Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/GrxNdkhL-wa64g21QDh3kpwQeIk.roa
File:                     GrxNdkhL-wa64g21QDh3kpwQeIk.roa (raw, json)
Hash identifier:          qz1f0KvfCGPRcs/Kpq85ySxzAFoQXhH8ke6MWWoN/R0=
Subject key identifier:   1A:BC:4D:76:48:4B:FB:06:BA:E2:0D:B5:40:38:77:92:9C:10:78:89
Certificate issuer:       /CN=2ba38933358cf66cff3b6ce3f7bc2517fdd47421
Certificate serial:       018CC7274309AB1EDE1A55F1388F6A4232AB
Authority key identifier: 2B:A3:89:33:35:8C:F6:6C:FF:3B:6C:E3:F7:BC:25:17:FD:D4:74:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K6OJMzWM9mz_O2zj97wlF_3UdCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/GrxNdkhL-wa64g21QDh3kpwQeIk.roa
Signing time:             Mon 01 Jan 2024 22:31:28 +0000
ROA not before:           Mon 01 Jan 2024 22:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57224
IP address blocks:        91.198.60.0/24 maxlen: 24
                          185.40.116.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/K6OJMzWM9mz_O2zj97wlF_3UdCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/K6OJMzWM9mz_O2zj97wlF_3UdCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K6OJMzWM9mz_O2zj97wlF_3UdCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:43:09:ab:1e:de:1a:55:f1:38:8f:6a:42:32:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ba38933358cf66cff3b6ce3f7bc2517fdd47421
        Validity
            Not Before: Jan  1 22:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1abc4d76484bfb06bae20db5403877929c107889
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:64:e9:93:11:3e:3e:ef:48:6a:11:33:d3:67:
                    53:b9:ed:2d:4a:34:bb:f5:d9:00:02:a5:7f:22:af:
                    5b:67:63:35:24:69:75:64:a7:28:2b:8d:09:82:7a:
                    6c:c3:0c:47:ed:05:b3:e1:d2:a7:77:c1:57:13:1d:
                    86:2a:7a:b3:33:77:97:97:51:50:7c:9e:87:f9:e3:
                    34:f9:d0:84:b9:20:01:82:ab:f6:00:97:07:a9:5d:
                    d0:e2:86:15:87:60:7e:85:ea:d5:70:75:49:4f:5d:
                    0f:f3:e4:d6:85:31:a2:48:85:5b:39:f9:52:6a:fa:
                    f7:15:c0:82:c0:f6:a8:57:54:eb:41:fd:e0:86:37:
                    da:88:46:72:d2:0e:71:eb:09:e1:6f:c2:65:63:2c:
                    2e:2f:bb:37:b6:4d:2a:3f:d6:33:95:75:c1:de:51:
                    b4:af:ac:23:83:e5:05:cc:c1:a8:c5:48:2c:b4:e1:
                    ba:a2:e0:79:55:fb:26:d2:ca:d2:d1:9f:db:9e:c7:
                    de:e8:82:5e:a5:3d:90:9f:b7:0c:1e:fe:1b:12:9f:
                    aa:50:7f:94:37:e1:f3:bf:aa:81:d2:2e:21:32:f8:
                    c4:c8:dc:2b:b6:cf:59:bf:a0:15:a8:f4:f9:e7:98:
                    51:88:db:d5:64:b5:f2:5d:8b:0b:66:3f:12:ad:a6:
                    f3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:BC:4D:76:48:4B:FB:06:BA:E2:0D:B5:40:38:77:92:9C:10:78:89
            X509v3 Authority Key Identifier:
