Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7c36fd-3045-4a32-98dc-ff53e95a1ad5/1/vzQCI-JyCEbChpvNxLZnzJF1680.roa
File:                     vzQCI-JyCEbChpvNxLZnzJF1680.roa (raw, json)
Hash identifier:          YuBklvkjHZAU08AWO1UgzrefLH+ZUaQJBWmNtIQxUFc=
Subject key identifier:   BF:34:02:23:E2:72:08:46:C2:86:9B:CD:C4:B6:67:CC:91:75:EB:CD
Certificate issuer:       /CN=906e4172218b4912e3992c0114ad5f3a1252074d
Certificate serial:       01924271AE9E30EB88AF65D3BFD855ECADF2
Authority key identifier: 90:6E:41:72:21:8B:49:12:E3:99:2C:01:14:AD:5F:3A:12:52:07:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kG5BciGLSRLjmSwBFK1fOhJSB00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7c36fd-3045-4a32-98dc-ff53e95a1ad5/1/vzQCI-JyCEbChpvNxLZnzJF1680.roa
Signing time:             Mon 30 Sep 2024 10:19:59 +0000
ROA not before:           Mon 30 Sep 2024 10:19:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        91.213.227.0/24 maxlen: 24
                          2001:67c:1128::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7c36fd-3045-4a32-98dc-ff53e95a1ad5/1/kG5BciGLSRLjmSwBFK1fOhJSB00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7c36fd-3045-4a32-98dc-ff53e95a1ad5/1/kG5BciGLSRLjmSwBFK1fOhJSB00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kG5BciGLSRLjmSwBFK1fOhJSB00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:71:ae:9e:30:eb:88:af:65:d3:bf:d8:55:ec:ad:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=906e4172218b4912e3992c0114ad5f3a1252074d
        Validity
            Not Before: Sep 30 10:19:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf340223e2720846c2869bcdc4b667cc9175ebcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:23:a9:69:22:90:53:4e:00:a6:91:eb:11:f5:
                    6e:22:15:bf:9b:29:c6:09:d6:d3:35:4a:a1:aa:68:
                    d6:a3:3c:ad:4b:fe:79:af:07:a6:7d:05:78:51:78:
                    e6:43:ca:10:10:28:03:cc:9e:f2:3b:a6:29:00:3a:
                    2a:41:6a:af:d0:55:e4:76:aa:ae:ed:d6:82:82:91:
                    58:c6:51:1a:fd:9d:d6:85:ab:cb:bd:0e:3d:3f:cf:
                    b1:9e:36:f9:01:e6:bf:e5:86:f2:62:8b:ae:37:b2:
                    ec:6a:3c:76:36:4d:62:e2:d2:08:59:8f:d7:9c:24:
                    72:5c:e8:c2:17:09:9f:58:c0:a1:b8:e1:82:80:ff:
                    46:66:f7:f5:e9:14:77:3c:42:f4:00:6d:03:21:03:
                    11:b8:fb:8d:ae:cb:24:fb:e6:eb:1b:fa:e5:70:35:
                    0f:d0:76:92:c0:9a:d0:a5:06:13:5a:bf:50:c2:2a:
                    13:e7:27:42:95:a6:b2:ca:82:1e:67:5d:95:0e:41:
                    80:8d:8a:a7:4e:2b:29:d9:0d:12:d7:1c:9a:a6:5f:
                    60:35:77:9b:d0:7a:15:a5:f9:16:4b:cd:f3:06:96:
                    04:64:bc:68:36:44:48:7c:f0:ca:1a:5d:08:19:d3:
                    72:ac:b8:2e:50:4b:5e:8e:9a:21:28:83:52:3e:3d:
                    39:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:34:02:23:E2:72:08:46:C2:86:9B:CD:C4:B6:67:CC:91:75:EB:CD
            X509v3 Authority Key Identifier:
