Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/Y9WU5eLb-WVBuLODRiz8dxLv78Q.roa
File:                     Y9WU5eLb-WVBuLODRiz8dxLv78Q.roa (raw, json)
Hash identifier:          7qtF0k7/spNavOvG/5OU8CAoW7dvaBD+UdFCSHiE+9I=
Subject key identifier:   63:D5:94:E5:E2:DB:F9:65:41:B8:B3:83:46:2C:FC:77:12:EF:EF:C4
Certificate issuer:       /CN=6703f258d47becc2cb4b4fc572b229b2e64b6b92
Certificate serial:       018CC2DB104C85FA113D06C55F40E35A950F
Authority key identifier: 67:03:F2:58:D4:7B:EC:C2:CB:4B:4F:C5:72:B2:29:B2:E6:4B:6B:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZwPyWNR77MLLS0_FcrIpsuZLa5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/Y9WU5eLb-WVBuLODRiz8dxLv78Q.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        91.245.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/ZwPyWNR77MLLS0_FcrIpsuZLa5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/ZwPyWNR77MLLS0_FcrIpsuZLa5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZwPyWNR77MLLS0_FcrIpsuZLa5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 10:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:10:4c:85:fa:11:3d:06:c5:5f:40:e3:5a:95:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6703f258d47becc2cb4b4fc572b229b2e64b6b92
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63d594e5e2dbf96541b8b383462cfc7712efefc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:da:52:72:e0:8f:d0:d6:17:66:5b:3f:9f:b1:
                    94:e6:89:b7:11:e9:8f:ed:17:f2:35:23:9a:6a:22:
                    ba:f6:19:fb:c6:f3:62:c7:2f:aa:d6:eb:1f:1a:eb:
                    9d:41:e5:8c:ca:44:68:73:f5:48:2b:c1:05:65:2e:
                    bb:3e:ee:99:c2:89:6c:51:c3:8c:cb:6a:ce:38:44:
                    c3:7b:03:e1:39:92:da:85:14:7f:fa:e9:aa:ed:9a:
                    fe:6f:5e:0e:e0:c1:d9:71:3d:15:9f:65:0e:3c:d6:
                    4a:5f:a5:91:78:3e:af:95:28:13:6a:0c:fb:71:d6:
                    66:45:9b:3d:7d:e2:ca:23:d7:98:69:e1:ab:e0:d3:
                    55:e7:8a:0e:4c:c8:c8:d8:36:a5:77:c2:1a:6a:1b:
                    e2:ee:db:77:7f:a8:ce:36:16:6c:f6:b4:b8:e7:9b:
                    fd:7e:df:9f:98:a9:bf:e7:5e:98:eb:da:65:f8:e0:
                    68:06:04:a7:0a:a1:b9:0d:96:c4:c5:de:ab:72:ce:
                    76:9e:14:58:af:1b:92:3c:97:86:5c:32:fa:ed:0d:
                    b0:89:2f:9c:a9:02:ba:8a:de:eb:f3:aa:8b:a2:c7:
                    7d:00:bf:9e:b3:43:f0:69:75:9a:cd:23:9a:8e:0f:
                    33:fe:20:77:c6:89:b3:7f:a8:e2:ec:4a:60:f4:b1:
                    af:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D5:94:E5:E2:DB:F9:65:41:B8:B3:83:46:2C:FC:77:12:EF:EF:C4
            X509v3 Authority Key Identifier:
