Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/R7FZxQDVznyOMhGi6DmLw7hrbAU.roa
File:                     R7FZxQDVznyOMhGi6DmLw7hrbAU.roa (raw, json)
Hash identifier:          JU60Orx09Sq4V6csPQFcQiEpDYGqmgCwddcU4jpNcLU=
Subject key identifier:   47:B1:59:C5:00:D5:CE:7C:8E:32:11:A2:E8:39:8B:C3:B8:6B:6C:05
Certificate issuer:       /CN=22c7cda75f4e15e486dee5a6501cbe2018bc0e0f
Certificate serial:       018CC64ABA5E69A2B4603D4F13F321969C7A
Authority key identifier: 22:C7:CD:A7:5F:4E:15:E4:86:DE:E5:A6:50:1C:BE:20:18:BC:0E:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsfNp19OFeSG3uWmUBy-IBi8Dg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/R7FZxQDVznyOMhGi6DmLw7hrbAU.roa
Signing time:             Mon 01 Jan 2024 18:30:35 +0000
ROA not before:           Mon 01 Jan 2024 18:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210610
IP address blocks:        91.219.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/IsfNp19OFeSG3uWmUBy-IBi8Dg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/IsfNp19OFeSG3uWmUBy-IBi8Dg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsfNp19OFeSG3uWmUBy-IBi8Dg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ba:5e:69:a2:b4:60:3d:4f:13:f3:21:96:9c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c7cda75f4e15e486dee5a6501cbe2018bc0e0f
        Validity
            Not Before: Jan  1 18:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47b159c500d5ce7c8e3211a2e8398bc3b86b6c05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:61:2f:e4:48:df:4f:f5:ce:f9:b4:c8:40:85:
                    e7:4b:61:ea:47:3d:ce:31:87:54:93:f3:15:28:3c:
                    cb:df:3a:74:12:6c:72:b0:c4:df:81:56:e5:ae:a0:
                    39:e2:a6:c7:27:44:3b:f4:59:f4:82:cc:9d:fc:99:
                    ad:4e:86:cd:db:3f:8b:24:91:db:b7:fa:07:1e:aa:
                    ea:0d:0a:91:5f:64:83:94:37:10:f9:f1:c8:3d:49:
                    99:96:30:eb:74:51:cf:10:61:bf:dc:4f:f6:a3:1d:
                    05:be:33:31:79:20:b0:a0:81:86:a9:45:da:33:cc:
                    f0:db:b8:7c:19:9e:32:30:76:4e:0f:69:6d:7a:13:
                    da:44:42:40:ba:83:3d:65:a9:b0:27:dd:7f:7a:a7:
                    72:e1:d7:20:d6:31:99:01:a5:91:70:b9:de:5c:27:
                    a4:a5:9f:ae:de:a1:bf:25:e6:c2:dc:ee:79:e9:aa:
                    48:42:c1:d2:dd:2c:8b:17:1b:61:74:6c:b1:52:03:
                    6a:60:30:32:7e:64:e8:26:d5:e4:e4:a9:04:fc:47:
                    f8:64:bd:e5:2a:58:22:a4:4b:8c:7d:00:c6:69:5d:
                    98:e6:53:0f:73:b3:7a:2e:57:bc:41:1c:99:05:0b:
                    6d:15:3e:4a:39:0a:e9:88:56:66:71:f7:33:44:7e:
                    65:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:B1:59:C5:00:D5:CE:7C:8E:32:11:A2:E8:39:8B:C3:B8:6B:6C:05
            X509v3 Authority Key Identifier:
