Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/R0YJl09TDcfd96Zynya53vkq-8o.roa
File:                     R0YJl09TDcfd96Zynya53vkq-8o.roa (raw, json)
Hash identifier:          NRrCtnFDbBIgWbjic825UjeT21nxx5cpe8lbgYZRRmU=
Subject key identifier:   47:46:09:97:4F:53:0D:C7:DD:F7:A6:72:9F:26:B9:DE:F9:2A:FB:CA
Certificate issuer:       /CN=52e41f4806ce48fc398842381f2ffbe04b294818
Certificate serial:       018D460A586B79B85E650546EEF5C0B436F7
Authority key identifier: 52:E4:1F:48:06:CE:48:FC:39:88:42:38:1F:2F:FB:E0:4B:29:48:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UuQfSAbOSPw5iEI4Hy_74EspSBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/R0YJl09TDcfd96Zynya53vkq-8o.roa
Signing time:             Fri 26 Jan 2024 13:51:39 +0000
ROA not before:           Fri 26 Jan 2024 13:51:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205299
IP address blocks:        91.226.198.0/23 maxlen: 23
                          91.226.198.0/24 maxlen: 24
                          91.226.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/UuQfSAbOSPw5iEI4Hy_74EspSBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/UuQfSAbOSPw5iEI4Hy_74EspSBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UuQfSAbOSPw5iEI4Hy_74EspSBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:46:0a:58:6b:79:b8:5e:65:05:46:ee:f5:c0:b4:36:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52e41f4806ce48fc398842381f2ffbe04b294818
        Validity
            Not Before: Jan 26 13:51:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=474609974f530dc7ddf7a6729f26b9def92afbca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bc:40:c6:d8:fe:ea:e7:b3:cb:cd:0f:38:f3:
                    da:26:6f:f4:29:30:d4:82:a8:7f:45:d6:91:4c:72:
                    ca:a3:e7:ce:cb:7e:e0:27:e6:34:2f:d1:81:f9:a5:
                    96:9f:5f:77:e3:ab:39:21:7a:77:b7:38:5f:21:18:
                    ca:3b:4b:28:0b:a5:e9:de:ef:0d:17:d6:86:5a:fa:
                    cb:2e:f3:6a:06:d1:5f:4c:78:ce:62:9a:15:ba:ac:
                    05:ab:3b:c4:f6:cb:d0:15:bd:41:60:77:d0:63:5f:
                    ba:e0:c1:9f:6d:5c:6f:b1:1d:62:d9:85:f6:be:01:
                    53:7e:db:df:ba:60:2a:5b:2e:73:32:89:90:5e:67:
                    c0:5c:91:51:3a:79:35:fd:48:41:cb:5d:b7:5e:7d:
                    af:28:40:f9:af:0e:61:95:a1:63:89:44:f1:1d:e2:
                    e7:6f:34:28:3f:7a:97:99:3c:b7:eb:14:42:5f:9d:
                    3c:c5:ef:b5:3d:94:73:4f:33:ff:e0:89:ff:5b:e3:
                    c8:82:c1:4c:34:7d:cc:3c:e1:cd:51:d2:fd:62:ec:
                    52:50:96:32:0a:e1:33:b3:02:09:28:f8:eb:ef:e5:
                    32:6d:dd:09:51:3e:d1:c7:a9:8e:2f:ff:21:73:6b:
                    d9:7b:20:ed:b2:14:6f:2f:4f:d4:ad:af:ed:21:d8:
                    d2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:46:09:97:4F:53:0D:C7:DD:F7:A6:72:9F:26:B9:DE:F9:2A:FB:CA
            X509v3 Authority Key Identifier:
