Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/e3d8b1-101f-40e8-bcd3-155af9d83036/1/c_qRs0dK6dLOVfKxq73S6VeQbrI.roa
File:                     c_qRs0dK6dLOVfKxq73S6VeQbrI.roa (raw, json)
Hash identifier:          KDeuv3BJ+7W3/dXjT4s1QaqkksuC2MYp4TLV+TgUBZY=
Subject key identifier:   73:FA:91:B3:47:4A:E9:D2:CE:55:F2:B1:AB:BD:D2:E9:57:90:6E:B2
Certificate issuer:       /CN=4d10e9d4f4afb8a4d1b919ec8593f46ba3bba7f7
Certificate serial:       018CCA2A4D2EF8200C2BBAC39CA72FC26F51
Authority key identifier: 4D:10:E9:D4:F4:AF:B8:A4:D1:B9:19:EC:85:93:F4:6B:A3:BB:A7:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TRDp1PSvuKTRuRnshZP0a6O7p_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/e3d8b1-101f-40e8-bcd3-155af9d83036/1/c_qRs0dK6dLOVfKxq73S6VeQbrI.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198592
IP address blocks:        91.236.253.0/24 maxlen: 24
                          91.236.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/e3d8b1-101f-40e8-bcd3-155af9d83036/1/TRDp1PSvuKTRuRnshZP0a6O7p_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/e3d8b1-101f-40e8-bcd3-155af9d83036/1/TRDp1PSvuKTRuRnshZP0a6O7p_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TRDp1PSvuKTRuRnshZP0a6O7p_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4d:2e:f8:20:0c:2b:ba:c3:9c:a7:2f:c2:6f:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d10e9d4f4afb8a4d1b919ec8593f46ba3bba7f7
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73fa91b3474ae9d2ce55f2b1abbdd2e957906eb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:53:e4:18:70:d7:18:6c:36:8c:94:73:a4:73:
                    e3:a2:39:cb:26:8c:85:0e:89:54:4f:da:03:6b:46:
                    fd:07:9b:d1:28:11:12:d2:94:6b:11:2d:2f:c9:b4:
                    18:ea:21:fa:59:8e:b9:15:34:d8:35:9c:29:45:1e:
                    e0:a5:6f:57:0b:81:b6:15:2d:81:f7:19:ca:3c:38:
                    b8:e4:a2:47:55:c4:23:50:ed:e4:cf:24:a0:cf:85:
                    32:15:a5:bf:8b:e4:11:e6:3c:25:1b:4a:55:c2:ef:
                    cb:ce:d3:7a:80:3a:30:d3:3b:30:f0:ed:51:c7:5b:
                    7f:d4:e0:11:38:0d:91:3a:e4:9f:3c:78:02:85:82:
                    2c:19:91:28:65:4b:2e:0f:19:6e:1b:e1:fc:9c:e7:
                    4e:ab:a3:d6:77:64:27:90:d5:24:52:7b:fd:93:b1:
                    ae:87:34:6f:a2:85:62:3d:63:7b:47:16:9a:0b:34:
                    40:43:60:2f:c0:77:c2:0e:74:33:8d:9c:15:8c:d7:
                    4f:e8:1b:bc:f6:af:9c:8e:6c:ac:ec:b1:1f:8a:28:
                    cc:80:c9:95:78:8b:42:df:83:33:84:5e:6a:14:45:
                    fa:b0:5b:4c:12:9c:0d:15:94:96:c8:01:ed:d5:54:
                    5e:21:b3:b1:bf:39:d8:08:82:65:33:73:1f:fa:42:
                    f3:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:FA:91:B3:47:4A:E9:D2:CE:55:F2:B1:AB:BD:D2:E9:57:90:6E:B2
            X509v3 Authority Key Identifier:
                keyid:4D:10:E9:D4:F4:AF:B8:A4:D1:B9:19:EC:85:93:F4:6B:A3:BB:A7:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TRDp1PSvuKTRuRnshZP0a6O7p_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/e3d8b1-101f-40e8-bcd3-155af9d83036/1/c_qRs0dK6dLOVfKxq73S6VeQbrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/e3d8b1-101f-40e8-bcd3-155af9d83036/1/TRDp1PSvuKTRuRnshZP0a6O7p_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:66:0e:46:f2:5e:0d:4a:82:5d:0a:9a:3e:e5:45:84:76:6c:
         d3:b9:67:9f:02:46:a9:4f:b9:60:f6:91:62:4b:cf:4f:9a:ae:
         42:0a:1f:65:ec:05:fa:fc:cd:52:ca:e3:fd:43:9b:76:ae:5a:
         59:7d:27:a7:6b:db:f0:99:27:11:e1:e7:21:3e:8f:04:0b:c9:
         01:45:9a:13:2f:b8:e6:d7:89:54:5a:7a:56:4a:ef:23:2d:c3:
         e6:4f:44:1a:6b:39:54:c7:17:d4:70:f3:ee:43:01:85:93:dc:
         b6:6c:df:d3:ec:98:0d:80:7f:a6:2b:f2:0b:18:67:3e:1e:70:
         82:f3:77:29:f3:46:30:fe:78:38:25:dc:20:92:aa:87:dd:7c:
         20:b0:b8:8d:7a:db:96:bd:f7:95:66:78:52:a5:0d:fe:7e:dc:
         77:44:98:7d:71:fe:86:31:ff:52:20:38:bb:e7:a9:22:4a:ac:
         d0:41:4c:0e:e5:73:cc:d7:96:2a:39:f1:1a:da:88:72:5d:37:
         42:0a:9a:17:a8:4b:64:98:c3:08:76:10:ed:ff:15:93:2a:37:
         39:55:df:94:38:6f:2c:71:76:2f:59:f6:0b:49:3a:de:db:ff:
         dc:ef:80:02:a1:b1:47:1d:51:8f:b8:d8:b9:49:6d:aa:b2:61:
         01:eb:3c:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKk0u+CAMK7rDnKcvwm9RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMTBlOWQ0ZjRhZmI4YTRkMWI5MTllYzg1OTNmNDZiYTNi
YmE3ZjcwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2ZhOTFiMzQ3NGFlOWQyY2U1NWYyYjFhYmJkZDJlOTU3OTA2ZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1PkGHDXGGw2jJRzpHPjojnLJoyF
DolUT9oDa0b9B5vRKBES0pRrES0vybQY6iH6WY65FTTYNZwpRR7gpW9XC4G2FS2B
9xnKPDi45KJHVcQjUO3kzySgz4UyFaW/i+QR5jwlG0pVwu/LztN6gDow0zsw8O1R
x1t/1OAROA2ROuSfPHgChYIsGZEoZUsuDxluG+H8nOdOq6PWd2QnkNUkUnv9k7Gu
hzRvooViPWN7RxaaCzRAQ2AvwHfCDnQzjZwVjNdP6Bu89q+cjmys7LEfiijMgMmV
eItC34MzhF5qFEX6sFtMEpwNFZSWyAHt1VReIbOxvznYCIJlM3Mf+kLzKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHP6kbNHSunSzlXysau90ulXkG6yMB8GA1UdIwQY
MBaAFE0Q6dT0r7ik0bkZ7IWT9Guju6f3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFJEcDFQU3Z1S1RSdVJuc2haUDBhNk83cF9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9lM2Q4YjEtMTAxZi00MGU4LWJjZDMt
MTU1YWY5ZDgzMDM2LzEvY19xUnMwZEs2ZExPVmZLeHE3M1M2VmVRYnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9lM2Q4YjEtMTAxZi00MGU4LWJjZDMtMTU1YWY5ZDgzMDM2
LzEvVFJEcDFQU3Z1S1RSdVJuc2haUDBhNk83cF9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+z8MA0G
CSqGSIb3DQEBCwUAA4IBAQBzZg5G8l4NSoJdCpo+5UWEdmzTuWefAkapT7lg9pFi
S89Pmq5CCh9l7AX6/M1SyuP9Q5t2rlpZfSena9vwmScR4echPo8EC8kBRZoTL7jm
14lUWnpWSu8jLcPmT0QaazlUxxfUcPPuQwGFk9y2bN/T7JgNgH+mK/ILGGc+HnCC
83cp80Yw/ng4JdwgkqqH3XwgsLiNetuWvfeVZnhSpQ3+ftx3RJh9cf6GMf9SIDi7
56kiSqzQQUwO5XPM15YqOfEa2ohyXTdCCpoXqEtkmMMIdhDt/xWTKjc5Vd+UOG8s
cXYvWfYLSTre2//c74ACobFHHVGPuNi5SW2qsmEB6zzJ
-----END CERTIFICATE-----