                keyid:22:C7:CD:A7:5F:4E:15:E4:86:DE:E5:A6:50:1C:BE:20:18:BC:0E:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsfNp19OFeSG3uWmUBy-IBi8Dg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/R7FZxQDVznyOMhGi6DmLw7hrbAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/IsfNp19OFeSG3uWmUBy-IBi8Dg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.219.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:02:4c:12:71:97:94:a7:6a:d8:c2:49:32:8e:ae:64:92:31:
         6f:13:57:5b:1e:ba:b9:63:c0:2b:34:d8:81:ef:6e:16:e9:ac:
         49:b9:78:c9:97:c8:2a:f1:10:c3:8c:a1:48:d2:3f:b8:6e:24:
         48:9b:6e:af:eb:a7:0d:3a:73:77:3b:97:ec:41:a7:83:39:63:
         b8:3a:2c:f1:8c:ef:a2:c7:fe:55:99:d1:7b:84:5e:22:d1:82:
         f8:07:e6:5e:1a:b1:38:78:64:4b:8a:5b:a4:34:8e:48:b1:54:
         4c:df:64:5b:59:9b:e6:6c:a7:81:a4:46:90:93:92:18:aa:67:
         b1:c0:d0:8c:6d:5c:c0:50:67:75:19:71:79:1c:d3:17:8a:36:
         43:8d:d6:37:0a:09:3a:4d:1e:cb:c1:b8:e0:5e:73:f7:9e:b2:
         85:64:b7:4b:ad:b8:53:0d:4f:2a:c4:19:57:d4:42:c6:a6:d3:
         04:de:f8:66:81:b2:83:88:84:0a:10:0e:9f:51:85:b8:ae:55:
         63:41:62:02:0c:45:7a:45:8b:97:38:1e:5f:bf:a9:11:9d:ff:
         41:60:97:91:e3:85:48:72:5a:a5:57:1a:ec:19:a6:3b:af:34:
         04:89:de:6d:b2:ba:e5:3e:50:82:8b:01:c6:33:a9:30:54:96:
         29:05:e7:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSrpeaaK0YD1PE/Mhlpx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzdjZGE3NWY0ZTE1ZTQ4NmRlZTVhNjUwMWNiZTIwMThi
YzBlMGYwHhcNMjQwMTAxMTgzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2IxNTljNTAwZDVjZTdjOGUzMjExYTJlODM5OGJjM2I4NmI2YzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGEv5EjfT/XO+bTIQIXnS2HqRz3O
MYdUk/MVKDzL3zp0EmxysMTfgVblrqA54qbHJ0Q79Fn0gsyd/JmtTobN2z+LJJHb
t/oHHqrqDQqRX2SDlDcQ+fHIPUmZljDrdFHPEGG/3E/2ox0FvjMxeSCwoIGGqUXa
M8zw27h8GZ4yMHZOD2ltehPaREJAuoM9ZamwJ91/eqdy4dcg1jGZAaWRcLneXCek
pZ+u3qG/JebC3O556apIQsHS3SyLFxthdGyxUgNqYDAyfmToJtXk5KkE/Ef4ZL3l
KlgipEuMfQDGaV2Y5lMPc7N6Lle8QRyZBQttFT5KOQrpiFZmcfczRH5l1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEexWcUA1c58jjIRoug5i8O4a2wFMB8GA1UdIwQY
MBaAFCLHzadfThXkht7lplAcviAYvA4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNmTnAxOU9GZVNHM3VXbVVCeS1JQmk4RGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iOTIzMzEtMmJiNC00YTU5LTk5Nzgt
NzUxYjE3ZDFjNDM3LzEvUjdGWnhRRFZ6bnlPTWhHaTZEbUx3N2hyYkFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iOTIzMzEtMmJiNC00YTU5LTk5NzgtNzUxYjE3ZDFjNDM3
LzEvSXNmTnAxOU9GZVNHM3VXbVVCeS1JQmk4RGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9sVMA0G
CSqGSIb3DQEBCwUAA4IBAQB4AkwScZeUp2rYwkkyjq5kkjFvE1dbHrq5Y8ArNNiB
724W6axJuXjJl8gq8RDDjKFI0j+4biRIm26v66cNOnN3O5fsQaeDOWO4OizxjO+i
x/5VmdF7hF4i0YL4B+ZeGrE4eGRLilukNI5IsVRM32RbWZvmbKeBpEaQk5IYqmex
wNCMbVzAUGd1GXF5HNMXijZDjdY3Cgk6TR7LwbjgXnP3nrKFZLdLrbhTDU8qxBlX
1ELGptME3vhmgbKDiIQKEA6fUYW4rlVjQWICDEV6RYuXOB5fv6kRnf9BYJeR44VI
clqlVxrsGaY7rzQEid5tsrrlPlCCiwHGM6kwVJYpBefE
-----END CERTIFICATE-----