Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/263c26-7dca-4512-834f-005edfb761c6/1/W1RNBuQfFihR_t6Fe2jyBAww9IY.roa
File:                     W1RNBuQfFihR_t6Fe2jyBAww9IY.roa (raw, json)
Hash identifier:          e3usLYVX/mbxFrwemsfhVxycEVId8LWOKXAj3b/v/vw=
Subject key identifier:   5B:54:4D:06:E4:1F:16:28:51:FE:DE:85:7B:68:F2:04:0C:30:F4:86
Certificate issuer:       /CN=07c9ca1e278307bae2405a4834af447c06414701
Certificate serial:       018DD5B161E6E4C7E1583EE43B108A438956
Authority key identifier: 07:C9:CA:1E:27:83:07:BA:E2:40:5A:48:34:AF:44:7C:06:41:47:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B8nKHieDB7riQFpINK9EfAZBRwE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/263c26-7dca-4512-834f-005edfb761c6/1/W1RNBuQfFihR_t6Fe2jyBAww9IY.roa
Signing time:             Fri 23 Feb 2024 11:19:48 +0000
ROA not before:           Fri 23 Feb 2024 11:19:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200322
IP address blocks:        91.217.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/263c26-7dca-4512-834f-005edfb761c6/1/B8nKHieDB7riQFpINK9EfAZBRwE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/263c26-7dca-4512-834f-005edfb761c6/1/B8nKHieDB7riQFpINK9EfAZBRwE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B8nKHieDB7riQFpINK9EfAZBRwE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:b1:61:e6:e4:c7:e1:58:3e:e4:3b:10:8a:43:89:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07c9ca1e278307bae2405a4834af447c06414701
        Validity
            Not Before: Feb 23 11:19:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b544d06e41f162851fede857b68f2040c30f486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:10:d1:f6:6b:7b:70:81:4a:00:ed:40:f7:18:
                    1d:fd:a8:dd:08:0c:1f:9b:ae:9b:a4:22:f2:d5:8f:
                    2a:ad:a4:dc:36:fe:73:44:28:40:ba:47:20:81:53:
                    d0:34:f4:99:94:4e:a3:0a:ea:db:ab:9b:79:db:e2:
                    09:8f:0c:ff:75:08:60:be:48:71:36:51:41:2e:91:
                    7a:d9:e4:7a:52:88:7f:1d:a5:4b:1b:6d:82:b8:79:
                    02:6d:07:29:50:74:a6:50:ac:61:94:ce:eb:dd:25:
                    1f:c5:a5:7c:83:9c:62:a9:5c:78:74:4b:a0:e7:01:
                    db:fe:47:7f:8a:af:cc:e3:f5:83:d4:e2:5f:71:f2:
                    ea:39:22:5e:fe:07:0c:6d:51:54:6b:8a:0d:67:79:
                    71:7b:ea:02:e4:59:3a:84:ff:d5:06:27:3c:ac:fb:
                    9d:6e:91:ee:e5:d1:3c:cf:8e:4b:ff:c3:1c:d8:78:
                    24:95:51:63:7a:10:09:71:ea:09:f7:65:73:96:a2:
                    90:20:06:cd:23:5d:32:5a:b9:f4:d4:d0:b1:d1:9c:
                    23:1e:b9:51:37:bd:b0:db:ea:2b:f3:5b:d5:59:d0:
                    d2:3c:e7:91:54:a1:9e:03:6d:ec:e6:f7:60:9d:6a:
                    2e:bd:61:c9:d9:dc:76:82:5e:9c:1c:6b:0b:d8:f2:
                    f7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:54:4D:06:E4:1F:16:28:51:FE:DE:85:7B:68:F2:04:0C:30:F4:86
            X509v3 Authority Key Identifier:
