Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/65SCsGDULNXmsnaaY_HwCpiRDJs.roa
File:                     65SCsGDULNXmsnaaY_HwCpiRDJs.roa (raw, json)
Hash identifier:          BdpbgQGpWh/WB7tfPqtYzLSc4bRtCkrcb4wfalu+zjk=
Subject key identifier:   EB:94:82:B0:60:D4:2C:D5:E6:B2:76:9A:63:F1:F0:0A:98:91:0C:9B
Certificate issuer:       /CN=9a233bbddfe438646f586f085e5df0d79bdfb9fc
Certificate serial:       01941F8C7835AE8A5CE8F758C141FA7868F8
Authority key identifier: 9A:23:3B:BD:DF:E4:38:64:6F:58:6F:08:5E:5D:F0:D7:9B:DF:B9:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/miM7vd_kOGRvWG8IXl3w15vfufw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/65SCsGDULNXmsnaaY_HwCpiRDJs.roa
Signing time:             Wed 01 Jan 2025 01:48:07 +0000
ROA not before:           Wed 01 Jan 2025 01:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202675
IP address blocks:        80.91.60.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/miM7vd_kOGRvWG8IXl3w15vfufw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/miM7vd_kOGRvWG8IXl3w15vfufw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/miM7vd_kOGRvWG8IXl3w15vfufw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:78:35:ae:8a:5c:e8:f7:58:c1:41:fa:78:68:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a233bbddfe438646f586f085e5df0d79bdfb9fc
        Validity
            Not Before: Jan  1 01:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb9482b060d42cd5e6b2769a63f1f00a98910c9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:85:d7:69:ab:6c:a2:22:19:4c:4c:81:ae:16:
                    76:1e:99:19:da:c3:3f:ec:e4:9d:72:c3:57:f6:9e:
                    68:5e:3d:dd:0a:52:b4:94:06:6a:25:e4:73:d7:0f:
                    0e:d1:62:23:db:09:f9:bc:04:b6:82:d9:5b:29:40:
                    63:71:3f:a7:08:91:e6:cf:dc:58:3b:87:7f:74:ae:
                    97:40:6d:1f:3f:e2:c9:d3:b1:ed:4a:d1:81:21:8f:
                    fa:d9:3d:f6:f7:eb:81:18:f7:07:70:90:c2:06:76:
                    ed:de:6e:50:3a:58:cb:b3:eb:fd:be:e3:94:99:6f:
                    79:7c:95:6d:81:d5:21:a0:14:e5:70:e6:8e:d8:ae:
                    44:57:5f:13:8d:a9:2c:9e:42:6d:9b:62:76:5d:5e:
                    2a:d5:7e:92:fc:4f:a1:a6:5e:f8:89:9b:1c:78:62:
                    99:96:a3:59:21:ec:3b:84:12:ab:e6:ae:80:3b:82:
                    8d:ff:ab:51:15:2f:f2:b4:ba:34:00:08:a3:1b:11:
                    b9:9b:55:2d:10:bb:25:2a:06:81:0d:5c:dd:8e:e1:
                    4c:a8:3f:e4:ce:8f:76:c1:57:16:33:59:c6:a8:ef:
                    aa:a2:89:54:07:bd:f0:1c:21:3e:3a:fb:6e:b3:05:
                    f6:0d:06:25:c5:f4:eb:40:f8:bd:fc:96:a4:a2:bb:
                    2d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:94:82:B0:60:D4:2C:D5:E6:B2:76:9A:63:F1:F0:0A:98:91:0C:9B
            X509v3 Authority Key Identifier:
                keyid:9A:23:3B:BD:DF:E4:38:64:6F:58:6F:08:5E:5D:F0:D7:9B:DF:B9:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/miM7vd_kOGRvWG8IXl3w15vfufw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/65SCsGDULNXmsnaaY_HwCpiRDJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/miM7vd_kOGRvWG8IXl3w15vfufw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:fe:4e:98:70:e3:1e:c4:a7:5e:c4:9d:94:54:65:8d:11:c4:
         91:66:8e:f8:68:6d:72:0c:bf:d9:c8:1c:e1:9b:97:a2:87:51:
         44:1d:93:c8:9a:e5:2c:2a:25:2e:e6:0e:4c:33:45:de:c3:f7:
         3d:8d:57:9e:9c:fa:cc:3a:e2:be:eb:48:13:b5:f7:e7:8f:65:
         d3:a2:55:d3:8a:14:01:6e:96:fe:fc:56:d5:9b:23:2c:1a:93:
         8c:f2:ba:ab:da:d2:c0:cb:59:46:1d:55:f5:ce:49:75:4a:bb:
         65:ca:b8:71:ed:4a:63:17:72:53:89:9a:17:b2:1f:f5:ef:70:
         eb:9a:a9:8e:ed:cc:c9:7b:80:ce:ed:4d:8a:ce:23:57:a7:65:
         db:bf:ad:b1:32:6a:2e:79:0e:2b:b9:ea:23:03:bd:61:2f:09:
         5d:4a:b2:1c:d9:4e:05:3e:74:cf:c4:b5:04:3c:01:98:9f:3e:
         21:aa:a8:0b:4c:e7:01:e5:91:d5:62:c1:a2:a1:49:ea:9c:45:
         bc:bd:12:46:75:73:35:a6:74:47:ed:09:92:77:15:b5:e2:42:
         61:42:c0:07:f4:07:8a:5b:1d:7c:15:e0:92:4c:d5:c1:cd:b7:
         93:81:50:f8:04:61:58:7c:c2:b0:9c:fe:c1:42:5a:c4:f3:ec:
         57:04:a0:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjHg1ropc6PdYwUH6eGj4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMjMzYmJkZGZlNDM4NjQ2ZjU4NmYwODVlNWRmMGQ3OWJk
ZmI5ZmMwHhcNMjUwMTAxMDE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjk0ODJiMDYwZDQyY2Q1ZTZiMjc2OWE2M2YxZjAwYTk4OTEwYzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YXXaatsoiIZTEyBrhZ2HpkZ2sM/
7OSdcsNX9p5oXj3dClK0lAZqJeRz1w8O0WIj2wn5vAS2gtlbKUBjcT+nCJHmz9xY
O4d/dK6XQG0fP+LJ07HtStGBIY/62T329+uBGPcHcJDCBnbt3m5QOljLs+v9vuOU
mW95fJVtgdUhoBTlcOaO2K5EV18TjaksnkJtm2J2XV4q1X6S/E+hpl74iZsceGKZ
lqNZIew7hBKr5q6AO4KN/6tRFS/ytLo0AAijGxG5m1UtELslKgaBDVzdjuFMqD/k
zo92wVcWM1nGqO+qoolUB73wHCE+OvtuswX2DQYlxfTrQPi9/JakorstCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuUgrBg1CzV5rJ2mmPx8AqYkQybMB8GA1UdIwQY
MBaAFJojO73f5Dhkb1hvCF5d8Neb37n8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWlNN3ZkX2tPR1J2V0c4SVhsM3cxNXZmdWZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hNTE4OGQtYTBhZC00NTNjLWJhODIt
Mzg3OWJkNzAzOTQ2LzEvNjVTQ3NHRFVMTlhtc25hYVlfSHdDcGlSREpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hNTE4OGQtYTBhZC00NTNjLWJhODItMzg3OWJkNzAzOTQ2
LzEvbWlNN3ZkX2tPR1J2V0c4SVhsM3cxNXZmdWZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFs8MA0G
CSqGSIb3DQEBCwUAA4IBAQAb/k6YcOMexKdexJ2UVGWNEcSRZo74aG1yDL/ZyBzh
m5eih1FEHZPImuUsKiUu5g5MM0Xew/c9jVeenPrMOuK+60gTtffnj2XTolXTihQB
bpb+/FbVmyMsGpOM8rqr2tLAy1lGHVX1zkl1Srtlyrhx7UpjF3JTiZoXsh/173Dr
mqmO7czJe4DO7U2KziNXp2Xbv62xMmoueQ4rueojA71hLwldSrIc2U4FPnTPxLUE
PAGYnz4hqqgLTOcB5ZHVYsGioUnqnEW8vRJGdXM1pnRH7QmSdxW14kJhQsAH9AeK
Wx18FeCSTNXBzbeTgVD4BGFYfMKwnP7BQlrE8+xXBKAG
-----END CERTIFICATE-----