Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/9f54a6-933f-47de-8726-eddf527e8f2d/1/DNP2uHuHHfMJt90CBkTh-4hxweQ.roa
File:                     DNP2uHuHHfMJt90CBkTh-4hxweQ.roa (raw, json)
Hash identifier:          AaLJPM+m6vErDoMrcQmfI+j2FDXQXDZplsaB4t23+YE=
Subject key identifier:   0C:D3:F6:B8:7B:87:1D:F3:09:B7:DD:02:06:44:E1:FB:88:71:C1:E4
Certificate issuer:       /CN=c5c4b3ae59d981f250cc87dab597854abed7a300
Certificate serial:       018E7554A40F4163A3C647AE388890CB66F2
Authority key identifier: C5:C4:B3:AE:59:D9:81:F2:50:CC:87:DA:B5:97:85:4A:BE:D7:A3:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xcSzrlnZgfJQzIfatZeFSr7XowA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/9f54a6-933f-47de-8726-eddf527e8f2d/1/DNP2uHuHHfMJt90CBkTh-4hxweQ.roa
Signing time:             Mon 25 Mar 2024 11:17:45 +0000
ROA not before:           Mon 25 Mar 2024 11:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        91.223.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/9f54a6-933f-47de-8726-eddf527e8f2d/1/xcSzrlnZgfJQzIfatZeFSr7XowA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/9f54a6-933f-47de-8726-eddf527e8f2d/1/xcSzrlnZgfJQzIfatZeFSr7XowA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xcSzrlnZgfJQzIfatZeFSr7XowA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:54:a4:0f:41:63:a3:c6:47:ae:38:88:90:cb:66:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5c4b3ae59d981f250cc87dab597854abed7a300
        Validity
            Not Before: Mar 25 11:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cd3f6b87b871df309b7dd020644e1fb8871c1e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b8:05:0f:87:af:2d:07:22:ce:ba:a6:4d:ce:
                    ba:24:24:cd:7d:91:b3:db:b2:5b:80:53:2e:1f:03:
                    b2:44:9d:59:d6:a1:ac:30:b8:1e:e6:77:b6:37:01:
                    cb:56:f0:06:44:68:2c:1a:c7:50:5f:ea:e2:bb:36:
                    80:62:19:6b:be:b4:8f:cc:eb:67:85:a0:7e:08:d8:
                    03:d5:7c:c3:c5:33:a1:25:59:01:2b:1c:0d:39:44:
                    7a:bb:e9:16:28:cb:83:45:de:61:59:18:d3:23:34:
                    2c:87:7b:b4:21:3b:72:fe:e0:43:d4:db:92:c8:2f:
                    fc:9e:c7:19:f9:6a:41:dc:dc:03:65:70:b4:6a:4a:
                    6f:a7:b8:b1:9d:5a:8e:5f:67:f7:ce:00:5c:c1:a5:
                    d9:88:6f:8c:10:ce:2e:e8:ee:fb:2d:3d:5b:02:f7:
                    12:47:05:7c:12:c1:7d:24:f6:55:74:6c:c0:08:b3:
                    1b:57:f6:8a:86:89:6c:f3:58:ea:5c:63:08:80:8b:
                    db:3c:0c:78:3d:1d:e8:f2:8b:18:85:59:3a:10:b6:
                    ad:1f:9c:69:00:42:00:47:7f:c5:68:db:9a:01:e0:
                    18:77:1d:29:4a:fa:51:ef:51:a3:7b:62:a7:0f:44:
                    ef:d8:29:28:f7:f9:fe:b8:24:12:d9:3a:f6:73:69:
                    9d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D3:F6:B8:7B:87:1D:F3:09:B7:DD:02:06:44:E1:FB:88:71:C1:E4
            X509v3 Authority Key Identifier:
