Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a7ca61-2e8d-4bbe-9c36-4e6d130bda0f/1/T8tXWMwfLXDdblrT3k8FhiWnQtc.roa
File:                     T8tXWMwfLXDdblrT3k8FhiWnQtc.roa (raw, json)
Hash identifier:          p5xgf5GNVS17T/Yck2zFiPuuFgGiRy1+PD6ODzkAgUc=
Subject key identifier:   4F:CB:57:58:CC:1F:2D:70:DD:6E:5A:D3:DE:4F:05:86:25:A7:42:D7
Certificate issuer:       /CN=09ea1d4531b071d6574699c12e5afa41f89bd409
Certificate serial:       018CC56E252A23F7AA2398C5D8A86FC0755B
Authority key identifier: 09:EA:1D:45:31:B0:71:D6:57:46:99:C1:2E:5A:FA:41:F8:9B:D4:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CeodRTGwcdZXRpnBLlr6Qfib1Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a7ca61-2e8d-4bbe-9c36-4e6d130bda0f/1/T8tXWMwfLXDdblrT3k8FhiWnQtc.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5545
IP address blocks:        91.229.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a7ca61-2e8d-4bbe-9c36-4e6d130bda0f/1/CeodRTGwcdZXRpnBLlr6Qfib1Ak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a7ca61-2e8d-4bbe-9c36-4e6d130bda0f/1/CeodRTGwcdZXRpnBLlr6Qfib1Ak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CeodRTGwcdZXRpnBLlr6Qfib1Ak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:25:2a:23:f7:aa:23:98:c5:d8:a8:6f:c0:75:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09ea1d4531b071d6574699c12e5afa41f89bd409
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fcb5758cc1f2d70dd6e5ad3de4f058625a742d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:65:df:33:7f:11:6b:76:70:ef:5e:e6:82:1b:
                    d9:9f:32:e8:a8:e5:1f:28:bd:05:55:f7:91:ea:7a:
                    75:58:64:4b:6f:52:4f:29:57:4a:be:3a:4f:3a:10:
                    61:db:8b:ae:9f:81:39:dc:8e:9a:85:cf:08:37:a4:
                    5b:1f:1f:4f:3f:a3:2a:f2:5e:a0:96:80:92:a3:fc:
                    96:49:74:4d:c3:85:c6:8a:e0:6c:74:34:e4:be:e6:
                    ac:18:b4:76:b7:5d:b7:44:5b:c0:b7:de:67:0f:6c:
                    b6:19:ff:3c:3e:d2:ec:1a:93:bf:c0:47:af:d8:73:
                    e7:70:76:a4:ea:7b:35:8c:4c:23:26:42:ba:68:af:
                    dc:d8:ad:1b:36:54:90:59:13:3e:41:03:e5:4f:09:
                    82:f4:7a:8c:2e:89:0d:00:9b:c5:f8:38:a3:c9:8c:
                    0d:eb:1e:f8:23:aa:5a:2f:4f:41:30:44:c5:e6:1c:
                    a9:fb:da:a1:ed:f6:84:93:3a:48:fd:c3:3b:3b:e7:
                    ea:68:8e:c2:4f:42:58:5e:89:25:fc:dd:1a:5d:71:
                    8b:5b:55:7f:ed:89:cc:f5:9c:8c:5d:f9:75:bb:ee:
                    68:d2:7a:37:75:7d:28:67:c2:ef:55:0f:9f:ba:be:
                    f3:90:35:ae:84:96:6c:79:55:d1:a1:fc:f5:0f:d5:
                    2b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:CB:57:58:CC:1F:2D:70:DD:6E:5A:D3:DE:4F:05:86:25:A7:42:D7
            X509v3 Authority Key Identifier:
                keyid:09:EA:1D:45:31:B0:71:D6:57:46:99:C1:2E:5A:FA:41:F8:9B:D4:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeodRTGwcdZXRpnBLlr6Qfib1Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a7ca61-2e8d-4bbe-9c36-4e6d130bda0f/1/T8tXWMwfLXDdblrT3k8FhiWnQtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a7ca61-2e8d-4bbe-9c36-4e6d130bda0f/1/CeodRTGwcdZXRpnBLlr6Qfib1Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:95:64:d5:52:a4:49:d2:6b:23:56:77:44:b4:c4:81:6c:63:
         98:bf:50:8c:f3:55:af:f2:e7:48:df:9e:4c:ca:d4:9f:22:0b:
         8f:a3:5f:85:ad:8f:43:78:7d:a5:4b:ad:91:93:bd:50:94:3a:
         d1:c1:fe:7c:e7:da:ad:d9:07:11:98:61:d5:d3:34:3c:dd:bb:
         aa:a7:07:6c:aa:24:8f:99:2a:4c:49:6a:62:ec:b4:c4:a1:d5:
         5f:b0:b7:58:0f:9d:08:69:88:ba:74:35:c3:51:5a:26:34:9b:
         72:aa:39:07:2e:71:52:98:a9:b1:0f:11:3b:ba:8b:ec:7d:0a:
         19:d6:38:bd:63:f0:9e:5f:ff:79:5e:b9:80:1f:f0:14:c5:ef:
         b1:68:90:ca:51:c3:ca:dc:fd:ad:54:59:31:29:c9:62:2a:fa:
         7b:9f:b6:bb:44:98:d1:58:ad:1b:76:76:60:1b:cb:4d:6c:b5:
         14:14:84:72:bc:42:31:a5:fe:bb:ee:e0:14:46:5d:2e:ff:44:
         6a:3d:c6:42:72:ba:1c:1b:e1:6b:5a:0b:70:40:6b:3c:2e:6a:
         24:82:6a:b4:d8:ac:92:44:6e:28:f9:c4:00:90:73:ab:55:87:
         0b:78:35:71:fe:df:82:9c:48:29:9d:a0:dc:09:0e:27:2b:1c:
         50:fe:49:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiUqI/eqI5jF2KhvwHVbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZWExZDQ1MzFiMDcxZDY1NzQ2OTljMTJlNWFmYTQxZjg5
YmQ0MDkwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmNiNTc1OGNjMWYyZDcwZGQ2ZTVhZDNkZTRmMDU4NjI1YTc0MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimXfM38Ra3Zw717mghvZnzLoqOUf
KL0FVfeR6np1WGRLb1JPKVdKvjpPOhBh24uun4E53I6ahc8IN6RbHx9PP6Mq8l6g
loCSo/yWSXRNw4XGiuBsdDTkvuasGLR2t123RFvAt95nD2y2Gf88PtLsGpO/wEev
2HPncHak6ns1jEwjJkK6aK/c2K0bNlSQWRM+QQPlTwmC9HqMLokNAJvF+DijyYwN
6x74I6paL09BMETF5hyp+9qh7faEkzpI/cM7O+fqaI7CT0JYXokl/N0aXXGLW1V/
7YnM9ZyMXfl1u+5o0no3dX0oZ8LvVQ+fur7zkDWuhJZseVXRofz1D9UrrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/LV1jMHy1w3W5a095PBYYlp0LXMB8GA1UdIwQY
MBaAFAnqHUUxsHHWV0aZwS5a+kH4m9QJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2VvZFJUR3djZFpYUnBuQkxscjZRZmliMUFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hN2NhNjEtMmU4ZC00YmJlLTljMzYt
NGU2ZDEzMGJkYTBmLzEvVDh0WFdNd2ZMWERkYmxyVDNrOEZoaVduUXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hN2NhNjEtMmU4ZC00YmJlLTljMzYtNGU2ZDEzMGJkYTBm
LzEvQ2VvZFJUR3djZFpYUnBuQkxscjZRZmliMUFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+VeMA0G
CSqGSIb3DQEBCwUAA4IBAQDElWTVUqRJ0msjVndEtMSBbGOYv1CM81Wv8udI355M
ytSfIguPo1+FrY9DeH2lS62Rk71QlDrRwf5859qt2QcRmGHV0zQ83buqpwdsqiSP
mSpMSWpi7LTEodVfsLdYD50IaYi6dDXDUVomNJtyqjkHLnFSmKmxDxE7uovsfQoZ
1ji9Y/CeX/95XrmAH/AUxe+xaJDKUcPK3P2tVFkxKcliKvp7n7a7RJjRWK0bdnZg
G8tNbLUUFIRyvEIxpf677uAURl0u/0RqPcZCcrocG+FrWgtwQGs8Lmokgmq02KyS
RG4o+cQAkHOrVYcLeDVx/t+CnEgpnaDcCQ4nKxxQ/knn
-----END CERTIFICATE-----