Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/R8JIpEG5H2pcg5h0IwSpUi52sHc.roa
File:                     R8JIpEG5H2pcg5h0IwSpUi52sHc.roa (raw, json)
Hash identifier:          2it8MBe/PEjLBsK1hLe5q7k8JM3KW46YF36yhB+bXYs=
Subject key identifier:   47:C2:48:A4:41:B9:1F:6A:5C:83:98:74:23:04:A9:52:2E:76:B0:77
Certificate issuer:       /CN=6dfc1438ee0815a9bf8b73f9a7ced094f21ac79e
Certificate serial:       018CC86F7B21F27586784A5272C70D46B646
Authority key identifier: 6D:FC:14:38:EE:08:15:A9:BF:8B:73:F9:A7:CE:D0:94:F2:1A:C7:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bfwUOO4IFam_i3P5p87QlPIax54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/R8JIpEG5H2pcg5h0IwSpUi52sHc.roa
Signing time:             Tue 02 Jan 2024 04:29:58 +0000
ROA not before:           Tue 02 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43256
IP address blocks:        217.171.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/bfwUOO4IFam_i3P5p87QlPIax54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/bfwUOO4IFam_i3P5p87QlPIax54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bfwUOO4IFam_i3P5p87QlPIax54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:7b:21:f2:75:86:78:4a:52:72:c7:0d:46:b6:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dfc1438ee0815a9bf8b73f9a7ced094f21ac79e
        Validity
            Not Before: Jan  2 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47c248a441b91f6a5c8398742304a9522e76b077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:94:09:92:4c:03:53:cf:f2:4c:e0:6a:98:b3:
                    27:67:41:23:b8:7b:fb:dc:ec:61:78:de:15:9c:65:
                    fb:20:1d:da:6e:6b:e5:69:dc:db:d7:dc:05:23:d5:
                    c3:75:78:6c:99:91:ee:84:e1:35:a6:bf:81:eb:59:
                    76:7e:83:18:90:e9:da:49:23:37:39:ec:8e:2c:6e:
                    8d:7b:a5:bc:50:e8:55:2a:55:24:a8:a4:3b:75:ad:
                    b4:2a:47:d8:af:17:2e:b2:6d:d1:ed:29:b1:8a:49:
                    6d:e1:58:78:1b:88:f3:90:aa:dc:77:ef:48:b5:ab:
                    76:0f:f9:65:86:d8:6b:74:7e:7a:de:b0:18:06:87:
                    3f:de:41:ff:8d:88:e6:77:b5:49:8b:d1:f1:ca:e5:
                    81:68:fd:83:4c:a2:51:d5:0b:e7:11:a3:b1:3b:4b:
                    03:84:67:e0:39:54:66:48:aa:e6:01:57:70:d3:e6:
                    41:a1:74:3e:e2:35:02:2a:40:26:9d:58:69:0b:d3:
                    c9:fc:10:8a:b7:e2:a9:f2:dc:e3:65:2a:19:a4:db:
                    64:98:55:88:4e:ab:86:c0:72:e3:ed:16:91:d7:ee:
                    d3:ec:cc:b5:5a:14:d2:d4:8e:30:16:9e:c6:c8:cd:
                    b7:49:f1:9e:ca:1b:a1:0f:be:cf:ea:c5:53:82:af:
                    bc:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C2:48:A4:41:B9:1F:6A:5C:83:98:74:23:04:A9:52:2E:76:B0:77
            X509v3 Authority Key Identifier:
                keyid:6D:FC:14:38:EE:08:15:A9:BF:8B:73:F9:A7:CE:D0:94:F2:1A:C7:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bfwUOO4IFam_i3P5p87QlPIax54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/R8JIpEG5H2pcg5h0IwSpUi52sHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/bfwUOO4IFam_i3P5p87QlPIax54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.171.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:02:8b:14:1d:08:06:85:2e:56:83:c1:41:3c:61:4e:06:75:
         81:86:fb:c7:63:d5:38:ed:18:0c:2b:27:de:b0:ea:e8:12:07:
         86:a5:20:61:b3:d5:a3:5a:a5:6e:68:9f:43:cd:2e:30:d4:fa:
         db:cb:56:64:5a:40:ab:15:45:0d:31:42:73:61:83:ed:83:72:
         20:f5:f7:75:aa:a1:d2:ed:73:dd:e2:1a:09:82:1a:ce:8a:ea:
         ec:40:96:17:44:4e:2d:9e:eb:5f:2b:4d:fb:f2:d5:40:bb:7a:
         d9:4b:e1:4a:19:38:c1:2d:10:b1:69:7e:8c:52:fc:6b:c6:87:
         75:ae:fe:4a:8c:f9:d1:3f:0f:66:06:99:48:6f:35:c0:01:ee:
         b1:74:6d:08:3d:9c:19:14:96:ce:47:2f:1c:06:d5:8d:6a:f1:
         1f:4a:05:7c:67:fa:fd:2c:af:6b:d5:82:cb:cf:e1:2f:80:eb:
         c3:ac:91:8e:f5:c5:30:40:02:a8:50:01:aa:eb:d6:8d:3b:b1:
         a2:0e:13:d6:84:97:ad:b5:47:3e:1c:4c:87:b9:cc:f4:90:86:
         dc:8e:7d:49:c8:f1:bb:4f:d9:1e:85:f2:46:52:d2:42:03:1a:
         bf:2c:9a:63:19:b6:25:19:f6:d8:bc:dc:82:04:81:24:65:60:
         f8:a3:be:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3sh8nWGeEpScscNRrZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZmMxNDM4ZWUwODE1YTliZjhiNzNmOWE3Y2VkMDk0ZjIx
YWM3OWUwHhcNMjQwMTAyMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2MyNDhhNDQxYjkxZjZhNWM4Mzk4NzQyMzA0YTk1MjJlNzZiMDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJQJkkwDU8/yTOBqmLMnZ0EjuHv7
3OxheN4VnGX7IB3abmvladzb19wFI9XDdXhsmZHuhOE1pr+B61l2foMYkOnaSSM3
OeyOLG6Ne6W8UOhVKlUkqKQ7da20KkfYrxcusm3R7Smxiklt4Vh4G4jzkKrcd+9I
tat2D/llhthrdH563rAYBoc/3kH/jYjmd7VJi9HxyuWBaP2DTKJR1QvnEaOxO0sD
hGfgOVRmSKrmAVdw0+ZBoXQ+4jUCKkAmnVhpC9PJ/BCKt+Kp8tzjZSoZpNtkmFWI
TquGwHLj7RaR1+7T7My1WhTS1I4wFp7GyM23SfGeyhuhD77P6sVTgq+89QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfCSKRBuR9qXIOYdCMEqVIudrB3MB8GA1UdIwQY
MBaAFG38FDjuCBWpv4tz+afO0JTyGseeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmZ3VU9PNElGYW1faTNQNXA4N1FsUElheDU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8yZjk4Y2ItNmQ5NC00OGExLThkYmEt
ZDY0Njc2N2M1ZjEzLzEvUjhKSXBFRzVIMnBjZzVoMEl3U3BVaTUyc0hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8yZjk4Y2ItNmQ5NC00OGExLThkYmEtZDY0Njc2N2M1ZjEz
LzEvYmZ3VU9PNElGYW1faTNQNXA4N1FsUElheDU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2atbMA0G
CSqGSIb3DQEBCwUAA4IBAQA2AosUHQgGhS5Wg8FBPGFOBnWBhvvHY9U47RgMKyfe
sOroEgeGpSBhs9WjWqVuaJ9DzS4w1Prby1ZkWkCrFUUNMUJzYYPtg3Ig9fd1qqHS
7XPd4hoJghrOiursQJYXRE4tnutfK0378tVAu3rZS+FKGTjBLRCxaX6MUvxrxod1
rv5KjPnRPw9mBplIbzXAAe6xdG0IPZwZFJbORy8cBtWNavEfSgV8Z/r9LK9r1YLL
z+EvgOvDrJGO9cUwQAKoUAGq69aNO7GiDhPWhJettUc+HEyHucz0kIbcjn1JyPG7
T9kehfJGUtJCAxq/LJpjGbYlGfbYvNyCBIEkZWD4o75u
-----END CERTIFICATE-----