Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7613bd-0349-420d-8808-0a26e6e57f20/1/1oKoXFIOKNnrLlNUMW_oNeD4w2I.roa
File:                     1oKoXFIOKNnrLlNUMW_oNeD4w2I.roa (raw, json)
Hash identifier:          nhlxugChUqm8xRHUMkWf/sTv2Ksy3z1cEmp4O70Xbbo=
Subject key identifier:   D6:82:A8:5C:52:0E:28:D9:EB:2E:53:54:31:6F:E8:35:E0:F8:C3:62
Certificate issuer:       /CN=788b7e4c045cdae78b5bf43f2c53f1a94d9e159e
Certificate serial:       018CC79575F5209BEAA55C147FF6769ED753
Authority key identifier: 78:8B:7E:4C:04:5C:DA:E7:8B:5B:F4:3F:2C:53:F1:A9:4D:9E:15:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eIt-TARc2ueLW_Q_LFPxqU2eFZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7613bd-0349-420d-8808-0a26e6e57f20/1/1oKoXFIOKNnrLlNUMW_oNeD4w2I.roa
Signing time:             Tue 02 Jan 2024 00:31:50 +0000
ROA not before:           Tue 02 Jan 2024 00:31:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47193
IP address blocks:        91.203.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7613bd-0349-420d-8808-0a26e6e57f20/1/eIt-TARc2ueLW_Q_LFPxqU2eFZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7613bd-0349-420d-8808-0a26e6e57f20/1/eIt-TARc2ueLW_Q_LFPxqU2eFZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eIt-TARc2ueLW_Q_LFPxqU2eFZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:75:f5:20:9b:ea:a5:5c:14:7f:f6:76:9e:d7:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=788b7e4c045cdae78b5bf43f2c53f1a94d9e159e
        Validity
            Not Before: Jan  2 00:31:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d682a85c520e28d9eb2e5354316fe835e0f8c362
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1b:3e:07:0a:a8:2b:45:97:8d:06:37:35:d6:
                    dd:43:9f:5c:ec:53:93:1d:86:cb:cd:0d:5c:fb:ed:
                    e0:bc:9e:90:f8:71:fc:c5:d8:83:ec:64:20:34:bc:
                    ed:bc:ee:ba:a3:d7:6b:c5:25:77:f6:8e:9a:48:b5:
                    52:86:b3:80:48:65:eb:61:bb:6f:0d:f1:e7:a7:0f:
                    fe:cc:98:ad:94:58:e7:7f:c1:b7:dd:42:4a:90:fc:
                    c1:38:8c:d6:cd:40:e7:c9:ef:2f:df:41:42:03:c2:
                    d0:0e:93:a4:65:3b:ef:00:74:17:a5:17:df:3c:fe:
                    60:01:bc:00:e2:7c:9a:8f:fd:e4:07:e4:5f:3c:31:
                    4a:39:72:c8:7e:1a:cd:56:dd:c0:23:21:19:a7:79:
                    1e:13:f7:ed:d6:b6:74:a4:22:8e:bf:61:c7:2a:e2:
                    21:a1:7e:25:30:44:cc:23:a6:51:78:41:d1:55:be:
                    5a:64:a3:6f:d3:53:79:a6:4f:57:33:82:87:8f:db:
                    14:71:7b:cc:e0:14:8e:09:c2:c0:ce:04:23:b6:0e:
                    7a:d5:a1:2f:11:55:24:f6:55:a9:c7:cf:1f:1f:d4:
                    82:0b:50:0e:28:50:58:86:12:10:9d:25:ff:6b:e2:
                    e6:78:1c:55:d2:27:27:44:77:f8:fa:3c:37:10:79:
                    b1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:82:A8:5C:52:0E:28:D9:EB:2E:53:54:31:6F:E8:35:E0:F8:C3:62
            X509v3 Authority Key Identifier:
                keyid:78:8B:7E:4C:04:5C:DA:E7:8B:5B:F4:3F:2C:53:F1:A9:4D:9E:15:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eIt-TARc2ueLW_Q_LFPxqU2eFZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7613bd-0349-420d-8808-0a26e6e57f20/1/1oKoXFIOKNnrLlNUMW_oNeD4w2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7613bd-0349-420d-8808-0a26e6e57f20/1/eIt-TARc2ueLW_Q_LFPxqU2eFZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:1f:37:18:80:be:8f:ee:87:66:29:94:6d:f6:1e:8e:45:b7:
         17:cd:c7:81:e0:53:b2:61:5b:23:89:4c:b6:60:d4:29:4f:6b:
         62:24:ef:d3:6b:65:3c:47:df:36:a4:48:8a:05:d8:a1:d8:9c:
         ab:c9:b2:8a:1d:ad:5a:81:72:21:9e:37:57:5a:9a:fa:74:f6:
         65:5b:80:9e:45:44:f8:70:60:63:49:42:cf:11:9d:3e:37:d7:
         35:f7:e1:7e:a1:60:bd:19:f0:42:1f:3c:14:cc:75:01:03:47:
         66:2a:df:24:4b:fb:74:b4:5f:ee:33:ee:5f:db:52:6c:23:3d:
         d3:15:2d:95:93:e6:69:98:7d:93:23:5a:6e:1c:4a:20:d1:6e:
         00:41:c2:02:01:66:6a:0c:27:4b:2f:9c:fe:31:21:ae:8f:a1:
         84:a9:dd:2b:f7:73:75:c7:da:33:90:e3:a6:cc:45:b9:38:4e:
         d6:e2:9e:54:f4:a9:4a:f6:63:28:b7:16:a2:d2:ae:84:0f:44:
         93:ec:4d:6c:41:1b:06:10:77:59:70:39:f1:61:43:80:bf:32:
         1e:d7:c6:45:4f:fc:4f:13:0d:4d:0b:89:a8:c7:1d:fc:1f:c5:
         49:3c:87:ef:9a:d2:02:7c:ce:81:e9:b6:ad:ac:fb:33:91:29:
         0b:1c:96:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlXX1IJvqpVwUf/Z2ntdTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4OGI3ZTRjMDQ1Y2RhZTc4YjViZjQzZjJjNTNmMWE5NGQ5
ZTE1OWUwHhcNMjQwMTAyMDAzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjgyYTg1YzUyMGUyOGQ5ZWIyZTUzNTQzMTZmZTgzNWUwZjhjMzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRs+BwqoK0WXjQY3NdbdQ59c7FOT
HYbLzQ1c++3gvJ6Q+HH8xdiD7GQgNLztvO66o9drxSV39o6aSLVShrOASGXrYbtv
DfHnpw/+zJitlFjnf8G33UJKkPzBOIzWzUDnye8v30FCA8LQDpOkZTvvAHQXpRff
PP5gAbwA4nyaj/3kB+RfPDFKOXLIfhrNVt3AIyEZp3keE/ft1rZ0pCKOv2HHKuIh
oX4lMETMI6ZReEHRVb5aZKNv01N5pk9XM4KHj9sUcXvM4BSOCcLAzgQjtg561aEv
EVUk9lWpx88fH9SCC1AOKFBYhhIQnSX/a+LmeBxV0icnRHf4+jw3EHmxkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaCqFxSDijZ6y5TVDFv6DXg+MNiMB8GA1UdIwQY
MBaAFHiLfkwEXNrni1v0PyxT8alNnhWeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUl0LVRBUmMydWVMV19RX0xGUHhxVTJlRlo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83NjEzYmQtMDM0OS00MjBkLTg4MDgt
MGEyNmU2ZTU3ZjIwLzEvMW9Lb1hGSU9LTm5yTGxOVU1XX29OZUQ0dzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83NjEzYmQtMDM0OS00MjBkLTg4MDgtMGEyNmU2ZTU3ZjIw
LzEvZUl0LVRBUmMydWVMV19RX0xGUHhxVTJlRlo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8vQMA0G
CSqGSIb3DQEBCwUAA4IBAQAvHzcYgL6P7odmKZRt9h6ORbcXzceB4FOyYVsjiUy2
YNQpT2tiJO/Ta2U8R982pEiKBdih2JyrybKKHa1agXIhnjdXWpr6dPZlW4CeRUT4
cGBjSULPEZ0+N9c19+F+oWC9GfBCHzwUzHUBA0dmKt8kS/t0tF/uM+5f21JsIz3T
FS2Vk+ZpmH2TI1puHEog0W4AQcICAWZqDCdLL5z+MSGuj6GEqd0r93N1x9ozkOOm
zEW5OE7W4p5U9KlK9mMotxai0q6ED0ST7E1sQRsGEHdZcDnxYUOAvzIe18ZFT/xP
Ew1NC4moxx38H8VJPIfvmtICfM6B6batrPszkSkLHJb9
-----END CERTIFICATE-----