Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/f85b7c-4ad6-427d-93ed-a6f1e495f1be/1/_yKSV3Cw88-5eMN50mN_GBipivo.roa
File:                     _yKSV3Cw88-5eMN50mN_GBipivo.roa (raw, json)
Hash identifier:          jD9NPtiwMNoYPM1e1E1pYp6KE1bJsgSZIGzRfoci0kI=
Subject key identifier:   FF:22:92:57:70:B0:F3:CF:B9:78:C3:79:D2:63:7F:18:18:A9:8A:FA
Certificate issuer:       /CN=e140a047c8b30adc6d9ee326a669dfd011d9b5d3
Certificate serial:       018CC56E2F01C9116BFFBECD1C1732E9D505
Authority key identifier: E1:40:A0:47:C8:B3:0A:DC:6D:9E:E3:26:A6:69:DF:D0:11:D9:B5:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UCgR8izCtxtnuMmpmnf0BHZtdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/f85b7c-4ad6-427d-93ed-a6f1e495f1be/1/_yKSV3Cw88-5eMN50mN_GBipivo.roa
Signing time:             Mon 01 Jan 2024 14:29:41 +0000
ROA not before:           Mon 01 Jan 2024 14:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        91.132.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/f85b7c-4ad6-427d-93ed-a6f1e495f1be/1/4UCgR8izCtxtnuMmpmnf0BHZtdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/f85b7c-4ad6-427d-93ed-a6f1e495f1be/1/4UCgR8izCtxtnuMmpmnf0BHZtdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UCgR8izCtxtnuMmpmnf0BHZtdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:2f:01:c9:11:6b:ff:be:cd:1c:17:32:e9:d5:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e140a047c8b30adc6d9ee326a669dfd011d9b5d3
        Validity
            Not Before: Jan  1 14:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff22925770b0f3cfb978c379d2637f1818a98afa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:47:e7:13:98:46:4c:32:f2:b8:7c:1a:c9:00:
                    79:e1:e9:b2:77:01:f0:b1:7a:b9:03:c3:d9:eb:ca:
                    3d:a9:ed:d7:c3:62:84:0d:42:5c:77:de:16:64:73:
                    9e:8b:0a:14:25:1a:e9:d1:a7:ec:da:31:47:0f:9f:
                    36:5f:a7:88:31:1e:64:89:79:9d:d4:6f:81:0b:80:
                    e2:b8:c7:36:29:05:3d:2d:39:e3:7c:14:12:ca:b1:
                    f5:ef:63:59:02:04:8f:8a:d7:d9:b8:0f:b8:c6:b8:
                    cd:fb:82:3d:bc:b8:cd:61:30:31:ec:29:65:71:86:
                    25:d4:3a:d8:f0:ee:ed:50:e3:ae:7e:6a:ed:4f:36:
                    35:99:1b:59:ad:7d:3b:d1:f5:ed:5d:a3:2f:d5:61:
                    f9:da:97:58:28:74:85:06:16:12:0c:80:1e:d4:28:
                    03:65:a2:e6:f3:f8:f7:ca:6e:26:26:af:66:84:f9:
                    43:3c:28:ab:a9:e9:6d:80:8d:b1:f0:6a:7e:98:b9:
                    ba:71:8c:20:1e:a8:1e:e5:32:d3:f8:64:45:7f:a5:
                    13:97:e2:b9:97:d4:57:e0:65:5e:3a:c4:9e:4c:e0:
                    cb:2e:9e:d3:d2:63:2e:5d:c5:3e:b1:32:08:fb:31:
                    87:4e:41:9c:7d:41:d3:ea:6c:14:84:6c:14:05:17:
                    d6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:22:92:57:70:B0:F3:CF:B9:78:C3:79:D2:63:7F:18:18:A9:8A:FA
            X509v3 Authority Key Identifier:
                keyid:E1:40:A0:47:C8:B3:0A:DC:6D:9E:E3:26:A6:69:DF:D0:11:D9:B5:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UCgR8izCtxtnuMmpmnf0BHZtdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/f85b7c-4ad6-427d-93ed-a6f1e495f1be/1/_yKSV3Cw88-5eMN50mN_GBipivo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/f85b7c-4ad6-427d-93ed-a6f1e495f1be/1/4UCgR8izCtxtnuMmpmnf0BHZtdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:06:ac:7a:24:3a:22:3d:7b:69:70:f6:cf:46:4c:33:76:81:
         f8:f6:0e:6d:42:0d:49:5d:fb:51:55:d4:ef:82:90:77:da:6c:
         0d:13:71:29:2f:39:e3:53:d6:f2:dd:22:72:3c:a0:84:11:1d:
         28:5f:53:68:b6:7f:8f:bb:4d:d4:35:c2:7d:45:e9:23:bb:bf:
         bb:f6:5b:09:0f:ec:92:e0:66:88:24:cd:f7:cf:4d:7a:44:4a:
         88:74:46:14:3b:16:35:f9:05:49:29:87:89:4b:61:04:35:da:
         3d:bd:10:79:e4:7d:3e:31:a8:f3:fa:f6:c8:4a:6c:eb:ef:ca:
         42:2f:d3:51:3f:54:0d:ff:15:5a:a5:d7:0e:d9:d7:4f:94:4d:
         a3:6e:d0:d4:bf:a2:5d:3e:ae:c1:78:ae:90:c5:9b:68:26:33:
         38:ec:0e:4f:61:c5:73:f7:cf:5b:e4:97:2f:fe:4f:70:39:c6:
         da:11:3e:8c:46:75:bd:72:37:06:40:e9:7e:a1:43:a7:d6:fa:
         ce:7a:dc:21:03:ff:f5:05:df:a2:ef:4f:df:11:91:c9:10:63:
         a0:00:d4:2a:db:48:23:23:5c:f5:2e:dd:6c:20:83:29:17:2f:
         8f:89:e6:07:aa:23:0e:3e:9a:4e:db:0e:e1:10:9e:b3:ac:11:
         59:92:23:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbi8ByRFr/77NHBcy6dUFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNDBhMDQ3YzhiMzBhZGM2ZDllZTMyNmE2NjlkZmQwMTFk
OWI1ZDMwHhcNMjQwMTAxMTQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjIyOTI1NzcwYjBmM2NmYjk3OGMzNzlkMjYzN2YxODE4YTk4YWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1EfnE5hGTDLyuHwayQB54emydwHw
sXq5A8PZ68o9qe3Xw2KEDUJcd94WZHOeiwoUJRrp0afs2jFHD582X6eIMR5kiXmd
1G+BC4DiuMc2KQU9LTnjfBQSyrH172NZAgSPitfZuA+4xrjN+4I9vLjNYTAx7Cll
cYYl1DrY8O7tUOOufmrtTzY1mRtZrX070fXtXaMv1WH52pdYKHSFBhYSDIAe1CgD
ZaLm8/j3ym4mJq9mhPlDPCirqeltgI2x8Gp+mLm6cYwgHqge5TLT+GRFf6UTl+K5
l9RX4GVeOsSeTODLLp7T0mMuXcU+sTII+zGHTkGcfUHT6mwUhGwUBRfWCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8ikldwsPPPuXjDedJjfxgYqYr6MB8GA1UdIwQY
MBaAFOFAoEfIswrcbZ7jJqZp39AR2bXTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVDZ1I4aXpDdHh0bnVNbXBtbmYwQkhadGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9mODViN2MtNGFkNi00MjdkLTkzZWQt
YTZmMWU0OTVmMWJlLzEvX3lLU1YzQ3c4OC01ZU1ONTBtTl9HQmlwaXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9mODViN2MtNGFkNi00MjdkLTkzZWQtYTZmMWU0OTVmMWJl
LzEvNFVDZ1I4aXpDdHh0bnVNbXBtbmYwQkhadGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4TjMA0G
CSqGSIb3DQEBCwUAA4IBAQAeBqx6JDoiPXtpcPbPRkwzdoH49g5tQg1JXftRVdTv
gpB32mwNE3EpLznjU9by3SJyPKCEER0oX1Notn+Pu03UNcJ9Rekju7+79lsJD+yS
4GaIJM33z016REqIdEYUOxY1+QVJKYeJS2EENdo9vRB55H0+Majz+vbISmzr78pC
L9NRP1QN/xVapdcO2ddPlE2jbtDUv6JdPq7BeK6QxZtoJjM47A5PYcVz989b5Jcv
/k9wOcbaET6MRnW9cjcGQOl+oUOn1vrOetwhA//1Bd+i70/fEZHJEGOgANQq20gj
I1z1Lt1sIIMpFy+PieYHqiMOPppO2w7hEJ6zrBFZkiPZ
-----END CERTIFICATE-----