Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/oiM1IgrYDgTti_QMigSX_OuM4L8.roa
File:                     oiM1IgrYDgTti_QMigSX_OuM4L8.roa (raw, json)
Hash identifier:          j20H5STQa60YP6Gw6o0EUQhhcIx+2VEjgyPJtfJNcZo=
Subject key identifier:   A2:23:35:22:0A:D8:0E:04:ED:8B:F4:0C:8A:04:97:FC:EB:8C:E0:BF
Certificate issuer:       /CN=08bf59899b7aca30a3c7d5db93b212d98709c89b
Certificate serial:       018CC2DAC67AE37C5D07D9668A0C6830683C
Authority key identifier: 08:BF:59:89:9B:7A:CA:30:A3:C7:D5:DB:93:B2:12:D9:87:09:C8:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/oiM1IgrYDgTti_QMigSX_OuM4L8.roa
Signing time:             Mon 01 Jan 2024 02:29:26 +0000
ROA not before:           Mon 01 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58308
IP address blocks:        91.109.120.0/21 maxlen: 21
                          185.144.152.0/22 maxlen: 22
                          2a01:66c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c6:7a:e3:7c:5d:07:d9:66:8a:0c:68:30:68:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08bf59899b7aca30a3c7d5db93b212d98709c89b
        Validity
            Not Before: Jan  1 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a22335220ad80e04ed8bf40c8a0497fceb8ce0bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:69:73:1d:93:da:cc:9a:ef:a1:5c:5a:3f:ca:
                    cf:a7:7b:93:0f:90:47:a0:a9:b8:54:8f:08:52:b5:
                    a4:67:13:68:2b:9c:9c:f0:ca:51:30:ec:74:b2:fa:
                    e9:c6:56:64:5d:09:9a:d9:2c:c0:36:e4:55:12:ba:
                    b3:19:93:fd:35:36:35:7b:9f:a7:5a:03:30:e9:44:
                    1a:b3:1f:7b:d0:5b:9c:4f:be:c4:ee:fd:b2:b3:57:
                    33:bc:a0:b5:02:68:de:f7:1e:60:73:af:4e:c4:da:
                    15:70:55:cf:3c:e7:bf:ca:ac:95:5c:19:ac:64:a8:
                    62:19:f7:6a:20:ee:2b:85:8a:3a:8f:97:88:d5:26:
                    fc:5f:99:5e:65:5d:c1:7f:f6:21:ce:a1:44:d6:9d:
                    b3:29:2b:c7:e3:4c:d8:76:36:f2:b4:ff:f2:49:65:
                    27:8d:66:6a:f3:f7:93:5c:be:89:11:cb:96:1b:40:
                    00:94:15:6e:49:9b:45:fd:a7:da:8e:a6:cf:23:34:
                    0d:bf:bc:00:ce:a0:14:01:59:ac:c4:19:17:8a:3f:
                    08:c5:dd:ef:51:9f:ab:b4:aa:c1:d7:fb:e3:93:42:
                    52:c4:ca:3e:3c:57:21:4d:85:58:5b:07:89:0f:63:
                    bd:9d:68:bd:4c:5c:dc:10:3f:8d:b9:80:bc:ac:90:
                    84:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:23:35:22:0A:D8:0E:04:ED:8B:F4:0C:8A:04:97:FC:EB:8C:E0:BF
            X509v3 Authority Key Identifier:
                keyid:08:BF:59:89:9B:7A:CA:30:A3:C7:D5:DB:93:B2:12:D9:87:09:C8:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/oiM1IgrYDgTti_QMigSX_OuM4L8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.120.0/21
