Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/tOzvSomg2VWv1IjQAXLRHrIVAcI.roa
File:                     tOzvSomg2VWv1IjQAXLRHrIVAcI.roa (raw, json)
Hash identifier:          Oap7WaQ2Oa7PXrx0CSPBJeLX/S5JuZsPryrc+Vh8dc0=
Subject key identifier:   B4:EC:EF:4A:89:A0:D9:55:AF:D4:88:D0:01:72:D1:1E:B2:15:01:C2
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018CC5002E560F341B3DAD6CD61685BBCD64
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/tOzvSomg2VWv1IjQAXLRHrIVAcI.roa
Signing time:             Mon 01 Jan 2024 12:29:32 +0000
ROA not before:           Mon 01 Jan 2024 12:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        91.213.174.0/24 maxlen: 24
                          91.213.186.0/24 maxlen: 24
                          45.150.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:2e:56:0f:34:1b:3d:ad:6c:d6:16:85:bb:cd:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 12:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4ecef4a89a0d955afd488d00172d11eb21501c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f0:d8:e2:81:28:ee:85:a6:5f:3a:91:f1:20:
                    ff:1d:81:89:bc:5d:f3:66:72:ba:8c:0e:9c:8d:a0:
                    cb:45:38:56:51:17:b9:77:a0:b4:cc:3e:04:62:eb:
                    96:ee:a1:36:fd:c4:97:56:ce:b2:7c:4e:de:3d:c7:
                    43:15:75:b4:eb:55:5c:4b:82:b3:a0:11:65:40:c5:
                    58:38:6f:90:e2:e3:03:60:96:d7:74:98:e6:55:6b:
                    c9:5d:10:b1:40:de:63:c2:f7:c2:6d:da:5f:62:95:
                    37:f9:a8:4c:fd:c5:b6:41:77:f0:48:dd:5c:ef:9d:
                    6e:03:a3:67:c1:c8:c4:c2:26:98:72:52:4c:11:9f:
                    10:47:44:ce:a4:c2:28:39:58:8a:e9:88:af:50:6d:
                    42:1c:99:3c:c6:b8:be:1b:fc:7c:37:1c:c0:da:6e:
                    cf:d9:45:da:16:df:a9:36:28:0c:7d:5c:48:dd:d5:
                    78:27:d7:2e:48:7e:6d:3c:9d:3d:d0:4d:1a:e0:db:
                    24:47:7c:28:41:ea:dd:08:8d:43:d3:1b:b3:56:7f:
                    dc:bd:1d:bc:9e:e2:4c:c5:7d:2b:a8:6a:23:3a:ad:
                    d8:33:db:d2:c1:92:db:76:3a:63:71:9a:4f:2d:e2:
                    60:e2:34:d5:49:bc:36:e8:1b:d0:5d:a3:21:5e:aa:
                    a8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:EC:EF:4A:89:A0:D9:55:AF:D4:88:D0:01:72:D1:1E:B2:15:01:C2
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/tOzvSomg2VWv1IjQAXLRHrIVAcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.197.0/24
                  91.213.174.0/24
                  91.213.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:ce:02:9c:47:07:31:5e:90:89:1b:cf:51:7e:91:c5:91:01:
         3f:ca:8c:73:8b:95:55:81:e9:30:d1:c5:c5:17:df:dc:80:1d:
         f9:13:78:85:a0:8b:b3:ae:5c:1d:16:2f:90:80:e7:1f:58:14:
         cd:0f:f6:84:25:f3:fe:fa:43:fa:64:54:f1:78:9c:9f:50:91:
         f9:64:68:88:1b:0b:ae:d7:34:48:2c:0d:38:ae:3f:84:d5:36:
         4b:67:7c:89:41:ed:be:d8:dd:c8:93:45:0f:ed:ea:07:13:90:
         e5:e9:83:49:46:3f:30:14:83:28:f8:88:46:c0:9e:a2:d8:26:
         21:66:97:87:c4:1d:84:88:99:5a:63:51:d5:01:8e:ce:cc:72:
         54:90:55:23:7d:1e:78:f0:71:ee:7f:99:2d:bb:cc:e8:8a:0b:
         16:20:29:e6:d4:01:f3:2f:6b:5e:f7:2e:44:96:6f:25:23:79:
         60:3f:fd:85:90:b3:e7:c9:e1:c8:11:42:4a:5b:65:90:0c:05:
         f2:b0:20:15:9e:d0:69:f8:50:d2:97:ac:08:03:32:13:c7:5a:
         f5:24:8e:07:30:fe:0a:b3:4d:bf:e1:5d:76:53:eb:12:53:35:
         6f:d5:b2:06:2d:bb:fd:d8:03:72:6c:b5:13:d5:40:48:44:3a:
         17:52:d8:73
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFAC5WDzQbPa1s1haFu81kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMTAxMTIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGVjZWY0YTg5YTBkOTU1YWZkNDg4ZDAwMTcyZDExZWIyMTUwMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPDY4oEo7oWmXzqR8SD/HYGJvF3z
ZnK6jA6cjaDLRThWURe5d6C0zD4EYuuW7qE2/cSXVs6yfE7ePcdDFXW061VcS4Kz
oBFlQMVYOG+Q4uMDYJbXdJjmVWvJXRCxQN5jwvfCbdpfYpU3+ahM/cW2QXfwSN1c
751uA6NnwcjEwiaYclJMEZ8QR0TOpMIoOViK6YivUG1CHJk8xri+G/x8NxzA2m7P
2UXaFt+pNigMfVxI3dV4J9cuSH5tPJ090E0a4NskR3woQerdCI1D0xuzVn/cvR28
nuJMxX0rqGojOq3YM9vSwZLbdjpjcZpPLeJg4jTVSbw26BvQXaMhXqqoPwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLTs70qJoNlVr9SI0AFy0R6yFQHCMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvdE96dlNvbWcyVld2MUlqUUFYTFJIcklWQWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZbFAwQA
W9WuAwQAW9W6MA0GCSqGSIb3DQEBCwUAA4IBAQBszgKcRwcxXpCJG89RfpHFkQE/
yoxzi5VVgekw0cXFF9/cgB35E3iFoIuzrlwdFi+QgOcfWBTND/aEJfP++kP6ZFTx
eJyfUJH5ZGiIGwuu1zRILA04rj+E1TZLZ3yJQe2+2N3Ik0UP7eoHE5Dl6YNJRj8w
FIMo+IhGwJ6i2CYhZpeHxB2EiJlaY1HVAY7OzHJUkFUjfR548HHuf5ktu8zoigsW
ICnm1AHzL2te9y5Elm8lI3lgP/2FkLPnyeHIEUJKW2WQDAXysCAVntBp+FDSl6wI
AzITx1r1JI4HMP4Ks02/4V12U+sSUzVv1bIGLbv92ANybLUT1UBIRDoXUthz
-----END CERTIFICATE-----