Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/643f86-636f-4c6e-9e60-a95b637afc8d/1/ryJGCtubQAfzHgJ4NfxS6xdoGag.roa
File:                     ryJGCtubQAfzHgJ4NfxS6xdoGag.roa (raw, json)
Hash identifier:          LNvfL+DozLIQUbUhEQWwxFjOX1rMEyvG740v49nwy7M=
Subject key identifier:   AF:22:46:0A:DB:9B:40:07:F3:1E:02:78:35:FC:52:EB:17:68:19:A8
Certificate issuer:       /CN=835bf48f18527b2b3b59bfbf3fdff204492bce91
Certificate serial:       018CC5DC479401021625BBEC5608F064A44F
Authority key identifier: 83:5B:F4:8F:18:52:7B:2B:3B:59:BF:BF:3F:DF:F2:04:49:2B:CE:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1v0jxhSeys7Wb-_P9_yBEkrzpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/643f86-636f-4c6e-9e60-a95b637afc8d/1/ryJGCtubQAfzHgJ4NfxS6xdoGag.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50906
IP address blocks:        91.216.20.0/24 maxlen: 24
                          2001:67c:1cc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/643f86-636f-4c6e-9e60-a95b637afc8d/1/g1v0jxhSeys7Wb-_P9_yBEkrzpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/643f86-636f-4c6e-9e60-a95b637afc8d/1/g1v0jxhSeys7Wb-_P9_yBEkrzpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1v0jxhSeys7Wb-_P9_yBEkrzpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:47:94:01:02:16:25:bb:ec:56:08:f0:64:a4:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bf48f18527b2b3b59bfbf3fdff204492bce91
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af22460adb9b4007f31e027835fc52eb176819a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a0:0a:29:eb:55:3f:e9:44:42:bf:30:97:e4:
                    ef:aa:b8:68:6f:f6:11:8a:50:9d:ab:70:df:ea:32:
                    42:86:37:38:b7:51:13:71:19:6b:f2:0b:fc:1c:28:
                    09:0c:d6:b3:b2:3e:00:e0:a4:04:f4:c5:0b:bd:a2:
                    6b:2d:67:d9:cc:5f:4b:e0:53:ba:2e:4c:db:89:2d:
                    46:e7:34:12:42:f7:82:0a:0f:d5:19:3c:ec:9a:ad:
                    6a:2e:9f:1d:7f:f4:9d:f4:81:12:cf:26:be:87:f8:
                    b0:4c:95:75:c3:a6:c4:fe:7f:ce:14:a5:ae:02:d3:
                    9e:c9:0e:c7:0f:0d:29:d0:ba:e6:52:0f:e5:28:1c:
                    83:78:01:0c:ea:ea:f1:55:08:81:8f:a8:99:49:14:
                    d4:cd:b6:d9:ee:bc:27:c0:67:12:fc:4e:6c:11:91:
                    67:d2:63:0e:d4:c9:22:e0:56:87:d7:5b:7d:60:40:
                    13:24:74:6b:94:d5:b1:15:6e:9e:67:4a:00:53:1c:
                    8b:2d:f7:ef:0f:95:62:54:bb:90:44:f9:74:8a:e8:
                    6d:33:23:08:97:e4:71:61:a9:c6:0b:4b:df:82:09:
                    a2:0b:99:b3:c2:3c:91:20:13:ac:0c:ea:6b:16:d9:
                    40:cf:2f:9b:6d:8d:d6:00:86:09:42:a8:9d:b2:29:
                    9b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:22:46:0A:DB:9B:40:07:F3:1E:02:78:35:FC:52:EB:17:68:19:A8
            X509v3 Authority Key Identifier:
                keyid:83:5B:F4:8F:18:52:7B:2B:3B:59:BF:BF:3F:DF:F2:04:49:2B:CE:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1v0jxhSeys7Wb-_P9_yBEkrzpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/643f86-636f-4c6e-9e60-a95b637afc8d/1/ryJGCtubQAfzHgJ4NfxS6xdoGag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/643f86-636f-4c6e-9e60-a95b637afc8d/1/g1v0jxhSeys7Wb-_P9_yBEkrzpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.20.0/24
                IPv6:
                  2001:67c:1cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:ed:f1:ba:14:8f:a4:b8:7d:90:73:5f:21:ec:6a:b0:11:3b:
         55:b9:82:26:99:92:b9:9a:31:00:0d:f2:b6:ac:4e:23:db:9a:
         4c:b6:2a:20:58:3e:34:d3:16:d7:c2:65:21:14:c9:dd:d8:1b:
         d6:1d:46:0c:ba:6f:ed:06:08:22:f6:47:ed:3f:e1:34:7f:8d:
         eb:22:14:69:c9:a1:38:fc:0c:97:5b:d7:ac:a5:b2:f9:5a:1e:
         4e:4c:1a:7a:5f:28:24:df:76:63:e6:4a:da:79:cd:76:87:b7:
         52:c3:fa:39:08:45:a3:c2:bf:fc:0d:16:df:de:eb:49:40:95:
         e4:58:52:0a:8f:0e:1a:8d:3e:a3:09:73:9f:31:25:23:6a:65:
         87:31:2b:72:d2:3d:36:5f:c8:e6:02:dd:d6:90:f0:a5:da:41:
         0b:ae:ba:96:bd:1d:ce:8f:dd:d3:af:5c:a5:00:5b:c6:90:93:
         46:f7:cc:24:9b:d5:72:78:c7:89:71:c8:4f:a9:e2:17:3f:6c:
         00:b2:ad:fd:61:a1:a1:a0:99:79:0d:cb:a9:bc:ba:bf:95:2a:
         5b:d6:79:d8:81:76:53:2b:af:a3:83:3f:f0:c7:18:d1:4a:a8:
         55:c1:4a:0b:37:53:6d:62:11:c8:2e:12:ae:3b:af:4e:11:a7:
         cb:99:b5:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3EeUAQIWJbvsVgjwZKRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJmNDhmMTg1MjdiMmIzYjU5YmZiZjNmZGZmMjA0NDky
YmNlOTEwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjIyNDYwYWRiOWI0MDA3ZjMxZTAyNzgzNWZjNTJlYjE3NjgxOWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqAKKetVP+lEQr8wl+Tvqrhob/YR
ilCdq3Df6jJChjc4t1ETcRlr8gv8HCgJDNazsj4A4KQE9MULvaJrLWfZzF9L4FO6
LkzbiS1G5zQSQveCCg/VGTzsmq1qLp8df/Sd9IESzya+h/iwTJV1w6bE/n/OFKWu
AtOeyQ7HDw0p0LrmUg/lKByDeAEM6urxVQiBj6iZSRTUzbbZ7rwnwGcS/E5sEZFn
0mMO1Mki4FaH11t9YEATJHRrlNWxFW6eZ0oAUxyLLffvD5ViVLuQRPl0iuhtMyMI
l+RxYanGC0vfggmiC5mzwjyRIBOsDOprFtlAzy+bbY3WAIYJQqidsimb+wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK8iRgrbm0AH8x4CeDX8UusXaBmoMB8GA1UdIwQY
MBaAFINb9I8YUnsrO1m/vz/f8gRJK86RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2MGp4aFNleXM3V2ItX1A5X3lCRWtyenBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC82NDNmODYtNjM2Zi00YzZlLTllNjAt
YTk1YjYzN2FmYzhkLzEvcnlKR0N0dWJRQWZ6SGdKNE5meFM2eGRvR2FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC82NDNmODYtNjM2Zi00YzZlLTllNjAtYTk1YjYzN2FmYzhk
LzEvZzF2MGp4aFNleXM3V2ItX1A5X3lCRWtyenBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9gUMA8E
AgACMAkDBwAgAQZ8AcwwDQYJKoZIhvcNAQELBQADggEBAJ3t8boUj6S4fZBzXyHs
arARO1W5giaZkrmaMQAN8rasTiPbmky2KiBYPjTTFtfCZSEUyd3YG9YdRgy6b+0G
CCL2R+0/4TR/jesiFGnJoTj8DJdb16ylsvlaHk5MGnpfKCTfdmPmStp5zXaHt1LD
+jkIRaPCv/wNFt/e60lAleRYUgqPDhqNPqMJc58xJSNqZYcxK3LSPTZfyOYC3daQ
8KXaQQuuupa9Hc6P3dOvXKUAW8aQk0b3zCSb1XJ4x4lxyE+p4hc/bACyrf1hoaGg
mXkNy6m8ur+VKlvWediBdlMrr6ODP/DHGNFKqFXBSgs3U21iEcguEq47r04Rp8uZ
tQI=
-----END CERTIFICATE-----