Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/yV9drke-h1uIjboH88NUXVHY4Bo.roa
File:                     yV9drke-h1uIjboH88NUXVHY4Bo.roa (raw, json)
Hash identifier:          fZOpqsTt4fGdRAb7/U5hRZPCKjKIF+PcrH+P0L033DI=
Subject key identifier:   C9:5F:5D:AE:47:BE:87:5B:88:8D:BA:07:F3:C3:54:5D:51:D8:E0:1A
Certificate issuer:       /CN=f80e017cf1711519b0ff9f65858c491b2fa5d40b
Certificate serial:       018CC801469ED8FAE61E8B4D7336FDF16072
Authority key identifier: F8:0E:01:7C:F1:71:15:19:B0:FF:9F:65:85:8C:49:1B:2F:A5:D4:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-A4BfPFxFRmw_59lhYxJGy-l1As.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/yV9drke-h1uIjboH88NUXVHY4Bo.roa
Signing time:             Tue 02 Jan 2024 02:29:35 +0000
ROA not before:           Tue 02 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212815
IP address blocks:        91.250.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/1-A4BfPFxFRmw_59lhYxJGy-l1As.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/1-A4BfPFxFRmw_59lhYxJGy-l1As.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-A4BfPFxFRmw_59lhYxJGy-l1As.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:46:9e:d8:fa:e6:1e:8b:4d:73:36:fd:f1:60:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f80e017cf1711519b0ff9f65858c491b2fa5d40b
        Validity
            Not Before: Jan  2 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c95f5dae47be875b888dba07f3c3545d51d8e01a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:5b:a9:7d:eb:1a:58:b3:ee:a6:0c:53:c1:e7:
                    de:7d:68:ba:32:67:bc:fa:69:28:42:19:75:7f:1f:
                    96:68:9b:a7:e1:11:c6:0d:1b:39:7c:86:82:18:48:
                    64:d6:4d:1e:38:06:40:c4:e5:c3:0a:e6:71:95:14:
                    15:04:8b:35:c0:8b:ee:1a:d4:4b:80:33:93:fd:29:
                    56:a4:6f:c7:2b:97:fd:73:91:68:28:f4:a3:7d:27:
                    60:bb:3a:ba:c2:4a:44:e4:c6:dd:12:e6:09:76:b7:
                    08:3a:21:e1:51:78:ec:5b:94:4e:85:71:f7:0f:5b:
                    ef:49:15:b7:48:88:2d:3e:ae:8a:44:09:6f:46:08:
                    6e:54:24:05:6f:00:53:1e:37:32:6a:e5:9c:08:28:
                    0b:ab:b1:e5:73:e7:04:14:24:e3:06:37:fa:a2:3f:
                    27:29:b0:ec:2a:e1:61:59:a7:fb:da:85:bb:48:0f:
                    72:83:3e:d6:04:d3:51:ce:ac:f4:6f:1a:a6:7b:ef:
                    42:59:e9:6f:9c:3c:bf:5b:40:7d:20:96:a1:5f:5f:
                    b0:01:02:83:96:4a:30:3c:2f:46:63:e9:ae:24:77:
                    de:62:27:ec:fa:b3:99:04:74:91:75:1a:b1:e0:d8:
                    fc:5a:18:15:8d:5a:e4:16:57:34:ef:a1:55:a2:79:
                    a8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:5F:5D:AE:47:BE:87:5B:88:8D:BA:07:F3:C3:54:5D:51:D8:E0:1A
            X509v3 Authority Key Identifier:
