Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/8f7892-7f7d-49db-a912-133f85994b1b/1/EyiXEIVvTSn2obuizufCi7nI7lc.roa
File:                     EyiXEIVvTSn2obuizufCi7nI7lc.roa (raw, json)
Hash identifier:          oQBIn3+E8PdFyhb49vRP5OSVfP1CyJy4Vv3F2g6t7+c=
Subject key identifier:   13:28:97:10:85:6F:4D:29:F6:A1:BB:A2:CE:E7:C2:8B:B9:C8:EE:57
Certificate issuer:       /CN=bf64979aaed4e788e4510edf8b696bd96cac7732
Certificate serial:       018CC6B9169149C2CC32560D15E4BEDE3226
Authority key identifier: BF:64:97:9A:AE:D4:E7:88:E4:51:0E:DF:8B:69:6B:D9:6C:AC:77:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v2SXmq7U54jkUQ7fi2lr2WysdzI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/8f7892-7f7d-49db-a912-133f85994b1b/1/EyiXEIVvTSn2obuizufCi7nI7lc.roa
Signing time:             Mon 01 Jan 2024 20:31:07 +0000
ROA not before:           Mon 01 Jan 2024 20:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198466
IP address blocks:        91.235.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/8f7892-7f7d-49db-a912-133f85994b1b/1/v2SXmq7U54jkUQ7fi2lr2WysdzI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/8f7892-7f7d-49db-a912-133f85994b1b/1/v2SXmq7U54jkUQ7fi2lr2WysdzI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v2SXmq7U54jkUQ7fi2lr2WysdzI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:16:91:49:c2:cc:32:56:0d:15:e4:be:de:32:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf64979aaed4e788e4510edf8b696bd96cac7732
        Validity
            Not Before: Jan  1 20:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13289710856f4d29f6a1bba2cee7c28bb9c8ee57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:93:0e:05:5c:32:4a:63:ba:2f:3c:f1:fd:02:
                    1d:27:13:13:fa:2e:22:05:6a:26:8c:52:69:23:6c:
                    c9:f6:4a:20:03:07:4c:81:81:b9:10:e0:b7:23:1b:
                    bd:9f:b9:1e:d1:6f:33:c8:dd:57:da:78:da:a6:f5:
                    92:42:ac:18:c0:53:e6:7d:f7:7f:5b:47:ba:ef:8b:
                    35:96:5b:79:7d:57:5f:ea:20:7e:c2:dc:37:45:d8:
                    6b:ee:ed:54:9a:09:cc:ce:3e:e8:26:b6:14:ad:58:
                    ae:72:ad:b4:18:25:f0:d0:5e:e1:23:9e:af:0a:8b:
                    6b:0e:f2:c3:37:c7:2d:c1:26:3b:29:b8:b6:98:47:
                    4e:90:eb:6e:09:72:07:21:de:7f:15:4d:88:1b:a8:
                    89:be:c2:42:37:92:a7:a8:d2:fc:d7:73:3c:5f:40:
                    b5:fd:62:ad:07:e1:c0:a3:f5:d8:8f:bf:ca:36:85:
                    9d:61:cd:c5:cb:5c:49:26:60:5c:8f:a4:fb:ae:f3:
                    c7:c4:e4:bb:5e:75:1c:57:ba:77:41:0c:d4:64:c8:
                    1d:d2:10:53:38:22:a2:b0:f7:46:e3:8f:67:01:50:
                    11:30:05:d7:bb:7f:99:30:63:6b:09:bd:9e:60:b7:
                    9e:05:04:dd:a0:b5:39:60:b9:28:ec:b8:32:1c:ef:
                    29:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:28:97:10:85:6F:4D:29:F6:A1:BB:A2:CE:E7:C2:8B:B9:C8:EE:57
            X509v3 Authority Key Identifier:
                keyid:BF:64:97:9A:AE:D4:E7:88:E4:51:0E:DF:8B:69:6B:D9:6C:AC:77:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v2SXmq7U54jkUQ7fi2lr2WysdzI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f7892-7f7d-49db-a912-133f85994b1b/1/EyiXEIVvTSn2obuizufCi7nI7lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f7892-7f7d-49db-a912-133f85994b1b/1/v2SXmq7U54jkUQ7fi2lr2WysdzI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:62:99:bb:17:a6:ad:8f:b1:9f:6b:ee:44:0f:06:df:62:4f:
         fb:33:c9:be:d0:2b:ff:a7:e5:ef:c7:d5:bf:46:2b:05:34:47:
         9a:b4:dd:a0:17:da:cc:89:24:bb:9e:fc:ca:9e:a2:0a:a0:2a:
         07:9f:a5:52:51:82:7f:da:1b:18:f1:91:bf:65:40:96:3e:35:
         6b:be:1b:9a:5f:c0:2a:ab:f3:f0:aa:d7:6e:f0:f3:67:b2:ae:
         32:01:28:dc:d2:23:94:00:09:41:11:bd:d6:5d:b1:06:93:a9:
         25:f6:ef:36:d5:8f:c0:7d:eb:7a:d0:25:ad:44:47:5c:94:14:
         ff:3d:5f:e3:73:79:98:bb:1f:ca:ae:87:f3:80:8b:41:0e:4a:
         7f:41:e6:c7:9f:9b:e7:d0:c9:05:55:c6:fc:2d:4c:5d:3c:e5:
         9b:fd:41:22:8c:59:e5:7f:44:f7:60:1f:48:bf:bb:0b:53:4b:
         bb:25:05:61:a1:be:fc:e2:19:21:e5:64:3d:9a:05:37:b9:46:
         8b:5e:3e:77:61:f6:63:3d:8d:ef:b3:50:5f:2e:2a:3b:80:3d:
         b8:f6:3c:6b:43:d6:6d:f9:43:27:9a:17:4c:b0:07:80:09:06:
         8c:66:9c:38:02:fa:56:e4:bb:de:c7:0c:2d:49:41:f2:56:48:
         01:06:76:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRaRScLMMlYNFeS+3jImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNjQ5NzlhYWVkNGU3ODhlNDUxMGVkZjhiNjk2YmQ5NmNh
Yzc3MzIwHhcNMjQwMTAxMjAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzI4OTcxMDg1NmY0ZDI5ZjZhMWJiYTJjZWU3YzI4YmI5YzhlZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpMOBVwySmO6Lzzx/QIdJxMT+i4i
BWomjFJpI2zJ9kogAwdMgYG5EOC3Ixu9n7ke0W8zyN1X2njapvWSQqwYwFPmffd/
W0e674s1llt5fVdf6iB+wtw3Rdhr7u1UmgnMzj7oJrYUrViucq20GCXw0F7hI56v
CotrDvLDN8ctwSY7Kbi2mEdOkOtuCXIHId5/FU2IG6iJvsJCN5KnqNL813M8X0C1
/WKtB+HAo/XYj7/KNoWdYc3Fy1xJJmBcj6T7rvPHxOS7XnUcV7p3QQzUZMgd0hBT
OCKisPdG449nAVARMAXXu3+ZMGNrCb2eYLeeBQTdoLU5YLko7LgyHO8pnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMolxCFb00p9qG7os7nwou5yO5XMB8GA1UdIwQY
MBaAFL9kl5qu1OeI5FEO34tpa9lsrHcyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjJTWG1xN1U1NGprVVE3ZmkybHIyV3lzZHpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84Zjc4OTItN2Y3ZC00OWRiLWE5MTIt
MTMzZjg1OTk0YjFiLzEvRXlpWEVJVnZUU24yb2J1aXp1ZkNpN25JN2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84Zjc4OTItN2Y3ZC00OWRiLWE5MTItMTMzZjg1OTk0YjFi
LzEvdjJTWG1xN1U1NGprVVE3ZmkybHIyV3lzZHpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+ssMA0G
CSqGSIb3DQEBCwUAA4IBAQCLYpm7F6atj7Gfa+5EDwbfYk/7M8m+0Cv/p+Xvx9W/
RisFNEeatN2gF9rMiSS7nvzKnqIKoCoHn6VSUYJ/2hsY8ZG/ZUCWPjVrvhuaX8Aq
q/Pwqtdu8PNnsq4yASjc0iOUAAlBEb3WXbEGk6kl9u821Y/Afet60CWtREdclBT/
PV/jc3mYux/KrofzgItBDkp/QebHn5vn0MkFVcb8LUxdPOWb/UEijFnlf0T3YB9I
v7sLU0u7JQVhob784hkh5WQ9mgU3uUaLXj53YfZjPY3vs1BfLio7gD249jxrQ9Zt
+UMnmhdMsAeACQaMZpw4AvpW5LvexwwtSUHyVkgBBnaw
-----END CERTIFICATE-----