Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/6rndazStRhujioBo258P1qoEokI.roa
File:                     6rndazStRhujioBo258P1qoEokI.roa (raw, json)
Hash identifier:          6wE2CNetUvC2npq5P1oHVbWJr1WIckeukGLMJrAehUI=
Subject key identifier:   EA:B9:DD:6B:34:AD:46:1B:A3:8A:80:68:DB:9F:0F:D6:AA:04:A2:42
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018CC5003476230C9854A6A1BEA4235EC2AE
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/6rndazStRhujioBo258P1qoEokI.roa
Signing time:             Mon 01 Jan 2024 12:29:34 +0000
ROA not before:           Mon 01 Jan 2024 12:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139659
IP address blocks:        91.208.240.0/24 maxlen: 24
                          91.208.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:34:76:23:0c:98:54:a6:a1:be:a4:23:5e:c2:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 12:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eab9dd6b34ad461ba38a8068db9f0fd6aa04a242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3f:f5:2a:3d:17:f8:fa:8d:c0:cf:db:ff:15:
                    f4:70:2f:ac:bc:ab:5d:28:46:e1:80:76:41:65:b1:
                    59:71:27:46:1c:e4:e2:80:47:3e:90:45:0e:2f:4a:
                    09:ac:aa:77:a8:f4:7a:8e:bf:77:92:fc:e6:fc:58:
                    79:27:fe:7d:a0:e8:04:f2:4c:b0:8b:1b:33:26:82:
                    88:fa:30:78:68:5a:34:41:95:72:fa:65:dd:57:93:
                    00:76:86:75:27:d4:c7:c7:60:cf:26:9f:73:2c:1c:
                    e7:37:34:ca:a6:34:37:41:b4:ce:4e:3d:8e:cf:7e:
                    16:a8:08:6f:e9:56:00:bc:d3:81:74:c7:b2:c0:2d:
                    bc:c3:e5:f4:a3:d8:4b:eb:4b:29:48:4d:63:59:97:
                    12:3d:1b:5d:88:08:eb:ff:d0:93:51:c4:21:b7:11:
                    d3:6d:a2:5b:2e:3e:28:d7:9f:82:a9:94:d6:33:a2:
                    db:05:2c:45:bb:1e:82:15:be:da:7e:63:2d:e6:05:
                    64:86:39:9e:dd:38:36:77:71:b8:ac:90:38:d4:33:
                    2c:e7:dc:b4:0b:41:b8:4c:8e:02:e6:d6:e7:40:54:
                    5f:44:ef:5b:88:b2:8f:78:a0:db:9e:f4:16:ef:3e:
                    33:6c:a7:01:6b:27:cf:79:13:43:0c:10:d8:42:fc:
                    09:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:B9:DD:6B:34:AD:46:1B:A3:8A:80:68:DB:9F:0F:D6:AA:04:A2:42
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/6rndazStRhujioBo258P1qoEokI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.236.0/24
                  91.208.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:13:b6:93:bf:b0:34:45:3d:a7:a3:fd:a0:78:e7:55:d5:a2:
         c5:79:c5:f6:2e:53:ea:1b:a4:5c:90:25:b2:81:6d:6c:6a:4b:
         24:a6:ef:8d:b9:98:bf:66:ba:84:45:af:61:fc:81:c6:d0:ca:
         46:76:b1:94:f5:39:66:c3:57:6c:3b:8f:4d:38:71:84:a8:8c:
         b9:19:79:e2:64:30:55:16:83:16:41:a9:8e:2f:50:9a:9b:ee:
         1f:55:dd:70:38:6c:f2:59:42:3b:b0:82:0b:17:db:75:e1:c0:
         ac:78:70:1f:4c:14:9a:1a:eb:a4:02:f4:9a:74:ba:d2:db:eb:
         cf:0e:33:a3:d5:d3:e3:15:b9:40:0d:59:d2:95:76:57:64:c5:
         58:de:0f:a7:b7:6d:f6:9f:14:16:16:01:ab:1e:a4:b1:4c:b8:
         fb:95:ac:51:c3:04:1c:08:0b:82:21:f7:c7:19:36:90:82:22:
         5e:9c:20:ee:15:5b:9e:e5:c9:05:b5:b1:a1:d1:3f:74:96:02:
         c7:04:75:2d:06:7e:15:91:5a:98:77:00:23:de:c4:0d:c2:6b:
         91:fc:55:10:33:b2:4f:f2:23:54:0a:ae:5b:b8:5a:50:19:13:
         51:16:89:60:e5:47:d5:bb:d5:0b:47:a9:94:b9:f9:5e:96:07:
         19:d2:e5:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFADR2IwyYVKahvqQjXsKuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMTAxMTIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWI5ZGQ2YjM0YWQ0NjFiYTM4YTgwNjhkYjlmMGZkNmFhMDRhMjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvj/1Kj0X+PqNwM/b/xX0cC+svKtd
KEbhgHZBZbFZcSdGHOTigEc+kEUOL0oJrKp3qPR6jr93kvzm/Fh5J/59oOgE8kyw
ixszJoKI+jB4aFo0QZVy+mXdV5MAdoZ1J9THx2DPJp9zLBznNzTKpjQ3QbTOTj2O
z34WqAhv6VYAvNOBdMeywC28w+X0o9hL60spSE1jWZcSPRtdiAjr/9CTUcQhtxHT
baJbLj4o15+CqZTWM6LbBSxFux6CFb7afmMt5gVkhjme3Tg2d3G4rJA41DMs59y0
C0G4TI4C5tbnQFRfRO9biLKPeKDbnvQW7z4zbKcBayfPeRNDDBDYQvwJwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOq53Ws0rUYbo4qAaNufD9aqBKJCMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvNnJuZGF6U3RSaHVqaW9CbzI1OFAxcW9Fb2tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9DsAwQA
W9DwMA0GCSqGSIb3DQEBCwUAA4IBAQBCE7aTv7A0RT2no/2geOdV1aLFecX2LlPq
G6RckCWygW1sakskpu+NuZi/ZrqERa9h/IHG0MpGdrGU9Tlmw1dsO49NOHGEqIy5
GXniZDBVFoMWQamOL1Cam+4fVd1wOGzyWUI7sIILF9t14cCseHAfTBSaGuukAvSa
dLrS2+vPDjOj1dPjFblADVnSlXZXZMVY3g+nt232nxQWFgGrHqSxTLj7laxRwwQc
CAuCIffHGTaQgiJenCDuFVue5ckFtbGh0T90lgLHBHUtBn4VkVqYdwAj3sQNwmuR
/FUQM7JP8iNUCq5buFpQGRNRFolg5UfVu9ULR6mUuflelgcZ0uVL
-----END CERTIFICATE-----