Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/qXL410VE2r_1F8Me0dGh80IOQ90.roa
File:                     qXL410VE2r_1F8Me0dGh80IOQ90.roa (raw, json)
Hash identifier:          J9WcrtdWjCB2+pdbYYhSi4Y3Ttr6//5qmHrRGFGVbx4=
Subject key identifier:   A9:72:F8:D7:45:44:DA:BF:F5:17:C3:1E:D1:D1:A1:F3:42:0E:43:DD
Certificate issuer:       /CN=d721fd9d278b6458e9bf1cceba2c31a19fb96cfd
Certificate serial:       0191927A6D8D29F2A4A61D18FCAEBE2BC8FE
Authority key identifier: D7:21:FD:9D:27:8B:64:58:E9:BF:1C:CE:BA:2C:31:A1:9F:B9:6C:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/qXL410VE2r_1F8Me0dGh80IOQ90.roa
Signing time:             Tue 27 Aug 2024 06:16:22 +0000
ROA not before:           Tue 27 Aug 2024 06:16:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        91.208.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:92:7a:6d:8d:29:f2:a4:a6:1d:18:fc:ae:be:2b:c8:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d721fd9d278b6458e9bf1cceba2c31a19fb96cfd
        Validity
            Not Before: Aug 27 06:16:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a972f8d74544dabff517c31ed1d1a1f3420e43dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ad:e9:4d:1a:00:5b:2e:eb:81:76:be:bc:08:
                    52:8b:8f:c5:8d:86:8a:23:21:a2:c2:69:9e:8a:c4:
                    d9:58:c4:c7:85:22:c8:82:fd:f5:1b:6f:85:46:90:
                    4c:89:97:51:e3:0e:0c:06:a3:a5:50:4f:ba:47:f1:
                    10:31:0d:86:22:04:9a:98:3f:94:39:d5:b3:51:5a:
                    aa:ce:ca:27:04:c5:36:0e:80:6e:73:f7:f2:27:a8:
                    2f:4f:2e:bb:e8:d6:e2:4d:ee:c1:f8:1b:d5:73:bb:
                    dd:a6:5a:ff:ba:c6:39:b4:bd:22:aa:d4:e9:03:8f:
                    76:78:42:f2:ce:e9:4c:94:11:92:b0:87:b3:c2:8d:
                    de:65:df:eb:cd:f4:64:58:33:29:b9:44:cb:8b:04:
                    6d:73:43:6c:f8:87:f7:11:97:d1:1d:e3:60:9a:0b:
                    42:9f:18:50:a0:5b:e0:77:c1:6d:13:6c:bf:bf:be:
                    f1:b4:52:a1:d7:69:90:f8:00:cc:42:e8:78:fb:97:
                    5c:42:ff:f3:61:c8:ed:e7:73:aa:2c:ee:62:0d:94:
                    2c:78:cc:cc:51:43:d9:28:8b:f0:bc:d0:0f:b0:5b:
                    17:97:af:57:a9:6f:42:f4:14:9c:52:3b:58:39:01:
                    52:5b:1a:eb:f8:d6:05:07:88:82:5d:6d:a1:ac:9e:
                    63:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:72:F8:D7:45:44:DA:BF:F5:17:C3:1E:D1:D1:A1:F3:42:0E:43:DD
            X509v3 Authority Key Identifier:
                keyid:D7:21:FD:9D:27:8B:64:58:E9:BF:1C:CE:BA:2C:31:A1:9F:B9:6C:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/qXL410VE2r_1F8Me0dGh80IOQ90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/6d752a-59c5-47a0-b3cd-8f979b69943f/1/1yH9nSeLZFjpvxzOuiwxoZ-5bP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:38:39:5f:d6:ff:a6:c6:5c:50:f6:2c:7d:2c:21:25:89:59:
         4c:22:82:39:de:64:aa:d0:d5:c9:82:bf:33:48:db:cd:ae:84:
         c4:6a:a2:35:d7:e3:ab:ab:00:e9:f7:f3:61:b1:a2:05:38:f0:
         08:0f:90:e8:fd:06:64:68:2c:57:5f:36:23:bd:e3:f6:63:09:
         c2:58:d1:90:d4:c3:7b:c9:c5:f2:e1:09:56:63:37:8b:88:4e:
         ed:f1:b3:8d:36:ed:cb:55:70:4c:e5:a7:bc:1f:b8:9a:d6:45:
         f2:ae:61:03:90:61:12:f9:4e:9c:27:b4:b6:3d:0f:90:1c:78:
         cf:2d:51:16:3b:e5:40:91:f8:fe:3c:1d:a7:75:96:9c:83:de:
         1e:8b:e8:b6:1d:8d:c3:61:2a:e3:6b:c6:99:f0:2d:e3:ec:5b:
         45:0b:91:ce:25:04:3e:ae:8f:37:17:b5:53:0d:c7:94:e3:3b:
         37:ac:51:b3:14:fb:9b:9f:c7:c4:87:a1:b9:6b:75:7b:8a:e8:
         99:36:3e:22:b3:48:ab:8a:38:e0:3b:78:71:e1:dd:84:0d:10:
         0a:2e:1d:26:96:ff:b4:5c:a3:68:0b:8f:5f:5c:14:f1:af:a6:
         91:7f:80:f7:80:4e:d6:ae:6f:46:82:3c:b2:65:8e:5c:80:9b:
         2d:46:64:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGSem2NKfKkph0Y/K6+K8j+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MjFmZDlkMjc4YjY0NThlOWJmMWNjZWJhMmMzMWExOWZi
OTZjZmQwHhcNMjQwODI3MDYxNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTcyZjhkNzQ1NDRkYWJmZjUxN2MzMWVkMWQxYTFmMzQyMGU0M2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0a3pTRoAWy7rgXa+vAhSi4/FjYaK
IyGiwmmeisTZWMTHhSLIgv31G2+FRpBMiZdR4w4MBqOlUE+6R/EQMQ2GIgSamD+U
OdWzUVqqzsonBMU2DoBuc/fyJ6gvTy676NbiTe7B+BvVc7vdplr/usY5tL0iqtTp
A492eELyzulMlBGSsIezwo3eZd/rzfRkWDMpuUTLiwRtc0Ns+If3EZfRHeNgmgtC
nxhQoFvgd8FtE2y/v77xtFKh12mQ+ADMQuh4+5dcQv/zYcjt53OqLO5iDZQseMzM
UUPZKIvwvNAPsFsXl69XqW9C9BScUjtYOQFSWxrr+NYFB4iCXW2hrJ5jwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKly+NdFRNq/9RfDHtHRofNCDkPdMB8GA1UdIwQY
MBaAFNch/Z0ni2RY6b8czrosMaGfuWz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXlIOW5TZUxaRmpwdnh6T3Vpd3hvWi01YlAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi82ZDc1MmEtNTljNS00N2EwLWIzY2Qt
OGY5NzliNjk5NDNmLzEvcVhMNDEwVkUycl8xRjhNZTBkR2g4MElPUTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi82ZDc1MmEtNTljNS00N2EwLWIzY2QtOGY5NzliNjk5NDNm
LzEvMXlIOW5TZUxaRmpwdnh6T3Vpd3hvWi01YlAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AEMA0G
CSqGSIb3DQEBCwUAA4IBAQBmODlf1v+mxlxQ9ix9LCEliVlMIoI53mSq0NXJgr8z
SNvNroTEaqI11+OrqwDp9/NhsaIFOPAID5Do/QZkaCxXXzYjveP2YwnCWNGQ1MN7
ycXy4QlWYzeLiE7t8bONNu3LVXBM5ae8H7ia1kXyrmEDkGES+U6cJ7S2PQ+QHHjP
LVEWO+VAkfj+PB2ndZacg94ei+i2HY3DYSrja8aZ8C3j7FtFC5HOJQQ+ro83F7VT
DceU4zs3rFGzFPubn8fEh6G5a3V7iuiZNj4is0irijjgO3hx4d2EDRAKLh0mlv+0
XKNoC49fXBTxr6aRf4D3gE7Wrm9GgjyyZY5cgJstRmTO
-----END CERTIFICATE-----