Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/001b9f-e4d8-4dac-bf08-7240c36000d7/1/RxT0pdF4E0J7R1prLHafDTlnJHM.roa
File:                     RxT0pdF4E0J7R1prLHafDTlnJHM.roa (raw, json)
Hash identifier:          GbriMY+X1HatwR4rXggBW4Er9oIMJY8iA0oWJ0LrMXY=
Subject key identifier:   47:14:F4:A5:D1:78:13:42:7B:47:5A:6B:2C:76:9F:0D:39:67:24:73
Certificate issuer:       /CN=979586035abe23569c2135e320dbd1a255b84034
Certificate serial:       018CC424BE83173251698D832E91CF8E5905
Authority key identifier: 97:95:86:03:5A:BE:23:56:9C:21:35:E3:20:DB:D1:A2:55:B8:40:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5WGA1q-I1acITXjINvRolW4QDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/001b9f-e4d8-4dac-bf08-7240c36000d7/1/RxT0pdF4E0J7R1prLHafDTlnJHM.roa
Signing time:             Mon 01 Jan 2024 08:29:51 +0000
ROA not before:           Mon 01 Jan 2024 08:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197470
IP address blocks:        91.220.221.0/24 maxlen: 24
                          46.151.232.0/21 maxlen: 21
                          91.221.170.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/001b9f-e4d8-4dac-bf08-7240c36000d7/1/l5WGA1q-I1acITXjINvRolW4QDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/001b9f-e4d8-4dac-bf08-7240c36000d7/1/l5WGA1q-I1acITXjINvRolW4QDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5WGA1q-I1acITXjINvRolW4QDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:be:83:17:32:51:69:8d:83:2e:91:cf:8e:59:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=979586035abe23569c2135e320dbd1a255b84034
        Validity
            Not Before: Jan  1 08:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4714f4a5d17813427b475a6b2c769f0d39672473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:24:30:8b:38:76:f0:bf:7c:1a:b8:c7:e9:fa:
                    99:af:32:41:15:de:6c:8c:ff:1d:e0:1a:80:22:bd:
                    11:cf:8b:b1:bd:90:87:2d:99:c7:53:66:d6:72:cd:
                    d9:95:ee:7e:aa:01:6c:16:8e:92:78:ed:99:eb:f0:
                    0a:4e:69:cb:6d:f8:16:56:dc:c4:7a:6f:76:43:cc:
                    63:95:f2:4d:1f:17:5b:ca:f0:21:21:04:56:b9:b8:
                    2b:2a:84:26:48:73:f5:7a:3b:16:8a:3e:5c:ca:65:
                    fb:ac:94:fb:62:4e:2e:2d:c6:90:a1:74:0a:9e:2c:
                    c0:c3:7e:8c:fc:88:e7:11:bb:01:06:a1:3b:6d:02:
                    b6:c6:bd:12:cb:ab:bf:3f:c3:73:7b:ee:c2:ca:c9:
                    bc:91:bc:38:5c:ed:35:c8:87:e4:88:20:24:49:ae:
                    a5:cb:10:8a:93:22:92:3a:82:28:9f:23:c5:a5:50:
                    46:8b:eb:30:65:1d:f4:0d:dd:92:30:5b:8c:19:88:
                    da:25:30:63:6f:d7:99:66:05:01:b6:5c:01:5a:eb:
                    36:87:56:d4:4c:30:49:c7:6a:b5:9b:6b:13:c9:8b:
                    8a:85:16:d7:fe:6c:66:ea:98:38:90:78:17:c7:78:
                    c4:04:a7:49:a9:07:7e:9e:d8:e5:b4:73:9f:37:ef:
                    c0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:14:F4:A5:D1:78:13:42:7B:47:5A:6B:2C:76:9F:0D:39:67:24:73
            X509v3 Authority Key Identifier:
