Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/8bbfac-0780-4bbd-bca2-34a14a2bb401/1/Il_-mS2h5g2nqr5-CBlUmRVV8IU.roa
File:                     Il_-mS2h5g2nqr5-CBlUmRVV8IU.roa (raw, json)
Hash identifier:          0f+jPHZgjfNHT/ukKaqcxpJDOKAo2AGMTvpOcCD4Tek=
Subject key identifier:   22:5F:FE:99:2D:A1:E6:0D:A7:AA:BE:7E:08:19:54:99:15:55:F0:85
Certificate issuer:       /CN=f28fa1a2e4491891c19b0f10b086f655984f5879
Certificate serial:       018CC6B809EE30FAF0893511B5DD2C66F3FB
Authority key identifier: F2:8F:A1:A2:E4:49:18:91:C1:9B:0F:10:B0:86:F6:55:98:4F:58:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8o-houRJGJHBmw8QsIb2VZhPWHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/8bbfac-0780-4bbd-bca2-34a14a2bb401/1/Il_-mS2h5g2nqr5-CBlUmRVV8IU.roa
Signing time:             Mon 01 Jan 2024 20:29:59 +0000
ROA not before:           Mon 01 Jan 2024 20:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57813
IP address blocks:        91.235.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/8bbfac-0780-4bbd-bca2-34a14a2bb401/1/8o-houRJGJHBmw8QsIb2VZhPWHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/8bbfac-0780-4bbd-bca2-34a14a2bb401/1/8o-houRJGJHBmw8QsIb2VZhPWHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8o-houRJGJHBmw8QsIb2VZhPWHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:09:ee:30:fa:f0:89:35:11:b5:dd:2c:66:f3:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f28fa1a2e4491891c19b0f10b086f655984f5879
        Validity
            Not Before: Jan  1 20:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=225ffe992da1e60da7aabe7e081954991555f085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f7:2d:9c:00:96:c3:a6:e7:24:15:35:64:b2:
                    83:cc:dd:a8:e3:e5:b7:69:be:bf:b9:cc:57:39:b2:
                    fa:b7:57:e8:07:e3:96:6f:61:c9:23:e1:c0:f5:92:
                    a2:20:88:e0:ca:9d:3b:2a:79:04:78:5b:7d:cc:61:
                    7c:83:df:a7:82:5d:dd:a4:16:55:57:2e:39:ed:ee:
                    16:92:e7:74:95:9b:03:64:e0:1d:6b:4a:d8:7e:c6:
                    0d:ab:69:f6:66:e4:ee:25:4a:61:f7:eb:55:ac:53:
                    09:f5:f1:e8:ea:64:af:7c:2f:78:73:f3:cb:99:b8:
                    88:56:ed:d9:f6:8d:bc:af:93:f6:67:b3:86:20:50:
                    2a:ca:ee:c2:3f:50:41:e6:cf:b1:d0:37:87:47:60:
                    21:2b:7f:58:46:ba:6d:c5:c3:ff:36:3f:03:e4:47:
                    5e:4f:73:a4:b9:23:d4:ee:3b:d9:db:ed:45:90:3c:
                    2a:87:22:5f:33:20:5d:72:01:7f:b2:8f:34:06:b0:
                    5e:3a:49:c0:8b:24:51:b2:01:3b:ec:a6:a3:b1:10:
                    29:0c:7a:d4:e0:04:3d:70:30:b5:c6:3c:3f:86:d5:
                    77:70:e0:ed:c3:4a:1f:c4:b4:1e:b9:92:53:1c:9e:
                    73:b3:c4:47:01:c5:58:1c:44:8e:a7:ae:ce:85:f0:
                    c2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:5F:FE:99:2D:A1:E6:0D:A7:AA:BE:7E:08:19:54:99:15:55:F0:85
            X509v3 Authority Key Identifier:
                keyid:F2:8F:A1:A2:E4:49:18:91:C1:9B:0F:10:B0:86:F6:55:98:4F:58:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8o-houRJGJHBmw8QsIb2VZhPWHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/8bbfac-0780-4bbd-bca2-34a14a2bb401/1/Il_-mS2h5g2nqr5-CBlUmRVV8IU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/8bbfac-0780-4bbd-bca2-34a14a2bb401/1/8o-houRJGJHBmw8QsIb2VZhPWHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:25:f0:86:ae:b5:26:cc:13:64:43:78:4a:e7:d8:52:85:1b:
         fe:7c:44:3b:53:8b:91:ef:4d:01:c9:91:fd:c5:20:e1:a5:1f:
         8b:07:24:71:c9:52:8b:a0:31:1f:d2:47:f9:7e:e6:41:90:76:
         04:db:0e:eb:91:f4:0b:04:49:31:de:0b:e5:8c:4f:06:40:62:
         94:85:91:10:e5:95:08:47:08:83:45:c4:b4:24:29:40:a7:d9:
         84:39:9d:81:69:08:6e:ff:59:bf:13:85:db:c2:c6:c5:45:eb:
         b4:2a:b3:54:fd:5f:2f:7c:0c:59:0b:9c:34:b3:58:98:b3:2c:
         ae:65:d1:0b:a1:9b:b2:97:d0:40:b4:7e:b4:f2:9e:78:c1:65:
         22:f8:ab:af:be:82:dd:d8:cb:79:90:b0:2a:32:58:42:f8:82:
         e3:7f:fe:71:07:1f:2c:d6:6a:a2:5c:65:8e:b2:aa:a9:95:1b:
         3a:7c:18:ca:55:61:09:79:c8:4e:87:f8:e3:4c:79:e2:31:4f:
         ce:6e:b8:51:d9:b4:77:c0:5a:47:b5:3e:51:a1:20:7f:b8:a3:
         dd:3c:48:c0:01:8e:71:1c:71:c0:e8:51:cd:23:c3:cf:62:ab:
         7e:7c:0f:90:70:48:a0:b5:58:52:20:29:e0:3c:e4:2d:a5:9f:
         64:a9:83:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuAnuMPrwiTURtd0sZvP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyOGZhMWEyZTQ0OTE4OTFjMTliMGYxMGIwODZmNjU1OTg0
ZjU4NzkwHhcNMjQwMTAxMjAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjVmZmU5OTJkYTFlNjBkYTdhYWJlN2UwODE5NTQ5OTE1NTVmMDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPctnACWw6bnJBU1ZLKDzN2o4+W3
ab6/ucxXObL6t1foB+OWb2HJI+HA9ZKiIIjgyp07KnkEeFt9zGF8g9+ngl3dpBZV
Vy457e4Wkud0lZsDZOAda0rYfsYNq2n2ZuTuJUph9+tVrFMJ9fHo6mSvfC94c/PL
mbiIVu3Z9o28r5P2Z7OGIFAqyu7CP1BB5s+x0DeHR2AhK39YRrptxcP/Nj8D5Ede
T3OkuSPU7jvZ2+1FkDwqhyJfMyBdcgF/so80BrBeOknAiyRRsgE77KajsRApDHrU
4AQ9cDC1xjw/htV3cODtw0ofxLQeuZJTHJ5zs8RHAcVYHESOp67OhfDClwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJf/pktoeYNp6q+fggZVJkVVfCFMB8GA1UdIwQY
MBaAFPKPoaLkSRiRwZsPELCG9lWYT1h5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG8taG91UkpHSkhCbXc4UXNJYjJWWmhQV0hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC84YmJmYWMtMDc4MC00YmJkLWJjYTIt
MzRhMTRhMmJiNDAxLzEvSWxfLW1TMmg1ZzJucXI1LUNCbFVtUlZWOElVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC84YmJmYWMtMDc4MC00YmJkLWJjYTItMzRhMTRhMmJiNDAx
LzEvOG8taG91UkpHSkhCbXc4UXNJYjJWWmhQV0hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+ukMA0G
CSqGSIb3DQEBCwUAA4IBAQCEJfCGrrUmzBNkQ3hK59hShRv+fEQ7U4uR700ByZH9
xSDhpR+LByRxyVKLoDEf0kf5fuZBkHYE2w7rkfQLBEkx3gvljE8GQGKUhZEQ5ZUI
RwiDRcS0JClAp9mEOZ2BaQhu/1m/E4XbwsbFReu0KrNU/V8vfAxZC5w0s1iYsyyu
ZdELoZuyl9BAtH608p54wWUi+KuvvoLd2Mt5kLAqMlhC+ILjf/5xBx8s1mqiXGWO
sqqplRs6fBjKVWEJechOh/jjTHniMU/ObrhR2bR3wFpHtT5RoSB/uKPdPEjAAY5x
HHHA6FHNI8PPYqt+fA+QcEigtVhSICngPOQtpZ9kqYPy
-----END CERTIFICATE-----