Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/bI_xYye2-OxZAf27ra_zyEKjuXc.roa
File:                     bI_xYye2-OxZAf27ra_zyEKjuXc.roa (raw, json)
Hash identifier:          N1i8Lpg+byPMcBq5ZcVlgtfRR9tl2UbMt72Qq0ghJ7A=
Subject key identifier:   6C:8F:F1:63:27:B6:F8:EC:59:01:FD:BB:AD:AF:F3:C8:42:A3:B9:77
Certificate issuer:       /CN=844a1791cb07f1d86123c63dc3adcfd754db101b
Certificate serial:       018CC3B674738EB21859264BA25216849E48
Authority key identifier: 84:4A:17:91:CB:07:F1:D8:61:23:C6:3D:C3:AD:CF:D7:54:DB:10:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hEoXkcsH8dhhI8Y9w63P11TbEBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/bI_xYye2-OxZAf27ra_zyEKjuXc.roa
Signing time:             Mon 01 Jan 2024 06:29:23 +0000
ROA not before:           Mon 01 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203190
IP address blocks:        91.216.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/hEoXkcsH8dhhI8Y9w63P11TbEBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/hEoXkcsH8dhhI8Y9w63P11TbEBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hEoXkcsH8dhhI8Y9w63P11TbEBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:74:73:8e:b2:18:59:26:4b:a2:52:16:84:9e:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844a1791cb07f1d86123c63dc3adcfd754db101b
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c8ff16327b6f8ec5901fdbbadaff3c842a3b977
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a3:ca:f6:6b:73:28:5c:f6:02:05:f5:b1:85:
                    ef:9d:b0:fb:35:15:22:58:84:44:7f:91:ba:79:35:
                    50:3e:dd:1f:70:1b:43:3b:7b:f0:df:9a:22:08:a1:
                    12:27:6c:3f:90:6b:1b:c6:fc:88:c1:e3:a8:c2:3e:
                    d6:0b:1d:4d:49:e5:8e:3b:09:06:98:31:1c:fa:e1:
                    92:66:bf:de:f5:ee:ce:6e:37:94:1a:66:d6:bc:de:
                    3c:04:e6:77:f4:00:82:fe:22:2b:1b:8b:b8:be:d1:
                    41:4f:6c:45:a9:03:cc:30:75:1e:ab:7f:35:c9:5e:
                    b7:4d:11:70:f4:4b:3b:21:bd:75:d4:bb:c0:fa:fa:
                    a8:bd:ac:bd:d2:f5:91:2d:9d:82:11:6a:ac:81:6c:
                    a2:88:e6:87:5c:9c:95:7b:66:f4:9a:ae:95:3f:8e:
                    6a:66:5f:52:57:b7:a4:9d:d0:a5:1e:31:72:35:a9:
                    30:5c:ca:c2:b0:8d:0c:fc:80:f8:63:85:da:79:52:
                    99:2f:c3:95:b4:12:64:ea:70:eb:00:8e:67:e6:45:
                    ab:23:1c:d1:e5:e6:8c:5f:34:dc:aa:bf:4f:27:47:
                    60:fe:b7:f0:ff:8e:e6:38:0c:76:e8:93:b7:f4:f0:
                    f7:c8:bf:63:d2:dd:0f:79:48:8e:5f:f9:d7:14:fa:
                    78:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:8F:F1:63:27:B6:F8:EC:59:01:FD:BB:AD:AF:F3:C8:42:A3:B9:77
            X509v3 Authority Key Identifier:
