Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/RG728vIUeEZfhzsUu99uusLPfRc.roa
File:                     RG728vIUeEZfhzsUu99uusLPfRc.roa (raw, json)
Hash identifier:          8s0RFVzVlff8Ih0vBOJXnyX1LVRx4eH6CXc2dEcajBk=
Subject key identifier:   44:6E:F6:F2:F2:14:78:46:5F:87:3B:14:BB:DF:6E:BA:C2:CF:7D:17
Certificate issuer:       /CN=77c2d8a60197fc7bde64fc3fad10eb2da4fe8779
Certificate serial:       018CC86FD8B10BB10AB932F308C206C9F0BF
Authority key identifier: 77:C2:D8:A6:01:97:FC:7B:DE:64:FC:3F:AD:10:EB:2D:A4:FE:87:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d8LYpgGX_HveZPw_rRDrLaT-h3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/RG728vIUeEZfhzsUu99uusLPfRc.roa
Signing time:             Tue 02 Jan 2024 04:30:22 +0000
ROA not before:           Tue 02 Jan 2024 04:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204922
IP address blocks:        91.199.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/d8LYpgGX_HveZPw_rRDrLaT-h3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/d8LYpgGX_HveZPw_rRDrLaT-h3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d8LYpgGX_HveZPw_rRDrLaT-h3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d8:b1:0b:b1:0a:b9:32:f3:08:c2:06:c9:f0:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77c2d8a60197fc7bde64fc3fad10eb2da4fe8779
        Validity
            Not Before: Jan  2 04:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=446ef6f2f21478465f873b14bbdf6ebac2cf7d17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5b:ed:11:d9:c5:e8:b1:4e:c4:c7:75:51:38:
                    89:6a:0b:db:8b:2a:a1:7e:d9:9f:57:15:ee:fd:b5:
                    6a:83:70:90:10:7b:18:9b:52:1b:98:e4:65:4e:c0:
                    c0:d8:19:85:8a:5a:55:3d:4b:82:f0:d4:8d:c1:a5:
                    03:20:6e:cd:5c:ff:20:d1:cc:12:c3:87:bd:23:75:
                    bc:c2:8a:b4:a8:03:ca:40:09:22:67:c5:b7:97:fc:
                    4f:48:ae:17:46:60:4a:35:00:9d:b0:b0:f7:36:57:
                    e0:16:b7:af:c6:79:88:53:06:90:c6:64:77:47:8a:
                    46:90:65:53:68:a8:78:4b:5f:e0:da:7b:fd:11:df:
                    a4:28:91:87:51:3e:dc:f8:24:7e:55:39:0b:5d:d2:
                    b3:12:40:f5:f3:18:9e:d8:06:b9:36:42:18:5c:46:
                    e0:d8:d2:43:2c:96:53:97:2b:51:19:6a:1b:5d:a8:
                    76:78:a5:24:a4:4f:7f:9a:fd:d6:cc:72:f9:41:93:
                    41:46:e9:2a:e1:9e:dc:53:05:45:0a:7b:28:08:18:
                    41:97:36:4b:fa:93:5a:9f:99:0a:4b:dc:dc:4f:e8:
                    e8:76:ea:70:07:dc:78:a0:51:44:59:f0:9f:62:a6:
                    cb:73:9a:63:7c:9e:72:89:34:8f:14:87:b2:46:dc:
                    02:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:6E:F6:F2:F2:14:78:46:5F:87:3B:14:BB:DF:6E:BA:C2:CF:7D:17
            X509v3 Authority Key Identifier:
