Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/a2KVndTe_hIaGqXtRdnsq8Ecy2Y.roa
File:                     a2KVndTe_hIaGqXtRdnsq8Ecy2Y.roa (raw, json)
Hash identifier:          za8g42xmaHUTpqA1LLwEr4yjS36cuNPogK7K+yl01O8=
Subject key identifier:   6B:62:95:9D:D4:DE:FE:12:1A:1A:A5:ED:45:D9:EC:AB:C1:1C:CB:66
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       01933142EDA6393375FEC929FF5B6C385189
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/a2KVndTe_hIaGqXtRdnsq8Ecy2Y.roa
Signing time:             Fri 15 Nov 2024 19:18:10 +0000
ROA not before:           Fri 15 Nov 2024 19:18:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6079
IP address blocks:        91.190.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:31:42:ed:a6:39:33:75:fe:c9:29:ff:5b:6c:38:51:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Nov 15 19:18:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b62959dd4defe121a1aa5ed45d9ecabc11ccb66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:13:a1:ff:6f:de:0b:09:0e:fa:c1:7d:1d:ca:
                    4c:08:05:22:e0:c2:fd:c0:eb:92:c5:fa:ef:6f:00:
                    e5:e6:aa:7c:4e:81:41:78:72:c8:72:d5:62:65:f0:
                    5f:2e:ac:3e:20:18:cc:b6:a0:f2:54:e4:87:7b:d1:
                    46:33:34:f2:d0:b6:a8:37:4a:aa:68:04:19:f7:51:
                    1b:7f:87:a8:0c:be:d4:b2:99:80:72:b3:4f:6e:02:
                    f6:e7:c2:8e:18:50:5a:1a:37:bf:5f:b0:e5:83:d7:
                    b3:75:4b:94:94:d3:60:38:0d:1f:44:5d:da:3a:6e:
                    d6:7c:05:43:01:d8:b4:46:41:57:bc:fc:7e:9d:b6:
                    ce:0b:86:66:ca:eb:06:f9:d0:22:f1:33:b9:c5:52:
                    95:4c:4a:93:51:3e:45:4d:a2:4c:e0:a6:cb:39:3a:
                    6c:9a:38:26:33:a8:75:43:0b:9d:24:a2:53:d8:01:
                    e8:0e:f2:a3:80:c4:84:2a:2a:94:29:7a:f5:f8:57:
                    5d:eb:32:cd:bb:77:4b:78:9a:47:b2:cb:f0:5e:1b:
                    1d:11:3d:c5:e0:bd:d9:83:d6:84:a1:57:ba:e6:fc:
                    34:82:16:24:a3:46:61:4e:f9:55:bd:79:c4:bc:e1:
                    35:a1:f4:42:a5:56:fd:15:e6:b2:f3:67:2c:86:5b:
                    11:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:62:95:9D:D4:DE:FE:12:1A:1A:A5:ED:45:D9:EC:AB:C1:1C:CB:66
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/a2KVndTe_hIaGqXtRdnsq8Ecy2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:1f:7f:3d:2b:a2:2a:0a:5d:bb:71:02:83:94:7c:c6:24:5f:
         f1:ca:38:d8:0b:9d:eb:2a:f5:67:b1:da:33:f8:2b:49:f5:8c:
         78:b2:f6:e3:cb:b1:1a:45:c5:b4:00:0a:7e:3c:07:a2:6f:4d:
         96:ee:b0:81:f3:11:33:50:d8:85:02:45:3c:bf:cb:78:62:00:
         cf:58:04:d2:98:d8:9c:36:74:2c:5f:8a:96:fc:46:c8:d8:bf:
         d6:a6:17:c4:58:2c:89:04:87:0b:67:8a:ff:22:5d:45:5f:e7:
         c7:27:58:d1:8c:25:5b:ae:d0:65:f7:18:4f:b8:f5:bb:2d:e2:
         79:0d:c4:4a:64:3e:a9:f7:55:f9:76:88:bd:c8:bb:2d:00:88:
         06:11:38:44:61:53:40:3e:45:49:f4:b4:0d:17:be:28:05:89:
         bd:c8:1b:98:ec:d6:0c:34:b8:97:98:4b:87:ad:ff:8d:45:b9:
         31:8a:3d:ec:d0:49:50:0d:82:f0:28:bc:17:2a:b1:95:08:ff:
         49:c1:fc:5c:aa:4f:85:47:86:25:6b:1d:db:a9:a6:60:23:54:
         11:9c:ac:db:12:9f:54:d3:76:fa:0d:7a:de:a9:17:12:18:79:
         66:35:52:8c:4b:05:73:07:56:53:8e:df:7a:54:c7:7f:df:4c:
         54:e8:93:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMxQu2mOTN1/skp/1tsOFGJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQxMTE1MTkxODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjYyOTU5ZGQ0ZGVmZTEyMWExYWE1ZWQ0NWQ5ZWNhYmMxMWNjYjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuROh/2/eCwkO+sF9HcpMCAUi4ML9
wOuSxfrvbwDl5qp8ToFBeHLIctViZfBfLqw+IBjMtqDyVOSHe9FGMzTy0LaoN0qq
aAQZ91Ebf4eoDL7UspmAcrNPbgL258KOGFBaGje/X7Dlg9ezdUuUlNNgOA0fRF3a
Om7WfAVDAdi0RkFXvPx+nbbOC4ZmyusG+dAi8TO5xVKVTEqTUT5FTaJM4KbLOTps
mjgmM6h1QwudJKJT2AHoDvKjgMSEKiqUKXr1+Fdd6zLNu3dLeJpHssvwXhsdET3F
4L3Zg9aEoVe65vw0ghYko0ZhTvlVvXnEvOE1ofRCpVb9Feay82cshlsRLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGtilZ3U3v4SGhql7UXZ7KvBHMtmMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvYTJLVm5kVGVfaElhR3FYdFJkbnNxOEVjeTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW76aMA0G
CSqGSIb3DQEBCwUAA4IBAQAhH389K6IqCl27cQKDlHzGJF/xyjjYC53rKvVnsdoz
+CtJ9Yx4svbjy7EaRcW0AAp+PAeib02W7rCB8xEzUNiFAkU8v8t4YgDPWATSmNic
NnQsX4qW/EbI2L/WphfEWCyJBIcLZ4r/Il1FX+fHJ1jRjCVbrtBl9xhPuPW7LeJ5
DcRKZD6p91X5doi9yLstAIgGEThEYVNAPkVJ9LQNF74oBYm9yBuY7NYMNLiXmEuH
rf+NRbkxij3s0ElQDYLwKLwXKrGVCP9Jwfxcqk+FR4Ylax3bqaZgI1QRnKzbEp9U
03b6DXreqRcSGHlmNVKMSwVzB1ZTjt96VMd/30xU6JNi
-----END CERTIFICATE-----