Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/0236d2-b00b-4640-93be-6bae3e9ea74b/1/1iJeKRzT6mLeCXaAtRIzwk9B8V0.roa
File:                     1iJeKRzT6mLeCXaAtRIzwk9B8V0.roa (raw, json)
Hash identifier:          10IXSg6PGEciemIhxwf8kCDun1PKy/lddY+oig2cHKc=
Subject key identifier:   D6:22:5E:29:1C:D3:EA:62:DE:09:76:80:B5:12:33:C2:4F:41:F1:5D
Certificate issuer:       /CN=79bf086e2125068d99f5dc1fca4c60171759d1ba
Certificate serial:       018CC3493B94579B7D0794AA0C35AC0C38C0
Authority key identifier: 79:BF:08:6E:21:25:06:8D:99:F5:DC:1F:CA:4C:60:17:17:59:D1:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eb8IbiElBo2Z9dwfykxgFxdZ0bo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/0236d2-b00b-4640-93be-6bae3e9ea74b/1/1iJeKRzT6mLeCXaAtRIzwk9B8V0.roa
Signing time:             Mon 01 Jan 2024 04:30:05 +0000
ROA not before:           Mon 01 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        91.233.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/0236d2-b00b-4640-93be-6bae3e9ea74b/1/eb8IbiElBo2Z9dwfykxgFxdZ0bo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/0236d2-b00b-4640-93be-6bae3e9ea74b/1/eb8IbiElBo2Z9dwfykxgFxdZ0bo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eb8IbiElBo2Z9dwfykxgFxdZ0bo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3b:94:57:9b:7d:07:94:aa:0c:35:ac:0c:38:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79bf086e2125068d99f5dc1fca4c60171759d1ba
        Validity
            Not Before: Jan  1 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6225e291cd3ea62de097680b51233c24f41f15d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:65:a5:b9:cb:99:8a:a3:25:2e:60:bf:07:33:
                    99:5f:d5:47:89:7c:84:0e:8f:79:25:d0:de:ac:17:
                    da:67:08:b4:bb:db:29:c9:ae:8a:11:1d:d0:ed:a8:
                    70:e0:da:c3:7c:68:29:dd:46:ff:03:62:38:49:4a:
                    27:46:00:13:f7:20:9f:ea:9e:bc:af:fc:9d:e6:c8:
                    c4:1f:7d:cd:45:04:7f:91:48:28:b9:93:12:92:2b:
                    94:7b:a4:46:3f:89:c4:ab:ab:50:14:0d:d7:96:1c:
                    f7:c4:ae:aa:30:bc:8d:37:43:e2:94:34:30:9a:84:
                    84:56:91:32:f9:1b:a2:46:7a:5b:bf:b6:b1:82:39:
                    ad:e2:1b:4b:78:7a:26:2a:80:0e:21:3f:bd:6f:1a:
                    df:6c:a2:61:3d:ff:cd:ae:67:b9:7a:a4:a3:8f:60:
                    77:75:5f:48:9d:b4:46:1e:9c:01:c6:2d:50:c9:e5:
                    e4:f4:4f:34:87:cd:5d:0a:b5:4f:ea:23:95:1b:4b:
                    e9:0e:ce:7d:8c:f2:43:6b:ed:76:14:12:9e:80:d7:
                    ee:40:4e:26:50:ac:10:57:02:88:5d:2a:69:90:33:
                    bd:af:37:73:94:47:6c:18:87:2e:c1:03:44:fe:03:
                    e5:1b:d5:5f:0d:5d:8b:9f:2e:e6:ac:fc:e9:dc:cb:
                    d8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:22:5E:29:1C:D3:EA:62:DE:09:76:80:B5:12:33:C2:4F:41:F1:5D
            X509v3 Authority Key Identifier:
                keyid:79:BF:08:6E:21:25:06:8D:99:F5:DC:1F:CA:4C:60:17:17:59:D1:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb8IbiElBo2Z9dwfykxgFxdZ0bo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/0236d2-b00b-4640-93be-6bae3e9ea74b/1/1iJeKRzT6mLeCXaAtRIzwk9B8V0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/0236d2-b00b-4640-93be-6bae3e9ea74b/1/eb8IbiElBo2Z9dwfykxgFxdZ0bo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:dc:c5:05:4e:36:09:25:be:c1:d4:ad:51:bb:7d:d1:9d:71:
         3e:34:86:b5:d5:d5:97:f0:32:e5:8c:eb:f4:f6:7a:ad:03:19:
         1f:3b:11:19:a3:8a:1d:79:87:d2:68:2f:34:19:51:76:ff:d9:
         f4:fa:b3:56:80:67:a5:50:8e:4b:8d:c9:cd:07:48:e9:3d:e6:
         e6:f9:e5:a4:2e:0d:72:ae:be:50:e2:8e:3d:55:3f:ad:69:e5:
         51:14:ee:81:e7:b9:e3:33:f2:de:2b:88:73:69:c7:79:da:22:
         6e:66:87:96:57:d6:3b:15:a6:7d:ed:91:82:77:7d:ad:c4:47:
         12:fb:1f:3c:9f:1c:ee:09:16:92:f9:bd:d9:02:b6:93:cb:4b:
         72:8b:35:f1:98:32:48:d0:f4:75:58:6a:41:13:ba:5b:0d:5a:
         c8:cd:e5:5a:23:76:12:a0:be:ee:75:3b:9c:f3:70:44:3c:5c:
         e8:0c:da:02:1b:9f:4f:2b:da:e9:44:26:bc:dd:63:a8:1d:40:
         dc:35:1d:b9:52:a7:20:95:32:ad:c3:32:14:c1:65:a6:ce:7f:
         66:48:8d:2b:fb:e4:97:3b:08:cc:d2:c2:59:56:91:12:8e:7a:
         03:e2:e3:27:7a:07:80:47:5e:7b:d0:1c:b4:42:dc:2d:9e:82:
         2e:87:60:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSTuUV5t9B5SqDDWsDDjAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YmYwODZlMjEyNTA2OGQ5OWY1ZGMxZmNhNGM2MDE3MTc1
OWQxYmEwHhcNMjQwMTAxMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjIyNWUyOTFjZDNlYTYyZGUwOTc2ODBiNTEyMzNjMjRmNDFmMTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmWlucuZiqMlLmC/BzOZX9VHiXyE
Do95JdDerBfaZwi0u9spya6KER3Q7ahw4NrDfGgp3Ub/A2I4SUonRgAT9yCf6p68
r/yd5sjEH33NRQR/kUgouZMSkiuUe6RGP4nEq6tQFA3Xlhz3xK6qMLyNN0PilDQw
moSEVpEy+RuiRnpbv7axgjmt4htLeHomKoAOIT+9bxrfbKJhPf/Nrme5eqSjj2B3
dV9InbRGHpwBxi1QyeXk9E80h81dCrVP6iOVG0vpDs59jPJDa+12FBKegNfuQE4m
UKwQVwKIXSppkDO9rzdzlEdsGIcuwQNE/gPlG9VfDV2Lny7mrPzp3MvY3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYiXikc0+pi3gl2gLUSM8JPQfFdMB8GA1UdIwQY
MBaAFHm/CG4hJQaNmfXcH8pMYBcXWdG6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWI4SWJpRWxCbzJaOWR3ZnlreGdGeGRaMGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8wMjM2ZDItYjAwYi00NjQwLTkzYmUt
NmJhZTNlOWVhNzRiLzEvMWlKZUtSelQ2bUxlQ1hhQXRSSXp3azlCOFYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8wMjM2ZDItYjAwYi00NjQwLTkzYmUtNmJhZTNlOWVhNzRi
LzEvZWI4SWJpRWxCbzJaOWR3ZnlreGdGeGRaMGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+kOMA0G
CSqGSIb3DQEBCwUAA4IBAQCq3MUFTjYJJb7B1K1Ru33RnXE+NIa11dWX8DLljOv0
9nqtAxkfOxEZo4odeYfSaC80GVF2/9n0+rNWgGelUI5LjcnNB0jpPebm+eWkLg1y
rr5Q4o49VT+taeVRFO6B57njM/LeK4hzacd52iJuZoeWV9Y7FaZ97ZGCd32txEcS
+x88nxzuCRaS+b3ZAraTy0tyizXxmDJI0PR1WGpBE7pbDVrIzeVaI3YSoL7udTuc
83BEPFzoDNoCG59PK9rpRCa83WOoHUDcNR25UqcglTKtwzIUwWWmzn9mSI0r++SX
OwjM0sJZVpESjnoD4uMnegeAR1570By0QtwtnoIuh2Bh
-----END CERTIFICATE-----