Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/pymiyXLERZ3rhE_K8lt829hpdwA.roa
File:                     pymiyXLERZ3rhE_K8lt829hpdwA.roa (raw, json)
Hash identifier:          r7583XuVcGpH+1Gy1ZUKq1txm317tJ1Ks5KrRC74ALY=
Subject key identifier:   A7:29:A2:C9:72:C4:45:9D:EB:84:4F:CA:F2:5B:7C:DB:D8:69:77:00
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018CCA29C622DFD227AE6E953302FA9F5990
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/pymiyXLERZ3rhE_K8lt829hpdwA.roa
Signing time:             Tue 02 Jan 2024 12:33:04 +0000
ROA not before:           Tue 02 Jan 2024 12:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137951
IP address blocks:        213.176.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:03:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:c6:22:df:d2:27:ae:6e:95:33:02:fa:9f:59:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 12:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a729a2c972c4459deb844fcaf25b7cdbd8697700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:34:3c:8d:18:32:f6:14:33:f4:5b:3e:c1:44:
                    1e:21:07:aa:ad:6e:79:ad:43:ec:f3:45:6e:c9:7d:
                    e4:5d:77:03:29:88:72:cc:7b:c1:1b:dd:52:2d:7c:
                    1e:33:bf:87:7b:78:8b:47:ab:32:42:21:b3:5c:17:
                    5c:bd:30:bb:8e:46:46:b9:19:0a:14:07:01:44:cc:
                    9a:77:5a:5f:bb:34:df:f2:77:b7:22:ca:2d:fa:86:
                    63:aa:47:5f:1c:ad:fa:16:0d:52:c5:d2:ad:7a:e2:
                    de:e5:72:b0:0c:4d:98:74:26:10:34:89:9f:c0:31:
                    18:49:7a:aa:a1:c8:c4:19:8b:b7:2a:c5:c0:dd:2f:
                    0f:60:ab:98:db:9f:c5:10:97:40:53:d9:cb:fe:72:
                    05:2a:90:7d:c0:0b:5a:5b:30:96:d3:75:6f:fd:84:
                    3a:d2:ff:6d:b1:cc:63:03:04:47:3a:37:38:9d:ea:
                    c9:fa:5c:4a:dc:f4:52:b0:b3:16:28:3c:06:9f:2b:
                    fa:b7:44:ae:8b:d7:2a:7a:f3:b4:1f:31:2e:36:37:
                    54:2c:5b:0d:a0:5b:25:b7:5b:e2:a7:1b:aa:78:c1:
                    6c:13:eb:c1:8f:c5:84:ea:be:be:db:21:8a:4e:69:
                    bf:7e:bd:15:08:ec:8f:ef:64:8b:fd:33:80:21:7b:
                    7d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:29:A2:C9:72:C4:45:9D:EB:84:4F:CA:F2:5B:7C:DB:D8:69:77:00
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/pymiyXLERZ3rhE_K8lt829hpdwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:7e:c8:50:bb:42:79:a8:28:9b:c4:9c:d3:59:75:43:cd:43:
         ba:d1:9c:f7:0d:83:3d:51:6f:76:49:da:b2:37:47:c9:b8:a0:
         4c:8d:80:63:15:66:e4:03:5f:41:ac:6f:9c:f8:0e:0a:e2:b4:
         35:58:e4:51:8d:39:2c:4a:44:09:e0:75:d3:8e:3e:47:e1:b4:
         b8:f3:8a:15:23:27:8e:bc:ce:e8:57:70:64:e9:e5:5f:6b:a8:
         35:95:69:43:a7:5b:80:dc:0f:dc:9b:a1:a3:72:94:00:66:94:
         0b:fd:ff:82:bb:e9:30:9d:fe:c0:c8:bc:58:73:6e:d5:4a:bb:
         74:0c:97:e1:ba:4b:c8:63:b3:23:d0:98:f8:a8:e4:4a:f7:e6:
         b8:91:84:d7:fa:b8:c7:29:bd:e9:e4:e1:c5:08:d1:87:5c:d8:
         72:bb:5e:04:d7:17:a9:e5:fc:1a:51:f6:7b:58:2b:75:ea:68:
         b8:cd:31:a8:d2:89:84:2c:f8:f0:41:a3:57:30:12:f0:27:d5:
         76:43:23:96:28:7e:c3:b8:5d:2d:7c:3e:10:41:44:5d:af:f5:
         12:fd:d7:56:3d:63:56:e0:c0:b1:1f:b2:b0:28:9d:46:81:8d:
         f1:18:e8:29:4e:8e:a3:44:fc:ae:22:87:8b:45:17:77:34:e7:
         4e:46:75:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKcYi39Inrm6VMwL6n1mQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwMTAyMTIzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzI5YTJjOTcyYzQ0NTlkZWI4NDRmY2FmMjViN2NkYmQ4Njk3NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzQ8jRgy9hQz9Fs+wUQeIQeqrW55
rUPs80VuyX3kXXcDKYhyzHvBG91SLXweM7+He3iLR6syQiGzXBdcvTC7jkZGuRkK
FAcBRMyad1pfuzTf8ne3Isot+oZjqkdfHK36Fg1SxdKteuLe5XKwDE2YdCYQNImf
wDEYSXqqocjEGYu3KsXA3S8PYKuY25/FEJdAU9nL/nIFKpB9wAtaWzCW03Vv/YQ6
0v9tscxjAwRHOjc4nerJ+lxK3PRSsLMWKDwGnyv6t0Sui9cqevO0HzEuNjdULFsN
oFslt1vipxuqeMFsE+vBj8WE6r6+2yGKTmm/fr0VCOyP72SL/TOAIXt9JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcposlyxEWd64RPyvJbfNvYaXcAMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvcHltaXlYTEVSWjNyaEVfSzhsdDgyOWhwZHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bBbMA0G
CSqGSIb3DQEBCwUAA4IBAQAxfshQu0J5qCibxJzTWXVDzUO60Zz3DYM9UW92Sdqy
N0fJuKBMjYBjFWbkA19BrG+c+A4K4rQ1WORRjTksSkQJ4HXTjj5H4bS484oVIyeO
vM7oV3Bk6eVfa6g1lWlDp1uA3A/cm6GjcpQAZpQL/f+Cu+kwnf7AyLxYc27VSrt0
DJfhukvIY7Mj0Jj4qORK9+a4kYTX+rjHKb3p5OHFCNGHXNhyu14E1xep5fwaUfZ7
WCt16mi4zTGo0omELPjwQaNXMBLwJ9V2QyOWKH7DuF0tfD4QQURdr/US/ddWPWNW
4MCxH7KwKJ1GgY3xGOgpTo6jRPyuIoeLRRd3NOdORnWm
-----END CERTIFICATE-----