Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/yEEz9RomBl9KOtnBpPAv69xhYo4.roa
File:                     yEEz9RomBl9KOtnBpPAv69xhYo4.roa (raw, json)
Hash identifier:          FzxNeuev1ifWcvDAWPB0Q8PrLmfQQt0ET0Cbf3DSc4E=
Subject key identifier:   C8:41:33:F5:1A:26:06:5F:4A:3A:D9:C1:A4:F0:2F:EB:DC:61:62:8E
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       01933F191A63A87901C0737F56EC421F1780
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/yEEz9RomBl9KOtnBpPAv69xhYo4.roa
Signing time:             Mon 18 Nov 2024 11:47:09 +0000
ROA not before:           Mon 18 Nov 2024 11:47:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214003
IP address blocks:        45.91.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3f:19:1a:63:a8:79:01:c0:73:7f:56:ec:42:1f:17:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Nov 18 11:47:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c84133f51a26065f4a3ad9c1a4f02febdc61628e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:5c:97:31:0c:60:8b:9f:f8:88:c5:90:61:5e:
                    68:6e:31:d5:6c:17:a2:a3:b2:7a:4d:cd:32:d7:f8:
                    0d:16:27:75:03:0c:2d:84:73:1f:22:6c:fa:81:c8:
                    d1:f7:65:ce:9b:76:dc:56:d4:3f:a6:18:7d:4f:1e:
                    d9:d3:e5:90:8b:77:07:fe:da:7d:be:1b:f1:eb:d6:
                    93:c5:b2:3e:bc:fd:c9:59:b2:58:4e:af:f8:a0:10:
                    12:a7:30:e7:53:7b:1d:ac:5c:7c:04:9e:78:0e:e2:
                    03:68:14:f8:7a:90:d0:8b:f7:26:4f:6e:be:85:11:
                    a6:54:c9:62:40:18:8e:d1:63:b3:41:16:be:32:dc:
                    d9:c3:90:07:c1:e8:14:08:9c:b2:99:b8:43:04:e2:
                    85:cc:5e:54:1a:ea:67:15:56:dc:f2:3b:70:07:4a:
                    7b:64:77:a9:4d:6f:c5:cf:83:74:6d:1b:c3:76:2a:
                    c5:04:cb:07:6d:3c:cb:be:66:dc:69:7c:99:a1:55:
                    a7:82:6f:8b:98:56:48:e4:23:62:44:4b:a8:f8:6e:
                    87:2d:05:42:85:6a:77:3d:54:53:16:f1:03:11:a3:
                    dc:2c:18:c0:5a:f0:d9:0e:89:ca:7c:d2:31:d3:62:
                    60:cc:3f:c2:d8:f4:53:15:d4:e4:ed:1e:ae:e7:f0:
                    78:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:41:33:F5:1A:26:06:5F:4A:3A:D9:C1:A4:F0:2F:EB:DC:61:62:8E
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/yEEz9RomBl9KOtnBpPAv69xhYo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b9:4c:d4:ae:67:3f:5a:0b:d2:58:a6:06:cd:10:3f:0e:f8:
         f6:16:3f:3d:ad:ed:32:18:55:96:40:a6:ca:33:46:f8:b2:3c:
         3c:15:4b:01:d1:a0:39:90:67:61:7e:11:64:74:62:a3:83:8c:
         25:f2:df:41:6e:1f:82:3e:44:25:74:b8:fb:1b:22:40:c1:48:
         29:c2:b2:59:3b:3a:a9:46:3d:b1:84:a6:2c:1c:0d:6c:8f:01:
         04:4a:23:d8:c5:a3:f7:3a:eb:fd:0e:64:11:56:f5:25:bd:20:
         c6:34:99:af:37:b4:60:51:9b:fa:e8:64:89:53:23:a2:af:13:
         b2:ed:99:ef:83:2c:69:64:40:5b:1b:e3:a5:5d:aa:0a:0d:27:
         d4:63:b1:4f:b9:a0:1a:7f:43:40:9c:63:93:a2:b7:e3:0c:70:
         24:55:26:7c:bb:c7:9a:43:fe:e8:ca:b4:2a:0d:a7:4f:d3:85:
         35:17:d1:db:9a:91:0b:8d:3c:b9:1e:9c:07:e6:3f:fd:0e:2b:
         cb:90:7b:d5:db:a6:ca:10:74:1d:36:01:70:7f:d7:bc:f3:5a:
         92:d7:db:98:07:84:35:2b:db:74:07:d3:1d:1c:15:75:0c:2b:
         63:67:20:4c:84:25:20:6f:da:21:8e:bf:95:75:96:47:fd:54:
         1d:ce:0d:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM/GRpjqHkBwHN/VuxCHxeAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQxMTE4MTE0NzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODQxMzNmNTFhMjYwNjVmNGEzYWQ5YzFhNGYwMmZlYmRjNjE2MjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFyXMQxgi5/4iMWQYV5objHVbBei
o7J6Tc0y1/gNFid1AwwthHMfImz6gcjR92XOm3bcVtQ/phh9Tx7Z0+WQi3cH/tp9
vhvx69aTxbI+vP3JWbJYTq/4oBASpzDnU3sdrFx8BJ54DuIDaBT4epDQi/cmT26+
hRGmVMliQBiO0WOzQRa+MtzZw5AHwegUCJyymbhDBOKFzF5UGupnFVbc8jtwB0p7
ZHepTW/Fz4N0bRvDdirFBMsHbTzLvmbcaXyZoVWngm+LmFZI5CNiREuo+G6HLQVC
hWp3PVRTFvEDEaPcLBjAWvDZDonKfNIx02JgzD/C2PRTFdTk7R6u5/B4MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhBM/UaJgZfSjrZwaTwL+vcYWKOMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEveUVFejlSb21CbDlLT3RuQnBQQXY2OXhoWW80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVvgMA0G
CSqGSIb3DQEBCwUAA4IBAQAzuUzUrmc/WgvSWKYGzRA/Dvj2Fj89re0yGFWWQKbK
M0b4sjw8FUsB0aA5kGdhfhFkdGKjg4wl8t9Bbh+CPkQldLj7GyJAwUgpwrJZOzqp
Rj2xhKYsHA1sjwEESiPYxaP3Ouv9DmQRVvUlvSDGNJmvN7RgUZv66GSJUyOirxOy
7ZnvgyxpZEBbG+OlXaoKDSfUY7FPuaAaf0NAnGOTorfjDHAkVSZ8u8eaQ/7oyrQq
DadP04U1F9HbmpELjTy5HpwH5j/9DivLkHvV26bKEHQdNgFwf9e881qS19uYB4Q1
K9t0B9MdHBV1DCtjZyBMhCUgb9ohjr+VdZZH/VQdzg2J
-----END CERTIFICATE-----