                keyid:07:C9:CA:1E:27:83:07:BA:E2:40:5A:48:34:AF:44:7C:06:41:47:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B8nKHieDB7riQFpINK9EfAZBRwE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/263c26-7dca-4512-834f-005edfb761c6/1/W1RNBuQfFihR_t6Fe2jyBAww9IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/263c26-7dca-4512-834f-005edfb761c6/1/B8nKHieDB7riQFpINK9EfAZBRwE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:f0:28:8d:56:81:17:5d:35:e0:dc:38:00:4b:f1:6e:b1:c2:
         fb:d3:52:58:f0:ca:17:bc:38:a9:1c:30:a0:9b:ce:5d:c9:bb:
         72:fe:6e:8c:3e:f5:89:b8:fc:80:45:c8:8b:08:b2:06:79:15:
         76:61:49:fe:24:67:92:ff:e4:ce:43:c9:1f:bc:ef:dc:d6:8f:
         0b:b3:6d:fc:28:56:84:78:55:1a:c1:41:a7:e6:3f:3b:04:89:
         f8:e6:9d:29:5e:bf:54:d0:6f:2f:eb:8f:f8:4a:f4:db:b3:a1:
         61:9d:1d:92:fe:f3:9e:84:8a:f2:58:16:3f:ba:ae:a2:e4:af:
         db:19:96:72:57:2f:36:5d:cc:5b:92:02:bf:e9:e7:48:e1:df:
         4b:da:f7:03:d0:09:d3:36:96:de:1d:12:c0:6c:58:04:ce:62:
         70:52:fb:5d:28:76:8f:d5:96:bf:93:3b:e7:94:6e:8f:e5:69:
         c3:24:48:1f:ec:b3:40:06:12:ed:f7:85:e1:61:85:6f:c8:c2:
         ea:ef:51:57:db:c9:1c:2d:c0:b3:22:e5:3e:c9:19:dc:7d:04:
         9d:be:16:f2:c7:db:1e:dd:11:1a:e0:b3:d0:86:30:67:88:81:
         77:e6:15:eb:47:e6:62:f6:7f:a4:b4:7f:84:ca:f0:2e:07:f8:
         49:ea:d9:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3VsWHm5MfhWD7kOxCKQ4lWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YzljYTFlMjc4MzA3YmFlMjQwNWE0ODM0YWY0NDdjMDY0
MTQ3MDEwHhcNMjQwMjIzMTExOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjU0NGQwNmU0MWYxNjI4NTFmZWRlODU3YjY4ZjIwNDBjMzBmNDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhDR9mt7cIFKAO1A9xgd/ajdCAwf
m66bpCLy1Y8qraTcNv5zRChAukcggVPQNPSZlE6jCurbq5t52+IJjwz/dQhgvkhx
NlFBLpF62eR6Uoh/HaVLG22CuHkCbQcpUHSmUKxhlM7r3SUfxaV8g5xiqVx4dEug
5wHb/kd/iq/M4/WD1OJfcfLqOSJe/gcMbVFUa4oNZ3lxe+oC5Fk6hP/VBic8rPud
bpHu5dE8z45L/8Mc2HgklVFjehAJceoJ92VzlqKQIAbNI10yWrn01NCx0ZwjHrlR
N72w2+or81vVWdDSPOeRVKGeA23s5vdgnWouvWHJ2dx2gl6cHGsL2PL38QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtUTQbkHxYoUf7ehXto8gQMMPSGMB8GA1UdIwQY
MBaAFAfJyh4ngwe64kBaSDSvRHwGQUcBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjhuS0hpZURCN3JpUUZwSU5LOUVmQVpCUndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8yNjNjMjYtN2RjYS00NTEyLTgzNGYt
MDA1ZWRmYjc2MWM2LzEvVzFSTkJ1UWZGaWhSX3Q2RmUyanlCQXd3OUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8yNjNjMjYtN2RjYS00NTEyLTgzNGYtMDA1ZWRmYjc2MWM2
LzEvQjhuS0hpZURCN3JpUUZwSU5LOUVmQVpCUndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9maMA0G
CSqGSIb3DQEBCwUAA4IBAQCa8CiNVoEXXTXg3DgAS/FuscL701JY8MoXvDipHDCg
m85dybty/m6MPvWJuPyARciLCLIGeRV2YUn+JGeS/+TOQ8kfvO/c1o8Ls238KFaE
eFUawUGn5j87BIn45p0pXr9U0G8v64/4SvTbs6FhnR2S/vOehIryWBY/uq6i5K/b
GZZyVy82XcxbkgK/6edI4d9L2vcD0AnTNpbeHRLAbFgEzmJwUvtdKHaP1Za/kzvn
lG6P5WnDJEgf7LNABhLt94XhYYVvyMLq71FX28kcLcCzIuU+yRncfQSdvhbyx9se
3REa4LPQhjBniIF35hXrR+Zi9n+ktH+EyvAuB/hJ6tmf
-----END CERTIFICATE-----