Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/19f9d7-4438-4d61-be77-c2eadd5ef3f1/1/AkA-U0BuZ7bpI1_DEHmgDF8y5eg.roa
File:                     AkA-U0BuZ7bpI1_DEHmgDF8y5eg.roa (raw, json)
Hash identifier:          5qrYruXDcHbNoH/db/b2qUDXoP7QNbyebwqXq+ApLVc=
Subject key identifier:   02:40:3E:53:40:6E:67:B6:E9:23:5F:C3:10:79:A0:0C:5F:32:E5:E8
Certificate issuer:       /CN=c9d5b129e06f9524685e700102841f72d6915c33
Certificate serial:       0193017406B8374BE1A16DD5AC4A4CD87EA8
Authority key identifier: C9:D5:B1:29:E0:6F:95:24:68:5E:70:01:02:84:1F:72:D6:91:5C:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydWxKeBvlSRoXnABAoQfctaRXDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/19f9d7-4438-4d61-be77-c2eadd5ef3f1/1/AkA-U0BuZ7bpI1_DEHmgDF8y5eg.roa
Signing time:             Wed 06 Nov 2024 12:30:01 +0000
ROA not before:           Wed 06 Nov 2024 12:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39944
IP address blocks:        91.212.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/19f9d7-4438-4d61-be77-c2eadd5ef3f1/1/ydWxKeBvlSRoXnABAoQfctaRXDM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/19f9d7-4438-4d61-be77-c2eadd5ef3f1/1/ydWxKeBvlSRoXnABAoQfctaRXDM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydWxKeBvlSRoXnABAoQfctaRXDM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:01:74:06:b8:37:4b:e1:a1:6d:d5:ac:4a:4c:d8:7e:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d5b129e06f9524685e700102841f72d6915c33
        Validity
            Not Before: Nov  6 12:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02403e53406e67b6e9235fc31079a00c5f32e5e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:76:80:b3:fc:96:ae:dc:d5:41:11:e6:c3:eb:
                    a5:bb:07:98:24:2e:b6:31:14:7e:a2:8a:16:10:5e:
                    23:38:d6:6e:a2:19:36:a3:49:d1:76:1b:7b:7a:ed:
                    e7:f5:ab:df:0d:68:9c:0f:c7:df:e6:3d:0c:6c:e6:
                    c3:34:e5:ae:2c:2f:73:26:7c:80:ce:05:94:b3:96:
                    b9:d9:7f:29:cd:87:6b:28:5b:b9:3a:c6:ba:c4:ad:
                    a7:d9:f2:b1:f6:60:de:cc:95:98:e6:9d:e9:69:6f:
                    b6:e5:d2:e0:d3:68:2c:5c:bd:52:cd:38:16:c3:56:
                    a1:32:12:5d:60:8e:a9:a5:b8:d4:fa:9e:93:94:e3:
                    bc:8f:dd:30:31:c4:f3:6d:0f:f6:79:72:80:a0:34:
                    8e:01:97:44:17:34:f8:64:08:d9:50:fc:20:82:bc:
                    d1:67:c5:b8:05:f7:df:4f:a6:fd:61:db:ba:52:44:
                    7c:15:a6:50:f7:47:72:c0:fb:28:c2:a2:ad:24:95:
                    33:56:cd:42:8d:49:84:44:05:3c:25:54:ea:fd:8c:
                    f0:35:c6:11:24:38:18:1d:00:5d:b2:85:ec:7e:83:
                    21:7d:46:c0:b2:5a:94:0f:c8:bb:9c:45:2c:7e:69:
                    1d:68:86:ff:35:c3:cc:cc:6e:bb:84:dd:52:43:4c:
                    3a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:40:3E:53:40:6E:67:B6:E9:23:5F:C3:10:79:A0:0C:5F:32:E5:E8
            X509v3 Authority Key Identifier:
