Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/87TDj0pVWmWMntwEIIleXovIRiA.roa
File:                     87TDj0pVWmWMntwEIIleXovIRiA.roa (raw, json)
Hash identifier:          tmJgLucht27yMsv6M04FlLuLqMH6iP4+4BWxGzCjGO0=
Subject key identifier:   F3:B4:C3:8F:4A:55:5A:65:8C:9E:DC:04:20:89:5E:5E:8B:C8:46:20
Certificate issuer:       /CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
Certificate serial:       0191D5B48390C287CE57239D5C202258EF9C
Authority key identifier: 7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/87TDj0pVWmWMntwEIIleXovIRiA.roa
Signing time:             Mon 09 Sep 2024 07:34:22 +0000
ROA not before:           Mon 09 Sep 2024 07:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57099
IP address blocks:        91.209.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d5:b4:83:90:c2:87:ce:57:23:9d:5c:20:22:58:ef:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
        Validity
            Not Before: Sep  9 07:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3b4c38f4a555a658c9edc0420895e5e8bc84620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:29:29:55:6b:2a:df:cd:04:ca:e9:80:21:a5:
                    33:ab:6b:9c:c0:cb:f4:ed:b4:5f:28:82:a4:54:90:
                    97:af:4c:2e:3a:6a:08:10:9a:2b:2c:89:6e:26:03:
                    b7:df:40:b2:46:6a:ef:f9:d3:c4:b2:85:a0:75:d6:
                    17:53:de:ee:27:b4:cb:bf:e3:a6:f3:30:37:d5:00:
                    bd:59:60:f7:88:7c:56:49:76:ab:c5:be:42:89:30:
                    8f:a6:9d:5d:64:8f:d7:5f:6f:87:fa:f6:6f:00:ab:
                    81:c0:8d:e5:0e:f2:fe:48:65:2e:8e:45:9f:5f:51:
                    44:6a:b4:c2:88:48:56:59:bd:bb:99:16:d6:a6:fc:
                    3b:99:73:a1:ba:dc:09:fd:99:89:c2:f7:73:c5:c8:
                    8f:82:3e:8c:69:02:ca:88:f8:ff:31:6d:8c:cb:41:
                    27:9c:13:3f:0d:25:0c:33:8c:4c:88:5b:60:78:7d:
                    95:a5:16:ce:93:b9:2b:0c:0f:e8:e9:65:d7:b7:e1:
                    36:75:53:bf:e3:6f:73:93:8e:9d:9b:55:78:93:81:
                    2e:ad:00:87:83:b2:2e:55:95:59:aa:ba:e0:ed:09:
                    82:dd:0b:4e:bd:58:c7:7f:59:cd:63:2f:81:28:6c:
                    15:6b:21:5b:41:87:db:49:f3:55:c4:8c:6a:ef:10:
                    5c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:B4:C3:8F:4A:55:5A:65:8C:9E:DC:04:20:89:5E:5E:8B:C8:46:20
            X509v3 Authority Key Identifier:
                keyid:7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/87TDj0pVWmWMntwEIIleXovIRiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:a6:dd:2f:2c:a6:e3:26:63:4a:b7:84:f5:bf:2d:dd:b3:92:
         28:a1:46:bb:4d:7a:c7:58:26:9d:0f:6f:a2:70:ac:8a:51:87:
         2e:bb:1a:f9:64:af:06:1a:a6:92:fa:e9:86:c3:a5:10:0a:63:
         19:b5:9f:66:56:e6:c2:40:b3:8b:4c:48:f5:9b:4a:14:04:6f:
         dc:a7:6a:3b:56:72:cf:3b:c3:a1:a0:b4:fa:bd:59:c4:62:3d:
         2a:a9:f5:ea:62:66:e4:ab:e7:90:39:8b:b6:2b:21:45:19:3d:
         b1:4f:26:55:04:f5:c9:99:3c:6c:06:6e:e3:77:19:1f:6c:b3:
         a9:57:1c:b8:57:37:64:6a:91:47:12:44:d0:47:95:c4:55:40:
         fa:8d:c0:6e:ab:e2:90:68:9c:f2:15:9e:a9:b5:83:a9:06:90:
         fb:fb:c4:1f:56:c5:0a:d8:b9:db:d9:60:83:b7:eb:51:28:f2:
         95:46:7b:fc:a5:0e:9b:71:80:c8:96:b3:ab:12:ee:30:c1:71:
         83:d9:9b:9d:d0:fb:60:42:6b:58:51:7e:e4:d9:ea:35:89:b0:
         c3:fa:79:6b:39:d0:cc:fc:02:dc:7c:53:61:ca:9e:a4:b4:bf:
         31:64:2c:53:ef:b3:3f:20:2b:96:45:3d:a1:5e:d3:d3:0f:1c:
         2c:fa:b6:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHVtIOQwofOVyOdXCAiWO+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNDVhOWEwMzUzYTMzYzZhNGY5MzYwOGY5ZDI1ZjI3Yzg1
OTQ4YjcwHhcNMjQwOTA5MDczNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2I0YzM4ZjRhNTU1YTY1OGM5ZWRjMDQyMDg5NWU1ZThiYzg0NjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCkpVWsq380EyumAIaUzq2ucwMv0
7bRfKIKkVJCXr0wuOmoIEJorLIluJgO330CyRmrv+dPEsoWgddYXU97uJ7TLv+Om
8zA31QC9WWD3iHxWSXarxb5CiTCPpp1dZI/XX2+H+vZvAKuBwI3lDvL+SGUujkWf
X1FEarTCiEhWWb27mRbWpvw7mXOhutwJ/ZmJwvdzxciPgj6MaQLKiPj/MW2My0En
nBM/DSUMM4xMiFtgeH2VpRbOk7krDA/o6WXXt+E2dVO/429zk46dm1V4k4EurQCH
g7IuVZVZqrrg7QmC3QtOvVjHf1nNYy+BKGwVayFbQYfbSfNVxIxq7xBcLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPO0w49KVVpljJ7cBCCJXl6LyEYgMB8GA1UdIwQY
MBaAFH5FqaA1OjPGpPk2CPnSXyfIWUi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2Qt
MzdhNjBjMzM1YTVkLzEvODdURGowcFZXbVdNbnR3RUlJbGVYb3ZJUmlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2QtMzdhNjBjMzM1YTVk
LzEvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GOMA0G
CSqGSIb3DQEBCwUAA4IBAQA0pt0vLKbjJmNKt4T1vy3ds5IooUa7TXrHWCadD2+i
cKyKUYcuuxr5ZK8GGqaS+umGw6UQCmMZtZ9mVubCQLOLTEj1m0oUBG/cp2o7VnLP
O8OhoLT6vVnEYj0qqfXqYmbkq+eQOYu2KyFFGT2xTyZVBPXJmTxsBm7jdxkfbLOp
Vxy4VzdkapFHEkTQR5XEVUD6jcBuq+KQaJzyFZ6ptYOpBpD7+8QfVsUK2Lnb2WCD
t+tRKPKVRnv8pQ6bcYDIlrOrEu4wwXGD2Zud0PtgQmtYUX7k2eo1ibDD+nlrOdDM
/ALcfFNhyp6ktL8xZCxT77M/ICuWRT2hXtPTDxws+rbr
-----END CERTIFICATE-----