJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/e05dff-be12-4e82-873d-d31a33fc5e99/1/RiJNyTluWA_3Eg8lc1OnDHI3nJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RiJNyTluWA_3Eg8lc1OnDHI3nJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:95:ec:48:99:5a:d4:f7:83:1c:6b:cf:5b:17:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46224dc9396e580ff7120f257353a70c72379c93
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec67e395a63b061f732546867cfcd3f78342d28b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:27:23:40:95:53:97:17:18:e1:4b:60:cf:d1:
                    ce:5b:5d:71:a4:27:d6:55:a6:0b:47:b9:e2:0f:21:
                    2e:3a:63:f7:77:b8:2c:be:af:76:a1:5d:05:4f:73:
                    b8:5b:c7:63:c1:69:72:56:2e:9a:79:55:21:d0:93:
                    1b:98:27:53:28:9c:2f:cd:71:a3:0f:4c:cb:95:51:
                    4a:af:a5:6c:28:22:02:eb:31:a6:6c:a5:2b:5d:4b:
                    6b:28:c1:f4:fc:02:18:b1:6f:56:80:51:cd:b2:5d:
                    bc:e0:5e:d0:db:53:24:9a:0f:86:d8:8a:e6:f6:97:
                    8b:b9:c2:6c:7c:3b:8b:91:95:d5:a0:56:ae:d6:3d:
                    2e:3e:3d:0e:b2:b0:89:d9:ab:15:a3:29:61:44:b9:
                    0b:0f:eb:20:d9:56:df:59:b0:68:08:88:cf:1f:94:
                    a1:3b:43:4c:76:f5:0a:9b:eb:d5:fc:6f:03:92:9e:
                    de:77:38:d8:06:3c:7a:15:5d:07:0d:30:7c:95:0c:
                    d3:94:fa:3c:14:e8:7f:e8:4c:51:c1:60:74:00:11:
                    22:0e:44:d2:d2:b7:75:d5:b5:32:7b:80:99:b0:eb:
                    0e:77:f1:80:e1:ea:95:f5:3e:bc:fe:a1:11:64:14:
                    94:96:66:0b:ea:e7:bf:ce:87:ba:88:98:e8:16:39:
                    c2:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:67:E3:95:A6:3B:06:1F:73:25:46:86:7C:FC:D3:F7:83:42:D2:8B
            X509v3 Authority Key Identifier:
                keyid:46:22:4D:C9:39:6E:58:0F:F7:12:0F:25:73:53:A7:0C:72:37:9C:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RiJNyTluWA_3Eg8lc1OnDHI3nJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/e05dff-be12-4e82-873d-d31a33fc5e99/1/7GfjlaY7Bh9zJUaGfPzT94NC0os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/e05dff-be12-4e82-873d-d31a33fc5e99/1/RiJNyTluWA_3Eg8lc1OnDHI3nJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:38:43:35:ad:86:33:15:d0:7f:c0:ae:c8:b2:23:cf:3f:3d:
         5c:b8:e5:8a:89:a3:f8:89:9a:59:79:c6:b9:89:b7:8b:d2:8c:
         83:97:b5:8c:3a:ab:86:97:92:71:a7:3c:b6:bb:f0:d0:55:6a:
         92:e7:23:6f:ab:19:f3:92:26:64:92:18:5d:f4:f7:48:87:53:
         7e:5a:39:75:7d:13:31:b6:7a:94:9e:1b:9c:34:ed:34:02:b8:
         4b:91:0a:f1:d8:03:c5:d5:da:00:67:be:00:05:d9:22:b6:56:
         75:e9:ec:ea:1e:bc:af:c6:b5:8c:fc:23:9a:e4:a5:50:c9:4f:
         c1:61:ce:c1:ec:d4:6c:04:f9:fe:51:7d:92:66:f8:fa:db:8b:
         50:be:0a:f0:33:ec:90:0f:ea:df:b5:34:33:ed:8e:e7:d3:2d:
         24:59:91:03:c7:2e:4d:da:d7:0f:68:ee:3f:38:b0:e2:37:d5:
         80:76:92:61:38:a6:0b:9e:70:27:e4:00:10:9f:9c:34:03:67:
         40:c2:10:e2:6e:bc:91:01:0e:7c:97:4f:11:6c:79:b1:57:4b:
         07:41:0a:a8:85:b4:10:73:9a:d2:5e:a7:ca:10:51:65:38:5c:
         a6:90:0f:54:94:33:a0:ce:49:d3:b0:e7:3b:8c:61:97:da:ef:
         01:66:3e:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5XsSJla1PeDHGvPWxfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MjI0ZGM5Mzk2ZTU4MGZmNzEyMGYyNTczNTNhNzBjNzIz
NzljOTMwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzY3ZTM5NWE2M2IwNjFmNzMyNTQ2ODY3Y2ZjZDNmNzgzNDJkMjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkicjQJVTlxcY4Utgz9HOW11xpCfW
VaYLR7niDyEuOmP3d7gsvq92oV0FT3O4W8djwWlyVi6aeVUh0JMbmCdTKJwvzXGj
D0zLlVFKr6VsKCIC6zGmbKUrXUtrKMH0/AIYsW9WgFHNsl284F7Q21Mkmg+G2Irm
9peLucJsfDuLkZXVoFau1j0uPj0OsrCJ2asVoylhRLkLD+sg2VbfWbBoCIjPH5Sh
O0NMdvUKm+vV/G8Dkp7edzjYBjx6FV0HDTB8lQzTlPo8FOh/6ExRwWB0ABEiDkTS
0rd11bUye4CZsOsOd/GA4eqV9T68/qERZBSUlmYL6ue/zoe6iJjoFjnCzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxn45WmOwYfcyVGhnz80/eDQtKLMB8GA1UdIwQY
MBaAFEYiTck5blgP9xIPJXNTpwxyN5yTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmlKTnlUbHVXQV8zRWc4bGMxT25ESEkzbkpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lMDVkZmYtYmUxMi00ZTgyLTg3M2Qt
ZDMxYTMzZmM1ZTk5LzEvN0dmamxhWTdCaDl6SlVhR2ZQelQ5NE5DMG9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lMDVkZmYtYmUxMi00ZTgyLTg3M2QtZDMxYTMzZmM1ZTk5
LzEvUmlKTnlUbHVXQV8zRWc4bGMxT25ESEkzbkpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9iqMA0G
CSqGSIb3DQEBCwUAA4IBAQCdOEM1rYYzFdB/wK7IsiPPPz1cuOWKiaP4iZpZeca5
ibeL0oyDl7WMOquGl5Jxpzy2u/DQVWqS5yNvqxnzkiZkkhhd9PdIh1N+Wjl1fRMx
tnqUnhucNO00ArhLkQrx2APF1doAZ74ABdkitlZ16ezqHryvxrWM/COa5KVQyU/B
Yc7B7NRsBPn+UX2SZvj624tQvgrwM+yQD+rftTQz7Y7n0y0kWZEDxy5N2tcPaO4/
OLDiN9WAdpJhOKYLnnAn5AAQn5w0A2dAwhDibryRAQ58l08RbHmxV0sHQQqohbQQ
c5rSXqfKEFFlOFymkA9UlDOgzknTsOc7jGGX2u8BZj4+
-----END CERTIFICATE-----