Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/ab1c11-9d9f-4c58-9993-561d5ff8dc0e/1/O4Nnefp50Y7fY2Tg09GaBKD__t0.roa
File:                     O4Nnefp50Y7fY2Tg09GaBKD__t0.roa (raw, json)
Hash identifier:          4DknvdFkPq43Pg1H6QLaAnM29d4hdJQe1HFsJz2E44g=
Subject key identifier:   3B:83:67:79:FA:79:D1:8E:DF:63:64:E0:D3:D1:9A:04:A0:FF:FE:DD
Certificate issuer:       /CN=7908de202e174cb23746dcbdeea8a9d449580019
Certificate serial:       018CC348BEDEB72894E4DB035F9DC449CE14
Authority key identifier: 79:08:DE:20:2E:17:4C:B2:37:46:DC:BD:EE:A8:A9:D4:49:58:00:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eQjeIC4XTLI3Rty97qip1ElYABk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/ab1c11-9d9f-4c58-9993-561d5ff8dc0e/1/O4Nnefp50Y7fY2Tg09GaBKD__t0.roa
Signing time:             Mon 01 Jan 2024 04:29:33 +0000
ROA not before:           Mon 01 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42981
IP address blocks:        91.196.8.0/22 maxlen: 24
                          185.153.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/ab1c11-9d9f-4c58-9993-561d5ff8dc0e/1/eQjeIC4XTLI3Rty97qip1ElYABk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/ab1c11-9d9f-4c58-9993-561d5ff8dc0e/1/eQjeIC4XTLI3Rty97qip1ElYABk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eQjeIC4XTLI3Rty97qip1ElYABk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:be:de:b7:28:94:e4:db:03:5f:9d:c4:49:ce:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7908de202e174cb23746dcbdeea8a9d449580019
        Validity
            Not Before: Jan  1 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b836779fa79d18edf6364e0d3d19a04a0fffedd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:27:18:a1:0f:2c:16:31:c2:b5:44:dd:e3:d1:
                    5f:78:59:b7:02:1a:90:11:e5:97:15:23:a5:79:b2:
                    39:fe:45:dd:c1:c4:ef:aa:35:86:48:75:32:12:47:
                    11:0f:dd:03:d8:36:f1:f6:e1:86:87:6d:a1:27:25:
                    e6:dd:4e:e8:d7:99:c4:c1:ef:f7:39:c7:16:a7:1f:
                    e8:1e:ce:e3:20:50:36:90:f4:8a:ad:18:66:96:f2:
                    e3:97:09:da:4d:84:50:a8:a3:4d:09:e9:af:11:62:
                    2b:02:f1:c5:e6:e3:10:b5:cd:60:4f:90:95:33:78:
                    59:c0:7e:d5:56:bc:22:d4:5f:13:55:23:0f:74:60:
                    da:34:5b:df:ab:c4:a0:b8:b5:55:97:95:c4:5e:b9:
                    1f:93:2b:e5:8c:76:a2:44:21:41:38:9f:42:a0:fa:
                    d6:63:48:2c:4e:a8:6b:44:ff:09:96:b6:22:d8:eb:
                    77:85:e6:9f:a0:f9:36:64:ea:00:70:2c:4e:4c:23:
                    f8:97:5d:ec:4e:8b:09:1b:d1:be:b1:2b:09:61:47:
                    d0:01:16:de:16:52:96:44:d1:96:f0:62:6b:60:b0:
                    93:e7:42:6d:91:a9:59:3e:6a:62:d6:6c:d2:62:fb:
                    f2:1b:b9:c6:c4:c6:d6:75:23:cc:5a:78:c9:92:62:
                    28:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:83:67:79:FA:79:D1:8E:DF:63:64:E0:D3:D1:9A:04:A0:FF:FE:DD
            X509v3 Authority Key Identifier:
