Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/4eca3f-4f41-4598-aa1b-eedb1698c21a/1/zo3jW1gQN6a6r9YTAR7kCkW9Kas.roa
File:                     zo3jW1gQN6a6r9YTAR7kCkW9Kas.roa (raw, json)
Hash identifier:          JRzIB6l7HWgGTIjDzBA2hJ8TeVLUgrrxd5lHpOGGKQU=
Subject key identifier:   CE:8D:E3:5B:58:10:37:A6:BA:AF:D6:13:01:1E:E4:0A:45:BD:29:AB
Certificate issuer:       /CN=930cba4b43304b51c4bddfbd4331782ad91102ca
Certificate serial:       0192510709D267CDC72A91283626CBD4B9BC
Authority key identifier: 93:0C:BA:4B:43:30:4B:51:C4:BD:DF:BD:43:31:78:2A:D9:11:02:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kwy6S0MwS1HEvd-9QzF4KtkRAso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/4eca3f-4f41-4598-aa1b-eedb1698c21a/1/zo3jW1gQN6a6r9YTAR7kCkW9Kas.roa
Signing time:             Thu 03 Oct 2024 06:17:48 +0000
ROA not before:           Thu 03 Oct 2024 06:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        91.240.185.0/24 maxlen: 24
                          91.240.186.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/4eca3f-4f41-4598-aa1b-eedb1698c21a/1/kwy6S0MwS1HEvd-9QzF4KtkRAso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/4eca3f-4f41-4598-aa1b-eedb1698c21a/1/kwy6S0MwS1HEvd-9QzF4KtkRAso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kwy6S0MwS1HEvd-9QzF4KtkRAso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:07:09:d2:67:cd:c7:2a:91:28:36:26:cb:d4:b9:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=930cba4b43304b51c4bddfbd4331782ad91102ca
        Validity
            Not Before: Oct  3 06:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce8de35b581037a6baafd613011ee40a45bd29ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:18:93:ed:3d:6b:e6:fe:3f:03:37:cc:19:dd:
                    61:ae:1f:73:a4:34:31:42:0f:23:27:60:e7:62:bb:
                    8f:5f:2f:0e:5e:a9:09:12:b2:f1:67:93:d0:ae:35:
                    ee:86:ea:b9:f4:4e:b9:95:48:29:3d:de:ce:b1:a4:
                    37:e8:1e:3d:ab:88:ff:51:67:14:ef:f0:0b:8c:2d:
                    d9:36:8d:02:04:57:58:1d:3c:b4:96:35:53:1d:55:
                    54:35:f9:f6:9a:a3:09:64:04:b3:40:0c:0d:2d:b0:
                    19:9b:e4:db:f4:ef:92:08:70:0f:db:77:03:88:c5:
                    77:35:bf:f1:5f:92:fe:17:26:ab:aa:3d:33:67:80:
                    4a:06:4f:cb:f5:75:dc:d8:df:b4:3b:30:ba:8f:ef:
                    25:98:13:b5:0c:90:55:19:fa:3c:32:86:f2:72:33:
                    fd:a3:a0:08:ed:5e:90:eb:12:a8:39:0d:5f:8c:0e:
                    dd:0c:11:8d:18:f8:1e:1f:8c:19:2c:33:9f:e7:f7:
                    27:2b:07:35:5b:08:53:42:8a:ba:72:b3:4e:9b:a2:
                    f2:70:a9:f9:b7:dd:1b:b2:09:8b:04:72:4c:51:e5:
                    f3:8f:f1:c4:56:a7:71:80:42:e6:27:f6:3a:8f:b4:
                    cf:9f:6c:42:9e:19:39:02:ca:1d:18:bc:73:4d:59:
                    58:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:8D:E3:5B:58:10:37:A6:BA:AF:D6:13:01:1E:E4:0A:45:BD:29:AB
            X509v3 Authority Key Identifier:
                keyid:93:0C:BA:4B:43:30:4B:51:C4:BD:DF:BD:43:31:78:2A:D9:11:02:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kwy6S0MwS1HEvd-9QzF4KtkRAso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/4eca3f-4f41-4598-aa1b-eedb1698c21a/1/zo3jW1gQN6a6r9YTAR7kCkW9Kas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/4eca3f-4f41-4598-aa1b-eedb1698c21a/1/kwy6S0MwS1HEvd-9QzF4KtkRAso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.185.0-91.240.187.255

    Signature Algorithm: sha256WithRSAEncryption
         3a:7d:ad:b1:83:f1:37:02:a0:00:62:c9:ca:71:f9:c5:85:44:
         f7:ed:4f:b5:fd:a9:b5:4f:7c:74:61:e5:f0:b1:7d:c2:4d:41:
         7c:90:83:1e:75:d0:35:ee:16:a8:85:52:3e:fc:f1:73:47:c7:
         cd:f3:d5:c6:33:f4:c9:cd:79:6d:d3:3f:9a:b5:85:27:cb:a5:
         b7:41:04:81:65:9d:a0:b1:0a:52:76:df:68:24:0e:8b:a5:15:
         2f:f4:ce:64:80:68:57:2b:f1:a3:00:e3:ca:4d:f6:94:ac:88:
         c2:22:34:c1:09:5e:8d:d5:f1:f0:be:7d:0f:f3:a4:9f:75:8d:
         1c:72:d9:19:f6:0a:72:bb:a6:be:57:d4:a7:3c:66:48:71:cd:
         70:77:a1:67:e7:9e:fa:f2:6d:6e:ba:ad:15:81:2f:3c:66:94:
         16:ef:0b:37:cf:31:38:36:d4:12:0d:12:a6:ad:70:f0:45:c8:
         1c:57:3c:2f:77:05:8a:ba:49:f1:bf:b0:55:d8:c4:5a:75:f6:
         8e:78:a9:a1:aa:c1:ec:ec:6b:3e:15:85:13:db:bc:74:0a:17:
         c9:87:83:50:f4:6d:b0:03:32:fe:03:df:7a:78:f7:c7:11:f4:
         01:9f:4c:c4:1e:83:ac:37:15:29:b3:27:6f:3e:e1:af:da:3f:
         ab:ac:53:19
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZJRBwnSZ83HKpEoNibL1Lm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMGNiYTRiNDMzMDRiNTFjNGJkZGZiZDQzMzE3ODJhZDkx
MTAyY2EwHhcNMjQxMDAzMDYxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZThkZTM1YjU4MTAzN2E2YmFhZmQ2MTMwMTFlZTQwYTQ1YmQyOWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxiT7T1r5v4/AzfMGd1hrh9zpDQx
Qg8jJ2DnYruPXy8OXqkJErLxZ5PQrjXuhuq59E65lUgpPd7OsaQ36B49q4j/UWcU
7/ALjC3ZNo0CBFdYHTy0ljVTHVVUNfn2mqMJZASzQAwNLbAZm+Tb9O+SCHAP23cD
iMV3Nb/xX5L+Fyarqj0zZ4BKBk/L9XXc2N+0OzC6j+8lmBO1DJBVGfo8MobycjP9
o6AI7V6Q6xKoOQ1fjA7dDBGNGPgeH4wZLDOf5/cnKwc1WwhTQoq6crNOm6LycKn5
t90bsgmLBHJMUeXzj/HEVqdxgELmJ/Y6j7TPn2xCnhk5AsodGLxzTVlYFQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM6N41tYEDemuq/WEwEe5ApFvSmrMB8GA1UdIwQY
MBaAFJMMuktDMEtRxL3fvUMxeCrZEQLKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3d5NlMwTXdTMUhFdmQtOVF6RjRLdGtSQXNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80ZWNhM2YtNGY0MS00NTk4LWFhMWIt
ZWVkYjE2OThjMjFhLzEvem8zalcxZ1FONmE2cjlZVEFSN2tDa1c5S2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80ZWNhM2YtNGY0MS00NTk4LWFhMWItZWVkYjE2OThjMjFh
LzEva3d5NlMwTXdTMUhFdmQtOVF6RjRLdGtSQXNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABb8LkD
BAJb8LgwDQYJKoZIhvcNAQELBQADggEBADp9rbGD8TcCoABiycpx+cWFRPftT7X9
qbVPfHRh5fCxfcJNQXyQgx510DXuFqiFUj788XNHx83z1cYz9MnNeW3TP5q1hSfL
pbdBBIFlnaCxClJ232gkDoulFS/0zmSAaFcr8aMA48pN9pSsiMIiNMEJXo3V8fC+
fQ/zpJ91jRxy2Rn2CnK7pr5X1Kc8ZkhxzXB3oWfnnvrybW66rRWBLzxmlBbvCzfP
MTg21BINEqatcPBFyBxXPC93BYq6SfG/sFXYxFp19o54qaGqwezsaz4VhRPbvHQK
F8mHg1D0bbADMv4D33p498cR9AGfTMQeg6w3FSmzJ28+4a/aP6usUxk=
-----END CERTIFICATE-----