Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/991d3c-e338-4861-8ab1-29bb6ab2cf5c/1/ia-Ordw7r1cvgEQdPl1EaWO4wBM.roa
File:                     ia-Ordw7r1cvgEQdPl1EaWO4wBM.roa (raw, json)
Hash identifier:          YDYaJPNtUNvEmxQpRwv5TYznPRi4KpQOLxTg1XegdMw=
Subject key identifier:   89:AF:8E:AD:DC:3B:AF:57:2F:80:44:1D:3E:5D:44:69:63:B8:C0:13
Certificate issuer:       /CN=6260b601139be013569ebf8e1beb5a694b9c87ec
Certificate serial:       0192AEE550EFA0B6DC04A4E5324530BBC80E
Authority key identifier: 62:60:B6:01:13:9B:E0:13:56:9E:BF:8E:1B:EB:5A:69:4B:9C:87:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YmC2AROb4BNWnr-OG-taaUuch-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/991d3c-e338-4861-8ab1-29bb6ab2cf5c/1/ia-Ordw7r1cvgEQdPl1EaWO4wBM.roa
Signing time:             Mon 21 Oct 2024 11:45:16 +0000
ROA not before:           Mon 21 Oct 2024 11:45:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        91.203.116.0/22 maxlen: 22
                          195.5.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/991d3c-e338-4861-8ab1-29bb6ab2cf5c/1/YmC2AROb4BNWnr-OG-taaUuch-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/991d3c-e338-4861-8ab1-29bb6ab2cf5c/1/YmC2AROb4BNWnr-OG-taaUuch-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YmC2AROb4BNWnr-OG-taaUuch-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ae:e5:50:ef:a0:b6:dc:04:a4:e5:32:45:30:bb:c8:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6260b601139be013569ebf8e1beb5a694b9c87ec
        Validity
            Not Before: Oct 21 11:45:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89af8eaddc3baf572f80441d3e5d446963b8c013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0c:66:94:9f:54:50:ee:58:30:c5:29:32:6f:
                    8b:57:4f:36:12:73:84:55:c4:37:e3:56:25:ab:4e:
                    a0:a8:2b:ad:2c:e9:00:bc:6d:1e:ad:a0:0e:a4:ec:
                    6a:25:43:3d:f8:f8:f3:5f:4f:20:1e:fb:79:0b:09:
                    eb:01:b9:f9:5e:6f:b9:d3:21:a3:14:20:70:f2:93:
                    88:72:59:ab:1c:a9:8f:b5:89:bf:f4:0f:80:4b:71:
                    00:b5:c1:e8:62:b9:93:7f:d0:49:8d:64:65:cf:9c:
                    18:a1:39:03:9b:36:6e:11:53:90:66:88:31:9f:49:
                    2c:6e:af:48:e7:a9:66:e5:14:67:79:52:56:fb:b4:
                    ae:85:b2:af:a5:67:21:7a:e1:7d:e6:df:a7:d1:a8:
                    a5:92:c7:1c:6d:a1:9b:aa:4a:48:e0:d8:8d:82:6e:
                    1c:7f:c2:e3:32:d7:09:2b:e2:aa:04:30:95:09:61:
                    7b:a1:99:f4:5c:fb:59:68:58:c9:90:77:8f:bf:58:
                    50:c1:01:e5:4d:46:5b:85:b9:bd:30:37:68:4b:86:
                    52:30:9c:7b:03:99:10:5b:3a:b1:98:46:d6:12:f5:
                    1f:f4:64:43:0f:45:34:8e:f6:ab:1e:c7:53:95:d8:
                    92:67:19:ea:80:0d:f6:bd:b7:99:1e:97:f0:b6:75:
                    d5:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:AF:8E:AD:DC:3B:AF:57:2F:80:44:1D:3E:5D:44:69:63:B8:C0:13
            X509v3 Authority Key Identifier:
                keyid:62:60:B6:01:13:9B:E0:13:56:9E:BF:8E:1B:EB:5A:69:4B:9C:87:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YmC2AROb4BNWnr-OG-taaUuch-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/991d3c-e338-4861-8ab1-29bb6ab2cf5c/1/ia-Ordw7r1cvgEQdPl1EaWO4wBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/991d3c-e338-4861-8ab1-29bb6ab2cf5c/1/YmC2AROb4BNWnr-OG-taaUuch-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.116.0/22
                  195.5.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ad:6e:ea:21:a9:2b:1a:92:82:e2:3b:8c:35:df:8f:94:cb:
         8d:b4:db:9d:52:dd:2a:0f:9c:ee:eb:24:2c:ac:67:0c:3f:8c:
         86:b2:8a:2c:9c:c5:2c:32:3a:3e:63:d7:d5:67:a9:4d:c7:f2:
         e4:21:e4:e8:a5:29:34:17:eb:0d:a8:48:d8:82:9e:36:d9:46:
         1d:b7:a8:12:25:73:fd:a7:85:f2:79:a3:b6:9a:a5:8b:62:8f:
         bf:59:2f:d3:c9:14:c6:0f:68:6c:94:39:a7:34:55:dd:2d:3d:
         52:e3:94:e3:c6:00:e1:96:34:ff:ce:ef:3a:28:17:cd:65:c4:
         34:6f:4d:75:37:9a:2e:51:bb:1c:3a:26:de:e4:ab:7d:42:6e:
         7b:77:63:e2:27:f7:37:e1:51:86:3b:33:c6:53:04:ae:ca:b8:
         ce:12:9d:7c:ae:14:fe:95:06:7c:3a:d9:0d:74:f1:f7:e8:75:
         70:91:1c:1f:9c:7b:fb:0a:d1:3a:47:d0:77:c8:46:1d:fa:b7:
         18:cf:8f:b2:da:e5:6c:b4:78:8e:e7:a5:c3:87:80:de:df:0a:
         43:d5:da:87:8c:88:d1:1c:03:1b:eb:70:b1:13:56:9e:52:bc:
         23:73:f1:e5:77:b3:7e:62:89:28:c7:ac:cd:cb:90:ca:b7:9d:
         ff:ac:06:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKu5VDvoLbcBKTlMkUwu8gOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNjBiNjAxMTM5YmUwMTM1NjllYmY4ZTFiZWI1YTY5NGI5
Yzg3ZWMwHhcNMjQxMDIxMTE0NTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWFmOGVhZGRjM2JhZjU3MmY4MDQ0MWQzZTVkNDQ2OTYzYjhjMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAxmlJ9UUO5YMMUpMm+LV082EnOE
VcQ341Ylq06gqCutLOkAvG0eraAOpOxqJUM9+PjzX08gHvt5CwnrAbn5Xm+50yGj
FCBw8pOIclmrHKmPtYm/9A+AS3EAtcHoYrmTf9BJjWRlz5wYoTkDmzZuEVOQZogx
n0ksbq9I56lm5RRneVJW+7SuhbKvpWcheuF95t+n0ailksccbaGbqkpI4NiNgm4c
f8LjMtcJK+KqBDCVCWF7oZn0XPtZaFjJkHePv1hQwQHlTUZbhbm9MDdoS4ZSMJx7
A5kQWzqxmEbWEvUf9GRDD0U0jvarHsdTldiSZxnqgA32vbeZHpfwtnXVbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFImvjq3cO69XL4BEHT5dRGljuMATMB8GA1UdIwQY
MBaAFGJgtgETm+ATVp6/jhvrWmlLnIfsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1DMkFST2I0Qk5XbnItT0ctdGFhVXVjaC13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85OTFkM2MtZTMzOC00ODYxLThhYjEt
MjliYjZhYjJjZjVjLzEvaWEtT3JkdzdyMWN2Z0VRZFBsMUVhV080d0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85OTFkM2MtZTMzOC00ODYxLThhYjEtMjliYjZhYjJjZjVj
LzEvWW1DMkFST2I0Qk5XbnItT0ctdGFhVXVjaC13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8t0AwQA
wwWuMA0GCSqGSIb3DQEBCwUAA4IBAQBCrW7qIakrGpKC4juMNd+PlMuNtNudUt0q
D5zu6yQsrGcMP4yGsoosnMUsMjo+Y9fVZ6lNx/LkIeTopSk0F+sNqEjYgp422UYd
t6gSJXP9p4XyeaO2mqWLYo+/WS/TyRTGD2hslDmnNFXdLT1S45TjxgDhljT/zu86
KBfNZcQ0b011N5ouUbscOibe5Kt9Qm57d2PiJ/c34VGGOzPGUwSuyrjOEp18rhT+
lQZ8OtkNdPH36HVwkRwfnHv7CtE6R9B3yEYd+rcYz4+y2uVstHiO56XDh4De3wpD
1dqHjIjRHAMb63CxE1aeUrwjc/Hld7N+Yokox6zNy5DKt53/rAZ8
-----END CERTIFICATE-----