Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/5pg_93qnaR-AYjTKJ9nzmq2APJw.roa
File:                     5pg_93qnaR-AYjTKJ9nzmq2APJw.roa (raw, json)
Hash identifier:          PQACg8S509/7L2Da5K8T8zd9h+wkXSAplu6/AuHlw6g=
Subject key identifier:   E6:98:3F:F7:7A:A7:69:1F:80:62:34:CA:27:D9:F3:9A:AD:80:3C:9C
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       018CC86F338D7B3606C127A63C98DA303B18
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/5pg_93qnaR-AYjTKJ9nzmq2APJw.roa
Signing time:             Tue 02 Jan 2024 04:29:40 +0000
ROA not before:           Tue 02 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3223
IP address blocks:        91.221.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:33:8d:7b:36:06:c1:27:a6:3c:98:da:30:3b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6983ff77aa7691f806234ca27d9f39aad803c9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:58:06:b6:ae:e4:d5:79:40:15:f4:e3:a8:12:
                    76:93:c5:9c:bc:42:c5:58:4c:78:38:e5:0f:5d:75:
                    4d:d8:60:a4:c4:c8:89:df:8b:bc:43:2f:6a:8b:c2:
                    2b:de:a2:df:61:e1:c1:de:a8:fc:17:c4:93:87:a8:
                    20:ea:b7:2a:91:8c:c5:26:5a:7e:29:92:6b:9d:08:
                    42:4b:e9:c2:c8:0b:39:90:86:31:82:06:cf:74:d0:
                    53:69:5b:9f:12:07:d7:a5:df:a4:7c:6d:36:77:21:
                    b3:4d:67:49:70:f2:11:40:2e:61:a8:dc:7e:7a:f6:
                    39:5b:7b:e9:6a:05:97:fa:54:98:97:fe:91:d1:48:
                    1d:72:a6:c8:21:88:2f:b1:46:55:59:c0:c5:1a:e0:
                    f5:4f:e3:38:59:ed:38:24:2b:3a:54:42:58:8d:fd:
                    5e:fc:00:ea:88:8c:1e:c4:11:92:68:c4:8f:e6:91:
                    a1:e0:02:a5:ec:b2:08:65:60:9a:dd:2c:fb:0c:0c:
                    39:63:b0:8b:f3:f4:5b:57:72:47:b5:33:10:a9:b7:
                    52:32:7d:bc:33:f7:82:8c:8b:f4:5a:ff:ea:29:2f:
                    c7:59:25:98:22:18:86:8f:19:d8:d2:36:71:c4:cc:
                    90:90:cf:fc:c3:55:b6:6d:4e:c3:76:0b:df:88:23:
                    6e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:98:3F:F7:7A:A7:69:1F:80:62:34:CA:27:D9:F3:9A:AD:80:3C:9C
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/5pg_93qnaR-AYjTKJ9nzmq2APJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:4a:45:93:ac:4f:a8:8e:69:a1:46:c7:13:9b:c2:fa:fe:a4:
         4f:48:62:0b:73:99:2d:fa:a8:86:af:64:34:1d:65:2c:10:da:
         3a:b4:2b:24:c1:a6:43:02:3b:20:cd:94:cf:d6:bf:7a:4f:7f:
         23:5f:79:c1:be:13:4a:84:77:30:da:e1:c7:d3:c8:f3:8f:87:
         77:1b:92:8f:1d:6d:08:88:f5:b3:55:b1:b5:80:24:a0:32:ee:
         08:cb:51:f5:d8:06:07:d3:2b:d3:8a:1d:fa:51:66:57:16:b5:
         4f:3f:b1:74:bf:b0:d2:ea:29:15:26:11:e9:24:45:f6:0b:71:
         fe:20:e6:e5:26:c1:f7:88:d2:55:34:56:8f:75:f5:4a:16:9d:
         41:f6:00:c4:e9:ea:bc:84:6c:a5:2d:63:40:13:8f:06:ac:38:
         aa:cc:cd:c6:d5:00:c3:86:3e:9f:38:ec:bf:a5:0d:80:49:c7:
         44:1b:5b:92:12:b8:28:e4:23:d8:77:f6:ee:79:3a:ba:e0:49:
         a9:f0:49:02:6b:71:b9:69:08:62:f6:e6:55:c7:e2:93:b3:aa:
         4e:70:0d:ab:03:2a:5a:71:c2:1d:53:c5:34:2c:cb:b9:70:10:
         a5:3d:11:82:33:07:19:55:00:a3:67:60:5a:b3:bb:5d:ab:5b:
         d2:29:56:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzONezYGwSemPJjaMDsYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwMTAyMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjk4M2ZmNzdhYTc2OTFmODA2MjM0Y2EyN2Q5ZjM5YWFkODAzYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1gGtq7k1XlAFfTjqBJ2k8WcvELF
WEx4OOUPXXVN2GCkxMiJ34u8Qy9qi8Ir3qLfYeHB3qj8F8STh6gg6rcqkYzFJlp+
KZJrnQhCS+nCyAs5kIYxggbPdNBTaVufEgfXpd+kfG02dyGzTWdJcPIRQC5hqNx+
evY5W3vpagWX+lSYl/6R0UgdcqbIIYgvsUZVWcDFGuD1T+M4We04JCs6VEJYjf1e
/ADqiIwexBGSaMSP5pGh4AKl7LIIZWCa3Sz7DAw5Y7CL8/RbV3JHtTMQqbdSMn28
M/eCjIv0Wv/qKS/HWSWYIhiGjxnY0jZxxMyQkM/8w1W2bU7DdgvfiCNufQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaYP/d6p2kfgGI0yifZ85qtgDycMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvNXBnXzkzcW5hUi1BWWpUS0o5bnptcTJBUEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW910MA0G
CSqGSIb3DQEBCwUAA4IBAQAhSkWTrE+ojmmhRscTm8L6/qRPSGILc5kt+qiGr2Q0
HWUsENo6tCskwaZDAjsgzZTP1r96T38jX3nBvhNKhHcw2uHH08jzj4d3G5KPHW0I
iPWzVbG1gCSgMu4Iy1H12AYH0yvTih36UWZXFrVPP7F0v7DS6ikVJhHpJEX2C3H+
IOblJsH3iNJVNFaPdfVKFp1B9gDE6eq8hGylLWNAE48GrDiqzM3G1QDDhj6fOOy/
pQ2AScdEG1uSErgo5CPYd/bueTq64Emp8EkCa3G5aQhi9uZVx+KTs6pOcA2rAypa
ccIdU8U0LMu5cBClPRGCMwcZVQCjZ2Bas7tdq1vSKVa5
-----END CERTIFICATE-----