Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/9XOHJGI3enY-p3TF5oNvvkcVd8Q.roa
File:                     9XOHJGI3enY-p3TF5oNvvkcVd8Q.roa (raw, json)
Hash identifier:          VjcC/FKglYkaDFgOPFFLOfcIlgRxt5igH+VBHQSTPhM=
Subject key identifier:   F5:73:87:24:62:37:7A:76:3E:A7:74:C5:E6:83:6F:BE:47:15:77:C4
Certificate issuer:       /CN=61e6ea83926bc478c785471d805a5c1210a8c993
Certificate serial:       018CC3B71F24A452B65F477F8F37025FE10E
Authority key identifier: 61:E6:EA:83:92:6B:C4:78:C7:85:47:1D:80:5A:5C:12:10:A8:C9:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/9XOHJGI3enY-p3TF5oNvvkcVd8Q.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50204
IP address blocks:        91.196.60.0/22 maxlen: 22
                          195.69.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1f:24:a4:52:b6:5f:47:7f:8f:37:02:5f:e1:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61e6ea83926bc478c785471d805a5c1210a8c993
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f573872462377a763ea774c5e6836fbe471577c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:6d:4f:65:6b:a0:9b:18:dc:79:58:7d:c3:0b:
                    82:70:4f:89:be:25:26:5f:86:b2:97:3b:a8:2d:ea:
                    c5:69:77:29:63:17:67:d5:54:12:1e:ce:61:bf:af:
                    4e:ff:df:91:ab:69:ba:39:31:b9:19:54:da:6f:f4:
                    19:33:c0:53:9f:e4:07:35:43:76:4e:e5:55:dd:42:
                    cf:fe:87:39:24:d6:91:8b:ee:06:82:e2:c1:35:2b:
                    f0:e9:12:fd:cf:65:52:2c:b6:bd:09:73:34:09:c9:
                    ce:f0:ac:aa:d1:0f:00:da:2b:59:fe:49:79:79:b9:
                    d1:c4:8b:d1:38:87:61:c9:b7:1b:3b:bb:1a:be:4e:
                    85:d5:3c:86:96:cd:69:89:da:a7:1c:a4:0c:c1:31:
                    7c:e2:b1:e6:15:44:9e:60:2e:42:68:84:0c:c0:12:
                    fa:9b:f2:a4:db:69:17:7a:df:5f:98:4f:22:5d:de:
                    04:aa:8f:0a:17:9c:c9:40:95:20:17:3b:ff:1f:19:
                    47:fb:7b:aa:09:0f:72:90:5e:c3:12:72:78:5d:dc:
                    aa:e4:77:b0:55:f6:08:c1:2a:a8:4e:2e:87:5d:8d:
                    14:a7:c9:68:e2:9e:60:66:5d:07:f8:99:81:f9:89:
                    88:be:48:df:c3:de:1b:ec:8b:22:51:a8:9f:ac:7e:
                    30:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:73:87:24:62:37:7A:76:3E:A7:74:C5:E6:83:6F:BE:47:15:77:C4
            X509v3 Authority Key Identifier:
                keyid:61:E6:EA:83:92:6B:C4:78:C7:85:47:1D:80:5A:5C:12:10:A8:C9:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/9XOHJGI3enY-p3TF5oNvvkcVd8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.60.0/22
