Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/d74420-6425-4272-93a2-3586164a7f44/1/ys87lPqba3e30LkRL5EL8XTzaEI.roa
File:                     ys87lPqba3e30LkRL5EL8XTzaEI.roa (raw, json)
Hash identifier:          1o6OzNR1lgcKCBRizIWfdd4kPZXG+MF/RNtjcGBO9TA=
Subject key identifier:   CA:CF:3B:94:FA:9B:6B:77:B7:D0:B9:11:2F:91:0B:F1:74:F3:68:42
Certificate issuer:       /CN=58131e8f9a485040d9fcae7167a428b8a12f49ea
Certificate serial:       018CC6B7D1C415047BAB8D97FDDD8AFAC18D
Authority key identifier: 58:13:1E:8F:9A:48:50:40:D9:FC:AE:71:67:A4:28:B8:A1:2F:49:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WBMej5pIUEDZ_K5xZ6QouKEvSeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/d74420-6425-4272-93a2-3586164a7f44/1/ys87lPqba3e30LkRL5EL8XTzaEI.roa
Signing time:             Mon 01 Jan 2024 20:29:44 +0000
ROA not before:           Mon 01 Jan 2024 20:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29075
IP address blocks:        91.208.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/d74420-6425-4272-93a2-3586164a7f44/1/WBMej5pIUEDZ_K5xZ6QouKEvSeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/d74420-6425-4272-93a2-3586164a7f44/1/WBMej5pIUEDZ_K5xZ6QouKEvSeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WBMej5pIUEDZ_K5xZ6QouKEvSeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:d1:c4:15:04:7b:ab:8d:97:fd:dd:8a:fa:c1:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58131e8f9a485040d9fcae7167a428b8a12f49ea
        Validity
            Not Before: Jan  1 20:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cacf3b94fa9b6b77b7d0b9112f910bf174f36842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:2c:1c:4f:68:e9:bd:2d:68:cf:ae:58:69:95:
                    26:a5:e3:55:71:c5:ff:61:e9:b0:f9:49:6c:23:23:
                    2f:03:8b:03:4b:23:cf:c5:86:9b:ef:a4:4a:a6:a1:
                    db:7e:9f:fa:7b:73:74:7e:90:4c:22:0a:c3:f7:ec:
                    b2:8a:5a:d7:ea:fc:ab:e6:c5:de:18:f3:b7:48:b0:
                    2e:94:20:d4:b5:8d:58:72:11:9b:d3:3b:ec:a4:4c:
                    6a:65:f0:a9:4d:76:ff:93:3d:f5:0d:e2:4b:71:01:
                    8f:8f:d5:39:2b:aa:d5:fc:b0:d0:cb:ef:37:f1:3b:
                    47:84:98:85:cc:ff:44:a1:75:5e:c7:65:80:1c:fd:
                    68:24:be:5f:c4:e6:1d:03:7f:e9:91:a3:b6:ce:88:
                    0c:f8:d3:9c:5f:a1:71:70:75:b3:4e:55:25:8d:13:
                    31:5b:f6:70:0b:6e:80:12:9e:9c:a1:5f:89:8b:2b:
                    0d:c6:e2:5e:de:45:d0:f9:cc:03:75:64:9b:83:8a:
                    6c:ac:ca:e5:fc:62:8e:a0:7a:34:79:0b:29:fc:d0:
                    ea:39:fe:6a:48:7c:d6:ce:83:cb:ad:db:9f:ea:3f:
                    13:91:1f:eb:34:6b:4e:f4:de:ab:57:38:70:c5:cc:
                    b9:7d:bc:1c:7f:1f:1f:6a:31:c8:1f:e7:b6:92:d4:
                    87:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:CF:3B:94:FA:9B:6B:77:B7:D0:B9:11:2F:91:0B:F1:74:F3:68:42
            X509v3 Authority Key Identifier:
                keyid:58:13:1E:8F:9A:48:50:40:D9:FC:AE:71:67:A4:28:B8:A1:2F:49:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WBMej5pIUEDZ_K5xZ6QouKEvSeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/d74420-6425-4272-93a2-3586164a7f44/1/ys87lPqba3e30LkRL5EL8XTzaEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/d74420-6425-4272-93a2-3586164a7f44/1/WBMej5pIUEDZ_K5xZ6QouKEvSeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:02:8c:1a:9f:71:5c:d2:82:94:a3:74:30:92:49:18:24:09:
         75:60:bd:71:b2:0f:3e:e0:03:03:4b:de:b6:3c:d9:46:5a:35:
         6d:63:5b:32:48:44:89:e8:e3:44:1d:d4:dd:e7:20:ff:cc:b5:
         bf:e9:82:9a:83:6f:2e:52:16:eb:74:49:f8:b1:8d:e5:e0:5a:
         0f:7b:c4:df:65:77:48:8b:d7:78:9b:13:35:c5:c0:ee:25:c0:
         eb:05:e0:62:3f:29:5b:36:f6:09:19:4b:73:74:d5:f8:49:4f:
         c4:59:73:3e:79:1f:8f:7a:68:35:eb:8b:95:81:09:7a:da:a6:
         a6:e2:68:c6:2a:fa:a6:7f:d0:1a:6d:7c:2c:6d:02:51:0a:4c:
         3d:ce:f6:54:76:a2:b7:a5:29:fc:13:74:8a:c2:8e:b5:c9:ec:
         8c:0a:08:a4:63:6f:76:f7:11:98:d9:0c:61:c2:0d:3a:65:09:
         dd:8f:6e:48:09:75:b4:22:64:57:3e:7e:fe:a3:1d:4e:d9:09:
         66:28:f6:39:f4:50:b1:c8:c5:4c:1b:3f:5c:45:f7:44:74:5b:
         77:80:f3:20:5a:a3:cd:01:ba:28:cb:2a:fb:7b:0c:3c:03:88:
         1b:79:9a:b9:56:cd:69:76:f5:43:c9:76:0e:c1:06:4d:44:41:
         82:f7:57:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt9HEFQR7q42X/d2K+sGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MTMxZThmOWE0ODUwNDBkOWZjYWU3MTY3YTQyOGI4YTEy
ZjQ5ZWEwHhcNMjQwMTAxMjAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWNmM2I5NGZhOWI2Yjc3YjdkMGI5MTEyZjkxMGJmMTc0ZjM2ODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6SwcT2jpvS1oz65YaZUmpeNVccX/
Yemw+UlsIyMvA4sDSyPPxYab76RKpqHbfp/6e3N0fpBMIgrD9+yyilrX6vyr5sXe
GPO3SLAulCDUtY1YchGb0zvspExqZfCpTXb/kz31DeJLcQGPj9U5K6rV/LDQy+83
8TtHhJiFzP9EoXVex2WAHP1oJL5fxOYdA3/pkaO2zogM+NOcX6FxcHWzTlUljRMx
W/ZwC26AEp6coV+JiysNxuJe3kXQ+cwDdWSbg4psrMrl/GKOoHo0eQsp/NDqOf5q
SHzWzoPLrduf6j8TkR/rNGtO9N6rVzhwxcy5fbwcfx8fajHIH+e2ktSHFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrPO5T6m2t3t9C5ES+RC/F082hCMB8GA1UdIwQY
MBaAFFgTHo+aSFBA2fyucWekKLihL0nqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0JNZWo1cElVRURaX0s1eFo2UW91S0V2U2VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9kNzQ0MjAtNjQyNS00MjcyLTkzYTIt
MzU4NjE2NGE3ZjQ0LzEveXM4N2xQcWJhM2UzMExrUkw1RUw4WFR6YUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9kNzQ0MjAtNjQyNS00MjcyLTkzYTItMzU4NjE2NGE3ZjQ0
LzEvV0JNZWo1cElVRURaX0s1eFo2UW91S0V2U2VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AoMA0G
CSqGSIb3DQEBCwUAA4IBAQCOAowan3Fc0oKUo3QwkkkYJAl1YL1xsg8+4AMDS962
PNlGWjVtY1sySESJ6ONEHdTd5yD/zLW/6YKag28uUhbrdEn4sY3l4FoPe8TfZXdI
i9d4mxM1xcDuJcDrBeBiPylbNvYJGUtzdNX4SU/EWXM+eR+Pemg164uVgQl62qam
4mjGKvqmf9AabXwsbQJRCkw9zvZUdqK3pSn8E3SKwo61yeyMCgikY2929xGY2Qxh
wg06ZQndj25ICXW0ImRXPn7+ox1O2QlmKPY59FCxyMVMGz9cRfdEdFt3gPMgWqPN
Abooyyr7eww8A4gbeZq5Vs1pdvVDyXYOwQZNREGC91dT
-----END CERTIFICATE-----