Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/9cfa5f-5d2d-4be4-a80d-7d0ee2e990f5/1/xIuJQEik8PBUl8DX5u7tm5yZeks.roa
File:                     xIuJQEik8PBUl8DX5u7tm5yZeks.roa (raw, json)
Hash identifier:          xhYvROCZf69CZZGUD7DYgvLIyThHIoWvvLS8Ztd2g0w=
Subject key identifier:   C4:8B:89:40:48:A4:F0:F0:54:97:C0:D7:E6:EE:ED:9B:9C:99:7A:4B
Certificate issuer:       /CN=5c4fc1e4defc471c9fdb7fdadb9895563daf999c
Certificate serial:       018CC64B47A95DC6CCC50DAB9C97AE569EDA
Authority key identifier: 5C:4F:C1:E4:DE:FC:47:1C:9F:DB:7F:DA:DB:98:95:56:3D:AF:99:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XE_B5N78Rxyf23_a25iVVj2vmZw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/9cfa5f-5d2d-4be4-a80d-7d0ee2e990f5/1/xIuJQEik8PBUl8DX5u7tm5yZeks.roa
Signing time:             Mon 01 Jan 2024 18:31:11 +0000
ROA not before:           Mon 01 Jan 2024 18:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44352
IP address blocks:        91.199.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/9cfa5f-5d2d-4be4-a80d-7d0ee2e990f5/1/XE_B5N78Rxyf23_a25iVVj2vmZw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/9cfa5f-5d2d-4be4-a80d-7d0ee2e990f5/1/XE_B5N78Rxyf23_a25iVVj2vmZw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XE_B5N78Rxyf23_a25iVVj2vmZw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:47:a9:5d:c6:cc:c5:0d:ab:9c:97:ae:56:9e:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c4fc1e4defc471c9fdb7fdadb9895563daf999c
        Validity
            Not Before: Jan  1 18:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c48b894048a4f0f05497c0d7e6eeed9b9c997a4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6a:e2:b0:15:db:d6:3d:b1:22:42:20:d8:33:
                    48:d7:d2:3c:43:a7:0a:ff:7c:f1:44:94:6b:65:06:
                    ed:e1:9c:a1:cf:5a:a0:75:40:d4:99:20:9c:20:38:
                    52:cb:31:01:59:a1:f2:9d:c6:ec:36:66:ad:72:80:
                    0d:d3:49:c7:93:03:c2:91:36:e6:7d:b5:60:17:48:
                    d1:8a:2b:2c:c1:35:d8:f9:c4:c3:b5:ad:27:78:41:
                    d3:6d:af:d0:86:ea:8b:f2:5b:ee:ea:3d:33:36:74:
                    db:e1:1e:b3:18:7c:51:1d:b1:2a:bb:a5:17:9e:f5:
                    e2:ab:6d:e9:a5:2a:b6:0f:d9:3b:e1:f9:21:ed:7e:
                    26:1e:58:3a:d2:25:e8:5f:d5:7b:a7:17:9c:a6:bc:
                    19:1b:1e:b5:80:2e:9e:81:6d:b1:34:cf:4d:23:ac:
                    c4:36:01:4b:10:cf:d2:d0:9b:81:63:cb:2d:77:c1:
                    34:5a:a5:4f:95:07:94:1e:79:24:89:71:95:15:dd:
                    03:62:b0:c7:05:4f:bd:88:69:c7:31:9d:b2:38:8c:
                    4d:d9:42:68:c7:8c:5b:4f:81:01:1f:41:7d:d9:f6:
                    79:68:b8:62:2c:41:cd:1a:78:a3:25:70:c9:8c:1a:
                    52:69:e8:89:fa:2b:c2:10:1a:35:c5:f6:53:69:bc:
                    11:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:8B:89:40:48:A4:F0:F0:54:97:C0:D7:E6:EE:ED:9B:9C:99:7A:4B
            X509v3 Authority Key Identifier:
                keyid:5C:4F:C1:E4:DE:FC:47:1C:9F:DB:7F:DA:DB:98:95:56:3D:AF:99:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XE_B5N78Rxyf23_a25iVVj2vmZw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/9cfa5f-5d2d-4be4-a80d-7d0ee2e990f5/1/xIuJQEik8PBUl8DX5u7tm5yZeks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/9cfa5f-5d2d-4be4-a80d-7d0ee2e990f5/1/XE_B5N78Rxyf23_a25iVVj2vmZw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:dd:52:65:50:0c:df:de:34:81:4f:cc:25:56:59:57:44:41:
         78:68:d3:c4:11:04:2b:4c:b4:8a:14:ee:05:a0:61:f3:81:4b:
         b4:74:5c:84:a5:17:ff:bd:eb:d6:b3:7b:1a:15:82:e5:b9:95:
         4a:73:29:57:06:a1:32:e8:cb:ec:a5:db:c1:5a:50:b6:cf:1f:
         ed:c8:fd:9a:cb:e0:16:b2:d0:f6:41:20:cd:a1:cc:76:03:1b:
         47:7d:66:b9:e6:c5:25:d3:52:c1:be:59:8b:55:ca:dc:43:f6:
         25:3f:ea:0a:7d:01:f9:3e:cc:4e:bb:5a:77:7f:f5:29:92:04:
         27:51:44:23:de:a2:d9:61:d0:2f:ee:1a:39:2e:1f:06:ef:5e:
         4c:45:18:d1:bb:f5:53:ab:55:b9:96:08:b4:6d:b9:0e:c3:e7:
         c7:6a:48:34:1f:6f:bc:ed:99:ed:f9:ac:84:5f:b2:a8:10:13:
         e7:78:a4:0a:ce:49:77:f3:47:c6:42:d9:62:74:e0:23:71:f9:
         32:31:cf:57:76:44:2b:1b:1e:d1:f0:6c:57:02:3e:57:5f:a3:
         2a:62:96:70:a7:61:f2:34:d3:a8:db:a4:1f:1e:c0:63:da:9d:
         83:02:40:fe:a4:a7:d8:a8:33:13:a7:1c:c3:f3:4d:3c:ce:24:
         9e:3c:1e:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0epXcbMxQ2rnJeuVp7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNGZjMWU0ZGVmYzQ3MWM5ZmRiN2ZkYWRiOTg5NTU2M2Rh
Zjk5OWMwHhcNMjQwMTAxMTgzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDhiODk0MDQ4YTRmMGYwNTQ5N2MwZDdlNmVlZWQ5YjljOTk3YTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGrisBXb1j2xIkIg2DNI19I8Q6cK
/3zxRJRrZQbt4Zyhz1qgdUDUmSCcIDhSyzEBWaHyncbsNmatcoAN00nHkwPCkTbm
fbVgF0jRiisswTXY+cTDta0neEHTba/QhuqL8lvu6j0zNnTb4R6zGHxRHbEqu6UX
nvXiq23ppSq2D9k74fkh7X4mHlg60iXoX9V7pxecprwZGx61gC6egW2xNM9NI6zE
NgFLEM/S0JuBY8std8E0WqVPlQeUHnkkiXGVFd0DYrDHBU+9iGnHMZ2yOIxN2UJo
x4xbT4EBH0F92fZ5aLhiLEHNGnijJXDJjBpSaeiJ+ivCEBo1xfZTabwRAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSLiUBIpPDwVJfA1+bu7ZucmXpLMB8GA1UdIwQY
MBaAFFxPweTe/Eccn9t/2tuYlVY9r5mcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEVfQjVONzhSeHlmMjNfYTI1aVZWajJ2bVp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy85Y2ZhNWYtNWQyZC00YmU0LWE4MGQt
N2QwZWUyZTk5MGY1LzEveEl1SlFFaWs4UEJVbDhEWDV1N3RtNXlaZWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy85Y2ZhNWYtNWQyZC00YmU0LWE4MGQtN2QwZWUyZTk5MGY1
LzEvWEVfQjVONzhSeHlmMjNfYTI1aVZWajJ2bVp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ddMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ3VJlUAzf3jSBT8wlVllXREF4aNPEEQQrTLSKFO4F
oGHzgUu0dFyEpRf/vevWs3saFYLluZVKcylXBqEy6MvspdvBWlC2zx/tyP2ay+AW
stD2QSDNocx2AxtHfWa55sUl01LBvlmLVcrcQ/YlP+oKfQH5PsxOu1p3f/UpkgQn
UUQj3qLZYdAv7ho5Lh8G715MRRjRu/VTq1W5lgi0bbkOw+fHakg0H2+87Znt+ayE
X7KoEBPneKQKzkl380fGQtlidOAjcfkyMc9XdkQrGx7R8GxXAj5XX6MqYpZwp2Hy
NNOo26QfHsBj2p2DAkD+pKfYqDMTpxzD8008ziSePB7q
-----END CERTIFICATE-----