Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/060969-5caf-418f-8c25-acb2723a5076/1/uHoigP0uwEi4w4oZeuaGNxjkhjQ.roa
File:                     uHoigP0uwEi4w4oZeuaGNxjkhjQ.roa (raw, json)
Hash identifier:          waa9qBBgKSn3fvH7bNQyG1YbGXN1zTYK+ylqgYieCF4=
Subject key identifier:   B8:7A:22:80:FD:2E:C0:48:B8:C3:8A:19:7A:E6:86:37:18:E4:86:34
Certificate issuer:       /CN=c69668f347c55add77ac517e9331dde7fc3556a6
Certificate serial:       018CC56E506FFB1E5D710A269F96C23A9951
Authority key identifier: C6:96:68:F3:47:C5:5A:DD:77:AC:51:7E:93:31:DD:E7:FC:35:56:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xpZo80fFWt13rFF-kzHd5_w1VqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/060969-5caf-418f-8c25-acb2723a5076/1/uHoigP0uwEi4w4oZeuaGNxjkhjQ.roa
Signing time:             Mon 01 Jan 2024 14:29:50 +0000
ROA not before:           Mon 01 Jan 2024 14:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206907
IP address blocks:        91.224.68.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/060969-5caf-418f-8c25-acb2723a5076/1/xpZo80fFWt13rFF-kzHd5_w1VqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/060969-5caf-418f-8c25-acb2723a5076/1/xpZo80fFWt13rFF-kzHd5_w1VqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xpZo80fFWt13rFF-kzHd5_w1VqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:50:6f:fb:1e:5d:71:0a:26:9f:96:c2:3a:99:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c69668f347c55add77ac517e9331dde7fc3556a6
        Validity
            Not Before: Jan  1 14:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b87a2280fd2ec048b8c38a197ae6863718e48634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:84:06:f5:f7:e7:1e:a7:84:a8:47:a9:08:69:
                    f3:a0:96:2c:c0:4d:05:b5:db:3d:8c:66:c0:a4:7c:
                    09:6f:04:b8:87:ee:7e:f9:d2:a0:7a:25:e4:3d:d9:
                    99:f1:c6:9f:67:56:9e:ca:22:93:c4:39:79:b4:60:
                    30:8f:9c:e9:36:9e:83:fa:8a:40:ef:92:01:02:eb:
                    7a:a5:1d:ec:9a:ba:3d:d0:d0:ff:42:15:c2:cf:f9:
                    46:5a:6a:12:9b:a2:3e:f8:0b:bb:78:1e:8e:4b:f5:
                    eb:a2:d9:5a:9b:1c:d8:c4:34:fa:81:98:37:71:7b:
                    88:10:8b:8f:c8:6e:03:fb:17:da:39:d6:97:3b:c3:
                    65:d7:d8:aa:2b:a4:a8:4c:58:70:65:25:f6:f1:32:
                    e5:54:de:77:5c:38:07:7d:26:d5:f8:e2:63:83:8e:
                    07:4e:84:60:2e:4e:16:13:4f:a4:04:9f:fc:b7:b2:
                    88:28:b9:2e:dc:31:32:9c:63:87:29:02:b7:33:c7:
                    0e:5c:6f:5a:b2:d5:43:5b:2e:b9:22:67:63:11:d7:
                    da:5c:6c:ca:81:b5:5a:dd:d2:c8:01:15:6d:f4:5b:
                    d6:6a:7d:ce:84:c3:a6:5c:16:b3:6e:b5:51:7e:63:
                    fe:20:d6:ea:ce:cf:c6:7d:1e:8a:44:36:43:df:5b:
                    dc:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:7A:22:80:FD:2E:C0:48:B8:C3:8A:19:7A:E6:86:37:18:E4:86:34
            X509v3 Authority Key Identifier:
                keyid:C6:96:68:F3:47:C5:5A:DD:77:AC:51:7E:93:31:DD:E7:FC:35:56:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xpZo80fFWt13rFF-kzHd5_w1VqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/060969-5caf-418f-8c25-acb2723a5076/1/uHoigP0uwEi4w4oZeuaGNxjkhjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/060969-5caf-418f-8c25-acb2723a5076/1/xpZo80fFWt13rFF-kzHd5_w1VqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:40:a0:dd:50:44:a9:5d:ba:96:5f:3a:ce:c2:8b:3f:30:b8:
         6a:6c:1b:5a:f3:d2:a7:31:d7:c9:4a:ed:03:26:47:b9:63:96:
         3d:b4:d0:5f:a1:a3:c6:12:77:ac:ea:96:1a:be:b4:73:80:cc:
         d0:8b:8a:fa:80:d9:be:0b:28:d8:95:38:14:b2:ea:cf:0f:7c:
         c4:54:01:86:80:9e:f1:7d:03:0c:60:a6:2f:f7:47:38:5c:a6:
         94:9a:2e:f6:c2:c6:9e:c1:a9:7e:fd:07:f1:34:71:e6:48:7a:
         fd:d4:e0:2f:fd:72:24:d2:3a:46:d8:4e:46:b0:91:b3:82:55:
         72:0c:7d:12:07:cf:fa:8f:bb:a0:d2:84:e6:8c:44:c8:25:4e:
         94:32:79:bd:bc:da:40:7a:0b:34:8a:2f:cc:c5:a2:68:b2:6f:
         9b:f4:f3:f5:0c:bc:94:02:4d:d6:cd:5c:89:20:3e:e1:11:3d:
         86:43:01:a9:77:de:97:16:15:f3:47:67:cf:63:2f:b3:5b:a3:
         ec:2e:d6:60:50:6a:d2:42:d5:cb:5e:b4:9e:fd:36:5d:07:5f:
         8c:c6:2f:48:7d:58:24:3b:78:2f:b6:14:c2:7d:96:a4:35:3c:
         9c:e2:8c:d9:d6:34:dd:8d:79:5e:af:2a:c4:db:fd:bb:eb:19:
         a4:4a:54:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFblBv+x5dcQomn5bCOplRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2OTY2OGYzNDdjNTVhZGQ3N2FjNTE3ZTkzMzFkZGU3ZmMz
NTU2YTYwHhcNMjQwMTAxMTQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODdhMjI4MGZkMmVjMDQ4YjhjMzhhMTk3YWU2ODYzNzE4ZTQ4NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIQG9ffnHqeEqEepCGnzoJYswE0F
tds9jGbApHwJbwS4h+5++dKgeiXkPdmZ8cafZ1aeyiKTxDl5tGAwj5zpNp6D+opA
75IBAut6pR3smro90ND/QhXCz/lGWmoSm6I++Au7eB6OS/XrotlamxzYxDT6gZg3
cXuIEIuPyG4D+xfaOdaXO8Nl19iqK6SoTFhwZSX28TLlVN53XDgHfSbV+OJjg44H
ToRgLk4WE0+kBJ/8t7KIKLku3DEynGOHKQK3M8cOXG9astVDWy65ImdjEdfaXGzK
gbVa3dLIARVt9FvWan3OhMOmXBazbrVRfmP+INbqzs/GfR6KRDZD31vciQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLh6IoD9LsBIuMOKGXrmhjcY5IY0MB8GA1UdIwQY
MBaAFMaWaPNHxVrdd6xRfpMx3ef8NVamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHBabzgwZkZXdDEzckZGLWt6SGQ1X3cxVnFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8wNjA5NjktNWNhZi00MThmLThjMjUt
YWNiMjcyM2E1MDc2LzEvdUhvaWdQMHV3RWk0dzRvWmV1YUdOeGpraGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8wNjA5NjktNWNhZi00MThmLThjMjUtYWNiMjcyM2E1MDc2
LzEveHBabzgwZkZXdDEzckZGLWt6SGQ1X3cxVnFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+BEMA0G
CSqGSIb3DQEBCwUAA4IBAQB1QKDdUESpXbqWXzrOwos/MLhqbBta89KnMdfJSu0D
Jke5Y5Y9tNBfoaPGEnes6pYavrRzgMzQi4r6gNm+CyjYlTgUsurPD3zEVAGGgJ7x
fQMMYKYv90c4XKaUmi72wsaewal+/QfxNHHmSHr91OAv/XIk0jpG2E5GsJGzglVy
DH0SB8/6j7ug0oTmjETIJU6UMnm9vNpAegs0ii/MxaJosm+b9PP1DLyUAk3WzVyJ
ID7hET2GQwGpd96XFhXzR2fPYy+zW6PsLtZgUGrSQtXLXrSe/TZdB1+Mxi9IfVgk
O3gvthTCfZakNTyc4ozZ1jTdjXleryrE2/276xmkSlRU
-----END CERTIFICATE-----