                keyid:F8:0E:01:7C:F1:71:15:19:B0:FF:9F:65:85:8C:49:1B:2F:A5:D4:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-A4BfPFxFRmw_59lhYxJGy-l1As.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/yV9drke-h1uIjboH88NUXVHY4Bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/1-A4BfPFxFRmw_59lhYxJGy-l1As.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.250.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:9f:ed:4d:49:44:4c:d5:0e:41:61:e8:3e:b3:80:8b:5e:2f:
         f8:12:d6:4a:83:d0:90:45:ae:15:46:f9:aa:f8:8a:29:5a:8a:
         b2:26:5c:79:51:9e:94:85:ba:48:e9:3d:9e:c5:8d:f3:95:d2:
         8d:6c:41:78:2b:f1:87:ff:95:2d:e5:89:7e:7e:d2:be:f5:99:
         8a:ee:d3:02:e6:28:4d:12:92:63:35:ef:5e:3c:79:9c:78:5c:
         19:1f:40:6b:b9:a6:21:5c:6c:71:93:bb:37:87:d8:a8:7a:6b:
         9c:4d:df:0b:f3:ef:fe:59:76:9c:44:d9:2d:35:bf:1e:ce:50:
         84:74:f9:c3:54:56:5b:a4:ca:e6:04:93:99:6f:33:fd:1c:bf:
         5d:ff:59:37:ad:c9:ac:1a:d8:3f:57:de:02:49:a7:ec:d0:b6:
         56:bd:ea:e9:f7:1a:cd:4b:5e:b1:a5:45:c7:ea:b7:24:84:2f:
         17:ac:5f:20:59:45:d7:1d:e2:7e:ec:aa:06:d8:3f:b8:5d:a3:
         22:62:e4:b0:b7:83:fa:46:05:a3:11:6e:38:1f:6d:98:a5:e6:
         9c:bc:77:75:68:e3:ec:a3:9f:9c:c6:02:5e:c0:3a:77:78:7a:
         97:fb:73:7e:eb:e0:8d:c6:96:e0:99:89:d7:a5:44:11:60:aa:
         66:e7:47:0c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAUae2PrmHotNczb98WByMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MGUwMTdjZjE3MTE1MTliMGZmOWY2NTg1OGM0OTFiMmZh
NWQ0MGIwHhcNMjQwMTAyMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTVmNWRhZTQ3YmU4NzViODg4ZGJhMDdmM2MzNTQ1ZDUxZDhlMDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFupfesaWLPupgxTwefefWi6Mme8
+mkoQhl1fx+WaJun4RHGDRs5fIaCGEhk1k0eOAZAxOXDCuZxlRQVBIs1wIvuGtRL
gDOT/SlWpG/HK5f9c5FoKPSjfSdguzq6wkpE5MbdEuYJdrcIOiHhUXjsW5ROhXH3
D1vvSRW3SIgtPq6KRAlvRghuVCQFbwBTHjcyauWcCCgLq7Hlc+cEFCTjBjf6oj8n
KbDsKuFhWaf72oW7SA9ygz7WBNNRzqz0bxqme+9CWelvnDy/W0B9IJahX1+wAQKD
lkowPC9GY+muJHfeYifs+rOZBHSRdRqx4Nj8WhgVjVrkFlc076FVonmoTQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMlfXa5HvodbiI26B/PDVF1R2OAaMB8GA1UdIwQY
MBaAFPgOAXzxcRUZsP+fZYWMSRsvpdQLMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1BNEJmUEZ4RlJtd181OWxoWXhKR3ktbDFBcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcvMmRjMTM2LTQwMGQtNDBlNy1hZDg2
LThjZTYwYTVjOGIxZi8xL3lWOWRya2UtaDF1SWpib0g4OE5VWFZIWTRCby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODcvMmRjMTM2LTQwMGQtNDBlNy1hZDg2LThjZTYwYTVjOGIx
Zi8xLzEtQTRCZlBGeEZSbXdfNTlsaFl4Skd5LWwxQXMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb+v0w
DQYJKoZIhvcNAQELBQADggEBAJWf7U1JREzVDkFh6D6zgIteL/gS1kqD0JBFrhVG
+ar4iilairImXHlRnpSFukjpPZ7FjfOV0o1sQXgr8Yf/lS3liX5+0r71mYru0wLm
KE0SkmM17148eZx4XBkfQGu5piFcbHGTuzeH2Kh6a5xN3wvz7/5ZdpxE2S01vx7O
UIR0+cNUVlukyuYEk5lvM/0cv13/WTetyawa2D9X3gJJp+zQtla96un3Gs1LXrGl
RcfqtySELxesXyBZRdcd4n7sqgbYP7hdoyJi5LC3g/pGBaMRbjgfbZil5py8d3Vo
4+yjn5zGAl7AOnd4epf7c37r4I3GluCZidelRBFgqmbnRww=
-----END CERTIFICATE-----