                keyid:77:C2:D8:A6:01:97:FC:7B:DE:64:FC:3F:AD:10:EB:2D:A4:FE:87:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8LYpgGX_HveZPw_rRDrLaT-h3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/RG728vIUeEZfhzsUu99uusLPfRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/d8LYpgGX_HveZPw_rRDrLaT-h3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a0:ee:48:0e:f5:76:7e:49:92:86:ac:3e:dc:3a:55:da:2a:
         4e:1c:0e:0f:fe:14:c7:3a:6e:d9:a8:15:63:e8:db:53:51:99:
         39:5d:93:c3:a3:60:32:11:d3:74:5d:37:a5:0a:9e:98:7d:63:
         12:05:0a:28:73:2f:45:45:93:59:a9:b8:7e:29:2d:3a:0d:94:
         50:66:e3:79:58:34:53:63:56:5b:58:f0:ef:7a:a4:3e:4d:ac:
         bd:a2:b8:af:90:e1:8b:65:ae:a5:87:1d:13:be:a6:ab:6b:8a:
         af:e3:65:fe:e4:2d:06:90:d3:ce:d4:90:07:5a:c5:87:d7:43:
         69:b6:f0:52:a5:04:61:cc:6b:83:95:a4:32:ad:b9:9c:05:77:
         f7:5d:79:9c:11:d7:4d:fb:20:41:a3:96:37:f5:db:e1:80:65:
         5c:0f:58:fc:5f:9f:fe:df:47:ba:55:93:cd:bb:8d:d2:f1:ce:
         bd:54:69:0b:e4:b8:b4:6a:53:e7:6b:31:b7:6f:ed:0b:c4:6b:
         4b:81:9d:00:89:89:7e:8d:26:b8:04:af:73:41:7e:94:e8:cc:
         4f:61:06:2c:13:95:ac:51:02:a8:e4:d5:95:6b:c3:30:df:3b:
         7b:7b:8c:81:37:2f:f3:a6:84:d7:ac:d3:6f:c7:07:cd:c2:9d:
         cb:5d:4a:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb9ixC7EKuTLzCMIGyfC/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YzJkOGE2MDE5N2ZjN2JkZTY0ZmMzZmFkMTBlYjJkYTRm
ZTg3NzkwHhcNMjQwMTAyMDQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDZlZjZmMmYyMTQ3ODQ2NWY4NzNiMTRiYmRmNmViYWMyY2Y3ZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVvtEdnF6LFOxMd1UTiJagvbiyqh
ftmfVxXu/bVqg3CQEHsYm1IbmORlTsDA2BmFilpVPUuC8NSNwaUDIG7NXP8g0cwS
w4e9I3W8woq0qAPKQAkiZ8W3l/xPSK4XRmBKNQCdsLD3NlfgFrevxnmIUwaQxmR3
R4pGkGVTaKh4S1/g2nv9Ed+kKJGHUT7c+CR+VTkLXdKzEkD18xie2Aa5NkIYXEbg
2NJDLJZTlytRGWobXah2eKUkpE9/mv3WzHL5QZNBRukq4Z7cUwVFCnsoCBhBlzZL
+pNan5kKS9zcT+jodupwB9x4oFFEWfCfYqbLc5pjfJ5yiTSPFIeyRtwCYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERu9vLyFHhGX4c7FLvfbrrCz30XMB8GA1UdIwQY
MBaAFHfC2KYBl/x73mT8P60Q6y2k/od5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDhMWXBnR1hfSHZlWlB3X3JSRHJMYVQtaDNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ZmIyNTQtNDE3YS00MTgwLWE0ZjAt
OGYyYWY5YjUxYzViLzEvUkc3Mjh2SVVlRVpmaHpzVXU5OXV1c0xQZlJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ZmIyNTQtNDE3YS00MTgwLWE0ZjAtOGYyYWY5YjUxYzVi
LzEvZDhMWXBnR1hfSHZlWlB3X3JSRHJMYVQtaDNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8dxMA0G
CSqGSIb3DQEBCwUAA4IBAQADoO5IDvV2fkmShqw+3DpV2ipOHA4P/hTHOm7ZqBVj
6NtTUZk5XZPDo2AyEdN0XTelCp6YfWMSBQoocy9FRZNZqbh+KS06DZRQZuN5WDRT
Y1ZbWPDveqQ+Tay9orivkOGLZa6lhx0Tvqara4qv42X+5C0GkNPO1JAHWsWH10Np
tvBSpQRhzGuDlaQyrbmcBXf3XXmcEddN+yBBo5Y39dvhgGVcD1j8X5/+30e6VZPN
u43S8c69VGkL5Li0alPnazG3b+0LxGtLgZ0AiYl+jSa4BK9zQX6U6MxPYQYsE5Ws
UQKo5NWVa8Mw3zt7e4yBNy/zpoTXrNNvxwfNwp3LXUrj
-----END CERTIFICATE-----