Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/c9h9BIhGqxMzesNTcWaJ6J0bwrs.roa
File:                     c9h9BIhGqxMzesNTcWaJ6J0bwrs.roa (raw, json)
Hash identifier:          zTufh34at76hXxd+wxbbEBZTIX34u4D9JNNUYZhvz+Q=
Subject key identifier:   73:D8:7D:04:88:46:AB:13:33:7A:C3:53:71:66:89:E8:9D:1B:C2:BB
Certificate issuer:       /CN=85db83a8365a604476f282d24d327ad1ef0fde52
Certificate serial:       018CC793593D3A11C334B48C2BCDC87F9700
Authority key identifier: 85:DB:83:A8:36:5A:60:44:76:F2:82:D2:4D:32:7A:D1:EF:0F:DE:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hduDqDZaYER28oLSTTJ60e8P3lI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/c9h9BIhGqxMzesNTcWaJ6J0bwrs.roa
Signing time:             Tue 02 Jan 2024 00:29:31 +0000
ROA not before:           Tue 02 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41153
IP address blocks:        91.215.4.0/22 maxlen: 24
                          194.140.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/hduDqDZaYER28oLSTTJ60e8P3lI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/hduDqDZaYER28oLSTTJ60e8P3lI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hduDqDZaYER28oLSTTJ60e8P3lI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:59:3d:3a:11:c3:34:b4:8c:2b:cd:c8:7f:97:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85db83a8365a604476f282d24d327ad1ef0fde52
        Validity
            Not Before: Jan  2 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73d87d048846ab13337ac353716689e89d1bc2bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2f:37:d8:f9:fc:27:15:36:72:08:de:7b:ff:
                    a0:b5:d9:66:d5:2c:35:b9:45:15:4e:93:bb:ec:07:
                    00:91:58:5e:52:39:77:7f:77:b9:8c:a0:75:ec:13:
                    77:75:7e:6e:e6:6c:92:da:21:80:ad:19:72:42:e6:
                    70:71:92:f6:fb:8a:c5:fa:9e:68:a4:46:00:11:96:
                    78:54:17:56:bd:0a:ce:1b:b0:94:38:d1:24:1b:5c:
                    0d:87:3b:4e:87:bd:6a:d3:b7:e9:51:bd:bd:c8:9c:
                    bb:c7:73:1f:f7:c3:3e:bb:dc:ce:e4:0b:aa:b9:12:
                    83:fe:69:c2:9b:ed:d0:58:4d:70:2f:a4:e3:1b:67:
                    c6:21:5e:0d:87:54:c2:77:2d:2f:0c:f5:df:89:3a:
                    68:58:de:e4:b7:d0:91:85:aa:55:04:e6:07:1c:4a:
                    75:d7:a3:8d:60:03:7c:cd:08:47:a0:62:55:6b:11:
                    57:8e:1d:0b:43:78:6f:21:cd:ea:3d:8b:0b:b8:d7:
                    f4:11:a6:88:9d:c2:ff:bb:bc:43:1d:a0:57:2d:60:
                    59:41:4c:42:9a:91:35:57:44:7b:31:41:09:42:c2:
                    e0:bf:f7:48:40:b1:49:c1:30:c1:29:85:08:2a:54:
                    38:5d:41:5e:a6:c7:43:6d:e0:40:05:5b:d5:e4:6b:
                    f1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:D8:7D:04:88:46:AB:13:33:7A:C3:53:71:66:89:E8:9D:1B:C2:BB
            X509v3 Authority Key Identifier:
                keyid:85:DB:83:A8:36:5A:60:44:76:F2:82:D2:4D:32:7A:D1:EF:0F:DE:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hduDqDZaYER28oLSTTJ60e8P3lI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/c9h9BIhGqxMzesNTcWaJ6J0bwrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/hduDqDZaYER28oLSTTJ60e8P3lI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.4.0/22
                  194.140.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:68:be:b0:da:e2:0b:bd:35:e8:7c:52:f3:7c:b0:05:7d:28:
         0e:4a:ad:8e:75:fa:55:2e:bb:58:9a:bf:f0:e5:82:03:27:2b:
         b2:20:be:36:35:b5:f3:dc:76:01:60:0e:1e:9b:28:8e:dc:78:
         f2:75:cd:2a:f1:6f:5f:5f:c2:0a:4d:ec:6f:3c:a2:76:f8:3e:
         d8:f4:ab:19:4a:65:5b:fb:80:84:8e:28:25:53:96:35:ca:29:
         92:2c:f0:7d:3d:93:34:80:9e:60:9c:73:8f:29:7b:82:e3:8a:
         8f:83:35:cd:a7:35:40:44:44:70:ee:20:a4:34:26:73:e7:fc:
         90:e0:f8:50:85:47:f2:0d:cb:48:71:b8:51:03:69:a2:cf:5e:
         32:d5:40:83:39:f4:43:d8:cf:8a:c1:8f:ad:90:07:b2:9b:e7:
         fc:68:42:b6:2e:43:b5:07:e0:8b:51:e2:d1:f6:ec:11:43:ed:
         53:10:d6:00:a4:f0:3b:d4:f2:2e:92:48:5b:c5:31:fb:9d:c8:
         3f:85:36:be:c4:dd:56:ee:e6:69:c5:85:bb:f0:1b:51:95:b1:
         87:76:e8:45:3d:31:44:06:d2:7b:fa:08:98:d6:39:e1:b2:26:
         c4:c1:65:8d:04:ae:31:14:40:9b:0d:06:c2:df:da:2b:43:50:
         ba:dc:f0:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk1k9OhHDNLSMK83If5cAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZGI4M2E4MzY1YTYwNDQ3NmYyODJkMjRkMzI3YWQxZWYw
ZmRlNTIwHhcNMjQwMTAyMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2Q4N2QwNDg4NDZhYjEzMzM3YWMzNTM3MTY2ODllODlkMWJjMmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuC832Pn8JxU2cgjee/+gtdlm1Sw1
uUUVTpO77AcAkVheUjl3f3e5jKB17BN3dX5u5myS2iGArRlyQuZwcZL2+4rF+p5o
pEYAEZZ4VBdWvQrOG7CUONEkG1wNhztOh71q07fpUb29yJy7x3Mf98M+u9zO5Auq
uRKD/mnCm+3QWE1wL6TjG2fGIV4Nh1TCdy0vDPXfiTpoWN7kt9CRhapVBOYHHEp1
16ONYAN8zQhHoGJVaxFXjh0LQ3hvIc3qPYsLuNf0EaaIncL/u7xDHaBXLWBZQUxC
mpE1V0R7MUEJQsLgv/dIQLFJwTDBKYUIKlQ4XUFepsdDbeBABVvV5GvxxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHPYfQSIRqsTM3rDU3FmieidG8K7MB8GA1UdIwQY
MBaAFIXbg6g2WmBEdvKC0k0yetHvD95SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGR1RHFEWmFZRVIyOG9MU1RUSjYwZThQM2xJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8yYzhmMDgtZTU5OS00NGYzLWJiYzEt
OGNiZWY5MTNlMzQyLzEvYzloOUJJaEdxeE16ZXNOVGNXYUo2SjBid3JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8yYzhmMDgtZTU5OS00NGYzLWJiYzEtOGNiZWY5MTNlMzQy
LzEvaGR1RHFEWmFZRVIyOG9MU1RUSjYwZThQM2xJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW9cEAwQA
woz2MA0GCSqGSIb3DQEBCwUAA4IBAQCBaL6w2uILvTXofFLzfLAFfSgOSq2OdfpV
LrtYmr/w5YIDJyuyIL42NbXz3HYBYA4emyiO3Hjydc0q8W9fX8IKTexvPKJ2+D7Y
9KsZSmVb+4CEjiglU5Y1yimSLPB9PZM0gJ5gnHOPKXuC44qPgzXNpzVARERw7iCk
NCZz5/yQ4PhQhUfyDctIcbhRA2miz14y1UCDOfRD2M+KwY+tkAeym+f8aEK2LkO1
B+CLUeLR9uwRQ+1TENYApPA71PIukkhbxTH7ncg/hTa+xN1W7uZpxYW78BtRlbGH
duhFPTFEBtJ7+giY1jnhsibEwWWNBK4xFECbDQbC39orQ1C63PA4
-----END CERTIFICATE-----