Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/IzDSN0jDtA1meJQc-slQbGQoNtk.roa
File:                     IzDSN0jDtA1meJQc-slQbGQoNtk.roa (raw, json)
Hash identifier:          dfrFzV4+gsJ/8ma7p916L9V3J7VNZEksXv0R+2BwZ5k=
Subject key identifier:   23:30:D2:37:48:C3:B4:0D:66:78:94:1C:FA:C9:50:6C:64:28:36:D9
Certificate issuer:       /CN=82e69214d6fd55e75050ba811bf7c12439109fee
Certificate serial:       018CC501144E08B448DF042FDD3519462489
Authority key identifier: 82:E6:92:14:D6:FD:55:E7:50:50:BA:81:1B:F7:C1:24:39:10:9F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/guaSFNb9VedQULqBG_fBJDkQn-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/IzDSN0jDtA1meJQc-slQbGQoNtk.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48754
IP address blocks:        91.212.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/guaSFNb9VedQULqBG_fBJDkQn-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/guaSFNb9VedQULqBG_fBJDkQn-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/guaSFNb9VedQULqBG_fBJDkQn-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:14:4e:08:b4:48:df:04:2f:dd:35:19:46:24:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82e69214d6fd55e75050ba811bf7c12439109fee
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2330d23748c3b40d6678941cfac9506c642836d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:39:d0:11:cd:e2:6f:ff:db:8f:90:e8:75:64:
                    e9:e3:94:a8:e7:77:83:14:45:76:fe:69:c4:48:62:
                    97:b6:2b:9b:2d:e2:d7:ed:99:c3:ca:80:1e:33:8d:
                    57:af:99:26:37:6a:48:db:9f:dd:db:d7:72:56:37:
                    1f:6f:ff:25:03:a1:61:46:27:37:ae:6a:ed:ea:2f:
                    7d:dc:5b:5a:75:24:53:74:f0:f8:be:58:89:7e:10:
                    9e:de:fe:f1:5a:e1:51:63:27:7d:ce:d9:b5:b2:fc:
                    95:b7:ed:88:71:7b:28:05:ab:21:2e:bd:91:cc:e2:
                    22:75:d8:d7:84:22:74:f4:ad:7a:67:e4:e0:7b:74:
                    c7:96:4c:d5:90:b0:c0:09:2a:fd:18:d6:7e:cd:a7:
                    2b:24:31:ba:55:ef:b5:1a:6e:87:49:b1:b6:23:11:
                    d5:f6:bf:5b:05:14:7a:69:ee:8b:36:32:81:6f:a5:
                    3d:61:76:9a:b6:05:09:ae:27:50:98:b0:ab:c1:fe:
                    18:9f:91:28:ff:0c:0d:75:6d:99:3d:8f:db:a6:11:
                    12:b2:3c:af:a8:a5:ab:7e:35:b7:51:b2:d9:82:cf:
                    84:15:3e:00:66:44:f9:83:55:64:1d:91:e5:04:73:
                    de:8b:67:76:0f:3b:c2:5e:40:ee:a6:67:da:da:b5:
                    47:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:30:D2:37:48:C3:B4:0D:66:78:94:1C:FA:C9:50:6C:64:28:36:D9
            X509v3 Authority Key Identifier:
                keyid:82:E6:92:14:D6:FD:55:E7:50:50:BA:81:1B:F7:C1:24:39:10:9F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/guaSFNb9VedQULqBG_fBJDkQn-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/IzDSN0jDtA1meJQc-slQbGQoNtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/guaSFNb9VedQULqBG_fBJDkQn-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ef:52:46:04:05:24:d3:96:96:c6:96:90:ac:65:ed:57:c7:
         a2:39:14:d2:33:fd:d2:93:ed:06:4f:11:5a:01:8d:83:10:6f:
         ec:d9:17:dd:f5:f4:c0:cc:a8:be:92:10:dd:7c:2e:29:0c:b1:
         06:c0:c9:a4:4a:ff:c8:f7:4d:f9:b4:15:be:4e:7d:e8:b1:c6:
         b0:1b:1b:95:41:77:69:86:c6:d5:fd:44:45:d5:84:e8:ae:39:
         28:06:ea:12:a4:7f:cf:81:09:03:c8:7f:6a:70:a0:b3:4e:f4:
         be:05:5e:3c:ca:a1:00:5b:e5:3c:b7:25:84:75:49:20:58:04:
         7c:9b:b5:de:c8:66:df:a7:dc:23:3f:f9:9a:71:3d:d1:ef:8f:
         6e:c5:ef:8c:4f:57:45:47:f8:89:97:01:53:2a:39:ed:9b:d2:
         82:8c:82:bf:b6:2d:bc:26:e2:b1:fc:5b:a7:7f:5c:2d:06:f3:
         40:13:47:69:fc:3e:3d:5e:41:ef:2d:d6:a7:77:ec:25:91:a3:
         21:ef:94:69:e8:7e:49:e7:92:ec:a8:10:48:c7:60:1e:f0:9a:
         89:6a:3d:50:1b:d3:bc:b1:30:b9:54:fa:78:fe:41:93:49:80:
         13:b8:e6:c2:de:a3:62:0a:16:14:81:fd:04:62:5b:7f:dc:8a:
         02:c6:45:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARROCLRI3wQv3TUZRiSJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZTY5MjE0ZDZmZDU1ZTc1MDUwYmE4MTFiZjdjMTI0Mzkx
MDlmZWUwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzMwZDIzNzQ4YzNiNDBkNjY3ODk0MWNmYWM5NTA2YzY0MjgzNmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjnQEc3ib//bj5DodWTp45So53eD
FEV2/mnESGKXtiubLeLX7ZnDyoAeM41Xr5kmN2pI25/d29dyVjcfb/8lA6FhRic3
rmrt6i993FtadSRTdPD4vliJfhCe3v7xWuFRYyd9ztm1svyVt+2IcXsoBashLr2R
zOIiddjXhCJ09K16Z+Tge3THlkzVkLDACSr9GNZ+zacrJDG6Ve+1Gm6HSbG2IxHV
9r9bBRR6ae6LNjKBb6U9YXaatgUJridQmLCrwf4Yn5Eo/wwNdW2ZPY/bphESsjyv
qKWrfjW3UbLZgs+EFT4AZkT5g1VkHZHlBHPei2d2DzvCXkDupmfa2rVHgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMw0jdIw7QNZniUHPrJUGxkKDbZMB8GA1UdIwQY
MBaAFILmkhTW/VXnUFC6gRv3wSQ5EJ/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3VhU0ZOYjlWZWRRVUxxQkdfZkJKRGtRbi00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8xNzNmYzUtMzQzYi00OTc2LWIyYTEt
OTZiYzZiYWE1NjNiLzEvSXpEU04wakR0QTFtZUpRYy1zbFFiR1FvTnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8xNzNmYzUtMzQzYi00OTc2LWIyYTEtOTZiYzZiYWE1NjNi
LzEvZ3VhU0ZOYjlWZWRRVUxxQkdfZkJKRGtRbi00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9QXMA0G
CSqGSIb3DQEBCwUAA4IBAQBC71JGBAUk05aWxpaQrGXtV8eiORTSM/3Sk+0GTxFa
AY2DEG/s2Rfd9fTAzKi+khDdfC4pDLEGwMmkSv/I9035tBW+Tn3oscawGxuVQXdp
hsbV/URF1YTorjkoBuoSpH/PgQkDyH9qcKCzTvS+BV48yqEAW+U8tyWEdUkgWAR8
m7XeyGbfp9wjP/macT3R749uxe+MT1dFR/iJlwFTKjntm9KCjIK/ti28JuKx/Fun
f1wtBvNAE0dp/D49XkHvLdand+wlkaMh75Rp6H5J55LsqBBIx2Ae8JqJaj1QG9O8
sTC5VPp4/kGTSYATuObC3qNiChYUgf0EYlt/3IoCxkUL
-----END CERTIFICATE-----