Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/be6337-662e-4c3b-812a-3407fca12267/1/VekOYtvoDjk0HZVkTZ0Yo-e_Lo4.roa
File:                     VekOYtvoDjk0HZVkTZ0Yo-e_Lo4.roa (raw, json)
Hash identifier:          xdKAcQxPK3lHZUqCYSkJA/Ol0hXI36C1EkzYUolsBWw=
Subject key identifier:   55:E9:0E:62:DB:E8:0E:39:34:1D:95:64:4D:9D:18:A3:E7:BF:2E:8E
Certificate issuer:       /CN=cdb150276f55bae455988d3a13e59341074dcd0a
Certificate serial:       018CC6B91286969F75925961EC47C76BDFAF
Authority key identifier: CD:B1:50:27:6F:55:BA:E4:55:98:8D:3A:13:E5:93:41:07:4D:CD:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbFQJ29VuuRVmI06E-WTQQdNzQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/be6337-662e-4c3b-812a-3407fca12267/1/VekOYtvoDjk0HZVkTZ0Yo-e_Lo4.roa
Signing time:             Mon 01 Jan 2024 20:31:06 +0000
ROA not before:           Mon 01 Jan 2024 20:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        91.194.94.0/23 maxlen: 23
                          91.212.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/be6337-662e-4c3b-812a-3407fca12267/1/zbFQJ29VuuRVmI06E-WTQQdNzQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/be6337-662e-4c3b-812a-3407fca12267/1/zbFQJ29VuuRVmI06E-WTQQdNzQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbFQJ29VuuRVmI06E-WTQQdNzQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:12:86:96:9f:75:92:59:61:ec:47:c7:6b:df:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb150276f55bae455988d3a13e59341074dcd0a
        Validity
            Not Before: Jan  1 20:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55e90e62dbe80e39341d95644d9d18a3e7bf2e8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:67:e4:ba:9e:3c:f1:1a:df:78:af:d2:e4:1a:
                    d2:4f:b5:ef:cb:f7:44:72:14:74:1d:eb:b9:1b:99:
                    37:15:3f:6d:c2:f9:b5:66:78:05:80:15:43:cb:fe:
                    6d:e9:9b:76:5f:82:53:43:d8:21:05:9e:78:31:69:
                    bc:ed:51:97:2c:4f:92:36:f0:12:1e:b8:93:d0:eb:
                    25:85:24:a8:2c:6b:b0:b4:81:de:ea:d5:21:5d:96:
                    8f:d1:7d:49:2f:56:69:20:4c:5c:24:b4:b3:60:d2:
                    1b:e4:82:72:75:f5:9d:34:09:77:a9:8d:dc:9d:c5:
                    11:9a:a8:72:a9:1c:d4:df:d5:74:7d:84:fd:af:cc:
                    15:62:87:d4:ad:1c:8a:20:a7:37:d2:34:8f:3c:a6:
                    19:2b:70:e1:2d:70:eb:fc:99:50:d1:a1:0b:cf:85:
                    7a:3f:a1:66:31:b8:fc:65:af:38:0f:a9:61:12:47:
                    67:c2:29:24:56:16:f3:cc:2e:cb:8b:60:b2:ab:f9:
                    e7:8b:3e:d6:e3:37:c3:41:2a:b5:3e:4c:47:91:97:
                    92:06:ed:a1:a0:bd:bc:e1:c6:8d:90:55:92:57:d0:
                    68:4e:1b:2c:9b:a8:63:69:88:a9:4e:1e:23:64:dd:
                    6d:a5:c7:f8:5d:b5:65:27:11:4a:69:d9:36:d9:91:
                    d8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:E9:0E:62:DB:E8:0E:39:34:1D:95:64:4D:9D:18:A3:E7:BF:2E:8E
            X509v3 Authority Key Identifier:
                keyid:CD:B1:50:27:6F:55:BA:E4:55:98:8D:3A:13:E5:93:41:07:4D:CD:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbFQJ29VuuRVmI06E-WTQQdNzQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/be6337-662e-4c3b-812a-3407fca12267/1/VekOYtvoDjk0HZVkTZ0Yo-e_Lo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/be6337-662e-4c3b-812a-3407fca12267/1/zbFQJ29VuuRVmI06E-WTQQdNzQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.94.0/23
                  91.212.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:a4:3e:31:09:2b:06:10:5a:da:d4:f9:ab:80:34:c9:3f:af:
         62:f4:d4:3d:bc:43:82:99:ec:f5:5d:bf:10:b3:1a:07:a8:30:
         a4:bb:90:f1:4e:df:e8:9b:e5:e0:2d:b0:dd:d6:de:f3:25:57:
         db:3d:34:a2:cb:02:31:4c:cb:08:be:86:a9:04:3c:48:8c:f4:
         0b:54:44:d6:6f:a8:8e:29:c2:b3:f3:9c:9a:70:b9:1d:3e:b0:
         c3:88:38:ea:4b:30:15:c6:e3:d0:9c:35:e4:9c:25:91:61:6d:
         66:9f:85:9b:b9:59:98:a7:1c:81:6a:2a:75:bc:60:0c:13:b4:
         aa:9e:6e:f7:79:a4:2d:d1:c5:b1:cb:ea:21:f2:cc:e1:84:c1:
         ba:fd:b7:bf:b3:94:b4:9e:dd:6e:c5:49:05:69:e2:c4:9f:14:
         2c:e2:b3:f8:dc:c7:be:e6:aa:4c:10:07:1c:14:e8:e6:9b:99:
         42:eb:eb:d4:6f:25:15:84:4e:bb:90:01:a6:08:1c:38:cb:94:
         50:35:d0:00:24:7a:f2:0f:bf:7d:58:a9:39:6d:4e:cc:bd:d7:
         61:d8:09:55:62:d8:67:9f:27:31:4d:5c:e6:5f:55:ac:03:76:
         68:bc:f2:b5:0f:9a:04:6f:b0:66:d1:d0:3d:a6:1b:97:25:4c:
         9e:76:28:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuRKGlp91kllh7EfHa9+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjE1MDI3NmY1NWJhZTQ1NTk4OGQzYTEzZTU5MzQxMDc0
ZGNkMGEwHhcNMjQwMTAxMjAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWU5MGU2MmRiZTgwZTM5MzQxZDk1NjQ0ZDlkMThhM2U3YmYyZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmfkup488RrfeK/S5BrST7Xvy/dE
chR0Heu5G5k3FT9twvm1ZngFgBVDy/5t6Zt2X4JTQ9ghBZ54MWm87VGXLE+SNvAS
HriT0OslhSSoLGuwtIHe6tUhXZaP0X1JL1ZpIExcJLSzYNIb5IJydfWdNAl3qY3c
ncURmqhyqRzU39V0fYT9r8wVYofUrRyKIKc30jSPPKYZK3DhLXDr/JlQ0aELz4V6
P6FmMbj8Za84D6lhEkdnwikkVhbzzC7Li2Cyq/nniz7W4zfDQSq1PkxHkZeSBu2h
oL284caNkFWSV9BoThssm6hjaYipTh4jZN1tpcf4XbVlJxFKadk22ZHYMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFXpDmLb6A45NB2VZE2dGKPnvy6OMB8GA1UdIwQY
MBaAFM2xUCdvVbrkVZiNOhPlk0EHTc0KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJGUUoyOVZ1dVJWbUkwNkUtV1RRUWROelFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9iZTYzMzctNjYyZS00YzNiLTgxMmEt
MzQwN2ZjYTEyMjY3LzEvVmVrT1l0dm9EamswSFpWa1RaMFlvLWVfTG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9iZTYzMzctNjYyZS00YzNiLTgxMmEtMzQwN2ZjYTEyMjY3
LzEvemJGUUoyOVZ1dVJWbUkwNkUtV1RRUWROelFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8JeAwQA
W9QcMA0GCSqGSIb3DQEBCwUAA4IBAQBfpD4xCSsGEFra1PmrgDTJP69i9NQ9vEOC
mez1Xb8QsxoHqDCku5DxTt/om+XgLbDd1t7zJVfbPTSiywIxTMsIvoapBDxIjPQL
VETWb6iOKcKz85yacLkdPrDDiDjqSzAVxuPQnDXknCWRYW1mn4WbuVmYpxyBaip1
vGAME7Sqnm73eaQt0cWxy+oh8szhhMG6/be/s5S0nt1uxUkFaeLEnxQs4rP43Me+
5qpMEAccFOjmm5lC6+vUbyUVhE67kAGmCBw4y5RQNdAAJHryD799WKk5bU7Mvddh
2AlVYthnnycxTVzmX1WsA3ZovPK1D5oEb7Bm0dA9phuXJUyedih1
-----END CERTIFICATE-----