Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/7jTXb2Y-vOHFYHx8j1pFhbtyGf4.roa
File:                     7jTXb2Y-vOHFYHx8j1pFhbtyGf4.roa (raw, json)
Hash identifier:          /h+HzqcnF/Uo33wo/0/BPbZ5uuGf8s91M77cg9xhxhw=
Subject key identifier:   EE:34:D7:6F:66:3E:BC:E1:C5:60:7C:7C:8F:5A:45:85:BB:72:19:FE
Certificate issuer:       /CN=963a0fc47a7adf62845ad6dcd7fb761a6c19fedb
Certificate serial:       018CC3494F6DEA2BCD82E33B7CD3FF6E0DDA
Authority key identifier: 96:3A:0F:C4:7A:7A:DF:62:84:5A:D6:DC:D7:FB:76:1A:6C:19:FE:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ljoPxHp632KEWtbc1_t2GmwZ_ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/7jTXb2Y-vOHFYHx8j1pFhbtyGf4.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58213
IP address blocks:        91.216.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/ljoPxHp632KEWtbc1_t2GmwZ_ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/ljoPxHp632KEWtbc1_t2GmwZ_ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ljoPxHp632KEWtbc1_t2GmwZ_ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 19:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4f:6d:ea:2b:cd:82:e3:3b:7c:d3:ff:6e:0d:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=963a0fc47a7adf62845ad6dcd7fb761a6c19fedb
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee34d76f663ebce1c5607c7c8f5a4585bb7219fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7e:42:4f:8a:51:07:2a:33:a7:c0:de:e9:68:
                    48:15:c9:be:87:4a:8e:3b:9c:1d:eb:0f:be:5a:a3:
                    b3:14:9e:99:e3:ba:d5:9b:e3:42:7d:4a:c9:bc:87:
                    73:33:31:03:ed:86:ef:c9:25:13:c1:2e:10:15:f5:
                    9e:f3:21:e1:25:ab:42:5b:0c:1c:b7:49:6a:ff:23:
                    a1:d4:83:bf:cb:7c:8d:f1:63:e5:8c:59:68:0d:82:
                    98:a9:08:b0:e6:fd:e7:e6:ae:b6:92:76:c9:f9:eb:
                    87:42:d5:db:42:90:d1:09:35:ce:1a:c1:ce:52:93:
                    68:34:cf:cd:a6:14:05:8b:29:27:3c:44:81:6c:fe:
                    46:12:f8:df:fd:d6:22:9d:a3:4d:d6:94:78:50:1e:
                    1e:5f:95:bc:dc:62:ab:cb:59:b5:55:ae:96:97:48:
                    5c:aa:35:6e:f6:df:f6:14:ef:6f:94:8f:85:a7:2f:
                    ce:ef:30:ab:29:a7:a8:df:2a:2e:0d:4f:81:a9:29:
                    a5:b8:f3:54:4d:73:62:7b:e0:ac:56:a0:48:e3:45:
                    02:a0:4b:c4:cd:3b:e7:51:2d:11:0e:91:a0:6a:f5:
                    d8:9c:91:39:a3:29:d0:83:f4:10:b4:56:f9:64:7c:
                    66:24:fe:79:db:90:7f:4c:7d:94:5b:57:e7:9a:92:
                    35:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:34:D7:6F:66:3E:BC:E1:C5:60:7C:7C:8F:5A:45:85:BB:72:19:FE
            X509v3 Authority Key Identifier:
                keyid:96:3A:0F:C4:7A:7A:DF:62:84:5A:D6:DC:D7:FB:76:1A:6C:19:FE:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ljoPxHp632KEWtbc1_t2GmwZ_ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/7jTXb2Y-vOHFYHx8j1pFhbtyGf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/ljoPxHp632KEWtbc1_t2GmwZ_ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:29:36:63:31:01:d9:66:3c:92:6c:68:97:b6:cc:c5:cb:0d:
         ac:1a:c3:bf:a6:02:df:7f:82:c7:03:b5:87:e7:61:b7:81:21:
         bc:49:eb:88:98:c1:04:e4:9e:bb:e2:7c:87:fb:c7:96:06:b0:
         76:c8:83:7e:e7:b9:86:f9:0f:5e:5c:ef:26:bb:53:92:45:53:
         76:bb:b4:0e:62:9c:c7:6f:df:9b:b3:58:80:a8:98:04:4f:6f:
         95:d0:be:aa:e5:46:f1:be:bd:1b:b9:b5:09:10:4b:87:a0:3e:
         bf:5d:46:e5:ae:f5:5b:24:0c:72:0a:f3:28:b8:75:6d:a6:88:
         77:4f:d1:02:1e:02:cf:07:a5:12:86:53:09:1c:e8:c5:01:49:
         b6:48:4d:e2:93:fd:43:d5:5e:86:91:9f:82:80:5d:a3:f7:21:
         c5:00:a6:94:4a:fe:a8:c8:7c:4c:8f:56:32:25:d8:27:55:7d:
         3c:0a:76:dd:a1:ac:ec:88:2f:17:53:41:77:d3:77:4c:0a:4c:
         6b:a8:1a:4b:86:71:6e:55:df:35:d5:4e:6e:e6:a1:08:39:3c:
         ff:83:4a:fc:32:d3:2c:a9:fb:20:8b:54:8b:9d:34:9f:01:5a:
         d3:fa:94:e5:84:a3:a7:f5:63:b3:a5:d6:9d:a5:28:09:b3:ac:
         fa:b4:59:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSU9t6ivNguM7fNP/bg3aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2M2EwZmM0N2E3YWRmNjI4NDVhZDZkY2Q3ZmI3NjFhNmMx
OWZlZGIwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTM0ZDc2ZjY2M2ViY2UxYzU2MDdjN2M4ZjVhNDU4NWJiNzIxOWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnH5CT4pRByozp8De6WhIFcm+h0qO
O5wd6w++WqOzFJ6Z47rVm+NCfUrJvIdzMzED7YbvySUTwS4QFfWe8yHhJatCWwwc
t0lq/yOh1IO/y3yN8WPljFloDYKYqQiw5v3n5q62knbJ+euHQtXbQpDRCTXOGsHO
UpNoNM/NphQFiyknPESBbP5GEvjf/dYinaNN1pR4UB4eX5W83GKry1m1Va6Wl0hc
qjVu9t/2FO9vlI+Fpy/O7zCrKaeo3youDU+BqSmluPNUTXNie+CsVqBI40UCoEvE
zTvnUS0RDpGgavXYnJE5oynQg/QQtFb5ZHxmJP5525B/TH2UW1fnmpI1cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO40129mPrzhxWB8fI9aRYW7chn+MB8GA1UdIwQY
MBaAFJY6D8R6et9ihFrW3Nf7dhpsGf7bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGpvUHhIcDYzMktFV3RiYzFfdDJHbXdaX3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8xOWM5ZTEtODU0My00ZjUwLWFjYWUt
ZTQwNDVkOGNmZThmLzEvN2pUWGIyWS12T0hGWUh4OGoxcEZoYnR5R2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8xOWM5ZTEtODU0My00ZjUwLWFjYWUtZTQwNDVkOGNmZThm
LzEvbGpvUHhIcDYzMktFV3RiYzFfdDJHbXdaX3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hKMA0G
CSqGSIb3DQEBCwUAA4IBAQCUKTZjMQHZZjySbGiXtszFyw2sGsO/pgLff4LHA7WH
52G3gSG8SeuImMEE5J674nyH+8eWBrB2yIN+57mG+Q9eXO8mu1OSRVN2u7QOYpzH
b9+bs1iAqJgET2+V0L6q5Ubxvr0bubUJEEuHoD6/XUblrvVbJAxyCvMouHVtpoh3
T9ECHgLPB6UShlMJHOjFAUm2SE3ik/1D1V6GkZ+CgF2j9yHFAKaUSv6oyHxMj1Yy
JdgnVX08CnbdoazsiC8XU0F303dMCkxrqBpLhnFuVd811U5u5qEIOTz/g0r8MtMs
qfsgi1SLnTSfAVrT+pTlhKOn9WOzpdadpSgJs6z6tFke
-----END CERTIFICATE-----