Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/161d2f-ec87-4718-9364-fa2c15371726/1/r6oeFTKrQLpaSlqkW_amqLF7fRQ.roa
File:                     r6oeFTKrQLpaSlqkW_amqLF7fRQ.roa (raw, json)
Hash identifier:          nfLc+MLO8ImnzNR/Vl6rOjtiN9xF9b4VWHuqQhSUON4=
Subject key identifier:   AF:AA:1E:15:32:AB:40:BA:5A:4A:5A:A4:5B:F6:A6:A8:B1:7B:7D:14
Certificate issuer:       /CN=5f2a133ec2fe6067b56496e819d5bfb4e4471f94
Certificate serial:       018CC49240C62E96BE0B6A6E242644058531
Authority key identifier: 5F:2A:13:3E:C2:FE:60:67:B5:64:96:E8:19:D5:BF:B4:E4:47:1F:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XyoTPsL-YGe1ZJboGdW_tORHH5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/161d2f-ec87-4718-9364-fa2c15371726/1/r6oeFTKrQLpaSlqkW_amqLF7fRQ.roa
Signing time:             Mon 01 Jan 2024 10:29:28 +0000
ROA not before:           Mon 01 Jan 2024 10:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56579
IP address blocks:        91.218.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/161d2f-ec87-4718-9364-fa2c15371726/1/XyoTPsL-YGe1ZJboGdW_tORHH5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/161d2f-ec87-4718-9364-fa2c15371726/1/XyoTPsL-YGe1ZJboGdW_tORHH5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XyoTPsL-YGe1ZJboGdW_tORHH5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:40:c6:2e:96:be:0b:6a:6e:24:26:44:05:85:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f2a133ec2fe6067b56496e819d5bfb4e4471f94
        Validity
            Not Before: Jan  1 10:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afaa1e1532ab40ba5a4a5aa45bf6a6a8b17b7d14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:80:65:6f:6b:71:c2:6f:47:ee:47:56:d2:6e:
                    3b:19:5e:5d:6e:89:93:2e:22:82:2a:86:9d:84:4e:
                    db:c2:4b:07:6c:33:41:49:50:15:1f:b9:c7:66:4d:
                    95:86:99:74:8d:e3:6e:75:45:71:17:50:9c:61:5e:
                    ef:c9:03:86:bd:be:56:17:32:67:ec:cc:8f:bc:d4:
                    3c:37:5b:1e:49:cb:91:d6:29:59:a5:bf:c3:d5:1f:
                    26:4d:ac:00:57:e7:be:45:cc:c3:36:68:dc:eb:32:
                    3f:8f:77:aa:43:f8:14:43:e9:eb:5b:30:dd:98:2e:
                    a2:b4:04:41:a3:30:6b:1d:a3:ad:62:34:21:07:fe:
                    a9:b2:c0:74:22:29:fa:41:6e:7f:1d:dd:1e:2e:3a:
                    60:d2:50:2d:9d:90:60:21:ba:e0:4d:58:aa:fd:72:
                    9c:0a:9e:8d:81:2b:36:28:ba:be:76:13:35:7a:b8:
                    3d:a6:64:35:db:37:bc:50:00:b7:87:d5:82:32:bc:
                    2a:ef:b7:46:25:6f:8e:40:5e:99:37:cc:e3:af:dd:
                    0e:d9:a4:f0:ea:b6:af:80:ff:e5:d5:92:9e:55:c3:
                    5f:68:2a:a7:13:2e:e9:c8:da:d6:72:4d:88:ae:f6:
                    36:dc:f6:5e:2d:91:fa:9c:55:e8:9e:ac:6e:31:e0:
                    33:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:AA:1E:15:32:AB:40:BA:5A:4A:5A:A4:5B:F6:A6:A8:B1:7B:7D:14
            X509v3 Authority Key Identifier:
                keyid:5F:2A:13:3E:C2:FE:60:67:B5:64:96:E8:19:D5:BF:B4:E4:47:1F:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XyoTPsL-YGe1ZJboGdW_tORHH5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/161d2f-ec87-4718-9364-fa2c15371726/1/r6oeFTKrQLpaSlqkW_amqLF7fRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/161d2f-ec87-4718-9364-fa2c15371726/1/XyoTPsL-YGe1ZJboGdW_tORHH5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:a1:6a:e2:8c:99:71:e9:cf:8e:9a:83:1a:b0:f3:1e:fc:3e:
         e9:92:0e:85:f8:5b:b9:29:cd:03:b5:58:f8:be:24:a6:8d:f4:
         53:31:55:44:97:ff:05:3c:70:60:1c:61:6d:06:6e:e7:9c:ee:
         10:fd:3d:73:75:dc:b5:3e:b0:05:87:54:4f:56:60:a9:19:52:
         c6:c0:80:5d:08:32:c3:15:14:da:88:3e:1d:ba:88:d4:f3:50:
         2f:ac:5a:55:a2:ef:2a:2c:03:bd:bd:1b:28:8d:c4:47:ba:57:
         1f:73:f9:20:c1:8e:61:a2:a8:3d:79:af:ed:f7:df:44:60:10:
         4a:c2:1e:10:98:aa:ef:01:1c:f7:1d:2b:7d:a3:f4:db:22:a6:
         42:ec:5d:b8:12:bf:68:11:27:88:14:fd:ce:f1:a1:94:e6:da:
         77:f7:38:7c:23:31:a9:01:7e:d4:33:e3:a0:ab:f5:11:2b:f4:
         35:47:09:1a:66:21:4b:0c:c2:6f:b1:4d:29:33:2b:48:cd:e2:
         a9:dc:77:3e:9c:90:3c:b8:53:1c:fb:e3:3a:13:12:46:01:1d:
         c6:27:7b:b2:90:46:00:c0:c6:80:8a:6e:56:29:9d:91:4a:21:
         ad:74:7b:05:49:b7:70:9d:b2:a7:2f:21:eb:f2:15:80:a2:01:
         b4:8e:aa:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkDGLpa+C2puJCZEBYUxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMmExMzNlYzJmZTYwNjdiNTY0OTZlODE5ZDViZmI0ZTQ0
NzFmOTQwHhcNMjQwMTAxMTAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmFhMWUxNTMyYWI0MGJhNWE0YTVhYTQ1YmY2YTZhOGIxN2I3ZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoBlb2txwm9H7kdW0m47GV5dbomT
LiKCKoadhE7bwksHbDNBSVAVH7nHZk2Vhpl0jeNudUVxF1CcYV7vyQOGvb5WFzJn
7MyPvNQ8N1seScuR1ilZpb/D1R8mTawAV+e+RczDNmjc6zI/j3eqQ/gUQ+nrWzDd
mC6itARBozBrHaOtYjQhB/6pssB0Iin6QW5/Hd0eLjpg0lAtnZBgIbrgTViq/XKc
Cp6NgSs2KLq+dhM1erg9pmQ12ze8UAC3h9WCMrwq77dGJW+OQF6ZN8zjr90O2aTw
6ravgP/l1ZKeVcNfaCqnEy7pyNrWck2IrvY23PZeLZH6nFXonqxuMeAzKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+qHhUyq0C6WkpapFv2pqixe30UMB8GA1UdIwQY
MBaAFF8qEz7C/mBntWSW6BnVv7TkRx+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHlvVFBzTC1ZR2UxWkpib0dkV190T1JISDVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8xNjFkMmYtZWM4Ny00NzE4LTkzNjQt
ZmEyYzE1MzcxNzI2LzEvcjZvZUZUS3JRTHBhU2xxa1dfYW1xTEY3ZlJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8xNjFkMmYtZWM4Ny00NzE4LTkzNjQtZmEyYzE1MzcxNzI2
LzEvWHlvVFBzTC1ZR2UxWkpib0dkV190T1JISDVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9o7MA0G
CSqGSIb3DQEBCwUAA4IBAQC1oWrijJlx6c+OmoMasPMe/D7pkg6F+Fu5Kc0DtVj4
viSmjfRTMVVEl/8FPHBgHGFtBm7nnO4Q/T1zddy1PrAFh1RPVmCpGVLGwIBdCDLD
FRTaiD4duojU81AvrFpVou8qLAO9vRsojcRHulcfc/kgwY5hoqg9ea/t999EYBBK
wh4QmKrvARz3HSt9o/TbIqZC7F24Er9oESeIFP3O8aGU5tp39zh8IzGpAX7UM+Og
q/URK/Q1RwkaZiFLDMJvsU0pMytIzeKp3Hc+nJA8uFMc++M6ExJGAR3GJ3uykEYA
wMaAim5WKZ2RSiGtdHsFSbdwnbKnLyHr8hWAogG0jqph
-----END CERTIFICATE-----