                  195.69.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:43:ef:33:c3:b5:f6:d5:39:3f:3e:75:d0:f3:3b:39:0c:f7:
         fa:2f:3a:98:a9:49:23:91:2a:49:78:7e:e6:4f:66:05:1e:b4:
         b7:1b:72:20:75:64:ac:33:94:42:2a:b9:84:3a:27:3f:8a:14:
         28:05:5a:db:c3:aa:63:c5:e7:8a:24:0f:90:ce:5f:6c:e2:94:
         51:f7:37:73:8d:b5:68:00:b7:48:1a:ff:a7:62:e1:75:61:53:
         13:bf:82:ca:60:7f:94:f1:27:b3:61:83:2e:61:e6:35:c4:dc:
         63:45:71:ef:5a:bb:b8:2b:00:0c:74:7a:4d:c3:2c:df:c6:3a:
         8e:01:80:66:c5:e3:58:14:39:6a:2e:5e:4b:4b:8e:06:83:72:
         f7:9d:7f:c9:e5:37:1f:76:e0:eb:68:0e:70:a9:6e:af:61:26:
         78:26:48:c6:9d:de:be:c6:1c:89:43:40:c5:d0:2c:4c:25:11:
         86:ff:92:51:4c:aa:92:8a:e7:b6:52:11:e0:3f:3e:27:83:89:
         f4:60:8a:ba:42:35:20:76:c8:c4:65:65:f6:54:91:1c:fe:a5:
         cc:23:d9:5e:80:1a:2d:bf:1e:d3:d0:31:7a:06:77:90:5b:09:
         1d:e2:ef:e2:50:4e:e2:08:aa:ce:7c:dd:de:5a:5a:b6:a1:41:
         60:95:2b:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtx8kpFK2X0d/jzcCX+EOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZTZlYTgzOTI2YmM0NzhjNzg1NDcxZDgwNWE1YzEyMTBh
OGM5OTMwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTczODcyNDYyMzc3YTc2M2VhNzc0YzVlNjgzNmZiZTQ3MTU3N2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgm1PZWugmxjceVh9wwuCcE+JviUm
X4aylzuoLerFaXcpYxdn1VQSHs5hv69O/9+Rq2m6OTG5GVTab/QZM8BTn+QHNUN2
TuVV3ULP/oc5JNaRi+4GguLBNSvw6RL9z2VSLLa9CXM0CcnO8Kyq0Q8A2itZ/kl5
ebnRxIvROIdhybcbO7savk6F1TyGls1pidqnHKQMwTF84rHmFUSeYC5CaIQMwBL6
m/Kk22kXet9fmE8iXd4Eqo8KF5zJQJUgFzv/HxlH+3uqCQ9ykF7DEnJ4Xdyq5Hew
VfYIwSqoTi6HXY0Up8lo4p5gZl0H+JmB+YmIvkjfw94b7IsiUaifrH4wJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPVzhyRiN3p2Pqd0xeaDb75HFXfEMB8GA1UdIwQY
MBaAFGHm6oOSa8R4x4VHHYBaXBIQqMmTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWVicWc1SnJ4SGpIaFVjZGdGcGNFaENveVpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83NGJmNDEtZDZhNy00ZmI1LTgwMWMt
MzNjYzNhZGIxZTc4LzEvOVhPSEpHSTNlblktcDNURjVvTnZ2a2NWZDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83NGJmNDEtZDZhNy00ZmI1LTgwMWMtMzNjYzNhZGIxZTc4
LzEvWWVicWc1SnJ4SGpIaFVjZGdGcGNFaENveVpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8Q8AwQC
w0X4MA0GCSqGSIb3DQEBCwUAA4IBAQAdQ+8zw7X21Tk/PnXQ8zs5DPf6LzqYqUkj
kSpJeH7mT2YFHrS3G3IgdWSsM5RCKrmEOic/ihQoBVrbw6pjxeeKJA+Qzl9s4pRR
9zdzjbVoALdIGv+nYuF1YVMTv4LKYH+U8SezYYMuYeY1xNxjRXHvWru4KwAMdHpN
wyzfxjqOAYBmxeNYFDlqLl5LS44Gg3L3nX/J5TcfduDraA5wqW6vYSZ4JkjGnd6+
xhyJQ0DF0CxMJRGG/5JRTKqSiue2UhHgPz4ng4n0YIq6QjUgdsjEZWX2VJEc/qXM
I9legBotvx7T0DF6BneQWwkd4u/iUE7iCKrOfN3eWlq2oUFglSvg
-----END CERTIFICATE-----