Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BEMpFhTMbLa10J94KKnwIX2ALcc.roa
File:                     BEMpFhTMbLa10J94KKnwIX2ALcc.roa (raw, json)
Hash identifier:          K1SsWGoknqOq0NjJE58yVf64ZqDNw8dkE6We1xGvRaE=
Subject key identifier:   04:43:29:16:14:CC:6C:B6:B5:D0:9F:78:28:A9:F0:21:7D:80:2D:C7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCE35D49B16DA8DD45640A491212E9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BEMpFhTMbLa10J94KKnwIX2ALcc.roa
Signing time:             Tue 02 Jan 2024 06:29:28 +0000
ROA not before:           Tue 02 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44796
IP address blocks:        91.92.232.0/24 maxlen: 24
                          2a00:1728:1d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e3:5d:49:b1:6d:a8:dd:45:64:0a:49:12:12:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0443291614cc6cb6b5d09f7828a9f0217d802dc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:be:43:d9:07:10:73:4c:8b:62:00:54:29:52:
                    db:51:59:db:ed:f3:b4:bf:2b:74:84:e6:c1:60:8c:
                    51:6f:2b:2d:58:12:0f:4b:71:6a:d0:26:41:24:15:
                    9b:d8:f8:ff:1a:fc:df:7e:36:0a:c0:4e:1d:1b:62:
                    9c:54:dc:a5:51:f1:fb:24:5f:47:ef:7f:60:d1:5e:
                    96:ab:ac:31:d7:0a:62:9e:92:3b:e0:a5:1e:f1:63:
                    60:1b:00:c1:64:c4:c9:e5:52:f5:b5:1d:5b:96:65:
                    76:dd:ec:30:ea:0c:a1:34:d3:bf:9d:b0:a8:ca:39:
                    9c:4b:7c:e9:45:b9:38:a4:d3:93:85:cf:fc:e4:e1:
                    f9:95:a9:f0:fb:b1:04:33:40:8c:24:55:ae:ae:dd:
                    90:d6:e4:12:7d:52:79:59:7a:47:50:61:f3:cf:36:
                    e5:1a:92:cd:23:6f:15:83:c9:94:e3:f7:c3:76:38:
                    03:18:73:12:24:31:51:57:11:0a:fb:f2:51:10:0d:
                    0d:82:53:4a:f0:aa:c4:5e:90:48:4d:97:f4:cf:4d:
                    89:1d:bd:18:69:1e:34:9a:a0:31:ce:68:dc:6e:54:
                    56:54:fc:53:c9:59:15:c2:8d:49:1c:a0:26:20:13:
                    58:24:51:0b:9c:c1:a8:d2:4e:14:de:c0:79:d6:f7:
                    6a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:43:29:16:14:CC:6C:B6:B5:D0:9F:78:28:A9:F0:21:7D:80:2D:C7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BEMpFhTMbLa10J94KKnwIX2ALcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.232.0/24
                IPv6:
                  2a00:1728:1d::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:46:fb:31:08:72:0a:94:e0:15:e5:b6:00:04:f9:31:aa:53:
         3d:1d:37:81:58:92:d9:e2:5b:a5:12:09:cf:ed:fc:b4:d0:4e:
         91:df:ad:29:28:2b:2f:4f:70:77:8a:ae:fd:8e:e1:2b:df:13:
         fc:00:d1:1e:19:16:07:2a:4e:87:08:d3:fb:18:f2:78:dd:94:
         a4:63:10:19:88:5f:77:60:71:a6:0e:32:b3:b8:8d:44:25:eb:
         51:08:58:c9:01:0e:26:88:0d:16:3f:cd:1c:15:29:c6:7f:98:
         fd:5c:e4:88:a5:0f:0a:3d:38:9a:5f:c0:dd:5f:af:59:50:87:
         43:e0:e4:5e:5b:1c:9b:30:31:70:5b:5f:39:89:20:a1:38:6b:
         5c:7d:02:20:c8:08:c6:d6:b4:0a:d6:70:12:47:9b:c2:1e:0c:
         f6:61:52:69:c2:d1:04:c8:18:71:3a:ed:ee:42:38:8e:28:0b:
         bb:f3:ce:c4:7d:cb:48:6a:cc:9b:22:53:7c:f2:56:ca:71:a8:
         15:20:26:32:b8:9d:ef:52:32:f8:8a:be:a9:b5:71:47:da:54:
         a7:b8:3e:1d:23:9d:77:28:e8:df:64:d1:6b:ac:43:03:46:07:
         31:23:67:04:dd:23:75:bb:c9:d8:24:34:f7:74:f6:aa:44:ab:
         62:42:c5:1c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3ONdSbFtqN1FZApJEhLpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDQzMjkxNjE0Y2M2Y2I2YjVkMDlmNzgyOGE5ZjAyMTdkODAyZGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApb5D2QcQc0yLYgBUKVLbUVnb7fO0
vyt0hObBYIxRbystWBIPS3Fq0CZBJBWb2Pj/GvzffjYKwE4dG2KcVNylUfH7JF9H
739g0V6Wq6wx1wpinpI74KUe8WNgGwDBZMTJ5VL1tR1blmV23eww6gyhNNO/nbCo
yjmcS3zpRbk4pNOThc/85OH5lanw+7EEM0CMJFWurt2Q1uQSfVJ5WXpHUGHzzzbl
GpLNI28Vg8mU4/fDdjgDGHMSJDFRVxEK+/JREA0NglNK8KrEXpBITZf0z02JHb0Y
aR40mqAxzmjcblRWVPxTyVkVwo1JHKAmIBNYJFELnMGo0k4U3sB51vdq/wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFARDKRYUzGy2tdCfeCip8CF9gC3HMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQkVNcEZoVE1iTGExMEo5NEtLbndJWDJBTGNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW1zoMA8E
AgACMAkDBwAqABcoAB0wDQYJKoZIhvcNAQELBQADggEBAHpG+zEIcgqU4BXltgAE
+TGqUz0dN4FYktniW6USCc/t/LTQTpHfrSkoKy9PcHeKrv2O4SvfE/wA0R4ZFgcq
TocI0/sY8njdlKRjEBmIX3dgcaYOMrO4jUQl61EIWMkBDiaIDRY/zRwVKcZ/mP1c
5IilDwo9OJpfwN1fr1lQh0Pg5F5bHJswMXBbXzmJIKE4a1x9AiDICMbWtArWcBJH
m8IeDPZhUmnC0QTIGHE67e5COI4oC7vzzsR9y0hqzJsiU3zyVspxqBUgJjK4ne9S
MviKvqm1cUfaVKe4Ph0jnXco6N9k0WusQwNGBzEjZwTdI3W7ydgkNPd09qpEq2JC
xRw=
-----END CERTIFICATE-----