                  185.144.152.0/22
                IPv6:
                  2a01:66c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:84:0d:1f:c6:2c:42:45:cf:e1:08:9f:05:33:3a:96:fd:7b:
         9d:12:5b:21:81:1b:25:5f:ad:5f:06:27:75:b4:77:6e:11:cb:
         84:99:5b:45:5a:de:6e:09:9e:7a:b4:80:90:07:99:9a:9f:ca:
         f3:3c:8e:9e:29:a3:1b:88:3a:df:a6:cc:d2:ce:c5:27:98:2d:
         d0:00:fa:e2:d5:32:6f:13:0f:53:b1:8e:19:91:fa:de:ff:2e:
         7e:2e:32:62:6f:c4:2a:86:39:33:fb:04:75:2d:45:57:51:67:
         91:5b:74:a6:5d:53:9c:13:ab:79:85:d9:aa:68:c2:9b:0f:7d:
         59:03:19:0a:64:f2:77:e6:4b:ed:eb:99:79:ac:2e:bf:87:f5:
         5f:ff:dd:b0:fd:5f:fa:e6:7b:f3:40:3e:9a:be:34:6b:e9:b7:
         0e:23:b9:43:e0:64:61:4b:c2:37:94:08:5e:a5:c8:ce:88:59:
         a7:b7:58:53:03:53:61:9b:e8:35:aa:d9:69:db:2f:04:ac:53:
         6f:5a:d0:94:76:73:da:a1:8c:5a:4b:0c:38:1b:f3:8d:cd:45:
         78:4e:ce:4f:c8:a0:1e:9a:95:8a:d3:27:e4:e5:4d:81:78:dd:
         b8:4d:73:47:70:55:ac:0a:88:d5:d4:87:86:7c:2c:ca:b8:89:
         00:2a:9d:27
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2sZ643xdB9lmigxoMGg8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YmY1OTg5OWI3YWNhMzBhM2M3ZDVkYjkzYjIxMmQ5ODcw
OWM4OWIwHhcNMjQwMTAxMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjIzMzUyMjBhZDgwZTA0ZWQ4YmY0MGM4YTA0OTdmY2ViOGNlMGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmlzHZPazJrvoVxaP8rPp3uTD5BH
oKm4VI8IUrWkZxNoK5yc8MpRMOx0svrpxlZkXQma2SzANuRVErqzGZP9NTY1e5+n
WgMw6UQasx970FucT77E7v2ys1czvKC1Amje9x5gc69OxNoVcFXPPOe/yqyVXBms
ZKhiGfdqIO4rhYo6j5eI1Sb8X5leZV3Bf/YhzqFE1p2zKSvH40zYdjbytP/ySWUn
jWZq8/eTXL6JEcuWG0AAlBVuSZtF/afajqbPIzQNv7wAzqAUAVmsxBkXij8Ixd3v
UZ+rtKrB1/vjk0JSxMo+PFchTYVYWweJD2O9nWi9TFzcED+NuYC8rJCE0wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKIjNSIK2A4E7Yv0DIoEl/zrjOC/MB8GA1UdIwQY
MBaAFAi/WYmbesowo8fV25OyEtmHCcibMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0w5WmladDZ5akNqeDlYYms3SVMyWWNKeUpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9jZTE2NzctZDkyNy00NGM2LWE5MDkt
M2IyYjUxYTVlM2RhLzEvb2lNMUlncllEZ1R0aV9RTWlnU1hfT3VNNEw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9jZTE2NzctZDkyNy00NGM2LWE5MDktM2IyYjUxYTVlM2Rh
LzEvQ0w5WmladDZ5akNqeDlYYms3SVMyWWNKeUpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDW214AwQC
uZCYMA0EAgACMAcDBQAqAWbAMA0GCSqGSIb3DQEBCwUAA4IBAQBohA0fxixCRc/h
CJ8FMzqW/XudElshgRslX61fBid1tHduEcuEmVtFWt5uCZ56tICQB5man8rzPI6e
KaMbiDrfpszSzsUnmC3QAPri1TJvEw9TsY4Zkfre/y5+LjJib8Qqhjkz+wR1LUVX
UWeRW3SmXVOcE6t5hdmqaMKbD31ZAxkKZPJ35kvt65l5rC6/h/Vf/92w/V/65nvz
QD6avjRr6bcOI7lD4GRhS8I3lAhepcjOiFmnt1hTA1Nhm+g1qtlp2y8ErFNvWtCU
dnPaoYxaSww4G/ONzUV4Ts5PyKAempWK0yfk5U2BeN24TXNHcFWsCojV1IeGfCzK
uIkAKp0n
-----END CERTIFICATE-----