Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/772440-876c-42d0-80f5-b4aee8c5d48e/1/jLVYTPqiK-Odf1onSnsO9bPFPpY.roa
File:                     jLVYTPqiK-Odf1onSnsO9bPFPpY.roa (raw, json)
Hash identifier:          C2HbNUOuO4xm0hiQYPxzAy1vqqhneTw/J6sQw3c1uc4=
Subject key identifier:   8C:B5:58:4C:FA:A2:2B:E3:9D:7F:5A:27:4A:7B:0E:F5:B3:C5:3E:96
Certificate issuer:       /CN=b3b77e52cc777a1eafe69a517f95d2c219c19080
Certificate serial:       018D7E1E5C6672FD7373BCCA29494738572C
Authority key identifier: B3:B7:7E:52:CC:77:7A:1E:AF:E6:9A:51:7F:95:D2:C2:19:C1:90:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s7d-Usx3eh6v5ppRf5XSwhnBkIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/772440-876c-42d0-80f5-b4aee8c5d48e/1/jLVYTPqiK-Odf1onSnsO9bPFPpY.roa
Signing time:             Tue 06 Feb 2024 11:12:15 +0000
ROA not before:           Tue 06 Feb 2024 11:12:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        91.220.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/772440-876c-42d0-80f5-b4aee8c5d48e/1/s7d-Usx3eh6v5ppRf5XSwhnBkIA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/772440-876c-42d0-80f5-b4aee8c5d48e/1/s7d-Usx3eh6v5ppRf5XSwhnBkIA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s7d-Usx3eh6v5ppRf5XSwhnBkIA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:1e:5c:66:72:fd:73:73:bc:ca:29:49:47:38:57:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3b77e52cc777a1eafe69a517f95d2c219c19080
        Validity
            Not Before: Feb  6 11:12:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cb5584cfaa22be39d7f5a274a7b0ef5b3c53e96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:79:17:a8:06:10:f8:cd:39:3c:ba:2a:4b:9f:
                    96:a2:a2:93:67:77:70:8d:68:e3:9a:83:7b:b2:73:
                    36:50:b7:e6:f0:a3:76:0e:49:c3:8b:d3:34:49:44:
                    a7:52:f4:ef:de:8b:bf:f1:f5:ca:01:e4:07:fd:fd:
                    9c:ca:c7:5b:ac:89:2a:9e:c9:a2:e0:b4:8e:35:09:
                    44:ee:38:8a:d0:ea:30:47:23:4b:de:c1:5c:bd:67:
                    0f:a2:cf:86:30:4d:da:24:9e:ce:a8:9e:a9:5f:74:
                    1c:67:88:59:ae:95:5a:4f:4a:da:bb:b9:aa:9b:d9:
                    e3:0b:df:3c:1c:21:21:4f:29:5a:4e:d4:be:55:66:
                    63:13:65:f3:3d:3c:39:19:04:f0:f2:a3:84:33:0d:
                    c3:24:a6:f2:e3:50:98:12:1e:7e:45:31:85:25:0d:
                    24:5f:5a:54:dd:81:38:92:b1:a9:20:5e:00:21:7f:
                    91:b4:af:eb:f1:1d:41:c8:f0:6b:47:96:05:53:fc:
                    51:af:e2:46:02:01:a3:89:a5:ef:c1:f4:52:72:43:
                    16:4b:77:33:df:3d:57:18:e5:7d:79:52:ef:94:6d:
                    2b:b8:2e:02:f2:d6:a0:90:75:7d:9d:bc:cf:1b:51:
                    3e:26:24:78:a1:69:4b:c7:87:75:13:95:0f:ae:4f:
                    44:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:B5:58:4C:FA:A2:2B:E3:9D:7F:5A:27:4A:7B:0E:F5:B3:C5:3E:96
            X509v3 Authority Key Identifier:
