Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/CTyVj91negPcfQ341XG27o-7HfE.roa
File:                     CTyVj91negPcfQ341XG27o-7HfE.roa (raw, json)
Hash identifier:          Y+184hFXWqxPMU7tQl4DGGyIom/U86QwShW27XPpNzw=
Subject key identifier:   09:3C:95:8F:DD:67:7A:03:DC:7D:0D:F8:D5:71:B6:EE:8F:BB:1D:F1
Certificate issuer:       /CN=6b4137c95719de3b0651e44ad0683501ae67eb88
Certificate serial:       018E5C4BF31E8117BD35CC75F48FA3CE1A1C
Authority key identifier: 6B:41:37:C9:57:19:DE:3B:06:51:E4:4A:D0:68:35:01:AE:67:EB:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/CTyVj91negPcfQ341XG27o-7HfE.roa
Signing time:             Wed 20 Mar 2024 14:37:45 +0000
ROA not before:           Wed 20 Mar 2024 14:37:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273189
IP address blocks:        80.80.90.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5c:4b:f3:1e:81:17:bd:35:cc:75:f4:8f:a3:ce:1a:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b4137c95719de3b0651e44ad0683501ae67eb88
        Validity
            Not Before: Mar 20 14:37:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=093c958fdd677a03dc7d0df8d571b6ee8fbb1df1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:25:a3:db:05:95:86:66:4b:94:2d:a8:23:9c:
                    95:fb:4f:b3:fb:ac:0f:a5:db:6e:f5:73:38:7c:18:
                    2f:0d:b9:93:a7:15:f3:4e:ab:53:05:95:48:c0:3f:
                    fd:7d:69:fe:dc:da:3f:53:47:a7:0e:59:86:e7:e0:
                    ac:9a:7a:bf:5e:bc:09:2c:25:e9:eb:25:86:06:c7:
                    96:a9:6c:9e:a5:fc:43:74:82:44:97:3a:ed:e0:cf:
                    89:c8:86:82:1f:2a:23:4e:15:8d:bb:8f:72:39:21:
                    10:dd:12:64:b2:31:d6:e4:46:e8:41:0e:59:06:bf:
                    47:d7:e7:c2:eb:29:86:60:c0:71:53:ab:14:7f:e6:
                    d7:27:c8:49:48:43:36:0e:57:6f:11:9d:71:57:1b:
                    4c:be:9d:f1:87:27:17:c1:7d:b1:e7:82:bc:37:e0:
                    c8:bd:04:60:4b:c4:79:58:de:fc:db:5e:72:36:b7:
                    ac:e8:e8:0d:8a:4a:a5:21:cf:97:7e:90:31:e0:92:
                    1a:3f:7b:b5:c0:5b:f7:b6:14:34:2e:94:93:23:93:
                    28:02:de:d3:bd:a3:e0:4b:f1:29:03:48:96:b6:86:
                    06:57:c7:33:ef:74:ad:80:0a:87:58:30:be:ab:a9:
                    63:e6:23:ed:ee:8f:d8:b8:03:31:30:a5:64:03:a9:
                    60:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:3C:95:8F:DD:67:7A:03:DC:7D:0D:F8:D5:71:B6:EE:8F:BB:1D:F1
            X509v3 Authority Key Identifier:
                keyid:6B:41:37:C9:57:19:DE:3B:06:51:E4:4A:D0:68:35:01:AE:67:EB:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/CTyVj91negPcfQ341XG27o-7HfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.80.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:43:66:bd:fb:39:13:b7:50:75:86:a7:8c:58:04:45:69:65:
