Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/mPjukKK4fqBwukvhePaPc7JiZWU.roa
File:                     mPjukKK4fqBwukvhePaPc7JiZWU.roa (raw, json)
Hash identifier:          xONLeuNdgdMI+HxFD1MFs/B45wtTftXkIbUGrnSf2eI=
Subject key identifier:   98:F8:EE:90:A2:B8:7E:A0:70:BA:4B:E1:78:F6:8F:73:B2:62:65:65
Certificate issuer:       /CN=6511ce5e2f53b7bb8cac8f39e294e89a45b20029
Certificate serial:       018CC7950451AE0F38C1C422E8F2375A01C9
Authority key identifier: 65:11:CE:5E:2F:53:B7:BB:8C:AC:8F:39:E2:94:E8:9A:45:B2:00:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZRHOXi9Tt7uMrI854pTomkWyACk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/mPjukKK4fqBwukvhePaPc7JiZWU.roa
Signing time:             Tue 02 Jan 2024 00:31:21 +0000
ROA not before:           Tue 02 Jan 2024 00:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199522
IP address blocks:        84.244.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/ZRHOXi9Tt7uMrI854pTomkWyACk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/ZRHOXi9Tt7uMrI854pTomkWyACk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZRHOXi9Tt7uMrI854pTomkWyACk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:04:51:ae:0f:38:c1:c4:22:e8:f2:37:5a:01:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6511ce5e2f53b7bb8cac8f39e294e89a45b20029
        Validity
            Not Before: Jan  2 00:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98f8ee90a2b87ea070ba4be178f68f73b2626565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5c:fb:6a:b8:b9:f2:39:84:84:a2:95:7d:7e:
                    1f:ea:3b:96:de:cc:06:48:06:e7:2c:27:2e:f7:74:
                    73:14:cb:d3:1a:a8:92:d6:32:65:80:76:81:0c:fe:
                    24:36:f7:4a:45:8d:ba:94:1a:24:a6:d5:03:97:e3:
                    ad:15:3c:87:9d:ec:bd:50:7b:30:9f:ba:20:fd:72:
                    2c:81:f5:a3:94:8a:23:5c:b3:e5:0c:96:2b:33:cf:
                    25:07:fc:3e:a1:d1:7a:e4:83:c1:e0:41:b7:63:54:
                    04:d7:c6:96:ff:43:4a:ae:e4:09:3c:a2:50:ba:01:
                    f0:c1:d2:80:9d:f6:36:53:bd:41:78:4b:7c:9e:c3:
                    3e:df:79:b5:86:4c:48:3e:6a:b7:65:cb:70:f9:95:
                    2d:e6:04:1c:9c:ad:3f:b5:3f:c5:81:72:f5:00:8b:
                    11:53:00:6a:70:a0:10:d7:07:be:4d:f2:59:2e:63:
                    13:15:f6:48:33:1b:8f:b0:82:44:8a:9f:b6:0a:2a:
                    79:d6:88:a4:2a:95:53:f0:af:eb:bd:ad:b7:b9:e4:
                    92:fa:e9:3e:29:65:1b:4c:00:90:a8:eb:a9:b2:63:
                    ff:be:88:c7:a3:ec:97:28:66:db:f5:a3:28:d2:da:
                    7d:2f:51:f7:95:2a:6f:6e:41:af:15:b9:ff:06:90:
                    d5:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:F8:EE:90:A2:B8:7E:A0:70:BA:4B:E1:78:F6:8F:73:B2:62:65:65
            X509v3 Authority Key Identifier:
                keyid:65:11:CE:5E:2F:53:B7:BB:8C:AC:8F:39:E2:94:E8:9A:45:B2:00:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZRHOXi9Tt7uMrI854pTomkWyACk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/mPjukKK4fqBwukvhePaPc7JiZWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/91b093-acb7-4cb7-bf8f-5cb934a55b0d/1/ZRHOXi9Tt7uMrI854pTomkWyACk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.244.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ba:41:0e:27:23:cc:b0:74:5b:8a:11:07:da:3b:8d:1a:b6:
         4f:4d:ee:a1:d3:04:c0:12:f2:d6:d2:47:f3:1c:11:9c:2f:a8:
         a1:79:bd:d3:bb:23:dd:03:42:30:1f:23:7a:35:71:68:35:fe:
         bd:4b:b5:42:cc:c9:21:72:43:ec:81:51:96:20:47:55:8e:7d:
         d4:44:a4:f2:5e:34:1b:76:b6:2d:25:4c:6c:18:49:a4:b4:00:
         9f:94:5f:ce:d9:7e:9a:d2:e1:e0:90:fe:98:7b:d3:cd:9b:98:
         23:6a:1f:ca:ad:ef:b0:5a:56:a2:25:53:da:e5:8c:44:47:f5:
         bb:90:1a:db:4f:ee:55:6a:36:07:65:6e:8e:44:86:46:45:e1:
         17:8f:fc:a5:12:b8:5b:79:0c:98:f7:c1:96:78:92:2f:c0:31:
         4e:35:59:f9:81:34:e1:48:ce:fc:83:8b:7b:43:73:43:a7:77:
         57:46:3e:da:dd:e2:0d:4f:85:1b:74:83:d0:8c:2d:5c:5f:9b:
         56:0e:1d:18:2b:87:8e:cd:30:99:84:da:9b:d2:ad:72:84:5a:
         f6:45:16:4a:15:18:6b:08:c6:ed:42:18:f0:e7:60:32:70:e0:
         d2:9d:23:ff:ff:a3:91:ea:27:ee:5f:8d:62:61:d8:4a:77:af:
         f3:a6:3d:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlQRRrg84wcQi6PI3WgHJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1MTFjZTVlMmY1M2I3YmI4Y2FjOGYzOWUyOTRlODlhNDVi
MjAwMjkwHhcNMjQwMTAyMDAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGY4ZWU5MGEyYjg3ZWEwNzBiYTRiZTE3OGY2OGY3M2IyNjI2NTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFz7ari58jmEhKKVfX4f6juW3swG
SAbnLCcu93RzFMvTGqiS1jJlgHaBDP4kNvdKRY26lBokptUDl+OtFTyHney9UHsw
n7og/XIsgfWjlIojXLPlDJYrM88lB/w+odF65IPB4EG3Y1QE18aW/0NKruQJPKJQ
ugHwwdKAnfY2U71BeEt8nsM+33m1hkxIPmq3Zctw+ZUt5gQcnK0/tT/FgXL1AIsR
UwBqcKAQ1we+TfJZLmMTFfZIMxuPsIJEip+2Cip51oikKpVT8K/rva23ueSS+uk+
KWUbTACQqOupsmP/vojHo+yXKGbb9aMo0tp9L1H3lSpvbkGvFbn/BpDVPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJj47pCiuH6gcLpL4Xj2j3OyYmVlMB8GA1UdIwQY
MBaAFGURzl4vU7e7jKyPOeKU6JpFsgApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlJIT1hpOVR0N3VNckk4NTRwVG9ta1d5QUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS85MWIwOTMtYWNiNy00Y2I3LWJmOGYt
NWNiOTM0YTU1YjBkLzEvbVBqdWtLSzRmcUJ3dWt2aGVQYVBjN0ppWldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS85MWIwOTMtYWNiNy00Y2I3LWJmOGYtNWNiOTM0YTU1YjBk
LzEvWlJIT1hpOVR0N3VNckk4NTRwVG9ta1d5QUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPSsMA0G
CSqGSIb3DQEBCwUAA4IBAQBrukEOJyPMsHRbihEH2juNGrZPTe6h0wTAEvLW0kfz
HBGcL6iheb3TuyPdA0IwHyN6NXFoNf69S7VCzMkhckPsgVGWIEdVjn3URKTyXjQb
drYtJUxsGEmktACflF/O2X6a0uHgkP6Ye9PNm5gjah/Kre+wWlaiJVPa5YxER/W7
kBrbT+5VajYHZW6ORIZGReEXj/ylErhbeQyY98GWeJIvwDFONVn5gTThSM78g4t7
Q3NDp3dXRj7a3eINT4UbdIPQjC1cX5tWDh0YK4eOzTCZhNqb0q1yhFr2RRZKFRhr
CMbtQhjw52AycODSnSP//6OR6ifuX41iYdhKd6/zpj0Q
-----END CERTIFICATE-----