Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/c7c207-a3ba-49c8-a894-084d4748c385/1/B2VzUTgvRr3ik3YmAz5oFHa9AQA.roa
File:                     B2VzUTgvRr3ik3YmAz5oFHa9AQA.roa (raw, json)
Hash identifier:          uwfZWcYh2o6X61UWPZCGeF/9JH4xd7zTKmrtrdzGnEg=
Subject key identifier:   07:65:73:51:38:2F:46:BD:E2:93:76:26:03:3E:68:14:76:BD:01:00
Certificate issuer:       /CN=81a688012c122678185fceb7e1037f0e1ed17861
Certificate serial:       018CC492E1B59776F744DC42C0585EB3B883
Authority key identifier: 81:A6:88:01:2C:12:26:78:18:5F:CE:B7:E1:03:7F:0E:1E:D1:78:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gaaIASwSJngYX8634QN_Dh7ReGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/c7c207-a3ba-49c8-a894-084d4748c385/1/B2VzUTgvRr3ik3YmAz5oFHa9AQA.roa
Signing time:             Mon 01 Jan 2024 10:30:09 +0000
ROA not before:           Mon 01 Jan 2024 10:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51877
IP address blocks:        91.220.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/c7c207-a3ba-49c8-a894-084d4748c385/1/gaaIASwSJngYX8634QN_Dh7ReGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/c7c207-a3ba-49c8-a894-084d4748c385/1/gaaIASwSJngYX8634QN_Dh7ReGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gaaIASwSJngYX8634QN_Dh7ReGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e1:b5:97:76:f7:44:dc:42:c0:58:5e:b3:b8:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a688012c122678185fceb7e1037f0e1ed17861
        Validity
            Not Before: Jan  1 10:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07657351382f46bde2937626033e681476bd0100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:38:8f:c1:9a:7a:f3:0a:58:38:6e:ce:2a:1e:
                    db:ba:f3:9c:6a:13:d6:aa:ed:6a:39:c8:30:e6:81:
                    6a:60:4b:c3:95:e3:d5:4b:4f:52:5a:d8:8f:65:7c:
                    31:ba:6c:ee:fa:49:70:5b:5f:1d:31:86:5c:e9:94:
                    aa:45:68:fa:b1:80:17:ba:7a:39:cc:83:fb:af:47:
                    01:05:e0:bf:04:b7:31:32:de:77:59:25:dc:e8:f2:
                    45:ce:9a:6d:8f:f3:93:ba:c3:d7:4e:8b:cb:c1:a3:
                    4e:c1:59:e6:cb:d8:fd:4c:25:43:e6:6a:d1:2a:9c:
                    5c:b0:8d:9f:e0:63:68:f0:e1:44:7f:17:c2:50:98:
                    90:b3:d2:54:c4:9c:7f:63:6c:38:2f:cd:b4:0b:61:
                    cb:8b:c2:37:2e:f6:81:90:e4:12:0e:28:ac:00:a5:
                    51:a1:f2:a2:d0:22:00:5a:b4:0b:3e:44:f2:41:ef:
                    9e:06:17:92:c9:86:12:84:b7:08:80:52:47:42:ee:
                    e2:97:67:16:9e:10:88:77:50:eb:c6:63:32:ba:f6:
                    0c:d8:36:6c:eb:f1:0d:b0:d3:d3:e2:30:1d:fa:7d:
                    73:87:92:a0:9f:45:fa:f9:88:c8:7f:cf:d3:65:13:
                    47:55:4c:6c:fd:4c:5a:7a:9d:93:4d:66:d9:b7:3b:
                    47:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:65:73:51:38:2F:46:BD:E2:93:76:26:03:3E:68:14:76:BD:01:00
            X509v3 Authority Key Identifier:
                keyid:81:A6:88:01:2C:12:26:78:18:5F:CE:B7:E1:03:7F:0E:1E:D1:78:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gaaIASwSJngYX8634QN_Dh7ReGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/c7c207-a3ba-49c8-a894-084d4748c385/1/B2VzUTgvRr3ik3YmAz5oFHa9AQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/c7c207-a3ba-49c8-a894-084d4748c385/1/gaaIASwSJngYX8634QN_Dh7ReGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:7b:32:a3:98:53:2b:4e:7f:13:09:b0:3a:d4:98:23:47:0e:
         9a:1e:aa:2f:24:85:99:9c:b6:38:28:9f:76:da:d2:92:06:0a:
         84:99:0f:f8:45:28:2c:0c:d0:a7:7f:75:0b:6c:9c:ec:70:68:
         61:fe:bf:f6:1e:4d:04:77:e0:8d:98:c1:e7:c9:9a:49:81:2c:
         14:2a:57:0d:4b:22:af:1e:39:c5:6c:39:b5:18:bb:ad:7d:a3:
         18:08:90:f2:f0:1e:0a:22:87:ca:1a:2d:7d:95:bc:e0:dc:6f:
         f0:f2:cb:0e:f1:98:4c:25:d5:dd:d6:63:7b:09:98:08:5f:11:
         18:fa:2d:ae:af:7d:ac:8d:c4:20:16:85:81:bd:ed:12:1e:cf:
         be:70:45:90:34:e3:a3:18:5d:39:ae:11:43:8d:ab:69:ca:8b:
         14:7b:3b:b7:ac:6d:8a:fa:e5:8f:14:e5:ff:0a:cb:71:24:af:
         3f:72:b1:c2:f1:e3:4d:b8:af:02:3b:ad:8c:09:e9:b1:24:82:
         59:dc:86:1f:8b:06:56:c7:8c:e1:dc:92:dd:8a:93:aa:c9:c3:
         e7:a4:e3:5a:4b:57:74:4f:e0:06:63:d3:ae:0f:6c:08:26:18:
         1f:8c:ae:cb:75:bf:e0:43:fc:0e:4a:2d:ad:0a:47:a0:53:91:
         11:95:75:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuG1l3b3RNxCwFhes7iDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTY4ODAxMmMxMjI2NzgxODVmY2ViN2UxMDM3ZjBlMWVk
MTc4NjEwHhcNMjQwMTAxMTAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzY1NzM1MTM4MmY0NmJkZTI5Mzc2MjYwMzNlNjgxNDc2YmQwMTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtziPwZp68wpYOG7OKh7buvOcahPW
qu1qOcgw5oFqYEvDlePVS09SWtiPZXwxumzu+klwW18dMYZc6ZSqRWj6sYAXuno5
zIP7r0cBBeC/BLcxMt53WSXc6PJFzpptj/OTusPXTovLwaNOwVnmy9j9TCVD5mrR
KpxcsI2f4GNo8OFEfxfCUJiQs9JUxJx/Y2w4L820C2HLi8I3LvaBkOQSDiisAKVR
ofKi0CIAWrQLPkTyQe+eBheSyYYShLcIgFJHQu7il2cWnhCId1DrxmMyuvYM2DZs
6/ENsNPT4jAd+n1zh5Kgn0X6+YjIf8/TZRNHVUxs/Uxaep2TTWbZtztH7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdlc1E4L0a94pN2JgM+aBR2vQEAMB8GA1UdIwQY
MBaAFIGmiAEsEiZ4GF/Ot+EDfw4e0XhhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FhSUFTd1NKbmdZWDg2MzRRTl9EaDdSZUdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9jN2MyMDctYTNiYS00OWM4LWE4OTQt
MDg0ZDQ3NDhjMzg1LzEvQjJWelVUZ3ZScjNpazNZbUF6NW9GSGE5QVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9jN2MyMDctYTNiYS00OWM4LWE4OTQtMDg0ZDQ3NDhjMzg1
LzEvZ2FhSUFTd1NKbmdZWDg2MzRRTl9EaDdSZUdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9yiMA0G
CSqGSIb3DQEBCwUAA4IBAQAiezKjmFMrTn8TCbA61JgjRw6aHqovJIWZnLY4KJ92
2tKSBgqEmQ/4RSgsDNCnf3ULbJzscGhh/r/2Hk0Ed+CNmMHnyZpJgSwUKlcNSyKv
HjnFbDm1GLutfaMYCJDy8B4KIofKGi19lbzg3G/w8ssO8ZhMJdXd1mN7CZgIXxEY
+i2ur32sjcQgFoWBve0SHs++cEWQNOOjGF05rhFDjatpyosUezu3rG2K+uWPFOX/
CstxJK8/crHC8eNNuK8CO62MCemxJIJZ3IYfiwZWx4zh3JLdipOqycPnpONaS1d0
T+AGY9OuD2wIJhgfjK7Ldb/gQ/wOSi2tCkegU5ERlXV0
-----END CERTIFICATE-----