                keyid:90:6E:41:72:21:8B:49:12:E3:99:2C:01:14:AD:5F:3A:12:52:07:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kG5BciGLSRLjmSwBFK1fOhJSB00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7c36fd-3045-4a32-98dc-ff53e95a1ad5/1/vzQCI-JyCEbChpvNxLZnzJF1680.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7c36fd-3045-4a32-98dc-ff53e95a1ad5/1/kG5BciGLSRLjmSwBFK1fOhJSB00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.227.0/24
                IPv6:
                  2001:67c:1128::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:c4:6c:9e:98:9f:10:4b:64:9f:55:8a:f8:78:81:d6:8b:b5:
         97:a9:a9:5d:97:29:02:c0:b6:ca:11:7b:28:e6:35:07:02:6f:
         bf:60:ab:d3:10:da:20:0e:bb:66:2d:85:17:d4:c4:26:5f:83:
         ec:88:c7:be:86:90:44:8b:ae:fe:bb:34:eb:de:48:88:8a:bb:
         d5:fe:0b:ce:c8:28:22:ba:ab:cc:b0:ef:70:4d:74:cd:5d:ce:
         bc:cf:00:16:d3:30:ad:e5:d1:8c:c7:27:e8:5c:60:e5:a6:ee:
         8f:6c:0a:66:32:48:1e:f5:a5:39:4e:39:08:5a:30:19:c5:c1:
         16:10:52:f9:0a:df:f0:55:51:ab:2d:da:23:83:89:30:50:f5:
         0c:fc:dc:7b:44:eb:32:54:8f:f5:b6:d7:85:ad:5f:bc:1a:d9:
         b9:18:67:c4:aa:df:1a:e9:26:09:df:e8:55:f2:de:78:e8:3c:
         c8:53:6a:dc:c3:6b:40:1d:aa:4c:e2:53:00:a3:90:f9:1a:9d:
         b4:18:86:d0:5c:03:f3:06:1a:72:93:0f:b5:77:2c:8b:5c:63:
         2e:c8:9b:0f:05:01:8e:ad:f3:a4:c5:e3:4e:64:50:a7:ea:43:
         98:bc:d4:0d:74:da:99:fd:c2:72:13:57:a1:1a:19:82:50:cc:
         f7:44:be:bf
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZJCca6eMOuIr2XTv9hV7K3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNmU0MTcyMjE4YjQ5MTJlMzk5MmMwMTE0YWQ1ZjNhMTI1
MjA3NGQwHhcNMjQwOTMwMTAxOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjM0MDIyM2UyNzIwODQ2YzI4NjliY2RjNGI2NjdjYzkxNzVlYmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCOpaSKQU04AppHrEfVuIhW/mynG
CdbTNUqhqmjWozytS/55rwemfQV4UXjmQ8oQECgDzJ7yO6YpADoqQWqv0FXkdqqu
7daCgpFYxlEa/Z3WhavLvQ49P8+xnjb5Aea/5YbyYouuN7Lsajx2Nk1i4tIIWY/X
nCRyXOjCFwmfWMChuOGCgP9GZvf16RR3PEL0AG0DIQMRuPuNrssk++brG/rlcDUP
0HaSwJrQpQYTWr9QwioT5ydClaayyoIeZ12VDkGAjYqnTisp2Q0S1xyapl9gNXeb
0HoVpfkWS83zBpYEZLxoNkRIfPDKGl0IGdNyrLguUEtejpohKINSPj053QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL80AiPicghGwoabzcS2Z8yRdevNMB8GA1UdIwQY
MBaAFJBuQXIhi0kS45ksARStXzoSUgdNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0c1QmNpR0xTUkxqbVN3QkZLMWZPaEpTQjAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YzM2ZmQtMzA0NS00YTMyLTk4ZGMt
ZmY1M2U5NWExYWQ1LzEvdnpRQ0ktSnlDRWJDaHB2TnhMWm56SkYxNjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YzM2ZmQtMzA0NS00YTMyLTk4ZGMtZmY1M2U5NWExYWQ1
LzEva0c1QmNpR0xTUkxqbVN3QkZLMWZPaEpTQjAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9XjMA8E
AgACMAkDBwAgAQZ8ESgwDQYJKoZIhvcNAQELBQADggEBADDEbJ6YnxBLZJ9Vivh4
gdaLtZepqV2XKQLAtsoReyjmNQcCb79gq9MQ2iAOu2YthRfUxCZfg+yIx76GkESL
rv67NOveSIiKu9X+C87IKCK6q8yw73BNdM1dzrzPABbTMK3l0YzHJ+hcYOWm7o9s
CmYySB71pTlOOQhaMBnFwRYQUvkK3/BVUast2iODiTBQ9Qz83HtE6zJUj/W214Wt
X7wa2bkYZ8Sq3xrpJgnf6FXy3njoPMhTatzDa0AdqkziUwCjkPkanbQYhtBcA/MG
GnKTD7V3LItcYy7Imw8FAY6t86TF405kUKfqQ5i81A102pn9wnITV6EaGYJQzPdE
vr8=
-----END CERTIFICATE-----