                keyid:2B:A3:89:33:35:8C:F6:6C:FF:3B:6C:E3:F7:BC:25:17:FD:D4:74:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K6OJMzWM9mz_O2zj97wlF_3UdCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/GrxNdkhL-wa64g21QDh3kpwQeIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/K6OJMzWM9mz_O2zj97wlF_3UdCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.60.0/24
                  185.40.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:f4:2d:fc:63:77:a8:72:0a:a1:b9:c2:2a:b6:00:05:12:62:
         9c:be:cd:97:a3:b5:97:eb:15:f7:42:a0:41:79:09:d3:ac:ab:
         3d:06:e6:f8:23:e5:a2:27:44:6b:4e:03:22:0e:ab:e1:2a:6c:
         4b:b9:ab:7a:06:8a:14:a6:59:a2:db:13:48:9c:fa:44:2b:16:
         9d:f2:02:2e:20:66:b0:f6:51:4e:ae:64:7f:03:8f:11:58:9c:
         ac:bf:45:d9:b4:d0:5e:eb:59:e8:c8:b6:4d:55:01:c2:95:97:
         38:e0:22:ab:32:6d:80:48:0d:91:ea:5b:19:9e:aa:7e:63:43:
         03:9b:db:1f:60:19:c3:ad:f8:67:08:32:31:37:da:bd:6d:c9:
         b7:99:78:07:a7:77:c6:e5:9c:69:16:7e:42:43:1c:a1:80:24:
         d4:a7:45:74:2f:2f:24:01:86:fc:7c:65:12:18:28:75:21:b7:
         b8:c3:aa:77:fb:90:c8:0c:c5:6e:b8:3f:84:79:b6:41:8b:6e:
         9b:a2:2a:63:fe:e4:db:e7:0c:2c:94:84:19:48:92:83:8a:fb:
         f9:f4:e6:ef:d0:a8:61:58:17:23:fb:69:96:db:01:3d:af:e6:
         b4:1c:95:34:ef:99:2e:d7:e3:3f:a3:9a:2c:77:ef:a3:0f:66:
         14:24:28:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJ0MJqx7eGlXxOI9qQjKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYTM4OTMzMzU4Y2Y2NmNmZjNiNmNlM2Y3YmMyNTE3ZmRk
NDc0MjEwHhcNMjQwMTAxMjIzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWJjNGQ3NjQ4NGJmYjA2YmFlMjBkYjU0MDM4Nzc5MjljMTA3ODg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2TpkxE+Pu9IahEz02dTue0tSjS7
9dkAAqV/Iq9bZ2M1JGl1ZKcoK40JgnpswwxH7QWz4dKnd8FXEx2GKnqzM3eXl1FQ
fJ6H+eM0+dCEuSABgqv2AJcHqV3Q4oYVh2B+herVcHVJT10P8+TWhTGiSIVbOflS
avr3FcCCwPaoV1TrQf3ghjfaiEZy0g5x6wnhb8JlYywuL7s3tk0qP9YzlXXB3lG0
r6wjg+UFzMGoxUgstOG6ouB5Vfsm0srS0Z/bnsfe6IJepT2Qn7cMHv4bEp+qUH+U
N+Hzv6qB0i4hMvjEyNwrts9Zv6AVqPT555hRiNvVZLXyXYsLZj8SrabzWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBq8TXZIS/sGuuINtUA4d5KcEHiJMB8GA1UdIwQY
MBaAFCujiTM1jPZs/zts4/e8JRf91HQhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzZPSk16V005bXpfTzJ6ajk3d2xGXzNVZENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC85ODU2ZWUtNjk5Zi00ZmVkLWJiOTgt
ZTA2ZmQwY2QzYjc3LzEvR3J4TmRraEwtd2E2NGcyMVFEaDNrcHdRZUlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC85ODU2ZWUtNjk5Zi00ZmVkLWJiOTgtZTA2ZmQwY2QzYjc3
LzEvSzZPSk16V005bXpfTzJ6ajk3d2xGXzNVZENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8Y8AwQC
uSh0MA0GCSqGSIb3DQEBCwUAA4IBAQCV9C38Y3eocgqhucIqtgAFEmKcvs2Xo7WX
6xX3QqBBeQnTrKs9Bub4I+WiJ0RrTgMiDqvhKmxLuat6BooUplmi2xNInPpEKxad
8gIuIGaw9lFOrmR/A48RWJysv0XZtNBe61noyLZNVQHClZc44CKrMm2ASA2R6lsZ
nqp+Y0MDm9sfYBnDrfhnCDIxN9q9bcm3mXgHp3fG5ZxpFn5CQxyhgCTUp0V0Ly8k
AYb8fGUSGCh1Ibe4w6p3+5DIDMVuuD+EebZBi26boipj/uTb5wwslIQZSJKDivv5
9Obv0KhhWBcj+2mW2wE9r+a0HJU075ku1+M/o5osd++jD2YUJCgs
-----END CERTIFICATE-----