                keyid:97:95:86:03:5A:BE:23:56:9C:21:35:E3:20:DB:D1:A2:55:B8:40:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5WGA1q-I1acITXjINvRolW4QDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/001b9f-e4d8-4dac-bf08-7240c36000d7/1/RxT0pdF4E0J7R1prLHafDTlnJHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/001b9f-e4d8-4dac-bf08-7240c36000d7/1/l5WGA1q-I1acITXjINvRolW4QDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.232.0/21
                  91.220.221.0/24
                  91.221.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:08:5d:82:58:dc:0f:62:79:22:83:eb:b5:97:7e:6c:52:6b:
         03:0c:6a:60:2f:b3:8f:2d:8b:51:60:7b:e8:44:fb:9e:10:91:
         94:db:c8:00:0d:75:b4:b0:ee:36:80:0a:a5:29:92:ef:56:1f:
         7e:7c:d1:32:b5:60:82:05:2c:80:e5:5a:e6:79:7d:ab:19:36:
         ab:bc:d4:34:c0:e0:a9:f9:97:ae:a0:2a:e8:99:ed:c1:48:02:
         da:75:c8:c1:6c:82:33:7d:2c:56:61:be:2f:4f:8d:98:77:2a:
         6f:f7:c1:34:05:4c:25:a7:b4:8f:b9:67:e7:10:77:61:aa:48:
         77:5a:46:b2:2a:03:ae:b8:13:85:9f:d5:0e:bd:82:ae:bc:47:
         87:e2:da:da:83:e8:cd:a3:3d:9b:18:ef:b5:e6:a6:ad:89:b6:
         9e:f8:b6:29:f3:1a:b9:bd:b4:e9:c1:99:22:1d:e9:5a:b0:6f:
         09:06:1e:2d:96:72:5f:d0:b2:50:c8:59:b1:ac:98:95:b3:33:
         c3:95:2f:63:23:85:d2:21:d5:40:53:6a:9e:86:b4:41:22:9a:
         b1:2f:e9:c0:e4:79:68:0b:a4:07:d0:3a:6a:64:d1:aa:e7:ce:
         c5:e6:b6:2f:f3:62:30:fa:22:73:94:73:25:09:42:d7:25:61:
         2d:65:88:f2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEJL6DFzJRaY2DLpHPjlkFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTU4NjAzNWFiZTIzNTY5YzIxMzVlMzIwZGJkMWEyNTVi
ODQwMzQwHhcNMjQwMTAxMDgyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzE0ZjRhNWQxNzgxMzQyN2I0NzVhNmIyYzc2OWYwZDM5NjcyNDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyQwizh28L98GrjH6fqZrzJBFd5s
jP8d4BqAIr0Rz4uxvZCHLZnHU2bWcs3Zle5+qgFsFo6SeO2Z6/AKTmnLbfgWVtzE
em92Q8xjlfJNHxdbyvAhIQRWubgrKoQmSHP1ejsWij5cymX7rJT7Yk4uLcaQoXQK
nizAw36M/IjnEbsBBqE7bQK2xr0Sy6u/P8Nze+7Cysm8kbw4XO01yIfkiCAkSa6l
yxCKkyKSOoIonyPFpVBGi+swZR30Dd2SMFuMGYjaJTBjb9eZZgUBtlwBWus2h1bU
TDBJx2q1m2sTyYuKhRbX/mxm6pg4kHgXx3jEBKdJqQd+ntjltHOfN+/AdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEcU9KXReBNCe0daayx2nw05ZyRzMB8GA1UdIwQY
MBaAFJeVhgNaviNWnCE14yDb0aJVuEA0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVXR0ExcS1JMWFjSVRYaklOdlJvbFc0UURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8wMDFiOWYtZTRkOC00ZGFjLWJmMDgt
NzI0MGMzNjAwMGQ3LzEvUnhUMHBkRjRFMEo3UjFwckxIYWZEVGxuSkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8wMDFiOWYtZTRkOC00ZGFjLWJmMDgtNzI0MGMzNjAwMGQ3
LzEvbDVXR0ExcS1JMWFjSVRYaklOdlJvbFc0UURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDLpfoAwQA
W9zdAwQBW92qMA0GCSqGSIb3DQEBCwUAA4IBAQBdCF2CWNwPYnkig+u1l35sUmsD
DGpgL7OPLYtRYHvoRPueEJGU28gADXW0sO42gAqlKZLvVh9+fNEytWCCBSyA5Vrm
eX2rGTarvNQ0wOCp+ZeuoCrome3BSALadcjBbIIzfSxWYb4vT42Ydypv98E0BUwl
p7SPuWfnEHdhqkh3WkayKgOuuBOFn9UOvYKuvEeH4trag+jNoz2bGO+15qatibae
+LYp8xq5vbTpwZkiHelasG8JBh4tlnJf0LJQyFmxrJiVszPDlS9jI4XSIdVAU2qe
hrRBIpqxL+nA5HloC6QH0DpqZNGq587F5rYv82Iw+iJzlHMlCULXJWEtZYjy
-----END CERTIFICATE-----