Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/luKIexn09VPhZO8gtcLjNqMpEcw.roa
File:                     luKIexn09VPhZO8gtcLjNqMpEcw.roa (raw, json)
Hash identifier:          pEKcJvddrC9o8jt8EC6fPXJD6bQvAr/sW3aMXtekPIo=
Subject key identifier:   96:E2:88:7B:19:F4:F5:53:E1:64:EF:20:B5:C2:E3:36:A3:29:11:CC
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       019299F13DC5327D3B6441C617AF1046A678
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/luKIexn09VPhZO8gtcLjNqMpEcw.roa
Signing time:             Thu 17 Oct 2024 10:06:16 +0000
ROA not before:           Thu 17 Oct 2024 10:06:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399861
IP address blocks:        91.102.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:99:f1:3d:c5:32:7d:3b:64:41:c6:17:af:10:46:a6:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Oct 17 10:06:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96e2887b19f4f553e164ef20b5c2e336a32911cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:5c:cb:af:5e:b9:ad:c1:f7:7a:3a:7c:9a:f9:
                    3b:e7:21:2c:77:90:ac:13:c5:a8:af:44:d0:ca:c8:
                    d4:26:5b:c7:f6:00:d7:d1:d0:ba:31:d2:90:c6:d1:
                    32:e8:fd:c1:ff:d4:32:81:b1:6f:42:ca:71:c3:fd:
                    d7:02:4d:30:e2:60:93:de:1d:11:d1:89:71:e9:c4:
                    82:e6:fd:bd:14:0b:c8:83:d5:7e:aa:5e:27:4e:a0:
                    82:20:07:cd:ce:11:2c:45:6f:16:c4:c0:02:b9:63:
                    3c:bc:be:a0:df:4f:52:6d:ef:e4:74:d4:34:78:98:
                    19:63:f5:2c:5d:76:ec:cc:2e:04:5d:56:81:79:02:
                    99:98:33:8a:35:27:44:5a:25:26:39:8a:7e:63:86:
                    fb:fc:bc:fb:7e:0a:9a:0c:dc:d8:69:d1:e9:c6:3a:
                    e9:ce:03:f1:a1:cc:bd:20:98:6d:42:b7:76:43:d0:
                    df:54:11:09:35:20:1e:00:63:3b:1e:73:a4:67:40:
                    f0:fe:23:2f:11:83:1a:37:29:4d:bd:05:ea:ad:cf:
                    fe:a7:3d:1e:66:fb:6c:69:66:79:62:ef:43:d9:3d:
                    ee:ab:e4:35:07:28:1a:e5:7d:fd:a5:b0:58:16:a6:
                    1a:bd:dd:30:37:13:48:a2:3a:5d:ac:bf:dd:cb:17:
                    91:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:E2:88:7B:19:F4:F5:53:E1:64:EF:20:B5:C2:E3:36:A3:29:11:CC
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/luKIexn09VPhZO8gtcLjNqMpEcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:e9:e1:8f:82:f4:3c:65:de:c2:80:83:62:09:f8:86:3c:f2:
         46:46:fd:05:86:f0:68:2f:52:4e:08:db:b0:97:93:eb:8a:26:
         04:8c:df:4f:e6:49:13:fc:d3:34:49:73:fb:44:4c:b5:53:d7:
         51:74:ae:26:47:eb:f4:6a:f3:b0:93:fe:fb:ac:27:a9:2c:81:
         72:ed:6b:94:60:1e:7d:56:16:9f:83:2d:a2:e0:ab:95:3c:86:
         d2:09:c1:01:86:38:81:2c:90:84:18:f6:3b:8a:b3:a0:a7:4d:
         8f:1d:5a:0d:76:55:54:5a:3b:3c:0b:22:0a:8b:f9:e5:7e:8e:
         ca:69:01:a9:f1:49:12:23:f3:f2:cd:46:03:2a:18:ce:44:ec:
         7a:b7:e4:a8:d9:8b:db:1a:16:d2:70:30:e6:b8:91:b4:03:ee:
         ae:22:91:9b:7e:46:97:b9:c9:9f:1b:a0:d4:f2:b4:92:7f:f3:
         ee:70:a6:92:5d:ff:42:82:f3:d3:05:65:3c:1c:12:80:21:e2:
         02:a9:c2:8d:f6:cf:18:db:87:df:9e:d3:e3:ee:db:f1:e3:ed:
         e8:a7:24:43:e3:0c:ab:9e:50:4d:72:3d:70:13:5a:2b:fe:f6:
         57:45:d5:ac:5d:bb:b9:0a:0b:49:44:9c:52:f6:cf:f3:13:91:
         81:3b:d5:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKZ8T3FMn07ZEHGF68QRqZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjQxMDE3MTAwNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmUyODg3YjE5ZjRmNTUzZTE2NGVmMjBiNWMyZTMzNmEzMjkxMWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lzLr165rcH3ejp8mvk75yEsd5Cs
E8Wor0TQysjUJlvH9gDX0dC6MdKQxtEy6P3B/9QygbFvQspxw/3XAk0w4mCT3h0R
0Ylx6cSC5v29FAvIg9V+ql4nTqCCIAfNzhEsRW8WxMACuWM8vL6g309Sbe/kdNQ0
eJgZY/UsXXbszC4EXVaBeQKZmDOKNSdEWiUmOYp+Y4b7/Lz7fgqaDNzYadHpxjrp
zgPxocy9IJhtQrd2Q9DfVBEJNSAeAGM7HnOkZ0Dw/iMvEYMaNylNvQXqrc/+pz0e
ZvtsaWZ5Yu9D2T3uq+Q1Byga5X39pbBYFqYavd0wNxNIojpdrL/dyxeR7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbiiHsZ9PVT4WTvILXC4zajKRHMMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvbHVLSWV4bjA5VlBoWk84Z3RjTGpOcU1wRWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2akMA0G
CSqGSIb3DQEBCwUAA4IBAQBy6eGPgvQ8Zd7CgINiCfiGPPJGRv0FhvBoL1JOCNuw
l5PriiYEjN9P5kkT/NM0SXP7REy1U9dRdK4mR+v0avOwk/77rCepLIFy7WuUYB59
Vhafgy2i4KuVPIbSCcEBhjiBLJCEGPY7irOgp02PHVoNdlVUWjs8CyIKi/nlfo7K
aQGp8UkSI/PyzUYDKhjOROx6t+So2YvbGhbScDDmuJG0A+6uIpGbfkaXucmfG6DU
8rSSf/PucKaSXf9CgvPTBWU8HBKAIeICqcKN9s8Y24ffntPj7tvx4+3opyRD4wyr
nlBNcj1wE1or/vZXRdWsXbu5CgtJRJxS9s/zE5GBO9Xe
-----END CERTIFICATE-----