                keyid:84:4A:17:91:CB:07:F1:D8:61:23:C6:3D:C3:AD:CF:D7:54:DB:10:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEoXkcsH8dhhI8Y9w63P11TbEBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/bI_xYye2-OxZAf27ra_zyEKjuXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/hEoXkcsH8dhhI8Y9w63P11TbEBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:89:45:09:82:8a:e5:2c:39:fe:57:34:f5:29:2b:cd:c3:9d:
         d9:a6:78:9f:f0:50:a7:fc:d5:bd:eb:d4:cf:f2:9c:41:10:bb:
         50:1c:0c:7b:58:3f:e7:49:fa:dc:87:b0:01:2b:aa:3d:6e:fc:
         0f:b5:f7:22:f8:9d:2a:b9:e9:8d:59:ec:38:b3:a6:dd:3f:fc:
         94:b5:69:da:71:36:f2:54:41:01:5b:e1:24:f6:a6:0d:e0:c7:
         f0:3f:aa:ff:cd:cb:6e:c5:d0:6e:c1:c8:44:50:e8:8f:bf:6a:
         07:a0:2e:5a:6d:d8:ca:0e:16:9c:25:cf:b3:85:dc:47:72:e1:
         3d:96:58:34:63:1a:47:8c:ba:35:19:be:11:90:c2:cb:09:b1:
         dc:c8:15:46:ad:a0:29:e6:90:db:9d:5c:03:f6:ac:25:21:3c:
         f9:85:b6:9a:9b:00:7f:92:f6:5b:d1:df:7b:f4:c4:35:9a:04:
         cc:35:b7:47:e4:93:12:a1:c9:75:a2:79:11:ab:09:4d:24:70:
         06:0c:fd:25:b0:ef:08:a7:89:be:59:d9:9c:0a:37:d9:2a:7b:
         62:a3:fa:92:de:37:ac:dd:1a:79:3f:d2:0f:6e:8e:6c:bb:d0:
         09:b3:65:60:e1:fd:29:65:33:49:78:d4:83:f3:9d:3f:81:f4:
         18:c5:48:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnRzjrIYWSZLolIWhJ5IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NGExNzkxY2IwN2YxZDg2MTIzYzYzZGMzYWRjZmQ3NTRk
YjEwMWIwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzhmZjE2MzI3YjZmOGVjNTkwMWZkYmJhZGFmZjNjODQyYTNiOTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKPK9mtzKFz2AgX1sYXvnbD7NRUi
WIREf5G6eTVQPt0fcBtDO3vw35oiCKESJ2w/kGsbxvyIweOowj7WCx1NSeWOOwkG
mDEc+uGSZr/e9e7ObjeUGmbWvN48BOZ39ACC/iIrG4u4vtFBT2xFqQPMMHUeq381
yV63TRFw9Es7Ib111LvA+vqovay90vWRLZ2CEWqsgWyiiOaHXJyVe2b0mq6VP45q
Zl9SV7ekndClHjFyNakwXMrCsI0M/ID4Y4XaeVKZL8OVtBJk6nDrAI5n5kWrIxzR
5eaMXzTcqr9PJ0dg/rfw/47mOAx26JO39PD3yL9j0t0PeUiOX/nXFPp4wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGyP8WMntvjsWQH9u62v88hCo7l3MB8GA1UdIwQY
MBaAFIRKF5HLB/HYYSPGPcOtz9dU2xAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVvWGtjc0g4ZGhoSThZOXc2M1AxMVRiRUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mMTM3MGEtNTdjYS00NmEwLThhZjQt
NzhiYTZkYzUwMDg2LzEvYklfeFl5ZTItT3haQWYyN3JhX3p5RUtqdVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mMTM3MGEtNTdjYS00NmEwLThhZjQtNzhiYTZkYzUwMDg2
LzEvaEVvWGtjc0g4ZGhoSThZOXc2M1AxMVRiRUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9gDMA0G
CSqGSIb3DQEBCwUAA4IBAQBviUUJgorlLDn+VzT1KSvNw53Zpnif8FCn/NW969TP
8pxBELtQHAx7WD/nSfrch7ABK6o9bvwPtfci+J0quemNWew4s6bdP/yUtWnacTby
VEEBW+Ek9qYN4MfwP6r/zctuxdBuwchEUOiPv2oHoC5abdjKDhacJc+zhdxHcuE9
llg0YxpHjLo1Gb4RkMLLCbHcyBVGraAp5pDbnVwD9qwlITz5hbaamwB/kvZb0d97
9MQ1mgTMNbdH5JMSocl1onkRqwlNJHAGDP0lsO8Ip4m+WdmcCjfZKntio/qS3jes
3Rp5P9IPbo5su9AJs2Vg4f0pZTNJeNSD850/gfQYxUgm
-----END CERTIFICATE-----