Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/eb0e6b-091d-4ff1-90bb-74a395aa5606/1/03wQK1QCoiKLtNpoIAkg6eOd_X8.roa
File:                     03wQK1QCoiKLtNpoIAkg6eOd_X8.roa (raw, json)
Hash identifier:          s/tivKj+QXcRs3O4PfAfiZ0VUsVI6NRbmaKjjSCeTns=
Subject key identifier:   D3:7C:10:2B:54:02:A2:22:8B:B4:DA:68:20:09:20:E9:E3:9D:FD:7F
Certificate issuer:       /CN=e92e146a1e9e83b3756f048b6c1b31e0fc7d207d
Certificate serial:       018CC9BC4081587A53A15166D1C9DD31667A
Authority key identifier: E9:2E:14:6A:1E:9E:83:B3:75:6F:04:8B:6C:1B:31:E0:FC:7D:20:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6S4Uah6eg7N1bwSLbBsx4Px9IH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/eb0e6b-091d-4ff1-90bb-74a395aa5606/1/03wQK1QCoiKLtNpoIAkg6eOd_X8.roa
Signing time:             Tue 02 Jan 2024 10:33:26 +0000
ROA not before:           Tue 02 Jan 2024 10:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51753
IP address blocks:        91.220.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/eb0e6b-091d-4ff1-90bb-74a395aa5606/1/6S4Uah6eg7N1bwSLbBsx4Px9IH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/eb0e6b-091d-4ff1-90bb-74a395aa5606/1/6S4Uah6eg7N1bwSLbBsx4Px9IH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6S4Uah6eg7N1bwSLbBsx4Px9IH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:40:81:58:7a:53:a1:51:66:d1:c9:dd:31:66:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92e146a1e9e83b3756f048b6c1b31e0fc7d207d
        Validity
            Not Before: Jan  2 10:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d37c102b5402a2228bb4da68200920e9e39dfd7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:aa:60:af:1d:30:e0:5f:ed:73:6a:91:29:c3:
                    e8:0d:31:6d:f0:a5:3c:92:60:ed:b6:5c:24:f7:02:
                    5d:3e:df:db:e3:81:c0:c0:dd:06:b8:f1:3d:c3:1e:
                    1a:8d:e8:dd:a3:26:d6:2c:05:99:10:05:b4:7e:f8:
                    d7:22:87:6d:ff:f3:74:45:f6:a2:0a:fe:5f:27:ed:
                    65:3a:05:9a:b3:5f:fc:d4:47:4c:ce:cb:b2:81:53:
                    5c:5b:65:0c:1e:58:02:14:3c:ba:8d:11:ea:d2:7a:
                    2c:4e:ba:b9:74:47:d7:1f:b1:0f:65:c1:01:e2:ad:
                    5f:33:3d:11:b6:01:7d:dc:00:f7:88:b1:71:69:0d:
                    15:f1:9a:c5:a6:c3:ff:9c:de:6e:9e:cc:8f:74:e8:
                    3a:f0:92:9c:e1:82:a0:48:06:ce:4d:63:d1:64:67:
                    f9:07:09:c7:51:53:0d:39:05:f4:ce:b0:54:ee:8d:
                    04:2f:22:5e:e6:ce:e8:8f:bc:a0:23:f4:19:5c:a5:
                    62:1f:65:ee:63:35:1e:cb:b4:90:6b:b9:ab:ba:81:
                    64:54:34:a9:06:c8:69:34:5d:be:31:8e:fa:aa:20:
                    a3:9e:94:cd:d2:44:bb:01:ad:a2:a2:7d:c8:a2:7f:
                    80:77:64:61:38:6a:92:8f:c2:46:77:b1:e3:93:a0:
                    4b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:7C:10:2B:54:02:A2:22:8B:B4:DA:68:20:09:20:E9:E3:9D:FD:7F
            X509v3 Authority Key Identifier:
                keyid:E9:2E:14:6A:1E:9E:83:B3:75:6F:04:8B:6C:1B:31:E0:FC:7D:20:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6S4Uah6eg7N1bwSLbBsx4Px9IH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/eb0e6b-091d-4ff1-90bb-74a395aa5606/1/03wQK1QCoiKLtNpoIAkg6eOd_X8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/eb0e6b-091d-4ff1-90bb-74a395aa5606/1/6S4Uah6eg7N1bwSLbBsx4Px9IH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:35:9c:e5:8b:45:6f:cb:25:5f:29:3f:db:d5:63:7b:18:cc:
         f6:46:38:75:e4:10:82:b2:58:49:78:53:17:33:3e:87:21:89:
         4e:a5:8b:79:96:ed:62:6a:49:ea:7f:4a:09:4b:07:30:ce:15:
         91:ff:d3:f1:1e:ad:cd:b4:e7:b8:87:d9:ec:d6:f0:7a:0c:d0:
         ca:6f:16:c8:8c:e0:cf:ec:1e:a8:97:ed:ed:f9:47:74:90:9b:
         0b:65:c1:d0:d4:d9:88:b1:80:20:1d:b2:73:c2:d4:d4:80:e6:
         5b:85:32:6c:79:14:7b:64:57:77:30:a7:7a:9b:d9:76:51:91:
         d3:ef:0c:59:7e:ca:37:1f:9c:a6:b5:52:0f:3a:65:53:18:c1:
         b9:3b:92:92:9d:8d:c6:24:00:e9:51:8f:a6:25:ae:86:28:78:
         4b:72:f6:58:c6:af:ba:10:3d:43:c6:05:d9:14:be:af:a4:ee:
         43:d8:db:53:17:48:48:c5:68:17:a3:a9:d9:df:34:40:ee:f6:
         4a:53:57:f6:3f:4f:80:ff:33:52:ae:11:7b:0b:e9:61:a2:e8:
         f6:40:3b:ae:d3:ef:f9:7b:fb:93:13:5f:6a:57:f1:e0:1c:74:
         14:86:b9:cd:42:5f:9d:d2:32:6e:19:b3:9f:e8:53:28:b6:0b:
         9d:25:1b:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvECBWHpToVFm0cndMWZ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmUxNDZhMWU5ZTgzYjM3NTZmMDQ4YjZjMWIzMWUwZmM3
ZDIwN2QwHhcNMjQwMTAyMTAzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzdjMTAyYjU0MDJhMjIyOGJiNGRhNjgyMDA5MjBlOWUzOWRmZDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6pgrx0w4F/tc2qRKcPoDTFt8KU8
kmDttlwk9wJdPt/b44HAwN0GuPE9wx4ajejdoybWLAWZEAW0fvjXIodt//N0Rfai
Cv5fJ+1lOgWas1/81EdMzsuygVNcW2UMHlgCFDy6jRHq0nosTrq5dEfXH7EPZcEB
4q1fMz0RtgF93AD3iLFxaQ0V8ZrFpsP/nN5unsyPdOg68JKc4YKgSAbOTWPRZGf5
BwnHUVMNOQX0zrBU7o0ELyJe5s7oj7ygI/QZXKViH2XuYzUey7SQa7mruoFkVDSp
BshpNF2+MY76qiCjnpTN0kS7Aa2ion3Ion+Ad2RhOGqSj8JGd7Hjk6BLKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNN8ECtUAqIii7TaaCAJIOnjnf1/MB8GA1UdIwQY
MBaAFOkuFGoenoOzdW8Ei2wbMeD8fSB9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlM0VWFoNmVnN04xYndTTGJCc3g0UHg5SUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9lYjBlNmItMDkxZC00ZmYxLTkwYmIt
NzRhMzk1YWE1NjA2LzEvMDN3UUsxUUNvaUtMdE5wb0lBa2c2ZU9kX1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9lYjBlNmItMDkxZC00ZmYxLTkwYmItNzRhMzk1YWE1NjA2
LzEvNlM0VWFoNmVnN04xYndTTGJCc3g0UHg5SUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xCMA0G
CSqGSIb3DQEBCwUAA4IBAQCVNZzli0VvyyVfKT/b1WN7GMz2Rjh15BCCslhJeFMX
Mz6HIYlOpYt5lu1iaknqf0oJSwcwzhWR/9PxHq3NtOe4h9ns1vB6DNDKbxbIjODP
7B6ol+3t+Ud0kJsLZcHQ1NmIsYAgHbJzwtTUgOZbhTJseRR7ZFd3MKd6m9l2UZHT
7wxZfso3H5ymtVIPOmVTGMG5O5KSnY3GJADpUY+mJa6GKHhLcvZYxq+6ED1DxgXZ
FL6vpO5D2NtTF0hIxWgXo6nZ3zRA7vZKU1f2P0+A/zNSrhF7C+lhouj2QDuu0+/5
e/uTE19qV/HgHHQUhrnNQl+d0jJuGbOf6FMotgudJRt9
-----END CERTIFICATE-----