Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/hYz65H9ML5bXE1g4s4GPXZM09v0.roa
File:                     hYz65H9ML5bXE1g4s4GPXZM09v0.roa (raw, json)
Hash identifier:          8hlYReX8GKCSzrIuxQGlwy6xTB2tEAPrh2am9BcJ1tM=
Subject key identifier:   85:8C:FA:E4:7F:4C:2F:96:D7:13:58:38:B3:81:8F:5D:93:34:F6:FD
Certificate issuer:       /CN=23662c9a980ad7584650abaa3545b9ea91d3e35e
Certificate serial:       018E2F72527CA57A38636239B1936D35F726
Authority key identifier: 23:66:2C:9A:98:0A:D7:58:46:50:AB:AA:35:45:B9:EA:91:D3:E3:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/hYz65H9ML5bXE1g4s4GPXZM09v0.roa
Signing time:             Mon 11 Mar 2024 21:36:45 +0000
ROA not before:           Mon 11 Mar 2024 21:36:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213097
IP address blocks:        91.240.92.0/24 maxlen: 24
                          2a0a:d880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2f:72:52:7c:a5:7a:38:63:62:39:b1:93:6d:35:f7:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23662c9a980ad7584650abaa3545b9ea91d3e35e
        Validity
            Not Before: Mar 11 21:36:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=858cfae47f4c2f96d7135838b3818f5d9334f6fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8c:42:ae:0d:bf:05:54:3f:5d:02:eb:cd:5f:
                    ee:de:2e:60:23:4f:7f:74:45:a5:d1:9a:31:b7:7e:
                    25:aa:8b:7e:b0:96:ed:e0:7c:00:35:c8:35:78:3e:
                    36:54:c4:9b:54:40:80:00:7d:6b:14:d6:5a:24:14:
                    cc:e9:e6:ef:10:ca:83:8b:0b:81:f8:d1:7d:5d:f2:
                    10:2d:83:a5:1e:a3:c3:ec:85:8d:70:d6:21:bb:77:
                    4a:2b:80:7c:04:fb:8c:63:78:a2:96:62:36:49:58:
                    ab:88:49:38:49:ca:b8:36:47:fa:16:47:8c:53:01:
                    f9:86:f3:c2:cb:7c:b5:be:8d:8c:31:28:a0:45:3e:
                    9a:de:45:10:49:77:b9:8f:2c:16:d8:ef:01:4c:8f:
                    90:0c:55:2a:ad:31:7f:cc:e0:d2:a6:63:c9:04:8e:
                    44:e2:2c:a9:b9:fa:70:ad:50:c7:e3:32:09:b2:06:
                    7f:07:7f:e1:9f:32:17:bc:b8:ed:c6:8c:b0:3d:f2:
                    c3:89:66:cd:38:fb:48:a6:e0:78:0b:fd:29:52:d9:
                    5c:20:f3:9f:40:a5:da:e1:5c:ad:ba:c3:ee:69:a6:
                    38:7f:68:36:f9:ad:70:a9:d2:cb:6e:ce:2c:3d:cc:
                    86:ac:4f:66:2e:a9:bf:03:0c:de:ce:54:67:1e:9e:
                    f5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:8C:FA:E4:7F:4C:2F:96:D7:13:58:38:B3:81:8F:5D:93:34:F6:FD
            X509v3 Authority Key Identifier:
                keyid:23:66:2C:9A:98:0A:D7:58:46:50:AB:AA:35:45:B9:EA:91:D3:E3:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/hYz65H9ML5bXE1g4s4GPXZM09v0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.92.0/24