                keyid:79:08:DE:20:2E:17:4C:B2:37:46:DC:BD:EE:A8:A9:D4:49:58:00:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eQjeIC4XTLI3Rty97qip1ElYABk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/ab1c11-9d9f-4c58-9993-561d5ff8dc0e/1/O4Nnefp50Y7fY2Tg09GaBKD__t0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/ab1c11-9d9f-4c58-9993-561d5ff8dc0e/1/eQjeIC4XTLI3Rty97qip1ElYABk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.8.0/22
                  185.153.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:cd:65:ab:42:50:b9:83:87:a7:47:73:27:7c:fe:a2:aa:22:
         25:b7:f2:ca:44:ce:79:ff:81:98:33:e5:af:64:b1:24:db:5f:
         fb:74:22:a5:69:96:40:2f:fa:83:4c:e2:26:5a:4c:bc:78:2f:
         36:e6:07:48:0f:f1:b9:dd:0f:3e:99:c6:8e:f9:7b:27:d5:0a:
         0c:86:4e:0e:6b:f5:a7:e2:95:9f:b0:af:2d:80:87:df:a7:c1:
         79:40:ca:9d:3a:4b:a4:e0:64:8b:70:5e:38:16:2f:cb:a0:de:
         ee:54:8e:b7:f5:54:95:43:5b:7a:77:3b:c9:86:5f:21:5b:1c:
         7a:06:5f:7a:9a:3d:a5:bc:06:c5:37:14:f7:47:8b:9b:ec:3a:
         17:09:34:9f:8a:8b:65:be:81:17:f9:fd:3c:39:75:5a:b0:aa:
         76:74:7c:6d:6e:67:66:49:88:38:ea:e3:21:e1:64:55:9d:23:
         70:81:21:e7:a5:2e:d7:78:2f:af:6e:25:4f:f8:70:e0:6f:fb:
         d4:16:d4:14:5c:ee:1f:a2:6a:db:d6:60:a7:a3:12:85:39:36:
         b1:1c:b8:26:31:05:e8:6b:79:27:39:0b:ca:d7:98:86:af:ac:
         4f:62:07:f5:b0:9e:ea:33:26:49:cc:99:38:a9:c8:a5:38:03:
         d2:46:94:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSL7etyiU5NsDX53ESc4UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MDhkZTIwMmUxNzRjYjIzNzQ2ZGNiZGVlYThhOWQ0NDk1
ODAwMTkwHhcNMjQwMTAxMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjgzNjc3OWZhNzlkMThlZGY2MzY0ZTBkM2QxOWEwNGEwZmZmZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoScYoQ8sFjHCtUTd49FfeFm3AhqQ
EeWXFSOlebI5/kXdwcTvqjWGSHUyEkcRD90D2Dbx9uGGh22hJyXm3U7o15nEwe/3
OccWpx/oHs7jIFA2kPSKrRhmlvLjlwnaTYRQqKNNCemvEWIrAvHF5uMQtc1gT5CV
M3hZwH7VVrwi1F8TVSMPdGDaNFvfq8SguLVVl5XEXrkfkyvljHaiRCFBOJ9CoPrW
Y0gsTqhrRP8JlrYi2Ot3heafoPk2ZOoAcCxOTCP4l13sTosJG9G+sSsJYUfQARbe
FlKWRNGW8GJrYLCT50JtkalZPmpi1mzSYvvyG7nGxMbWdSPMWnjJkmIoAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDuDZ3n6edGO32Nk4NPRmgSg//7dMB8GA1UdIwQY
MBaAFHkI3iAuF0yyN0bcve6oqdRJWAAZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVFqZUlDNFhUTEkzUnR5OTdxaXAxRWxZQUJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9hYjFjMTEtOWQ5Zi00YzU4LTk5OTMt
NTYxZDVmZjhkYzBlLzEvTzRObmVmcDUwWTdmWTJUZzA5R2FCS0RfX3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9hYjFjMTEtOWQ5Zi00YzU4LTk5OTMtNTYxZDVmZjhkYzBl
LzEvZVFqZUlDNFhUTEkzUnR5OTdxaXAxRWxZQUJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8QIAwQC
uZkkMA0GCSqGSIb3DQEBCwUAA4IBAQAhzWWrQlC5g4enR3MnfP6iqiIlt/LKRM55
/4GYM+WvZLEk21/7dCKlaZZAL/qDTOImWky8eC825gdID/G53Q8+mcaO+Xsn1QoM
hk4Oa/Wn4pWfsK8tgIffp8F5QMqdOkuk4GSLcF44Fi/LoN7uVI639VSVQ1t6dzvJ
hl8hWxx6Bl96mj2lvAbFNxT3R4ub7DoXCTSfiotlvoEX+f08OXVasKp2dHxtbmdm
SYg46uMh4WRVnSNwgSHnpS7XeC+vbiVP+HDgb/vUFtQUXO4fomrb1mCnoxKFOTax
HLgmMQXoa3knOQvK15iGr6xPYgf1sJ7qMyZJzJk4qcilOAPSRpSH
-----END CERTIFICATE-----