Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/04sSAJcFgmyyveur0tGFhnIE4LA.roa
File:                     04sSAJcFgmyyveur0tGFhnIE4LA.roa (raw, json)
Hash identifier:          OYyKGjTC8x1jdGwJtul/cymVN7jHmNbJ7h2vm6GC6qs=
Subject key identifier:   D3:8B:12:00:97:05:82:6C:B2:BD:EB:AB:D2:D1:85:86:72:04:E0:B0
Certificate issuer:       /CN=f341cfec38131f83ae3df6998fa02837585c91dd
Certificate serial:       018CC348AB5E4BFD51A745DFCBD5E2F6AE8F
Authority key identifier: F3:41:CF:EC:38:13:1F:83:AE:3D:F6:99:8F:A0:28:37:58:5C:91:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/80HP7DgTH4OuPfaZj6AoN1hckd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/04sSAJcFgmyyveur0tGFhnIE4LA.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205530
IP address blocks:        91.214.252.0/24 maxlen: 32
                          91.214.254.0/24 maxlen: 24
                          91.214.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/80HP7DgTH4OuPfaZj6AoN1hckd0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/80HP7DgTH4OuPfaZj6AoN1hckd0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/80HP7DgTH4OuPfaZj6AoN1hckd0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ab:5e:4b:fd:51:a7:45:df:cb:d5:e2:f6:ae:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f341cfec38131f83ae3df6998fa02837585c91dd
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d38b12009705826cb2bdebabd2d185867204e0b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:dc:13:c0:5b:5e:ab:cc:77:d1:2c:81:32:b1:
                    11:b9:1e:a9:7c:02:2d:28:a3:cd:9c:dc:c1:92:e9:
                    fd:1b:b2:5c:62:31:76:0f:97:19:91:a9:43:c8:4f:
                    2d:db:ec:a4:6f:da:0b:33:ed:3e:c1:d9:10:b4:a5:
                    b9:a1:2b:e9:73:ad:15:96:82:16:a9:84:4d:b0:b7:
                    ea:73:a2:78:ab:86:58:76:57:e1:cd:ab:30:da:60:
                    c4:d2:ed:28:0e:df:ff:d4:70:20:87:f2:c6:a9:b9:
                    a3:78:90:03:6b:45:6f:a1:1c:d6:3e:ed:db:c7:0c:
                    c0:93:61:99:50:fa:e5:a6:3a:60:8b:50:7e:f7:0a:
                    56:e3:9e:be:a5:18:6f:84:51:26:65:2e:d6:d6:59:
                    12:07:eb:64:e4:78:ac:49:c5:b6:99:8b:cc:ed:5a:
                    e1:76:83:c7:eb:8f:7c:51:69:3a:ec:d0:15:bc:f7:
                    b2:86:91:54:58:61:43:a0:79:9f:76:54:6d:85:24:
                    14:26:cd:bd:93:cf:1e:f0:86:33:ec:c1:74:44:2e:
                    31:cf:8c:fe:2d:0a:75:47:28:0c:96:98:f1:3c:5f:
                    a4:7c:f5:40:82:eb:b5:cb:43:99:78:53:8b:f7:90:
                    07:24:8a:4c:01:04:0b:81:c6:c1:8c:9e:45:6b:ee:
                    97:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:8B:12:00:97:05:82:6C:B2:BD:EB:AB:D2:D1:85:86:72:04:E0:B0
            X509v3 Authority Key Identifier:
                keyid:F3:41:CF:EC:38:13:1F:83:AE:3D:F6:99:8F:A0:28:37:58:5C:91:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/80HP7DgTH4OuPfaZj6AoN1hckd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/04sSAJcFgmyyveur0tGFhnIE4LA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/80HP7DgTH4OuPfaZj6AoN1hckd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.252.0/24
                  91.214.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:ed:10:a4:2f:13:fd:6c:49:24:aa:80:1b:32:37:69:5a:d3:
         15:d0:2b:d4:27:fc:4e:58:88:29:50:e5:58:3a:3a:a1:25:b6:
         1c:c3:94:23:05:22:cc:d3:36:cc:4b:e4:7b:e0:38:77:6d:19:
         6a:d6:fb:57:4b:b2:6a:43:d9:d9:3e:9e:73:ea:30:d2:55:e1:
         c9:0e:3d:8c:29:95:6d:54:1d:64:3a:46:b2:3e:c5:a7:5a:a9:
         63:2c:23:70:a2:88:21:40:8b:98:f4:e1:a2:f4:86:e5:4e:08:
         80:f1:25:27:c8:5a:67:cd:ad:75:c5:f3:5b:33:56:41:5e:3e:
         0d:2c:11:61:51:b4:15:f8:b8:ad:2f:b8:f1:66:7e:6e:5d:9f:
         72:c7:df:05:84:c8:d2:07:df:38:89:ff:16:37:e3:e2:aa:05:
         f0:59:f6:36:a3:72:19:4b:2a:d4:ab:6b:37:b9:4d:21:88:5b:
         8b:eb:ed:9f:ee:8c:32:cb:8e:76:4d:19:0d:66:7b:0b:fb:f9:
         0f:65:64:46:6f:04:fe:b7:53:c5:12:73:f5:f6:3f:aa:16:c2:
         8b:19:61:03:1d:46:98:d9:93:76:db:5e:f0:13:3d:13:40:42:
         96:84:57:a2:0f:0c:6e:a0:1a:f9:b1:cf:f8:1b:15:fc:a6:36:
         36:e4:3f:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSKteS/1Rp0Xfy9Xi9q6PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNDFjZmVjMzgxMzFmODNhZTNkZjY5OThmYTAyODM3NTg1
YzkxZGQwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzhiMTIwMDk3MDU4MjZjYjJiZGViYWJkMmQxODU4NjcyMDRlMGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndwTwFteq8x30SyBMrERuR6pfAIt
KKPNnNzBkun9G7JcYjF2D5cZkalDyE8t2+ykb9oLM+0+wdkQtKW5oSvpc60VloIW
qYRNsLfqc6J4q4ZYdlfhzasw2mDE0u0oDt//1HAgh/LGqbmjeJADa0VvoRzWPu3b
xwzAk2GZUPrlpjpgi1B+9wpW456+pRhvhFEmZS7W1lkSB+tk5HisScW2mYvM7Vrh
doPH6498UWk67NAVvPeyhpFUWGFDoHmfdlRthSQUJs29k88e8IYz7MF0RC4xz4z+
LQp1RygMlpjxPF+kfPVAguu1y0OZeFOL95AHJIpMAQQLgcbBjJ5Fa+6X6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNOLEgCXBYJssr3rq9LRhYZyBOCwMB8GA1UdIwQY
MBaAFPNBz+w4Ex+Drj32mY+gKDdYXJHdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODBIUDdEZ1RINE91UGZhWmo2QW9OMWhja2QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yMmY4NTEtNzdlZS00ZDY0LWE5NWUt
MDlhZmI3ZDZmYjE2LzEvMDRzU0FKY0ZnbXl5dmV1cjB0R0ZobklFNExBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yMmY4NTEtNzdlZS00ZDY0LWE5NWUtMDlhZmI3ZDZmYjE2
LzEvODBIUDdEZ1RINE91UGZhWmo2QW9OMWhja2QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9b8AwQB
W9b+MA0GCSqGSIb3DQEBCwUAA4IBAQAX7RCkLxP9bEkkqoAbMjdpWtMV0CvUJ/xO
WIgpUOVYOjqhJbYcw5QjBSLM0zbMS+R74Dh3bRlq1vtXS7JqQ9nZPp5z6jDSVeHJ
Dj2MKZVtVB1kOkayPsWnWqljLCNwooghQIuY9OGi9IblTgiA8SUnyFpnza11xfNb
M1ZBXj4NLBFhUbQV+LitL7jxZn5uXZ9yx98FhMjSB984if8WN+PiqgXwWfY2o3IZ
SyrUq2s3uU0hiFuL6+2f7owyy452TRkNZnsL+/kPZWRGbwT+t1PFEnP19j+qFsKL
GWEDHUaY2ZN2217wEz0TQEKWhFeiDwxuoBr5sc/4GxX8pjY25D9i
-----END CERTIFICATE-----