                IPv6:
                  2a0a:d880::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:cd:38:50:8b:f1:65:fc:85:90:c1:bc:37:fe:69:d8:7c:96:
         21:0a:33:ca:50:7d:46:78:28:de:db:a9:c7:da:f2:ff:e3:73:
         f7:8b:71:ec:9e:4a:56:39:7f:88:b7:85:9a:cf:b7:78:58:eb:
         c5:2f:e8:d8:88:2e:16:7f:21:0f:25:11:f0:2b:49:f8:b6:9b:
         94:51:f7:f0:76:77:77:25:f0:a5:8d:bd:bc:13:43:3b:9f:5b:
         af:af:0a:e9:dc:f8:bb:5b:d1:31:3d:29:d1:f1:7b:09:12:6b:
         5b:10:3d:fa:05:9a:49:42:15:68:54:d6:30:30:81:a9:11:18:
         72:92:e6:31:87:03:cf:4b:66:6d:50:3a:84:48:c3:6f:21:25:
         d4:db:17:bc:0e:4d:a8:7f:d6:a6:6e:48:30:29:31:c7:08:7a:
         a3:89:db:1e:9a:e2:a7:61:8a:1b:07:e0:b4:43:f2:ca:1b:11:
         40:58:8a:2f:98:3d:52:68:b7:48:7e:9f:44:ff:9f:c8:38:d8:
         63:c4:63:ce:13:78:59:51:05:eb:67:fc:2e:0c:75:bf:23:b5:
         20:cf:5f:72:25:30:55:d5:59:b9:0c:16:a4:88:f6:a0:ed:d6:
         5e:c9:17:a9:19:98:d7:d8:bd:d6:ca:58:0d:92:2f:97:8b:43:
         fb:db:42:96
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4vclJ8pXo4Y2I5sZNtNfcmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNjYyYzlhOTgwYWQ3NTg0NjUwYWJhYTM1NDViOWVhOTFk
M2UzNWUwHhcNMjQwMzExMjEzNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NThjZmFlNDdmNGMyZjk2ZDcxMzU4MzhiMzgxOGY1ZDkzMzRmNmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoxCrg2/BVQ/XQLrzV/u3i5gI09/
dEWl0Zoxt34lqot+sJbt4HwANcg1eD42VMSbVECAAH1rFNZaJBTM6ebvEMqDiwuB
+NF9XfIQLYOlHqPD7IWNcNYhu3dKK4B8BPuMY3iilmI2SViriEk4Scq4Nkf6FkeM
UwH5hvPCy3y1vo2MMSigRT6a3kUQSXe5jywW2O8BTI+QDFUqrTF/zODSpmPJBI5E
4iypufpwrVDH4zIJsgZ/B3/hnzIXvLjtxoywPfLDiWbNOPtIpuB4C/0pUtlcIPOf
QKXa4VytusPuaaY4f2g2+a1wqdLLbs4sPcyGrE9mLqm/AwzezlRnHp71mQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIWM+uR/TC+W1xNYOLOBj12TNPb9MB8GA1UdIwQY
MBaAFCNmLJqYCtdYRlCrqjVFueqR0+NeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTJZc21wZ0sxMWhHVUt1cU5VVzU2cEhUNDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wMTc1ZTYtNDI3Yi00ZWY5LThlYjEt
ODIzMmUzNTBkNDU4LzEvaFl6NjVIOU1MNWJYRTFnNHM0R1BYWk0wOXYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wMTc1ZTYtNDI3Yi00ZWY5LThlYjEtODIzMmUzNTBkNDU4
LzEvSTJZc21wZ0sxMWhHVUt1cU5VVzU2cEhUNDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW/BcMA0E
AgACMAcDBQMqCtiAMA0GCSqGSIb3DQEBCwUAA4IBAQAuzThQi/Fl/IWQwbw3/mnY
fJYhCjPKUH1GeCje26nH2vL/43P3i3HsnkpWOX+It4Waz7d4WOvFL+jYiC4WfyEP
JRHwK0n4tpuUUffwdnd3JfCljb28E0M7n1uvrwrp3Pi7W9ExPSnR8XsJEmtbED36
BZpJQhVoVNYwMIGpERhykuYxhwPPS2ZtUDqESMNvISXU2xe8Dk2of9ambkgwKTHH
CHqjidsemuKnYYobB+C0Q/LKGxFAWIovmD1SaLdIfp9E/5/IONhjxGPOE3hZUQXr
Z/wuDHW/I7Ugz19yJTBV1Vm5DBakiPag7dZeyRepGZjX2L3WylgNki+Xi0P720KW
-----END CERTIFICATE-----