         9d:8f:bc:b9:3c:97:8b:b5:90:1b:81:bf:98:a9:25:93:89:a9:
         f0:5a:ef:1b:4e:f5:6d:91:c2:9a:29:1f:2c:6b:9c:5b:f9:a1:
         77:7b:07:7c:8b:31:ce:44:2f:66:0b:ce:f8:1a:35:ca:62:a4:
         ae:90:27:24:24:9d:b4:14:40:d0:70:fa:30:29:2e:b6:5d:b6:
         a9:8e:99:30:48:d5:7c:46:6d:1e:e9:27:57:f6:66:bc:cd:bb:
         b6:2a:dc:aa:aa:82:0b:c3:83:d2:73:19:c0:2d:d6:af:79:1b:
         4a:8d:c1:71:3c:37:04:d8:90:c4:4b:7c:98:ca:a3:c1:45:80:
         81:d2:56:fd:eb:04:2d:95:4f:99:76:9c:b3:4a:59:f5:34:97:
         41:54:1c:56:9b:f3:1d:21:07:8e:00:65:ba:9a:e0:d1:8d:4d:
         32:52:3e:25:84:8f:c8:fd:2f:20:9a:02:8e:74:49:4a:d2:3c:
         e6:52:9b:10:83:76:6f:9a:58:f8:a3:01:30:da:d5:99:f6:37:
         a6:06:d6:a1:17:75:db:67:dd:9c:85:1a:cc:f9:7f:2c:e0:68:
         32:9a:46:b4:f3:4f:52:a4:fb:c8:04:d0:79:88:4b:cc:93:54:
         38:8d:49:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5cS/MegRe9Ncx19I+jzhocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNDEzN2M5NTcxOWRlM2IwNjUxZTQ0YWQwNjgzNTAxYWU2
N2ViODgwHhcNMjQwMzIwMTQzNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTNjOTU4ZmRkNjc3YTAzZGM3ZDBkZjhkNTcxYjZlZThmYmIxZGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSWj2wWVhmZLlC2oI5yV+0+z+6wP
pdtu9XM4fBgvDbmTpxXzTqtTBZVIwD/9fWn+3No/U0enDlmG5+Csmnq/XrwJLCXp
6yWGBseWqWyepfxDdIJElzrt4M+JyIaCHyojThWNu49yOSEQ3RJksjHW5EboQQ5Z
Br9H1+fC6ymGYMBxU6sUf+bXJ8hJSEM2DldvEZ1xVxtMvp3xhycXwX2x54K8N+DI
vQRgS8R5WN78215yNres6OgNikqlIc+XfpAx4JIaP3u1wFv3thQ0LpSTI5MoAt7T
vaPgS/EpA0iWtoYGV8cz73StgAqHWDC+q6lj5iPt7o/YuAMxMKVkA6lg/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAk8lY/dZ3oD3H0N+NVxtu6Pux3xMB8GA1UdIwQY
MBaAFGtBN8lXGd47BlHkStBoNQGuZ+uIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTBFM3lWY1ozanNHVWVSSzBHZzFBYTVuNjRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9hYjdmMGQtZGQzMC00OGRmLWJiMGMt
ODViMjZiM2VkOTgzLzEvQ1R5Vmo5MW5lZ1BjZlEzNDFYRzI3by03SGZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9hYjdmMGQtZGQzMC00OGRmLWJiMGMtODViMjZiM2VkOTgz
LzEvYTBFM3lWY1ozanNHVWVSSzBHZzFBYTVuNjRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFBaMA0G
CSqGSIb3DQEBCwUAA4IBAQAwQ2a9+zkTt1B1hqeMWARFaWWdj7y5PJeLtZAbgb+Y
qSWTianwWu8bTvVtkcKaKR8sa5xb+aF3ewd8izHORC9mC874GjXKYqSukCckJJ20
FEDQcPowKS62XbapjpkwSNV8Rm0e6SdX9ma8zbu2KtyqqoILw4PScxnALdaveRtK
jcFxPDcE2JDES3yYyqPBRYCB0lb96wQtlU+ZdpyzSln1NJdBVBxWm/MdIQeOAGW6
muDRjU0yUj4lhI/I/S8gmgKOdElK0jzmUpsQg3Zvmlj4owEw2tWZ9jemBtahF3Xb
Z92chRrM+X8s4Ggymka0809SpPvIBNB5iEvMk1Q4jUnd
-----END CERTIFICATE-----