Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/DT70jfq8FnbrzbyK8oTac5Z70lE.roa
File:                     DT70jfq8FnbrzbyK8oTac5Z70lE.roa (raw, json)
Hash identifier:          pjs+Dmg+ZqetWPqhd1Rd9AwIS2u/A6nGZRVBgntd0+4=
Subject key identifier:   0D:3E:F4:8D:FA:BC:16:76:EB:CD:BC:8A:F2:84:DA:73:96:7B:D2:51
Certificate issuer:       /CN=f17f6957fc23b8d46b9d3dc8bc7db122859876f0
Certificate serial:       018CC26D1A474FB053B5510EFD3979C0EF99
Authority key identifier: F1:7F:69:57:FC:23:B8:D4:6B:9D:3D:C8:BC:7D:B1:22:85:98:76:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8X9pV_wjuNRrnT3IvH2xIoWYdvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/DT70jfq8FnbrzbyK8oTac5Z70lE.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49367
IP address blocks:        91.199.223.0/24 maxlen: 24
                          91.199.248.0/24 maxlen: 24
                          91.203.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/8X9pV_wjuNRrnT3IvH2xIoWYdvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/8X9pV_wjuNRrnT3IvH2xIoWYdvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8X9pV_wjuNRrnT3IvH2xIoWYdvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 15:21:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1a:47:4f:b0:53:b5:51:0e:fd:39:79:c0:ef:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f17f6957fc23b8d46b9d3dc8bc7db122859876f0
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d3ef48dfabc1676ebcdbc8af284da73967bd251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ac:7f:01:1a:ce:ec:c2:69:35:f8:22:5c:f5:
                    24:f3:38:60:a8:c4:87:1d:ca:de:23:f4:1d:5e:65:
                    f2:0c:32:ea:da:e8:b8:77:55:85:3b:d9:fc:ba:71:
                    12:53:8d:70:5b:bf:d2:8a:e8:8a:d7:98:af:31:5b:
                    10:70:e3:b0:12:9b:bc:41:b9:9c:d4:ae:b0:b6:42:
                    a1:eb:03:c6:d3:c5:21:2e:8c:a5:72:92:8d:3a:f7:
                    e2:1a:4a:1e:31:e0:fc:d6:e1:14:4d:99:fa:75:0c:
                    9f:5d:20:bb:20:10:7d:33:85:10:c0:78:6b:61:66:
                    1e:ce:48:eb:1f:d6:f2:25:af:87:9d:4f:33:ca:44:
                    93:f7:a3:dc:f3:aa:3e:bf:d5:8c:6b:40:e9:1f:6e:
                    e1:9b:47:48:d6:d3:f9:5a:ba:28:17:55:3d:59:b1:
                    80:20:0a:52:66:2e:73:72:c9:bf:28:ca:eb:28:9b:
                    94:02:9c:7b:ba:a0:3d:8c:6c:48:b4:d9:af:c3:8e:
                    e8:6f:36:d1:a7:65:1f:49:80:a1:d0:44:4d:43:9f:
                    0e:9d:b8:e5:55:47:ab:d9:6c:52:e3:1c:83:fc:6c:
                    5e:4c:4c:6d:6a:38:e0:5b:ab:ef:f0:23:28:d3:40:
                    c6:d1:0d:74:31:12:6c:ff:ac:30:45:60:b0:4e:5d:
                    e4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:3E:F4:8D:FA:BC:16:76:EB:CD:BC:8A:F2:84:DA:73:96:7B:D2:51
            X509v3 Authority Key Identifier:
                keyid:F1:7F:69:57:FC:23:B8:D4:6B:9D:3D:C8:BC:7D:B1:22:85:98:76:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8X9pV_wjuNRrnT3IvH2xIoWYdvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/DT70jfq8FnbrzbyK8oTac5Z70lE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/8X9pV_wjuNRrnT3IvH2xIoWYdvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.223.0/24
                  91.199.248.0/24
                  91.203.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:2b:1b:ac:c5:3d:9f:55:b0:0b:bd:55:ef:d5:0d:d4:58:86:
         d6:c9:62:c5:20:cb:26:98:c5:ef:9b:ee:68:81:cf:b2:ea:68:
         35:e5:a7:25:93:b1:4b:1f:77:eb:53:53:a3:7c:51:3e:83:60:
         20:eb:17:c5:34:2d:e6:1d:c9:dd:1b:a5:00:ed:d7:f9:df:ae:
         07:b5:ab:0d:7c:33:e0:0f:7b:08:9e:cf:ca:16:57:98:34:ca:
         82:4f:f6:0a:c1:c1:b4:70:08:be:98:15:22:da:36:36:6f:15:
         d2:84:fe:fe:16:61:30:c9:65:b3:f5:4c:90:67:71:50:a9:61:
         6f:9b:6d:2d:dd:e7:57:1b:aa:8e:d8:c2:99:68:d3:22:69:31:
         10:a0:67:dd:5f:df:5a:73:eb:b9:33:71:72:9a:0d:20:2b:91:
         5d:7d:dd:fa:b6:83:84:ba:d9:d1:d6:c7:06:24:e4:a0:66:b3:
         76:66:99:d9:b1:76:0c:bd:db:25:94:37:01:01:ae:6f:1b:e6:
         ed:f1:76:09:6a:b3:dc:dc:91:6c:8e:fd:68:9d:8f:ec:2d:6d:
         d8:07:6c:c6:6d:7d:ef:9a:c6:f2:4f:9a:49:1a:63:a5:79:cb:
         5f:5a:8d:d3:ff:a8:ab:0d:ec:76:bf:6c:ad:b5:21:ef:ad:54:
         be:ce:7d:ae
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzCbRpHT7BTtVEO/Tl5wO+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxN2Y2OTU3ZmMyM2I4ZDQ2YjlkM2RjOGJjN2RiMTIyODU5
ODc2ZjAwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDNlZjQ4ZGZhYmMxNjc2ZWJjZGJjOGFmMjg0ZGE3Mzk2N2JkMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6x/ARrO7MJpNfgiXPUk8zhgqMSH
HcreI/QdXmXyDDLq2ui4d1WFO9n8unESU41wW7/SiuiK15ivMVsQcOOwEpu8Qbmc
1K6wtkKh6wPG08UhLoylcpKNOvfiGkoeMeD81uEUTZn6dQyfXSC7IBB9M4UQwHhr
YWYezkjrH9byJa+HnU8zykST96Pc86o+v9WMa0DpH27hm0dI1tP5WrooF1U9WbGA
IApSZi5zcsm/KMrrKJuUApx7uqA9jGxItNmvw47obzbRp2UfSYCh0ERNQ58Onbjl
VUer2WxS4xyD/GxeTExtajjgW6vv8CMo00DG0Q10MRJs/6wwRWCwTl3kGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA0+9I36vBZ26828ivKE2nOWe9JRMB8GA1UdIwQY
MBaAFPF/aVf8I7jUa509yLx9sSKFmHbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFg5cFZfd2p1TlJyblQzSXZIMnhJb1dZZHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMDI2ZDMtOWYzMy00NjNlLTg0MTAt
NzI2ZGE0ZTkzODZiLzEvRFQ3MGpmcThGbmJyemJ5SzhvVGFjNVo3MGxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMDI2ZDMtOWYzMy00NjNlLTg0MTAtNzI2ZGE0ZTkzODZi
LzEvOFg5cFZfd2p1TlJyblQzSXZIMnhJb1dZZHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8ffAwQA
W8f4AwQAW8vcMA0GCSqGSIb3DQEBCwUAA4IBAQBZKxusxT2fVbALvVXv1Q3UWIbW
yWLFIMsmmMXvm+5ogc+y6mg15aclk7FLH3frU1OjfFE+g2Ag6xfFNC3mHcndG6UA
7df5364HtasNfDPgD3sIns/KFleYNMqCT/YKwcG0cAi+mBUi2jY2bxXShP7+FmEw
yWWz9UyQZ3FQqWFvm20t3edXG6qO2MKZaNMiaTEQoGfdX99ac+u5M3Fymg0gK5Fd
fd36toOEutnR1scGJOSgZrN2ZpnZsXYMvdsllDcBAa5vG+bt8XYJarPc3JFsjv1o
nY/sLW3YB2zGbX3vmsbyT5pJGmOlectfWo3T/6irDex2v2yttSHvrVS+zn2u
-----END CERTIFICATE-----