                keyid:C9:D5:B1:29:E0:6F:95:24:68:5E:70:01:02:84:1F:72:D6:91:5C:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydWxKeBvlSRoXnABAoQfctaRXDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/19f9d7-4438-4d61-be77-c2eadd5ef3f1/1/AkA-U0BuZ7bpI1_DEHmgDF8y5eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/19f9d7-4438-4d61-be77-c2eadd5ef3f1/1/ydWxKeBvlSRoXnABAoQfctaRXDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:05:33:f1:60:e1:c4:61:00:7b:b0:c3:4c:a6:17:35:3a:56:
         77:98:60:2d:f8:28:0a:39:16:26:49:fe:ba:c8:3d:f6:40:99:
         68:65:7f:82:19:6c:1e:b1:25:6f:ba:64:5f:02:1d:7a:07:c7:
         ba:dd:f7:28:97:0d:98:6e:e6:54:54:70:5b:c7:0a:83:1b:fb:
         56:b3:a4:69:e9:eb:d9:08:c9:73:00:09:f3:31:42:02:a3:bb:
         e0:d3:01:cc:29:7b:47:76:fb:b5:05:fa:2b:c1:2e:fb:c5:08:
         86:09:fa:ed:7e:73:03:7e:84:69:17:67:e1:c6:d1:44:65:1a:
         9e:f7:5f:b3:cb:b4:5a:c4:db:51:fb:d5:d0:98:d2:c1:52:83:
         23:58:2e:bb:e5:a6:2a:6e:64:2d:95:45:41:fe:0b:1f:ce:57:
         15:84:73:da:1c:f9:46:fd:68:82:a6:dc:b7:f7:19:8c:b4:db:
         0a:80:86:a2:39:9c:22:9c:c9:b9:70:f5:06:0f:20:9a:57:05:
         23:78:ee:b2:34:4b:f0:29:8f:71:40:94:e0:6d:8a:a7:a6:5a:
         cf:58:14:f2:b7:6f:04:76:f6:49:ce:13:99:da:c6:b0:88:39:
         a8:02:0b:f5:11:3c:7f:59:77:61:f2:b7:8e:31:c6:94:26:f4:
         9a:91:e1:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMBdAa4N0vhoW3VrEpM2H6oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDViMTI5ZTA2Zjk1MjQ2ODVlNzAwMTAyODQxZjcyZDY5
MTVjMzMwHhcNMjQxMTA2MTIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjQwM2U1MzQwNmU2N2I2ZTkyMzVmYzMxMDc5YTAwYzVmMzJlNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXaAs/yWrtzVQRHmw+uluweYJC62
MRR+oooWEF4jONZuohk2o0nRdht7eu3n9avfDWicD8ff5j0MbObDNOWuLC9zJnyA
zgWUs5a52X8pzYdrKFu5Osa6xK2n2fKx9mDezJWY5p3paW+25dLg02gsXL1SzTgW
w1ahMhJdYI6ppbjU+p6TlOO8j90wMcTzbQ/2eXKAoDSOAZdEFzT4ZAjZUPwggrzR
Z8W4BfffT6b9Ydu6UkR8FaZQ90dywPsowqKtJJUzVs1CjUmERAU8JVTq/YzwNcYR
JDgYHQBdsoXsfoMhfUbAslqUD8i7nEUsfmkdaIb/NcPMzG67hN1SQ0w69QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJAPlNAbme26SNfwxB5oAxfMuXoMB8GA1UdIwQY
MBaAFMnVsSngb5UkaF5wAQKEH3LWkVwzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRXeEtlQnZsU1JvWG5BQkFvUWZjdGFSWERNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8xOWY5ZDctNDQzOC00ZDYxLWJlNzct
YzJlYWRkNWVmM2YxLzEvQWtBLVUwQnVaN2JwSTFfREVIbWdERjh5NWVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8xOWY5ZDctNDQzOC00ZDYxLWJlNzctYzJlYWRkNWVmM2Yx
LzEveWRXeEtlQnZsU1JvWG5BQkFvUWZjdGFSWERNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9RPMA0G
CSqGSIb3DQEBCwUAA4IBAQCbBTPxYOHEYQB7sMNMphc1OlZ3mGAt+CgKORYmSf66
yD32QJloZX+CGWwesSVvumRfAh16B8e63fcolw2YbuZUVHBbxwqDG/tWs6Rp6evZ
CMlzAAnzMUICo7vg0wHMKXtHdvu1BforwS77xQiGCfrtfnMDfoRpF2fhxtFEZRqe
91+zy7RaxNtR+9XQmNLBUoMjWC675aYqbmQtlUVB/gsfzlcVhHPaHPlG/WiCpty3
9xmMtNsKgIaiOZwinMm5cPUGDyCaVwUjeO6yNEvwKY9xQJTgbYqnplrPWBTyt28E
dvZJzhOZ2sawiDmoAgv1ETx/WXdh8reOMcaUJvSakeGd
-----END CERTIFICATE-----