Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/wzkm0L8_KyK9vRV03vnGTCTahr4.roa
File:                     wzkm0L8_KyK9vRV03vnGTCTahr4.roa (raw, json)
Hash identifier:          DizCHZ0vw4qihAcDKoDGRH58S8RCd67+eyukBBFzXNs=
Subject key identifier:   C3:39:26:D0:BF:3F:2B:22:BD:BD:15:74:DE:F9:C6:4C:24:DA:86:BE
Certificate issuer:       /CN=1e7b2e243f8aa954597932bcdcd9af6560dce516
Certificate serial:       018CC2DB2A8BC14709FB97D1254473BB4BFE
Authority key identifier: 1E:7B:2E:24:3F:8A:A9:54:59:79:32:BC:DC:D9:AF:65:60:DC:E5:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HnsuJD-KqVRZeTK83NmvZWDc5RY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/wzkm0L8_KyK9vRV03vnGTCTahr4.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24631
IP address blocks:        91.208.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/HnsuJD-KqVRZeTK83NmvZWDc5RY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/HnsuJD-KqVRZeTK83NmvZWDc5RY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HnsuJD-KqVRZeTK83NmvZWDc5RY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2a:8b:c1:47:09:fb:97:d1:25:44:73:bb:4b:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e7b2e243f8aa954597932bcdcd9af6560dce516
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c33926d0bf3f2b22bdbd1574def9c64c24da86be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bb:51:7c:ae:0d:05:70:b7:61:c4:6a:60:54:
                    c8:da:8a:60:80:66:2c:40:0f:3b:0b:ec:1d:6d:e3:
                    07:24:71:30:17:83:9b:2e:b2:1b:af:4f:e6:b6:ab:
                    9f:11:68:69:e4:aa:1a:2d:60:56:dc:98:83:ff:06:
                    49:95:e8:c9:65:06:69:94:29:1b:68:6c:f1:92:8f:
                    58:cb:50:2c:c8:fd:47:43:e6:1d:fb:7e:8a:3e:23:
                    49:f0:b4:56:dc:f0:9e:6d:7a:19:c4:23:75:dc:a7:
                    b8:95:7d:cc:fc:e1:df:c6:1c:f2:9e:bb:54:a6:a4:
                    97:19:4a:11:b0:11:7a:0c:29:c0:06:38:db:44:93:
                    5a:5f:fe:34:9b:6a:81:56:a7:3d:3f:65:e7:36:a8:
                    27:1b:04:a4:8b:9e:26:11:e8:b9:ae:16:2e:c5:04:
                    cf:5b:f8:91:6e:13:48:7f:6e:88:a7:b5:70:d9:a0:
                    de:f6:f3:4d:15:54:13:fd:99:88:3d:b6:4e:cf:c7:
                    01:19:d2:75:24:81:18:ba:33:96:66:b1:b2:53:43:
                    6b:7f:fa:38:70:d8:19:26:f8:42:58:f2:4b:8d:a3:
                    f4:15:eb:26:0b:ad:b5:38:f2:73:25:3c:4a:26:8a:
                    e8:e8:52:dd:bc:4c:41:44:ba:ee:b2:1d:94:38:61:
                    ba:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:39:26:D0:BF:3F:2B:22:BD:BD:15:74:DE:F9:C6:4C:24:DA:86:BE
            X509v3 Authority Key Identifier:
                keyid:1E:7B:2E:24:3F:8A:A9:54:59:79:32:BC:DC:D9:AF:65:60:DC:E5:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HnsuJD-KqVRZeTK83NmvZWDc5RY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/wzkm0L8_KyK9vRV03vnGTCTahr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/HnsuJD-KqVRZeTK83NmvZWDc5RY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:b7:af:ac:db:c0:69:18:06:43:c8:82:e4:75:d1:6c:36:5a:
         61:b3:b1:3f:a2:e8:a4:c7:6f:32:d8:77:f2:86:22:c6:b7:8c:
         de:39:75:66:ef:5f:64:40:7b:16:18:cb:16:ea:1e:91:c5:72:
         79:81:1a:b2:59:52:f0:01:76:b8:40:53:41:33:76:85:54:7d:
         c6:7b:d7:6d:9e:45:e1:07:2f:25:e6:04:07:86:75:14:5b:84:
         73:bb:46:de:24:86:7f:1a:e7:a9:ec:fd:5d:f0:f2:0c:d2:c7:
         bf:18:a7:e6:bc:64:26:1c:23:06:bd:d4:a9:35:98:a2:0c:0e:
         fb:f4:90:cd:83:79:49:bb:4b:dc:c4:7c:0d:e2:47:27:75:58:
         69:23:ce:9d:df:dc:fd:30:4e:36:ed:4d:58:70:ca:be:14:5e:
         cb:db:65:a8:2e:10:0b:d9:d2:8e:1e:20:34:ef:9e:51:9c:4f:
         84:21:e5:ba:f6:b7:90:7a:49:de:7f:26:dd:88:78:a6:ec:c8:
         14:7c:fd:61:e0:46:31:68:7c:e6:b4:b6:2a:ff:e0:30:27:9c:
         45:65:b7:92:41:7a:33:7b:ba:09:72:a3:03:96:55:4c:83:45:
         c7:0e:5d:9d:1c:59:e0:95:50:c1:e2:f2:fa:b6:90:3e:46:7a:
         e7:ec:24:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yqLwUcJ+5fRJURzu0v+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlN2IyZTI0M2Y4YWE5NTQ1OTc5MzJiY2RjZDlhZjY1NjBk
Y2U1MTYwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzM5MjZkMGJmM2YyYjIyYmRiZDE1NzRkZWY5YzY0YzI0ZGE4NmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLtRfK4NBXC3YcRqYFTI2opggGYs
QA87C+wdbeMHJHEwF4ObLrIbr0/mtqufEWhp5KoaLWBW3JiD/wZJlejJZQZplCkb
aGzxko9Yy1AsyP1HQ+Yd+36KPiNJ8LRW3PCebXoZxCN13Ke4lX3M/OHfxhzynrtU
pqSXGUoRsBF6DCnABjjbRJNaX/40m2qBVqc9P2XnNqgnGwSki54mEei5rhYuxQTP
W/iRbhNIf26Ip7Vw2aDe9vNNFVQT/ZmIPbZOz8cBGdJ1JIEYujOWZrGyU0Nrf/o4
cNgZJvhCWPJLjaP0FesmC621OPJzJTxKJoro6FLdvExBRLrush2UOGG6pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMM5JtC/Pysivb0VdN75xkwk2oa+MB8GA1UdIwQY
MBaAFB57LiQ/iqlUWXkyvNzZr2Vg3OUWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG5zdUpELUtxVlJaZVRLODNObXZaV0RjNVJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC80ZGFlZTAtODRlMi00MWU5LTk2NDMt
ZDU0OTU1NjQzY2Q5LzEvd3prbTBMOF9LeUs5dlJWMDN2bkdUQ1RhaHI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC80ZGFlZTAtODRlMi00MWU5LTk2NDMtZDU0OTU1NjQzY2Q5
LzEvSG5zdUpELUtxVlJaZVRLODNObXZaV0RjNVJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ClMA0G
CSqGSIb3DQEBCwUAA4IBAQCet6+s28BpGAZDyILkddFsNlphs7E/ouikx28y2Hfy
hiLGt4zeOXVm719kQHsWGMsW6h6RxXJ5gRqyWVLwAXa4QFNBM3aFVH3Ge9dtnkXh
By8l5gQHhnUUW4Rzu0beJIZ/Guep7P1d8PIM0se/GKfmvGQmHCMGvdSpNZiiDA77
9JDNg3lJu0vcxHwN4kcndVhpI86d39z9ME427U1YcMq+FF7L22WoLhAL2dKOHiA0
755RnE+EIeW69reQeknefybdiHim7MgUfP1h4EYxaHzmtLYq/+AwJ5xFZbeSQXoz
e7oJcqMDllVMg0XHDl2dHFnglVDB4vL6tpA+Rnrn7CT+
-----END CERTIFICATE-----