                keyid:52:E4:1F:48:06:CE:48:FC:39:88:42:38:1F:2F:FB:E0:4B:29:48:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UuQfSAbOSPw5iEI4Hy_74EspSBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/R0YJl09TDcfd96Zynya53vkq-8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/UuQfSAbOSPw5iEI4Hy_74EspSBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:59:04:f1:a6:f0:1b:3c:c1:67:a3:b9:c6:9d:1a:29:f8:3d:
         8e:a5:49:6e:43:10:d6:15:01:c8:78:f0:26:f5:95:e8:0d:ad:
         07:56:29:cf:2d:cc:07:16:8c:d6:28:c5:a8:e5:0f:88:61:4e:
         6e:8b:14:75:2a:41:e2:3b:81:bb:96:32:0a:83:22:5c:09:36:
         df:9e:d8:fe:c8:67:a9:43:cf:eb:1f:db:28:34:90:c8:99:90:
         db:41:0f:55:f9:4d:57:79:fb:8a:fd:f5:e8:dc:5c:9d:05:7a:
         0b:6d:e2:6d:25:20:bf:05:0e:ae:f5:dc:21:db:01:fe:22:e8:
         97:ec:60:fa:1b:e4:d9:61:22:c9:d4:f9:20:05:4c:01:22:76:
         a6:ff:ec:2e:33:5e:28:eb:05:4b:75:fe:20:13:ac:b0:d9:30:
         c5:a4:2f:c6:cc:76:0d:76:a8:b7:e8:d5:9b:c1:ad:32:a0:5b:
         2d:ca:43:b1:d7:0f:92:b3:63:71:5b:14:30:68:b2:f8:dc:f6:
         5e:16:97:8c:6c:0c:2a:a8:19:91:d8:84:1b:a1:15:b7:cc:36:
         46:09:b5:70:26:d7:5b:7e:b5:c1:54:c7:a5:35:32:ed:96:92:
         50:99:0b:db:6e:d1:f2:c5:dd:e1:d2:43:48:d0:2a:4a:ae:47:
         67:42:7f:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1GClhrebheZQVG7vXAtDb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZTQxZjQ4MDZjZTQ4ZmMzOTg4NDIzODFmMmZmYmUwNGIy
OTQ4MTgwHhcNMjQwMTI2MTM1MTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQ2MDk5NzRmNTMwZGM3ZGRmN2E2NzI5ZjI2YjlkZWY5MmFmYmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrxAxtj+6uezy80POPPaJm/0KTDU
gqh/RdaRTHLKo+fOy37gJ+Y0L9GB+aWWn19346s5IXp3tzhfIRjKO0soC6Xp3u8N
F9aGWvrLLvNqBtFfTHjOYpoVuqwFqzvE9svQFb1BYHfQY1+64MGfbVxvsR1i2YX2
vgFTftvfumAqWy5zMomQXmfAXJFROnk1/UhBy123Xn2vKED5rw5hlaFjiUTxHeLn
bzQoP3qXmTy36xRCX508xe+1PZRzTzP/4In/W+PIgsFMNH3MPOHNUdL9YuxSUJYy
CuEzswIJKPjr7+Uybd0JUT7Rx6mOL/8hc2vZeyDtshRvL0/Ura/tIdjStQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdGCZdPUw3H3femcp8mud75KvvKMB8GA1UdIwQY
MBaAFFLkH0gGzkj8OYhCOB8v++BLKUgYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXVRZlNBYk9TUHc1aUVJNEh5Xzc0RXNwU0JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wNDA4ZjctNzZhMi00OWM3LWEwMjIt
ZGViNDRiODY5ZDE5LzEvUjBZSmwwOVREY2ZkOTZaeW55YTUzdmtxLThvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wNDA4ZjctNzZhMi00OWM3LWEwMjItZGViNDRiODY5ZDE5
LzEvVXVRZlNBYk9TUHc1aUVJNEh5Xzc0RXNwU0JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+LGMA0G
CSqGSIb3DQEBCwUAA4IBAQBSWQTxpvAbPMFno7nGnRop+D2OpUluQxDWFQHIePAm
9ZXoDa0HVinPLcwHFozWKMWo5Q+IYU5uixR1KkHiO4G7ljIKgyJcCTbfntj+yGep
Q8/rH9soNJDImZDbQQ9V+U1XefuK/fXo3FydBXoLbeJtJSC/BQ6u9dwh2wH+IuiX
7GD6G+TZYSLJ1PkgBUwBInam/+wuM14o6wVLdf4gE6yw2TDFpC/GzHYNdqi36NWb
wa0yoFstykOx1w+Ss2NxWxQwaLL43PZeFpeMbAwqqBmR2IQboRW3zDZGCbVwJtdb
frXBVMelNTLtlpJQmQvbbtHyxd3h0kNI0CpKrkdnQn+l
-----END CERTIFICATE-----