                keyid:B3:B7:7E:52:CC:77:7A:1E:AF:E6:9A:51:7F:95:D2:C2:19:C1:90:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s7d-Usx3eh6v5ppRf5XSwhnBkIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/772440-876c-42d0-80f5-b4aee8c5d48e/1/jLVYTPqiK-Odf1onSnsO9bPFPpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/772440-876c-42d0-80f5-b4aee8c5d48e/1/s7d-Usx3eh6v5ppRf5XSwhnBkIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:64:d4:6c:04:a1:8d:be:66:46:50:14:ef:8f:a0:cc:47:02:
         e6:e1:6a:64:e4:0a:bc:12:9d:cd:b9:38:4a:6d:d3:2f:42:4a:
         07:bb:cb:5b:64:7a:e0:08:b7:e4:c5:c7:e8:8c:89:1b:ba:9e:
         1d:7e:81:1a:46:a6:66:60:ec:35:57:e3:57:7c:c8:e6:cf:dd:
         a7:0b:db:9b:2a:47:d6:75:52:bd:a9:f5:7f:13:2e:76:62:e0:
         51:a4:6d:f8:66:69:83:87:dd:3d:90:d4:6e:c8:73:77:df:a6:
         30:7e:2d:4d:24:27:a9:73:51:31:e8:79:27:81:e6:5e:1a:d7:
         01:f1:75:60:0e:f1:7f:2d:df:18:d9:fe:0f:5b:2c:31:93:81:
         bb:db:ca:1f:93:63:10:3c:3d:d5:af:92:e5:15:f5:d0:0e:33:
         a7:ee:92:8f:50:eb:39:e6:03:43:60:39:cf:04:0f:48:82:e1:
         d0:d8:39:b1:93:44:41:de:0b:a4:e1:f0:45:d3:94:1b:77:11:
         8e:79:85:77:dd:17:22:0c:3d:02:ea:a4:25:34:45:c2:4b:8a:
         be:20:65:6f:ab:bd:ca:42:29:7b:75:95:84:31:c8:79:a3:97:
         d2:ef:ed:e5:7c:7e:b8:6d:3c:f5:b6:94:d4:13:cd:29:66:e8:
         32:11:e9:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1+Hlxmcv1zc7zKKUlHOFcsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYjc3ZTUyY2M3NzdhMWVhZmU2OWE1MTdmOTVkMmMyMTlj
MTkwODAwHhcNMjQwMjA2MTExMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2I1NTg0Y2ZhYTIyYmUzOWQ3ZjVhMjc0YTdiMGVmNWIzYzUzZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XkXqAYQ+M05PLoqS5+WoqKTZ3dw
jWjjmoN7snM2ULfm8KN2DknDi9M0SUSnUvTv3ou/8fXKAeQH/f2cysdbrIkqnsmi
4LSONQlE7jiK0OowRyNL3sFcvWcPos+GME3aJJ7OqJ6pX3QcZ4hZrpVaT0rau7mq
m9njC988HCEhTylaTtS+VWZjE2XzPTw5GQTw8qOEMw3DJKby41CYEh5+RTGFJQ0k
X1pU3YE4krGpIF4AIX+RtK/r8R1ByPBrR5YFU/xRr+JGAgGjiaXvwfRSckMWS3cz
3z1XGOV9eVLvlG0ruC4C8tagkHV9nbzPG1E+JiR4oWlLx4d1E5UPrk9ElwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIy1WEz6oivjnX9aJ0p7DvWzxT6WMB8GA1UdIwQY
MBaAFLO3flLMd3oer+aaUX+V0sIZwZCAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczdkLVVzeDNlaDZ2NXBwUmY1WFN3aG5Ca0lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83NzI0NDAtODc2Yy00MmQwLTgwZjUt
YjRhZWU4YzVkNDhlLzEvakxWWVRQcWlLLU9kZjFvblNuc085YlBGUHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83NzI0NDAtODc2Yy00MmQwLTgwZjUtYjRhZWU4YzVkNDhl
LzEvczdkLVVzeDNlaDZ2NXBwUmY1WFN3aG5Ca0lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9woMA0G
CSqGSIb3DQEBCwUAA4IBAQCCZNRsBKGNvmZGUBTvj6DMRwLm4Wpk5Aq8Ep3NuThK
bdMvQkoHu8tbZHrgCLfkxcfojIkbup4dfoEaRqZmYOw1V+NXfMjmz92nC9ubKkfW
dVK9qfV/Ey52YuBRpG34ZmmDh909kNRuyHN336Ywfi1NJCepc1Ex6HkngeZeGtcB
8XVgDvF/Ld8Y2f4PWywxk4G728ofk2MQPD3Vr5LlFfXQDjOn7pKPUOs55gNDYDnP
BA9IguHQ2Dmxk0RB3guk4fBF05QbdxGOeYV33RciDD0C6qQlNEXCS4q+IGVvq73K
Qil7dZWEMch5o5fS7+3lfH64bTz1tpTUE80pZugyEemy
-----END CERTIFICATE-----