                keyid:67:03:F2:58:D4:7B:EC:C2:CB:4B:4F:C5:72:B2:29:B2:E6:4B:6B:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZwPyWNR77MLLS0_FcrIpsuZLa5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/Y9WU5eLb-WVBuLODRiz8dxLv78Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/ZwPyWNR77MLLS0_FcrIpsuZLa5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:f5:0b:3c:f6:e4:24:61:d1:82:97:65:a1:22:88:f9:33:12:
         e7:d2:b1:4a:a5:a1:8f:64:e8:ee:e0:92:fc:09:2a:51:55:d4:
         2b:50:ee:7f:78:e8:46:33:0f:55:15:eb:36:26:42:21:c8:05:
         41:a9:82:3a:c7:7e:d6:7d:d2:8d:53:3f:c2:d4:e0:5a:50:45:
         46:36:2a:47:48:fb:06:d2:f2:6f:8c:a9:f2:3a:46:3c:33:db:
         c0:21:80:9b:e6:73:f1:74:52:b3:05:ef:b8:14:fe:cb:74:91:
         e3:4a:9b:58:93:4c:c6:b6:33:b3:6c:49:4e:50:d1:84:6b:b6:
         5d:f7:e8:0f:e8:ed:2d:49:a3:67:09:b3:f4:f4:49:39:c5:03:
         d1:7c:f6:9c:aa:71:96:f5:9a:88:4e:8a:3f:09:19:fd:18:e0:
         28:24:b7:ca:0f:d3:03:a2:9b:e5:98:40:5c:28:07:a1:9a:80:
         6f:de:83:40:73:12:07:ff:50:90:e5:de:06:9f:9a:80:dd:97:
         e0:0b:d9:17:a6:50:2d:8f:5d:85:03:46:fe:03:70:00:5d:3f:
         21:ce:a6:47:86:1d:3a:f1:75:ef:4f:ed:af:21:a3:1f:50:d9:
         bb:26:cd:46:25:d6:14:db:62:29:f8:8a:25:a7:ab:3a:b5:5a:
         2c:2e:73:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xBMhfoRPQbFX0DjWpUPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MDNmMjU4ZDQ3YmVjYzJjYjRiNGZjNTcyYjIyOWIyZTY0
YjZiOTIwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2Q1OTRlNWUyZGJmOTY1NDFiOGIzODM0NjJjZmM3NzEyZWZlZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktpScuCP0NYXZls/n7GU5om3EemP
7RfyNSOaaiK69hn7xvNixy+q1usfGuudQeWMykRoc/VIK8EFZS67Pu6ZwolsUcOM
y2rOOETDewPhOZLahRR/+umq7Zr+b14O4MHZcT0Vn2UOPNZKX6WReD6vlSgTagz7
cdZmRZs9feLKI9eYaeGr4NNV54oOTMjI2Dald8Iaahvi7tt3f6jONhZs9rS455v9
ft+fmKm/516Y69pl+OBoBgSnCqG5DZbExd6rcs52nhRYrxuSPJeGXDL67Q2wiS+c
qQK6it7r86qLosd9AL+es0PwaXWazSOajg8z/iB3xomzf6ji7Epg9LGvQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPVlOXi2/llQbizg0Ys/HcS7+/EMB8GA1UdIwQY
MBaAFGcD8ljUe+zCy0tPxXKyKbLmS2uSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWndQeVdOUjc3TUxMUzBfRmNySXBzdVpMYTVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8yYTA3Y2ItZjZjMC00OWJhLWE3ZDEt
MWIwMTQ1MzM0N2RhLzEvWTlXVTVlTGItV1ZCdUxPRFJpejhkeEx2NzhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8yYTA3Y2ItZjZjMC00OWJhLWE3ZDEtMWIwMTQ1MzM0N2Rh
LzEvWndQeVdOUjc3TUxMUzBfRmNySXBzdVpMYTVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/XaMA0G
CSqGSIb3DQEBCwUAA4IBAQAG9Qs89uQkYdGCl2WhIoj5MxLn0rFKpaGPZOju4JL8
CSpRVdQrUO5/eOhGMw9VFes2JkIhyAVBqYI6x37WfdKNUz/C1OBaUEVGNipHSPsG
0vJvjKnyOkY8M9vAIYCb5nPxdFKzBe+4FP7LdJHjSptYk0zGtjOzbElOUNGEa7Zd
9+gP6O0tSaNnCbP09Ek5xQPRfPacqnGW9ZqIToo/CRn9GOAoJLfKD9MDopvlmEBc
KAehmoBv3oNAcxIH/1CQ5d4Gn5qA3ZfgC9kXplAtj12FA0b+A3AAXT8hzqZHhh06
8XXvT+2vIaMfUNm7Js1GJdYU22Ip+Iolp6s6tVosLnPE
-----END CERTIFICATE-----