Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/928593-7a0a-4312-86e2-f82d600dd4e2/1/eH5SEC4GfH6NT89fuFqN-2ovQ5w.roa
File:                     eH5SEC4GfH6NT89fuFqN-2ovQ5w.roa (raw, json)
Hash identifier:          LVFXgeD/fpk7VGfYGS6DZ/fLNfQP8Zo6yMIl4C+0giA=
Subject key identifier:   78:7E:52:10:2E:06:7C:7E:8D:4F:CF:5F:B8:5A:8D:FB:6A:2F:43:9C
Certificate issuer:       /CN=f09de2620d22fa69c54cbebc6f2f485056ce2fe5
Certificate serial:       0193012AC8FAB0B7D050D3EBFA615BBD3920
Authority key identifier: F0:9D:E2:62:0D:22:FA:69:C5:4C:BE:BC:6F:2F:48:50:56:CE:2F:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8J3iYg0i-mnFTL68by9IUFbOL-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/928593-7a0a-4312-86e2-f82d600dd4e2/1/eH5SEC4GfH6NT89fuFqN-2ovQ5w.roa
Signing time:             Wed 06 Nov 2024 11:10:01 +0000
ROA not before:           Wed 06 Nov 2024 11:10:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211822
IP address blocks:        91.216.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/928593-7a0a-4312-86e2-f82d600dd4e2/1/8J3iYg0i-mnFTL68by9IUFbOL-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/928593-7a0a-4312-86e2-f82d600dd4e2/1/8J3iYg0i-mnFTL68by9IUFbOL-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8J3iYg0i-mnFTL68by9IUFbOL-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:01:2a:c8:fa:b0:b7:d0:50:d3:eb:fa:61:5b:bd:39:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f09de2620d22fa69c54cbebc6f2f485056ce2fe5
        Validity
            Not Before: Nov  6 11:10:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=787e52102e067c7e8d4fcf5fb85a8dfb6a2f439c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:70:9c:64:5b:0c:6a:b4:7b:88:bd:45:44:09:
                    0a:12:87:e7:84:85:7d:e3:d9:a0:20:9c:55:ef:e8:
                    e5:2e:82:d8:1e:b0:88:00:eb:c0:2a:bb:75:ce:fa:
                    fc:51:1d:26:d2:8a:55:41:37:8a:76:07:09:a6:ec:
                    12:50:11:b6:77:4e:69:db:ed:b8:f3:ed:58:94:d1:
                    da:60:d7:be:a3:31:ce:76:43:f0:7e:44:b6:5e:80:
                    7c:7f:74:8b:d6:d4:bc:7d:11:e8:e1:fa:8e:af:ac:
                    f5:16:e3:9b:b8:dc:b8:9f:1e:e1:4a:24:b7:ee:be:
                    6f:f5:3f:d7:f8:48:06:b5:61:d3:1e:80:dd:dc:44:
                    bf:9a:a7:f4:c8:ee:55:43:cb:89:f2:42:98:00:de:
                    d5:4d:04:97:e1:83:27:cf:86:95:8b:0e:fd:89:d4:
                    1e:35:ff:f7:a6:f3:5c:63:8a:d9:c2:5b:56:5e:cf:
                    fd:f8:58:6b:9a:89:c9:cf:7c:b8:d3:cc:ed:66:8d:
                    6c:64:a2:d1:9c:8d:72:a6:80:9e:96:d3:c5:c9:db:
                    81:94:7c:67:31:17:67:95:02:cb:0a:cb:1f:9f:ce:
                    f1:2b:25:e8:01:1d:79:c3:0b:cd:2f:25:61:9f:ee:
                    92:62:ff:84:ab:1c:82:d3:d3:a8:5a:02:fb:1c:b1:
                    24:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:7E:52:10:2E:06:7C:7E:8D:4F:CF:5F:B8:5A:8D:FB:6A:2F:43:9C
            X509v3 Authority Key Identifier:
                keyid:F0:9D:E2:62:0D:22:FA:69:C5:4C:BE:BC:6F:2F:48:50:56:CE:2F:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8J3iYg0i-mnFTL68by9IUFbOL-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/928593-7a0a-4312-86e2-f82d600dd4e2/1/eH5SEC4GfH6NT89fuFqN-2ovQ5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/928593-7a0a-4312-86e2-f82d600dd4e2/1/8J3iYg0i-mnFTL68by9IUFbOL-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:f7:bf:7d:9d:15:1b:9a:cc:12:c6:19:12:42:1f:31:74:b2:
         60:18:33:62:c1:5a:46:ae:17:67:a7:14:da:76:b3:dc:91:0f:
         b6:dd:88:05:28:d6:be:a5:8f:a2:fa:4a:a2:e2:48:f9:90:5b:
         7d:38:97:a9:2a:17:b8:45:fd:42:47:d4:8b:81:65:4b:67:34:
         51:20:b9:0e:e4:b4:26:0f:16:24:d2:fa:c9:ab:9d:65:1c:8d:
         0f:df:b5:23:5e:ad:37:cb:18:25:8c:ad:b9:6e:8d:78:e1:8c:
         77:74:55:56:e0:5d:38:ac:ba:25:c3:d7:c5:96:7f:68:06:4b:
         a9:d8:12:7d:50:59:db:f9:46:b7:30:28:fe:49:63:b3:61:41:
         54:30:0e:ac:87:ea:f9:e5:2f:b7:ca:9d:d4:2e:4f:a5:9d:06:
         eb:fd:1e:7b:03:4f:30:75:84:fd:b5:77:19:d9:c3:10:56:87:
         39:3d:da:ee:82:cc:d9:ca:03:b4:09:d7:98:78:6a:9c:44:2b:
         87:0c:95:0b:83:66:3c:4e:51:c0:e0:c4:d7:f1:75:67:79:b4:
         7f:a2:f2:dd:5d:14:b7:f6:ad:59:03:b4:78:f2:cd:65:47:51:
         64:21:f0:9d:0e:06:e6:56:80:8b:09:a7:97:b8:f0:b8:a5:14:
         5a:04:37:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMBKsj6sLfQUNPr+mFbvTkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOWRlMjYyMGQyMmZhNjljNTRjYmViYzZmMmY0ODUwNTZj
ZTJmZTUwHhcNMjQxMTA2MTExMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODdlNTIxMDJlMDY3YzdlOGQ0ZmNmNWZiODVhOGRmYjZhMmY0MzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnCcZFsMarR7iL1FRAkKEofnhIV9
49mgIJxV7+jlLoLYHrCIAOvAKrt1zvr8UR0m0opVQTeKdgcJpuwSUBG2d05p2+24
8+1YlNHaYNe+ozHOdkPwfkS2XoB8f3SL1tS8fRHo4fqOr6z1FuObuNy4nx7hSiS3
7r5v9T/X+EgGtWHTHoDd3ES/mqf0yO5VQ8uJ8kKYAN7VTQSX4YMnz4aViw79idQe
Nf/3pvNcY4rZwltWXs/9+FhrmonJz3y408ztZo1sZKLRnI1ypoCeltPFyduBlHxn
MRdnlQLLCssfn87xKyXoAR15wwvNLyVhn+6SYv+EqxyC09OoWgL7HLEkhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHh+UhAuBnx+jU/PX7hajftqL0OcMB8GA1UdIwQY
MBaAFPCd4mINIvppxUy+vG8vSFBWzi/lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEozaVlnMGktbW5GVEw2OGJ5OUlVRmJPTC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85Mjg1OTMtN2EwYS00MzEyLTg2ZTIt
ZjgyZDYwMGRkNGUyLzEvZUg1U0VDNEdmSDZOVDg5ZnVGcU4tMm92UTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85Mjg1OTMtN2EwYS00MzEyLTg2ZTItZjgyZDYwMGRkNGUy
LzEvOEozaVlnMGktbW5GVEw2OGJ5OUlVRmJPTC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9iLMA0G
CSqGSIb3DQEBCwUAA4IBAQBW9799nRUbmswSxhkSQh8xdLJgGDNiwVpGrhdnpxTa
drPckQ+23YgFKNa+pY+i+kqi4kj5kFt9OJepKhe4Rf1CR9SLgWVLZzRRILkO5LQm
DxYk0vrJq51lHI0P37UjXq03yxgljK25bo144Yx3dFVW4F04rLolw9fFln9oBkup
2BJ9UFnb+Ua3MCj+SWOzYUFUMA6sh+r55S+3yp3ULk+lnQbr/R57A08wdYT9tXcZ
2cMQVoc5PdrugszZygO0CdeYeGqcRCuHDJULg2Y8TlHA4MTX8XVnebR/ovLdXRS3
9q1ZA7R48s1lR1FkIfCdDgbmVoCLCaeXuPC4pRRaBDdx
-----END CERTIFICATE-----