                keyid:C5:C4:B3:AE:59:D9:81:F2:50:CC:87:DA:B5:97:85:4A:BE:D7:A3:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xcSzrlnZgfJQzIfatZeFSr7XowA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/9f54a6-933f-47de-8726-eddf527e8f2d/1/DNP2uHuHHfMJt90CBkTh-4hxweQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/9f54a6-933f-47de-8726-eddf527e8f2d/1/xcSzrlnZgfJQzIfatZeFSr7XowA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:28:d3:4a:e7:4f:0f:7b:1c:16:53:00:95:3b:2a:bc:27:07:
         58:06:d7:3b:3e:b3:7f:e8:89:42:62:b4:da:d4:4a:08:8b:d3:
         5d:66:a5:7a:64:9b:4a:04:85:a0:a6:2f:8b:93:33:01:ab:a1:
         94:01:ea:82:2e:66:de:ba:d9:fe:73:c7:13:56:c8:f8:38:cb:
         a0:03:84:93:9f:81:8c:a1:a5:6b:73:ca:51:51:90:69:cc:f4:
         ce:1f:5c:20:72:39:54:be:66:67:a9:18:bc:43:61:12:08:6a:
         03:f8:d1:6d:1a:de:cf:ce:73:e9:83:04:fa:e7:47:0c:19:f1:
         4d:2d:86:60:ed:9f:b4:b2:aa:22:57:17:35:6c:2c:e3:69:50:
         19:00:cb:89:08:eb:44:18:7b:81:6f:1f:7d:8a:e7:39:9b:38:
         c0:40:d8:58:84:79:0c:86:99:e2:a4:30:eb:40:0e:bb:70:fe:
         54:cf:b4:ed:3f:a6:5b:b0:4a:9c:2b:78:fe:ba:f2:5c:43:ae:
         c8:68:35:9e:83:70:84:89:54:34:46:7b:26:48:35:4c:67:96:
         03:2b:12:e5:5d:d8:04:7b:7b:6d:cc:6f:86:68:11:9d:84:4f:
         c8:49:24:20:1c:9a:6f:5a:74:c9:35:59:5b:8f:72:d9:8a:a6:
         a4:03:0b:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY51VKQPQWOjxkeuOIiQy2byMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YzRiM2FlNTlkOTgxZjI1MGNjODdkYWI1OTc4NTRhYmVk
N2EzMDAwHhcNMjQwMzI1MTExNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2QzZjZiODdiODcxZGYzMDliN2RkMDIwNjQ0ZTFmYjg4NzFjMWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7gFD4evLQcizrqmTc66JCTNfZGz
27JbgFMuHwOyRJ1Z1qGsMLge5ne2NwHLVvAGRGgsGsdQX+riuzaAYhlrvrSPzOtn
haB+CNgD1XzDxTOhJVkBKxwNOUR6u+kWKMuDRd5hWRjTIzQsh3u0ITty/uBD1NuS
yC/8nscZ+WpB3NwDZXC0akpvp7ixnVqOX2f3zgBcwaXZiG+MEM4u6O77LT1bAvcS
RwV8EsF9JPZVdGzACLMbV/aKhols81jqXGMIgIvbPAx4PR3o8osYhVk6ELatH5xp
AEIAR3/FaNuaAeAYdx0pSvpR71Gje2KnD0Tv2Cko9/n+uCQS2Tr2c2mdFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzT9rh7hx3zCbfdAgZE4fuIccHkMB8GA1UdIwQY
MBaAFMXEs65Z2YHyUMyH2rWXhUq+16MAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGNTenJsblpnZkpReklmYXRaZUZTcjdYb3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS85ZjU0YTYtOTMzZi00N2RlLTg3MjYt
ZWRkZjUyN2U4ZjJkLzEvRE5QMnVIdUhIZk1KdDkwQ0JrVGgtNGh4d2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS85ZjU0YTYtOTMzZi00N2RlLTg3MjYtZWRkZjUyN2U4ZjJk
LzEveGNTenJsblpnZkpReklmYXRaZUZTcjdYb3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW984MA0G
CSqGSIb3DQEBCwUAA4IBAQBeKNNK508PexwWUwCVOyq8JwdYBtc7PrN/6IlCYrTa
1EoIi9NdZqV6ZJtKBIWgpi+LkzMBq6GUAeqCLmbeutn+c8cTVsj4OMugA4STn4GM
oaVrc8pRUZBpzPTOH1wgcjlUvmZnqRi8Q2ESCGoD+NFtGt7PznPpgwT650cMGfFN
LYZg7Z+0sqoiVxc1bCzjaVAZAMuJCOtEGHuBbx99iuc5mzjAQNhYhHkMhpnipDDr
QA67cP5Uz7TtP6ZbsEqcK3j+uvJcQ67IaDWeg3CEiVQ0RnsmSDVMZ5YDKxLlXdgE
e3ttzG+GaBGdhE/ISSQgHJpvWnTJNVlbj3LZiqakAwtt
-----END CERTIFICATE-----