Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/p7Rkq0PJPYxIfRL4MPX3Yjc1WYQ.roa
File:                     p7Rkq0PJPYxIfRL4MPX3Yjc1WYQ.roa (raw, json)
Hash identifier:          OGNGl7cXUJZqLuVBA+00V8idLmOPKL9BU1V/5CoFE/s=
Subject key identifier:   A7:B4:64:AB:43:C9:3D:8C:48:7D:12:F8:30:F5:F7:62:37:35:59:84
Certificate issuer:       /CN=94b1cbff4bd970fa27fdefd4bf68b02d68d2b9dd
Certificate serial:       018D0D320F9979CB088D3683DC2A01F6989E
Authority key identifier: 94:B1:CB:FF:4B:D9:70:FA:27:FD:EF:D4:BF:68:B0:2D:68:D2:B9:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lLHL_0vZcPon_e_Uv2iwLWjSud0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/p7Rkq0PJPYxIfRL4MPX3Yjc1WYQ.roa
Signing time:             Mon 15 Jan 2024 12:56:40 +0000
ROA not before:           Mon 15 Jan 2024 12:56:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43394
IP address blocks:        91.194.242.0/24 maxlen: 24
                          91.194.242.0/23 maxlen: 23
                          91.194.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/lLHL_0vZcPon_e_Uv2iwLWjSud0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/lLHL_0vZcPon_e_Uv2iwLWjSud0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lLHL_0vZcPon_e_Uv2iwLWjSud0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:32:0f:99:79:cb:08:8d:36:83:dc:2a:01:f6:98:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94b1cbff4bd970fa27fdefd4bf68b02d68d2b9dd
        Validity
            Not Before: Jan 15 12:56:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7b464ab43c93d8c487d12f830f5f76237355984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7a:d6:b9:4b:ee:c1:77:2c:d4:b4:08:52:8d:
                    d1:40:66:93:70:b5:53:8c:40:e7:7d:ff:47:ca:68:
                    f1:81:4f:c0:f0:c7:8f:3c:16:f9:51:ec:4f:5d:37:
                    81:87:56:b5:04:d5:36:e3:e9:31:9a:8d:d0:11:cf:
                    f4:4f:8c:01:34:08:9a:5f:0d:b6:a3:0d:d6:7e:92:
                    78:f7:c7:bd:f0:93:c5:dd:0c:ab:d4:97:07:5f:03:
                    7d:5e:9f:7d:90:0e:05:6b:54:23:14:c8:80:b4:19:
                    bd:fc:da:a6:30:d1:8d:10:ca:1b:b1:77:ae:5d:f2:
                    43:ca:84:19:c2:8c:74:2f:17:a0:49:e8:bb:6f:24:
                    fa:b7:42:27:d9:76:46:b1:36:d3:19:f3:1f:be:89:
                    a1:21:72:57:f2:61:1e:61:c0:68:06:20:a5:4a:1c:
                    1b:ce:3b:15:61:3a:81:b4:44:a1:62:59:1b:63:15:
                    19:89:be:0f:eb:d6:ee:5b:b6:15:03:00:28:c3:f1:
                    f7:00:8d:a6:20:45:17:49:a8:cf:f2:72:74:2c:2d:
                    1e:3d:2d:8c:76:b5:bd:9d:ce:51:8a:27:bd:2a:0f:
                    ea:68:62:36:8f:e9:43:5c:86:47:c3:0c:51:b3:ea:
                    82:71:d6:0e:1f:8e:4b:5c:29:7f:18:2f:91:e7:9d:
                    16:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:B4:64:AB:43:C9:3D:8C:48:7D:12:F8:30:F5:F7:62:37:35:59:84
            X509v3 Authority Key Identifier:
                keyid:94:B1:CB:FF:4B:D9:70:FA:27:FD:EF:D4:BF:68:B0:2D:68:D2:B9:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lLHL_0vZcPon_e_Uv2iwLWjSud0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/p7Rkq0PJPYxIfRL4MPX3Yjc1WYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/lLHL_0vZcPon_e_Uv2iwLWjSud0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c7:ae:87:af:d1:3c:1f:40:88:85:d4:0e:2a:d5:6f:20:12:7d:
         92:02:e6:e4:ad:48:06:e9:1f:d5:85:04:d0:0e:f8:03:cb:ae:
         fb:53:1d:27:06:91:0f:82:62:8d:c8:45:9b:a2:8f:de:18:b9:
         06:17:93:92:49:23:81:af:23:d6:0a:a3:ae:52:9a:eb:c9:87:
         f0:0f:3c:c8:0d:f2:11:7f:96:fb:c4:51:8c:d5:da:fa:e6:42:
         80:2a:24:db:1d:a0:ed:26:b2:fa:10:65:ad:8f:2c:08:75:96:
         36:2c:88:6f:46:24:c1:90:41:81:8c:a7:30:45:0a:a1:2d:57:
         f5:69:68:a8:2d:d3:c8:4e:89:c5:74:b1:2f:9a:05:ce:31:3a:
         aa:45:6e:67:9e:6b:37:54:53:07:11:e8:f9:5d:f0:17:78:08:
         96:5f:39:c3:6b:0e:31:14:d8:d8:b8:93:86:b0:2c:e8:39:73:
         c3:ff:a8:35:41:70:52:95:97:1c:62:12:19:df:b6:7c:d5:65:
         d2:1e:74:45:cb:d2:8c:97:25:78:9c:cd:ef:cc:c9:65:28:1e:
         af:7e:7a:68:d3:fd:41:a5:47:16:9b:06:cf:56:22:13:01:67:
         83:a8:07:34:ae:96:bc:0c:82:08:78:8e:90:21:e8:58:cf:ff:
         1c:c2:f1:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0NMg+ZecsIjTaD3CoB9pieMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0YjFjYmZmNGJkOTcwZmEyN2ZkZWZkNGJmNjhiMDJkNjhk
MmI5ZGQwHhcNMjQwMTE1MTI1NjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2I0NjRhYjQzYzkzZDhjNDg3ZDEyZjgzMGY1Zjc2MjM3MzU1OTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHrWuUvuwXcs1LQIUo3RQGaTcLVT
jEDnff9HymjxgU/A8MePPBb5UexPXTeBh1a1BNU24+kxmo3QEc/0T4wBNAiaXw22
ow3WfpJ498e98JPF3Qyr1JcHXwN9Xp99kA4Fa1QjFMiAtBm9/NqmMNGNEMobsXeu
XfJDyoQZwox0LxegSei7byT6t0In2XZGsTbTGfMfvomhIXJX8mEeYcBoBiClShwb
zjsVYTqBtEShYlkbYxUZib4P69buW7YVAwAow/H3AI2mIEUXSajP8nJ0LC0ePS2M
drW9nc5Riie9Kg/qaGI2j+lDXIZHwwxRs+qCcdYOH45LXCl/GC+R550WrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKe0ZKtDyT2MSH0S+DD192I3NVmEMB8GA1UdIwQY
MBaAFJSxy/9L2XD6J/3v1L9osC1o0rndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbExITF8wdlpjUG9uX2VfVXYyaXdMV2pTdWQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny8wNjM2NTgtODI2Mi00OTY1LTk2NjEt
MDU0MjQyN2IwMmI5LzEvcDdSa3EwUEpQWXhJZlJMNE1QWDNZamMxV1lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny8wNjM2NTgtODI2Mi00OTY1LTk2NjEtMDU0MjQyN2IwMmI5
LzEvbExITF8wdlpjUG9uX2VfVXYyaXdMV2pTdWQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8LyMA0G
CSqGSIb3DQEBCwUAA4IBAQDHroev0TwfQIiF1A4q1W8gEn2SAubkrUgG6R/VhQTQ
DvgDy677Ux0nBpEPgmKNyEWboo/eGLkGF5OSSSOBryPWCqOuUprryYfwDzzIDfIR
f5b7xFGM1dr65kKAKiTbHaDtJrL6EGWtjywIdZY2LIhvRiTBkEGBjKcwRQqhLVf1
aWioLdPITonFdLEvmgXOMTqqRW5nnms3VFMHEej5XfAXeAiWXznDaw4xFNjYuJOG
sCzoOXPD/6g1QXBSlZccYhIZ37Z81WXSHnRFy9KMlyV4nM3vzMllKB6vfnpo0/1B
pUcWmwbPViITAWeDqAc0rpa8DIIIeI6QIehYz/8cwvHI
-----END CERTIFICATE-----