Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/9e61b8-6223-4dce-91d5-c6d5f2a02c6f/1/buhKuBKld_P9q2YNYZrMBD7h6gI.roa
File:                     buhKuBKld_P9q2YNYZrMBD7h6gI.roa (raw, json)
Hash identifier:          i/AT2nP4MTdpZfYqQnjMDabJM/wE4eOkMnwFIqhxSI4=
Subject key identifier:   6E:E8:4A:B8:12:A5:77:F3:FD:AB:66:0D:61:9A:CC:04:3E:E1:EA:02
Certificate issuer:       /CN=946a7aae15ff3e831e3803fd98c1063ccc4bf3ec
Certificate serial:       018EB4A1D470CA4B86D027E3A8D37B012718
Authority key identifier: 94:6A:7A:AE:15:FF:3E:83:1E:38:03:FD:98:C1:06:3C:CC:4B:F3:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lGp6rhX_PoMeOAP9mMEGPMxL8-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/9e61b8-6223-4dce-91d5-c6d5f2a02c6f/1/buhKuBKld_P9q2YNYZrMBD7h6gI.roa
Signing time:             Sat 06 Apr 2024 18:18:08 +0000
ROA not before:           Sat 06 Apr 2024 18:18:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42074
IP address blocks:        91.218.194.0/24 maxlen: 24
                          91.218.195.0/24 maxlen: 24
                          193.108.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/9e61b8-6223-4dce-91d5-c6d5f2a02c6f/1/lGp6rhX_PoMeOAP9mMEGPMxL8-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/9e61b8-6223-4dce-91d5-c6d5f2a02c6f/1/lGp6rhX_PoMeOAP9mMEGPMxL8-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lGp6rhX_PoMeOAP9mMEGPMxL8-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 03:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b4:a1:d4:70:ca:4b:86:d0:27:e3:a8:d3:7b:01:27:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=946a7aae15ff3e831e3803fd98c1063ccc4bf3ec
        Validity
            Not Before: Apr  6 18:18:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ee84ab812a577f3fdab660d619acc043ee1ea02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:73:5c:62:cb:0e:db:26:82:a7:d2:5d:4b:47:
                    fe:2c:f6:73:fd:55:20:f8:af:fb:5c:30:a6:59:e1:
                    c5:a9:6f:22:4a:86:bd:78:af:2e:6c:56:d4:71:19:
                    1a:c3:30:f0:49:6a:9a:91:bb:30:87:92:7a:7a:19:
                    1e:23:2b:f8:51:18:eb:5b:9e:60:12:f9:a0:4f:44:
                    ad:b5:4b:7b:be:16:07:69:b6:22:72:84:a3:e3:fe:
                    1a:8b:95:ee:44:50:7d:43:a6:a3:c5:12:6c:31:1c:
                    5b:c9:37:13:0a:ee:ce:10:57:24:b6:0d:66:df:45:
                    85:49:b5:17:36:97:83:6f:45:f6:2a:20:b1:c6:f3:
                    d9:14:ee:61:fb:26:2c:02:27:f5:e7:c8:f1:58:ba:
                    b9:fb:4e:df:10:54:6f:23:7c:7c:cc:2d:4e:97:11:
                    69:fd:26:79:b6:da:58:60:33:9b:34:42:e9:2e:b4:
                    d0:6d:37:f8:1a:bd:a7:cf:3d:1a:b5:30:f4:03:5c:
                    5e:86:85:d9:40:0c:47:dc:c3:45:25:bb:dc:7a:ff:
                    ee:4a:6a:c6:59:ac:f0:85:36:52:c0:f2:c3:f1:70:
                    69:8d:37:25:3b:1a:4d:f9:f0:71:b9:ea:01:af:dd:
                    06:b2:cd:7b:ea:29:b6:16:e6:15:d4:da:39:03:59:
                    5d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:E8:4A:B8:12:A5:77:F3:FD:AB:66:0D:61:9A:CC:04:3E:E1:EA:02
            X509v3 Authority Key Identifier:
                keyid:94:6A:7A:AE:15:FF:3E:83:1E:38:03:FD:98:C1:06:3C:CC:4B:F3:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lGp6rhX_PoMeOAP9mMEGPMxL8-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/9e61b8-6223-4dce-91d5-c6d5f2a02c6f/1/buhKuBKld_P9q2YNYZrMBD7h6gI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/9e61b8-6223-4dce-91d5-c6d5f2a02c6f/1/lGp6rhX_PoMeOAP9mMEGPMxL8-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.194.0/23
                  193.108.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:8b:80:94:c5:93:c5:61:79:50:eb:1d:73:55:4b:6e:a8:d0:
         53:86:0d:a7:89:91:83:e9:c9:a8:95:f1:86:4d:cd:9c:ba:21:
         7e:46:88:05:e7:c9:f7:3a:47:19:08:19:ad:d7:fc:8f:f1:03:
         42:3c:93:39:ec:00:eb:44:10:1e:c3:94:d0:6e:8a:1c:73:a4:
         de:16:26:7b:2c:fa:05:8b:83:ca:46:95:95:c1:d2:1e:d0:ff:
         5b:fe:f2:70:8b:4d:e5:25:48:5f:86:f8:e7:6a:fa:ba:ab:56:
         7b:d7:03:2b:b1:15:f7:83:07:4a:19:a8:e6:fc:1b:60:06:8f:
         44:fa:f2:9b:f8:67:3c:32:e5:36:12:ff:90:9a:69:db:87:f6:
         19:13:3f:01:2a:b5:80:2c:5c:0c:2e:44:86:95:84:83:e3:26:
         5d:1c:38:3e:93:2f:01:ee:fa:5d:97:39:9c:d5:1d:56:5f:de:
         50:bf:a7:0a:b1:d1:d0:de:cc:02:2b:c5:93:1b:0b:37:c3:2f:
         81:e5:f2:15:a6:7b:2b:36:eb:26:5a:a0:65:ed:55:97:fc:ac:
         fe:d2:af:27:4f:d3:97:26:69:34:16:8a:4e:52:d6:0f:1e:11:
         40:8b:4b:47:6a:a6:23:dd:96:df:dc:20:a9:50:82:e8:29:46:
         94:d2:7c:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY60odRwykuG0CfjqNN7AScYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NmE3YWFlMTVmZjNlODMxZTM4MDNmZDk4YzEwNjNjY2M0
YmYzZWMwHhcNMjQwNDA2MTgxODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWU4NGFiODEyYTU3N2YzZmRhYjY2MGQ2MTlhY2MwNDNlZTFlYTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHNcYssO2yaCp9JdS0f+LPZz/VUg
+K/7XDCmWeHFqW8iSoa9eK8ubFbUcRkawzDwSWqakbswh5J6ehkeIyv4URjrW55g
EvmgT0SttUt7vhYHabYicoSj4/4ai5XuRFB9Q6ajxRJsMRxbyTcTCu7OEFcktg1m
30WFSbUXNpeDb0X2KiCxxvPZFO5h+yYsAif158jxWLq5+07fEFRvI3x8zC1OlxFp
/SZ5ttpYYDObNELpLrTQbTf4Gr2nzz0atTD0A1xehoXZQAxH3MNFJbvcev/uSmrG
WazwhTZSwPLD8XBpjTclOxpN+fBxueoBr90Gss176im2FuYV1No5A1ldlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG7oSrgSpXfz/atmDWGazAQ+4eoCMB8GA1UdIwQY
MBaAFJRqeq4V/z6DHjgD/ZjBBjzMS/PsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEdwNnJoWF9Qb01lT0FQOW1NRUdQTXhMOC13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS85ZTYxYjgtNjIyMy00ZGNlLTkxZDUt
YzZkNWYyYTAyYzZmLzEvYnVoS3VCS2xkX1A5cTJZTllack1CRDdoNmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS85ZTYxYjgtNjIyMy00ZGNlLTkxZDUtYzZkNWYyYTAyYzZm
LzEvbEdwNnJoWF9Qb01lT0FQOW1NRUdQTXhMOC13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW9rCAwQA
wWzxMA0GCSqGSIb3DQEBCwUAA4IBAQCzi4CUxZPFYXlQ6x1zVUtuqNBThg2niZGD
6cmolfGGTc2cuiF+RogF58n3OkcZCBmt1/yP8QNCPJM57ADrRBAew5TQboocc6Te
FiZ7LPoFi4PKRpWVwdIe0P9b/vJwi03lJUhfhvjnavq6q1Z71wMrsRX3gwdKGajm
/BtgBo9E+vKb+Gc8MuU2Ev+Qmmnbh/YZEz8BKrWALFwMLkSGlYSD4yZdHDg+ky8B
7vpdlzmc1R1WX95Qv6cKsdHQ3swCK8WTGws3wy+B5fIVpnsrNusmWqBl7VWX/Kz+
0q8nT9OXJmk0FopOUtYPHhFAi0tHaqYj3Zbf3CCpUILoKUaU0nzh
-----END CERTIFICATE-----