Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/yQyZnnl22to-vur5Bs_sYPHFL7Y.roa
File:                     yQyZnnl22to-vur5Bs_sYPHFL7Y.roa (raw, json)
Hash identifier:          cMzVV4swfYW/zwCkRp3uvXh/pBqZvw6Zf+7m4R8HkAk=
Subject key identifier:   C9:0C:99:9E:79:76:DA:DA:3E:BE:EA:F9:06:CF:EC:60:F1:C5:2F:B6
Certificate issuer:       /CN=0ede17b8caf02461bf54c0964ed38a2590062f94
Certificate serial:       018CC725BD7CD5D4A18DE5F1E22F06E1B6AB
Authority key identifier: 0E:DE:17:B8:CA:F0:24:61:BF:54:C0:96:4E:D3:8A:25:90:06:2F:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/yQyZnnl22to-vur5Bs_sYPHFL7Y.roa
Signing time:             Mon 01 Jan 2024 22:29:48 +0000
ROA not before:           Mon 01 Jan 2024 22:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        91.102.232.0/21 maxlen: 24
                          91.102.239.0/24 maxlen: 24
                          91.102.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:bd:7c:d5:d4:a1:8d:e5:f1:e2:2f:06:e1:b6:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ede17b8caf02461bf54c0964ed38a2590062f94
        Validity
            Not Before: Jan  1 22:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c90c999e7976dada3ebeeaf906cfec60f1c52fb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a8:d5:a3:63:85:c5:16:d6:ff:eb:b6:49:fd:
                    ef:d4:e8:69:6f:e7:4a:4d:33:b4:99:0c:80:bd:e7:
                    92:48:a7:cc:e6:0f:7a:9b:c6:a9:fb:a3:57:2c:c6:
                    b7:f8:32:f0:a1:3c:a6:19:85:59:0f:3c:55:84:c5:
                    8f:a2:bc:f3:e4:b0:a2:4e:cb:33:a6:a5:c7:58:35:
                    00:f5:24:77:ed:5c:a0:ad:ae:b0:b1:8e:91:8b:00:
                    2e:57:d8:a7:63:c0:fb:cf:f8:4b:81:8a:82:01:7f:
                    c2:0f:74:28:ca:17:a9:48:f0:53:65:f3:36:67:6a:
                    02:6d:fd:4c:63:b9:cf:9b:d3:f2:c9:96:fe:aa:22:
                    44:9f:39:70:73:a4:2a:b5:cb:79:ab:b3:fd:5a:72:
                    f0:14:1a:fb:84:9f:9f:d1:8e:5c:0e:4a:90:06:12:
                    16:a6:64:e6:0e:8d:d6:d4:ee:e5:4a:e7:e9:39:30:
                    9a:81:ff:0b:4f:ed:62:f1:37:42:6f:42:4b:3b:0d:
                    be:da:08:51:46:8e:44:ea:e3:9e:bb:16:74:01:25:
                    a5:b7:b2:5b:b9:8a:b8:a1:c1:a9:f6:6f:40:bc:79:
                    ec:1b:7e:4f:c1:23:93:52:38:96:f2:47:ce:cb:4a:
                    42:15:c9:04:3e:81:c0:ce:de:cd:84:2f:58:36:f9:
                    05:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:0C:99:9E:79:76:DA:DA:3E:BE:EA:F9:06:CF:EC:60:F1:C5:2F:B6
            X509v3 Authority Key Identifier:
                keyid:0E:DE:17:B8:CA:F0:24:61:BF:54:C0:96:4E:D3:8A:25:90:06:2F:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/yQyZnnl22to-vur5Bs_sYPHFL7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         66:96:b1:7c:fc:e7:45:7c:68:04:21:7b:69:52:f3:d7:00:e6:
         86:11:dd:25:f7:c2:d9:06:1a:8f:3d:b5:1b:9b:4a:9f:17:f0:
         a3:12:dc:46:db:67:66:93:ab:81:ca:4f:69:54:cd:63:6c:c1:
         06:9b:a5:cb:93:2c:1a:3c:4c:c9:3b:54:54:ca:3d:c8:37:76:
         6c:7d:ad:ff:66:5d:0e:0c:5d:f5:e8:ad:44:b6:62:92:f3:5d:
         aa:1c:71:43:31:39:28:a0:ae:44:27:0e:68:7a:f2:b0:e9:ad:
         25:f9:ae:50:4f:19:d3:33:7b:55:88:c3:ce:cc:57:a1:ba:1f:
         82:4c:e3:c4:30:b4:f2:83:d5:59:b1:c2:b9:ba:f4:7b:07:29:
         cd:9a:60:ba:a1:dc:b6:38:75:4e:30:88:46:8d:d9:11:ce:e0:
         5a:59:e3:5d:86:88:ff:d1:b7:72:bb:ae:75:81:89:63:ed:93:
         31:1d:7d:c8:57:f6:f2:ec:3c:7f:f8:50:bc:39:92:fe:6f:ef:
         d9:23:bd:1e:38:24:fc:b1:60:c6:17:57:3d:32:6d:d9:f3:40:
         12:28:ae:93:6b:20:86:b1:de:2d:49:c1:e9:1f:32:8c:79:38:
         db:69:11:db:02:2e:ed:3a:33:3e:9e:da:2c:c8:18:af:ff:01:
         2c:14:bb:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJb181dShjeXx4i8G4barMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZGUxN2I4Y2FmMDI0NjFiZjU0YzA5NjRlZDM4YTI1OTAw
NjJmOTQwHhcNMjQwMTAxMjIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTBjOTk5ZTc5NzZkYWRhM2ViZWVhZjkwNmNmZWM2MGYxYzUyZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKjVo2OFxRbW/+u2Sf3v1Ohpb+dK
TTO0mQyAveeSSKfM5g96m8ap+6NXLMa3+DLwoTymGYVZDzxVhMWPorzz5LCiTssz
pqXHWDUA9SR37Vygra6wsY6RiwAuV9inY8D7z/hLgYqCAX/CD3QoyhepSPBTZfM2
Z2oCbf1MY7nPm9PyyZb+qiJEnzlwc6Qqtct5q7P9WnLwFBr7hJ+f0Y5cDkqQBhIW
pmTmDo3W1O7lSufpOTCagf8LT+1i8TdCb0JLOw2+2ghRRo5E6uOeuxZ0ASWlt7Jb
uYq4ocGp9m9AvHnsG35PwSOTUjiW8kfOy0pCFckEPoHAzt7NhC9YNvkFIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkMmZ55dtraPr7q+QbP7GDxxS+2MB8GA1UdIwQY
MBaAFA7eF7jK8CRhv1TAlk7TiiWQBi+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHQ0WHVNcndKR0dfVk1DV1R0T0tKWkFHTDVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9lNGJiNTEtYjk2My00YjQ2LWFhMjct
MjZiZjhjY2Q3Yjc0LzEveVF5Wm5ubDIydG8tdnVyNUJzX3NZUEhGTDdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9lNGJiNTEtYjk2My00YjQ2LWFhMjctMjZiZjhjY2Q3Yjc0
LzEvRHQ0WHVNcndKR0dfVk1DV1R0T0tKWkFHTDVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW2boMA0G
CSqGSIb3DQEBCwUAA4IBAQBmlrF8/OdFfGgEIXtpUvPXAOaGEd0l98LZBhqPPbUb
m0qfF/CjEtxG22dmk6uByk9pVM1jbMEGm6XLkywaPEzJO1RUyj3IN3Zsfa3/Zl0O
DF316K1EtmKS812qHHFDMTkooK5EJw5oevKw6a0l+a5QTxnTM3tViMPOzFehuh+C
TOPEMLTyg9VZscK5uvR7BynNmmC6ody2OHVOMIhGjdkRzuBaWeNdhoj/0bdyu651
gYlj7ZMxHX3IV/by7Dx/+FC8OZL+b+/ZI70eOCT8sWDGF1c9Mm3Z80ASKK6TayCG
sd4tScHpHzKMeTjbaRHbAi7tOjM+ntosyBiv/wEsFLuQ
-----END CERTIFICATE-----