Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/QDt3dsNP3CbSmlwCIde96c-9UcE.roa
File:                     QDt3dsNP3CbSmlwCIde96c-9UcE.roa (raw, json)
Hash identifier:          8+fj0YWj5ogdsKRI/T1XH0vgjY4t/ViL2TU9HJPI37A=
Subject key identifier:   40:3B:77:76:C3:4F:DC:26:D2:9A:5C:02:21:D7:BD:E9:CF:BD:51:C1
Certificate issuer:       /CN=4728eba001359cdd418346f651c0a187c89fbabf
Certificate serial:       018CC8DF329E6DE4E76A162C0AA85ADBDEA8
Authority key identifier: 47:28:EB:A0:01:35:9C:DD:41:83:46:F6:51:C0:A1:87:C8:9F:BA:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyjroAE1nN1Bg0b2UcChh8ifur8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/QDt3dsNP3CbSmlwCIde96c-9UcE.roa
Signing time:             Tue 02 Jan 2024 06:31:59 +0000
ROA not before:           Tue 02 Jan 2024 06:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198286
IP address blocks:        91.233.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/RyjroAE1nN1Bg0b2UcChh8ifur8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/RyjroAE1nN1Bg0b2UcChh8ifur8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyjroAE1nN1Bg0b2UcChh8ifur8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:32:9e:6d:e4:e7:6a:16:2c:0a:a8:5a:db:de:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4728eba001359cdd418346f651c0a187c89fbabf
        Validity
            Not Before: Jan  2 06:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=403b7776c34fdc26d29a5c0221d7bde9cfbd51c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:95:88:f1:8a:93:27:ad:ef:12:bd:33:8e:37:
                    ec:d1:81:25:cd:47:f5:6c:4e:a2:48:00:6a:6a:32:
                    d5:8e:73:ea:b3:f1:07:f8:54:80:17:48:36:bf:56:
                    ea:a8:bf:33:e4:5a:a0:03:ba:31:e9:c0:ea:b0:bb:
                    a2:0f:a5:2c:f1:6b:bd:0b:a0:5c:55:84:26:72:ca:
                    e9:eb:3d:f1:dd:d3:ef:e9:dc:e2:0c:ac:76:8a:6b:
                    38:c8:0c:7b:71:bb:58:f5:74:ae:ad:dd:11:67:fa:
                    12:b7:af:4d:84:0b:8a:3d:76:ff:17:37:ab:41:df:
                    72:f5:04:10:7b:8c:09:40:af:2f:0e:17:df:c5:e4:
                    e7:29:8b:ad:a0:90:48:54:85:a1:f9:65:43:3d:7f:
                    0f:4e:42:24:43:39:5e:38:b4:74:31:a6:03:79:96:
                    9c:9a:99:32:d6:d7:3e:99:d8:48:03:40:bd:c5:e1:
                    30:7b:e6:02:5e:ad:b4:38:21:19:b8:b9:a8:ea:10:
                    9c:b1:1b:2e:3e:93:4b:5b:8d:57:2d:87:0d:32:41:
                    5d:9e:60:42:44:40:4d:3d:49:40:6d:29:bb:b7:b8:
                    91:42:02:73:97:28:35:6a:3a:27:04:c9:85:dc:14:
                    b7:6e:1e:7e:ca:1a:ee:c8:9c:12:d1:5a:af:e2:fa:
                    48:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:3B:77:76:C3:4F:DC:26:D2:9A:5C:02:21:D7:BD:E9:CF:BD:51:C1
            X509v3 Authority Key Identifier:
                keyid:47:28:EB:A0:01:35:9C:DD:41:83:46:F6:51:C0:A1:87:C8:9F:BA:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyjroAE1nN1Bg0b2UcChh8ifur8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/QDt3dsNP3CbSmlwCIde96c-9UcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/RyjroAE1nN1Bg0b2UcChh8ifur8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:9f:3b:c3:42:23:8b:5c:1a:26:fa:ce:4e:69:db:52:a6:e4:
         dd:a0:1f:dc:6b:46:2b:98:ad:60:ca:c8:b9:dd:03:3c:b4:1e:
         6e:ca:a4:d3:7f:fd:d0:fe:95:a8:6b:3d:74:f4:53:3c:ea:f4:
         c5:f7:a2:34:b2:1f:36:c7:ed:8a:7a:c5:9f:04:4f:4a:a4:50:
         98:74:f1:23:43:7f:65:01:5e:f8:53:c3:5b:51:f7:84:dc:1c:
         5e:fa:2a:a1:31:d6:d9:3b:cf:52:c2:3a:72:b2:39:3d:42:66:
         41:d4:76:46:e0:e0:3a:24:f9:ec:f6:bd:0d:11:cf:1b:1d:da:
         60:53:d0:2c:04:52:f2:ea:50:20:56:a1:02:b9:c0:18:29:38:
         a8:a4:ff:09:5c:33:f2:b5:cd:66:ef:7e:3c:f2:43:17:e0:44:
         5a:e6:d9:30:2f:e9:5e:a4:ac:a4:48:74:6d:c6:be:0c:ff:88:
         09:c9:7a:5e:1a:06:19:3e:b7:0e:8f:84:76:ef:1e:21:25:e9:
         90:40:ec:c6:c5:21:64:96:10:20:6e:ae:57:dd:f7:57:b0:e9:
         fd:64:6d:76:24:b5:43:54:26:ea:9c:05:b1:d5:a3:2c:7c:64:
         d7:b1:f5:e5:05:b0:ec:0a:7d:21:8c:a6:53:40:c8:e4:38:9a:
         4e:ab:ce:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zKebeTnahYsCqha296oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjhlYmEwMDEzNTljZGQ0MTgzNDZmNjUxYzBhMTg3Yzg5
ZmJhYmYwHhcNMjQwMTAyMDYzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDNiNzc3NmMzNGZkYzI2ZDI5YTVjMDIyMWQ3YmRlOWNmYmQ1MWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpWI8YqTJ63vEr0zjjfs0YElzUf1
bE6iSABqajLVjnPqs/EH+FSAF0g2v1bqqL8z5FqgA7ox6cDqsLuiD6Us8Wu9C6Bc
VYQmcsrp6z3x3dPv6dziDKx2ims4yAx7cbtY9XSurd0RZ/oSt69NhAuKPXb/Fzer
Qd9y9QQQe4wJQK8vDhffxeTnKYutoJBIVIWh+WVDPX8PTkIkQzleOLR0MaYDeZac
mpky1tc+mdhIA0C9xeEwe+YCXq20OCEZuLmo6hCcsRsuPpNLW41XLYcNMkFdnmBC
REBNPUlAbSm7t7iRQgJzlyg1ajonBMmF3BS3bh5+yhruyJwS0Vqv4vpIwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEA7d3bDT9wm0ppcAiHXvenPvVHBMB8GA1UdIwQY
MBaAFEco66ABNZzdQYNG9lHAoYfIn7q/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlqcm9BRTFuTjFCZzBiMlVjQ2hoOGlmdXI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8yOGM1YjYtMjNmMC00NWZiLTliMjEt
Mjk0ZDljZjc5ZTJlLzEvUUR0M2RzTlAzQ2JTbWx3Q0lkZTk2Yy05VWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8yOGM1YjYtMjNmMC00NWZiLTliMjEtMjk0ZDljZjc5ZTJl
LzEvUnlqcm9BRTFuTjFCZzBiMlVjQ2hoOGlmdXI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+kzMA0G
CSqGSIb3DQEBCwUAA4IBAQBxnzvDQiOLXBom+s5OadtSpuTdoB/ca0YrmK1gysi5
3QM8tB5uyqTTf/3Q/pWoaz109FM86vTF96I0sh82x+2KesWfBE9KpFCYdPEjQ39l
AV74U8NbUfeE3Bxe+iqhMdbZO89Swjpysjk9QmZB1HZG4OA6JPns9r0NEc8bHdpg
U9AsBFLy6lAgVqECucAYKTiopP8JXDPytc1m73488kMX4ERa5tkwL+lepKykSHRt
xr4M/4gJyXpeGgYZPrcOj4R27x4hJemQQOzGxSFklhAgbq5X3fdXsOn9ZG12JLVD
VCbqnAWx1aMsfGTXsfXlBbDsCn0hjKZTQMjkOJpOq87E
-----END CERTIFICATE-----