Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/J1iWfv360SGoY9J-l0fEYaZ-_HE.roa
File:                     J1iWfv360SGoY9J-l0fEYaZ-_HE.roa (raw, json)
Hash identifier:          Gp+LpEV899MUL1NGStScrezXLNw+lJijC6guORNvKTk=
Subject key identifier:   27:58:96:7E:FD:FA:D1:21:A8:63:D2:7E:97:47:C4:61:A6:7E:FC:71
Certificate issuer:       /CN=d716209d7def98a2bb34977f65009b3520da256e
Certificate serial:       0191BD90B43AFFCB6125A34791B49223F7DF
Authority key identifier: D7:16:20:9D:7D:EF:98:A2:BB:34:97:7F:65:00:9B:35:20:DA:25:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/J1iWfv360SGoY9J-l0fEYaZ-_HE.roa
Signing time:             Wed 04 Sep 2024 15:04:22 +0000
ROA not before:           Wed 04 Sep 2024 15:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        91.239.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:90:b4:3a:ff:cb:61:25:a3:47:91:b4:92:23:f7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d716209d7def98a2bb34977f65009b3520da256e
        Validity
            Not Before: Sep  4 15:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2758967efdfad121a863d27e9747c461a67efc71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c9:3a:1b:fd:a6:93:fb:19:b7:58:1e:5c:87:
                    c4:ab:5f:bb:ea:6f:a5:27:2a:db:d0:cd:82:8f:bd:
                    02:7e:7b:6f:64:d5:c3:59:d3:7c:6a:7b:73:39:13:
                    be:5e:c4:b1:0c:41:de:a9:d5:c8:36:d5:28:b9:88:
                    be:f6:50:23:96:51:24:6c:3a:e4:ef:43:1e:78:3c:
                    f1:02:ab:4e:b5:ef:1e:a9:6c:47:5d:b2:4b:d7:23:
                    05:28:7c:70:16:1c:2a:77:75:66:e7:01:1f:1b:8b:
                    5f:9f:1a:1b:6a:0d:7f:28:6f:d9:05:fc:10:73:eb:
                    88:7e:46:37:13:43:99:12:68:95:5f:a1:e1:b7:d9:
                    c9:32:00:fe:af:dd:81:5e:63:8c:38:06:fa:99:1c:
                    bc:b3:1e:22:20:f9:31:ef:a9:91:6a:50:e2:08:8b:
                    39:a4:f1:40:48:00:be:65:5d:66:4a:60:c0:5c:9d:
                    eb:8e:71:ed:5e:a1:98:ae:44:04:a8:70:3f:91:28:
                    f0:6e:45:c1:33:38:a0:ae:9c:6c:9e:b7:80:ab:7c:
                    47:22:79:ea:04:90:2f:11:ae:2f:1b:3e:b4:bd:bc:
                    ba:4a:5b:da:11:b0:a8:2d:4d:bc:44:1a:80:50:c3:
                    b1:50:a8:96:84:e2:0f:53:53:7c:0f:4c:fd:53:bb:
                    ec:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:58:96:7E:FD:FA:D1:21:A8:63:D2:7E:97:47:C4:61:A6:7E:FC:71
            X509v3 Authority Key Identifier:
                keyid:D7:16:20:9D:7D:EF:98:A2:BB:34:97:7F:65:00:9B:35:20:DA:25:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/J1iWfv360SGoY9J-l0fEYaZ-_HE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:7f:b9:fa:8f:92:f3:dd:87:a1:45:01:e5:35:52:b6:b4:c6:
         a1:2c:8d:83:98:b1:7a:5d:9a:fa:da:75:7b:60:fe:1c:b9:5c:
         c3:4c:a4:60:7f:09:1c:7f:8d:b6:ac:66:d2:40:c6:a2:72:9e:
         96:dc:c4:6d:53:17:d8:10:7a:ae:b4:de:c7:cb:cd:ea:e0:5d:
         8c:49:26:13:35:b6:c8:6e:f1:8c:87:9b:f8:c5:06:10:92:17:
         f9:4f:f1:19:f8:1e:f5:76:47:6c:b1:13:5f:01:36:6e:56:e8:
         00:1d:40:db:9c:a6:bc:38:66:cb:2c:04:fb:3a:39:dc:33:5d:
         4b:0a:47:9f:f5:8a:ce:38:d4:3b:ed:70:59:13:3d:c8:96:3f:
         1c:11:7d:c8:f4:a3:a8:95:4b:9d:11:e0:9b:86:b6:96:49:b1:
         94:45:04:a9:97:25:84:a8:d4:54:ba:c1:7a:d8:f9:13:f6:b5:
         65:2d:63:31:57:70:e6:09:20:54:34:e6:1a:1a:dc:9b:76:51:
         d5:67:38:b8:3f:a6:8f:28:f4:84:94:1f:21:c4:fb:a8:5e:ff:
         21:95:7b:ea:b2:63:c3:25:85:ae:c1:80:49:b2:95:cd:aa:b5:
         d7:80:b2:6e:2f:4c:51:1d:0f:52:a9:ca:45:7e:d4:b1:6c:68:
         8e:09:da:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG9kLQ6/8thJaNHkbSSI/ffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MTYyMDlkN2RlZjk4YTJiYjM0OTc3ZjY1MDA5YjM1MjBk
YTI1NmUwHhcNMjQwOTA0MTUwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzU4OTY3ZWZkZmFkMTIxYTg2M2QyN2U5NzQ3YzQ2MWE2N2VmYzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMk6G/2mk/sZt1geXIfEq1+76m+l
Jyrb0M2Cj70CfntvZNXDWdN8antzORO+XsSxDEHeqdXINtUouYi+9lAjllEkbDrk
70MeeDzxAqtOte8eqWxHXbJL1yMFKHxwFhwqd3Vm5wEfG4tfnxobag1/KG/ZBfwQ
c+uIfkY3E0OZEmiVX6Hht9nJMgD+r92BXmOMOAb6mRy8sx4iIPkx76mRalDiCIs5
pPFASAC+ZV1mSmDAXJ3rjnHtXqGYrkQEqHA/kSjwbkXBMzigrpxsnreAq3xHInnq
BJAvEa4vGz60vby6SlvaEbCoLU28RBqAUMOxUKiWhOIPU1N8D0z9U7vsQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdYln79+tEhqGPSfpdHxGGmfvxxMB8GA1UdIwQY
MBaAFNcWIJ1975iiuzSXf2UAmzUg2iVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXhZZ25YM3ZtS0s3TkpkX1pRQ2JOU0RhSlc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iNTJlMDItM2FmOC00ZWJiLTk5ZDMt
ODUxZDljMDQ0ZTcwLzEvSjFpV2Z2MzYwU0dvWTlKLWwwZkVZYVotX0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iNTJlMDItM2FmOC00ZWJiLTk5ZDMtODUxZDljMDQ0ZTcw
LzEvMXhZZ25YM3ZtS0s3TkpkX1pRQ2JOU0RhSlc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/AMA0G
CSqGSIb3DQEBCwUAA4IBAQCSf7n6j5Lz3YehRQHlNVK2tMahLI2DmLF6XZr62nV7
YP4cuVzDTKRgfwkcf422rGbSQMaicp6W3MRtUxfYEHqutN7Hy83q4F2MSSYTNbbI
bvGMh5v4xQYQkhf5T/EZ+B71dkdssRNfATZuVugAHUDbnKa8OGbLLAT7OjncM11L
Ckef9YrOONQ77XBZEz3Ilj8cEX3I9KOolUudEeCbhraWSbGURQSplyWEqNRUusF6
2PkT9rVlLWMxV3DmCSBUNOYaGtybdlHVZzi4P6aPKPSElB8hxPuoXv8hlXvqsmPD
JYWuwYBJspXNqrXXgLJuL0xRHQ9SqcpFftSxbGiOCdpD
-----END CERTIFICATE-----