Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/58a94a-9e28-47a5-9fd6-9c91b1c5158a/1/Xk9rUIFUBW30gDAyg_gxbiD-Ttc.roa
File:                     Xk9rUIFUBW30gDAyg_gxbiD-Ttc.roa (raw, json)
Hash identifier:          zrBJjzuVBEEhe4sS2r5Tp/P7z+hAi6gokzsX4FhJR2E=
Subject key identifier:   5E:4F:6B:50:81:54:05:6D:F4:80:30:32:83:F8:31:6E:20:FE:4E:D7
Certificate issuer:       /CN=a4f00aae577e7451f88ea604bf6a33734cd03009
Certificate serial:       018CC86F058496658FFA797CE170B7F90003
Authority key identifier: A4:F0:0A:AE:57:7E:74:51:F8:8E:A6:04:BF:6A:33:73:4C:D0:30:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPAKrld-dFH4jqYEv2ozc0zQMAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/58a94a-9e28-47a5-9fd6-9c91b1c5158a/1/Xk9rUIFUBW30gDAyg_gxbiD-Ttc.roa
Signing time:             Tue 02 Jan 2024 04:29:28 +0000
ROA not before:           Tue 02 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29479
IP address blocks:        91.237.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/58a94a-9e28-47a5-9fd6-9c91b1c5158a/1/pPAKrld-dFH4jqYEv2ozc0zQMAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/58a94a-9e28-47a5-9fd6-9c91b1c5158a/1/pPAKrld-dFH4jqYEv2ozc0zQMAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pPAKrld-dFH4jqYEv2ozc0zQMAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:05:84:96:65:8f:fa:79:7c:e1:70:b7:f9:00:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f00aae577e7451f88ea604bf6a33734cd03009
        Validity
            Not Before: Jan  2 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e4f6b508154056df480303283f8316e20fe4ed7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:80:ea:23:6f:3c:e6:90:ac:ba:94:56:5f:b9:
                    e3:14:52:00:15:97:b4:53:fd:d0:d9:a0:21:1c:79:
                    e7:92:9b:b1:08:2a:bf:21:5e:86:6b:d7:54:df:81:
                    35:89:60:df:72:b6:39:a5:a6:76:5c:0c:8d:1b:17:
                    ae:82:fd:48:16:d2:aa:ce:fd:44:59:40:37:d5:1b:
                    53:4d:fc:c2:98:4d:1a:3a:20:de:5d:48:f8:d8:1e:
                    69:a2:f8:88:2b:0c:83:46:d8:45:46:cb:c8:4c:f3:
                    a5:86:91:d6:2b:a7:44:c8:13:e1:a1:bc:46:01:e6:
                    74:c9:24:4b:6e:81:72:9d:d9:5d:c8:bd:5c:06:d9:
                    ff:1c:77:0f:98:89:59:69:92:50:03:cf:66:07:1f:
                    9a:28:81:54:0c:a6:58:b2:a8:1f:50:e8:0d:41:4b:
                    b6:9f:54:ea:11:87:aa:92:c2:8c:56:ff:0e:ec:e0:
                    be:28:b3:1e:cb:a0:f0:af:2f:b8:90:cc:5e:a8:53:
                    9f:0a:e1:c8:1f:76:f6:fe:52:4b:42:d3:3f:92:d2:
                    ef:99:94:52:b3:f8:a2:06:fb:d1:86:af:bf:b5:1c:
                    2d:5b:71:df:0f:7f:a3:6b:b2:8d:8a:51:94:89:8c:
                    ff:58:ce:4e:5f:4f:a6:2b:1e:0b:27:dd:19:8a:b3:
                    4f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:4F:6B:50:81:54:05:6D:F4:80:30:32:83:F8:31:6E:20:FE:4E:D7
            X509v3 Authority Key Identifier:
                keyid:A4:F0:0A:AE:57:7E:74:51:F8:8E:A6:04:BF:6A:33:73:4C:D0:30:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPAKrld-dFH4jqYEv2ozc0zQMAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/58a94a-9e28-47a5-9fd6-9c91b1c5158a/1/Xk9rUIFUBW30gDAyg_gxbiD-Ttc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/58a94a-9e28-47a5-9fd6-9c91b1c5158a/1/pPAKrld-dFH4jqYEv2ozc0zQMAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:18:d9:dd:27:42:98:3f:8e:d7:62:fd:7a:2e:da:e1:0a:60:
         63:1b:c1:8d:e9:90:ba:9b:bc:d6:3d:b0:a9:d2:7c:94:f8:f2:
         6e:99:e2:43:a6:23:d8:3b:d3:5a:b5:2a:e9:ba:6e:4c:6e:d7:
         a9:31:34:37:0a:59:9e:e5:19:35:e4:a2:d5:d6:a8:de:6e:13:
         a7:a5:14:90:8c:c3:85:23:d5:5b:ce:47:b3:c7:fa:8a:1a:f2:
         dd:12:7f:68:a5:57:7c:bd:ce:ba:c1:ac:02:5f:87:e8:94:4c:
         7a:ca:e2:71:c5:13:28:b0:17:0c:d2:bc:6f:8c:66:29:ec:2c:
         a5:83:90:bd:ad:7d:49:39:c7:b6:e5:d3:fd:9d:60:1e:cb:4c:
         2e:42:ba:80:68:bf:68:c0:28:ad:a5:c6:63:0c:a0:c9:83:1a:
         e1:9d:28:e9:05:0c:56:4f:a3:e4:ec:64:7d:51:e1:1a:d8:31:
         9d:a3:ea:d7:a2:0f:3f:32:90:6f:57:24:a8:ec:36:ff:b0:59:
         7c:59:26:ae:aa:a0:58:6d:5a:2a:25:e1:94:72:d4:79:e0:7c:
         f8:3c:0e:75:84:cc:16:87:68:ae:18:e2:5c:c0:a0:77:1b:de:
         f2:e8:2f:14:71:1d:25:44:8d:cd:d4:83:08:d3:5a:be:88:3e:
         79:55:0c:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwWElmWP+nl84XC3+QADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZjAwYWFlNTc3ZTc0NTFmODhlYTYwNGJmNmEzMzczNGNk
MDMwMDkwHhcNMjQwMTAyMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTRmNmI1MDgxNTQwNTZkZjQ4MDMwMzI4M2Y4MzE2ZTIwZmU0ZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoDqI2885pCsupRWX7njFFIAFZe0
U/3Q2aAhHHnnkpuxCCq/IV6Ga9dU34E1iWDfcrY5paZ2XAyNGxeugv1IFtKqzv1E
WUA31RtTTfzCmE0aOiDeXUj42B5poviIKwyDRthFRsvITPOlhpHWK6dEyBPhobxG
AeZ0ySRLboFyndldyL1cBtn/HHcPmIlZaZJQA89mBx+aKIFUDKZYsqgfUOgNQUu2
n1TqEYeqksKMVv8O7OC+KLMey6Dwry+4kMxeqFOfCuHIH3b2/lJLQtM/ktLvmZRS
s/iiBvvRhq+/tRwtW3HfD3+ja7KNilGUiYz/WM5OX0+mKx4LJ90ZirNPiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5Pa1CBVAVt9IAwMoP4MW4g/k7XMB8GA1UdIwQY
MBaAFKTwCq5XfnRR+I6mBL9qM3NM0DAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBBS3JsZC1kRkg0anFZRXYyb3pjMHpRTUFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi81OGE5NGEtOWUyOC00N2E1LTlmZDYt
OWM5MWIxYzUxNThhLzEvWGs5clVJRlVCVzMwZ0RBeWdfZ3hiaUQtVHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi81OGE5NGEtOWUyOC00N2E1LTlmZDYtOWM5MWIxYzUxNThh
LzEvcFBBS3JsZC1kRkg0anFZRXYyb3pjMHpRTUFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+1OMA0G
CSqGSIb3DQEBCwUAA4IBAQCDGNndJ0KYP47XYv16LtrhCmBjG8GN6ZC6m7zWPbCp
0nyU+PJumeJDpiPYO9NatSrpum5MbtepMTQ3Clme5Rk15KLV1qjebhOnpRSQjMOF
I9Vbzkezx/qKGvLdEn9opVd8vc66wawCX4folEx6yuJxxRMosBcM0rxvjGYp7Cyl
g5C9rX1JOce25dP9nWAey0wuQrqAaL9owCitpcZjDKDJgxrhnSjpBQxWT6Pk7GR9
UeEa2DGdo+rXog8/MpBvVySo7Db/sFl8WSauqqBYbVoqJeGUctR54Hz4PA51hMwW
h2iuGOJcwKB3G97y6C8UcR0lRI3N1IMI01q+iD55VQy1
-----END CERTIFICATE-----