Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Z1ZQR08H4ewbrfjeHEbWgsc3lcE.roa
File:                     Z1ZQR08H4ewbrfjeHEbWgsc3lcE.roa (raw, json)
Hash identifier:          KIzAnt9ls/xXzz8K38qYuJBdznqQEV++2uLw5j5JppQ=
Subject key identifier:   67:56:50:47:4F:07:E1:EC:1B:AD:F8:DE:1C:46:D6:82:C7:37:95:C1
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B94B76F2DCC4365A1B66B53E0DBA98
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Z1ZQR08H4ewbrfjeHEbWgsc3lcE.roa
Signing time:             Mon 01 Jan 2024 20:31:21 +0000
ROA not before:           Mon 01 Jan 2024 20:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48894
IP address blocks:        91.132.94.0/24 maxlen: 24
                          2a03:f80:386::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:4b:76:f2:dc:c4:36:5a:1b:66:b5:3e:0d:ba:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=675650474f07e1ec1badf8de1c46d682c73795c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:fa:a6:61:af:8e:7c:23:2d:4d:dd:69:5a:aa:
                    e1:3a:30:ee:a9:90:e2:0d:b8:8f:87:be:c9:09:d0:
                    fd:ed:44:2a:eb:b9:ab:7e:b3:76:03:9e:bf:dd:01:
                    e7:88:97:0a:b6:ec:1f:84:97:c5:08:46:2a:7c:e5:
                    e1:02:09:51:bc:aa:16:ff:dc:cb:fa:21:25:9c:34:
                    17:5a:e8:fd:b9:28:c1:24:71:94:9d:8e:42:37:ff:
                    eb:38:20:c1:bb:53:89:18:3f:a6:9f:87:79:5a:83:
                    2d:b1:02:54:2f:5c:de:14:c2:81:ca:12:d3:1c:49:
                    84:8c:ca:c8:46:62:48:1f:da:f7:aa:96:7d:d5:d9:
                    67:6c:96:01:58:fc:cd:99:ff:f6:64:46:e2:3e:67:
                    c9:91:a9:4a:a9:26:8d:59:2a:1f:36:03:8f:06:b7:
                    33:3b:76:68:d5:a1:ac:e1:20:98:bf:66:ce:64:4a:
                    aa:78:26:90:2e:c2:48:f4:28:46:3e:31:74:ee:8f:
                    ab:c4:4a:68:00:6d:24:0d:b9:18:f8:5a:e7:09:43:
                    19:84:75:a1:49:c3:a6:6e:d8:48:47:a5:fd:b1:7c:
                    06:84:c8:94:5f:11:d1:bd:21:86:76:c9:8f:db:a5:
                    6d:11:ff:60:58:eb:42:67:12:98:e8:56:f8:c4:54:
                    84:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:56:50:47:4F:07:E1:EC:1B:AD:F8:DE:1C:46:D6:82:C7:37:95:C1
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Z1ZQR08H4ewbrfjeHEbWgsc3lcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.94.0/24
                IPv6:
                  2a03:f80:386::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:06:9e:13:dc:58:85:56:a2:1b:ec:d3:74:a6:75:de:bc:e1:
         9e:05:65:44:bf:cf:3e:e2:cd:9d:43:04:22:ac:ee:77:a9:9a:
         a2:8c:53:03:34:d6:57:c5:62:da:b5:08:44:f2:f6:8b:69:8e:
         05:fb:e6:eb:30:87:df:0b:b1:0c:d4:98:6f:20:30:6b:d1:b3:
         f3:3c:63:ce:0f:52:39:68:ed:02:79:99:3c:2e:07:3f:42:2e:
         29:92:1a:72:a0:ff:d3:35:5f:76:a6:e9:a1:5b:b1:04:09:34:
         26:18:33:0f:d0:e4:93:10:47:06:9d:d7:a5:dc:3b:37:6a:24:
         c6:b2:73:56:ca:56:3d:03:44:e0:99:dd:d0:e3:95:34:36:b4:
         03:12:21:d1:99:20:64:2b:c1:e0:b8:55:f1:61:09:f1:ae:3b:
         5e:a9:62:8e:12:ac:63:70:e8:91:85:07:30:a8:83:9f:6e:34:
         69:f5:0f:92:25:40:33:8d:c4:c8:fc:b2:b5:52:79:94:da:01:
         de:8b:bd:53:16:ef:59:13:3b:f6:f0:59:f9:95:a4:cb:c2:62:
         5b:24:d3:6d:af:02:23:a1:f1:f5:70:4e:6f:84:e2:5e:7e:58:
         2d:0a:fe:b2:83:db:95:73:b9:ae:49:37:3a:6d:10:89:98:2e:
         ae:85:dd:b5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuUt28tzENlobZrU+DbqYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzU2NTA0NzRmMDdlMWVjMWJhZGY4ZGUxYzQ2ZDY4MmM3Mzc5NWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/qmYa+OfCMtTd1pWqrhOjDuqZDi
DbiPh77JCdD97UQq67mrfrN2A56/3QHniJcKtuwfhJfFCEYqfOXhAglRvKoW/9zL
+iElnDQXWuj9uSjBJHGUnY5CN//rOCDBu1OJGD+mn4d5WoMtsQJUL1zeFMKByhLT
HEmEjMrIRmJIH9r3qpZ91dlnbJYBWPzNmf/2ZEbiPmfJkalKqSaNWSofNgOPBrcz
O3Zo1aGs4SCYv2bOZEqqeCaQLsJI9ChGPjF07o+rxEpoAG0kDbkY+FrnCUMZhHWh
ScOmbthIR6X9sXwGhMiUXxHRvSGGdsmP26VtEf9gWOtCZxKY6Fb4xFSEVwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGdWUEdPB+HsG6343hxG1oLHN5XBMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvWjFaUVIwOEg0ZXdicmZqZUhFYldnc2MzbGNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW4ReMA8E
AgACMAkDBwAqAw+AA4YwDQYJKoZIhvcNAQELBQADggEBACMGnhPcWIVWohvs03Sm
dd684Z4FZUS/zz7izZ1DBCKs7nepmqKMUwM01lfFYtq1CETy9otpjgX75uswh98L
sQzUmG8gMGvRs/M8Y84PUjlo7QJ5mTwuBz9CLimSGnKg/9M1X3am6aFbsQQJNCYY
Mw/Q5JMQRwad16XcOzdqJMayc1bKVj0DROCZ3dDjlTQ2tAMSIdGZIGQrweC4VfFh
CfGuO16pYo4SrGNw6JGFBzCog59uNGn1D5IlQDONxMj8srVSeZTaAd6LvVMW71kT
O/bwWfmVpMvCYlsk022vAiOh8fVwTm+E4l5+WC0K/rKD25Vzua5JNzptEImYLq6F
3bU=
-----END CERTIFICATE-----