Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/74qpdrLl1Tn7d_6k2_TSSc14PsA.roa
File:                     74qpdrLl1Tn7d_6k2_TSSc14PsA.roa (raw, json)
Hash identifier:          HoTwh/apHEW2r81or/64YJ7llkuFf9OTRAiCq0CsLWE=
Subject key identifier:   EF:8A:A9:76:B2:E5:D5:39:FB:77:FE:A4:DB:F4:D2:49:CD:78:3E:C0
Certificate issuer:       /CN=656cc25012e3a4c8b1626dd757c7b0510e457341
Certificate serial:       018CC3B72AEF434BBEE2CDCFD212B345B288
Authority key identifier: 65:6C:C2:50:12:E3:A4:C8:B1:62:6D:D7:57:C7:B0:51:0E:45:73:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/74qpdrLl1Tn7d_6k2_TSSc14PsA.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        91.208.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2a:ef:43:4b:be:e2:cd:cf:d2:12:b3:45:b2:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656cc25012e3a4c8b1626dd757c7b0510e457341
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef8aa976b2e5d539fb77fea4dbf4d249cd783ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:aa:4f:9a:03:2a:2e:87:ec:59:8d:38:fc:7c:
                    7c:6e:c0:44:13:00:50:18:7d:3d:e6:5a:90:4c:29:
                    fe:43:a8:9b:0a:3f:b3:dd:a1:45:c0:2c:b4:5b:3b:
                    04:90:f7:1c:89:09:55:76:77:6f:77:42:e8:48:a5:
                    63:bc:45:4a:94:14:62:85:41:da:8c:70:24:d3:8e:
                    84:50:96:a9:42:80:2f:40:26:c9:7b:88:f8:1f:00:
                    89:76:9b:e0:40:26:66:68:6e:1f:3d:7f:33:f0:f3:
                    ab:b0:f1:1e:5c:42:64:e7:96:91:d7:13:a5:97:6b:
                    f3:6a:8f:df:b6:30:d2:0d:b8:5b:38:1c:03:02:3f:
                    73:c7:61:fd:1a:23:46:eb:0c:06:56:03:ae:0a:9c:
                    60:df:85:a9:86:e2:98:cb:15:7f:a2:c7:60:55:66:
                    f3:4e:cf:f8:73:77:b0:02:d5:73:06:c6:cc:26:a9:
                    ed:0c:93:87:e4:ea:1b:68:01:ea:2d:6c:ed:7b:34:
                    b3:1c:9f:95:cb:b8:0a:a7:63:44:f2:a1:0a:db:d7:
                    68:a5:2e:c3:de:4a:92:4a:62:9b:f2:89:d2:e5:e5:
                    84:21:e3:62:5a:df:78:23:ba:b1:e3:9e:df:03:77:
                    67:00:d4:67:29:0b:0f:ab:eb:e6:8d:e5:12:d6:54:
                    36:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:8A:A9:76:B2:E5:D5:39:FB:77:FE:A4:DB:F4:D2:49:CD:78:3E:C0
            X509v3 Authority Key Identifier:
                keyid:65:6C:C2:50:12:E3:A4:C8:B1:62:6D:D7:57:C7:B0:51:0E:45:73:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/74qpdrLl1Tn7d_6k2_TSSc14PsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:e9:49:da:49:6e:98:d7:89:80:4b:6f:c6:e9:c3:19:cc:c6:
         40:be:7c:65:d7:d2:9e:87:b8:5d:64:dd:b8:8f:ae:76:e1:36:
         0b:f4:73:e5:2a:76:06:b2:65:b9:03:6b:b1:7a:06:0e:96:76:
         43:34:83:2f:47:58:2b:ad:49:60:a4:57:08:99:32:b5:d2:83:
         b4:b9:f6:bd:71:d9:cf:29:d8:38:c1:2b:4b:b0:72:1a:f5:f1:
         dd:65:1a:d3:f7:a4:ab:b8:77:5c:6c:62:4b:1f:72:63:90:af:
         66:cb:7f:07:14:22:fa:5e:30:07:3a:5c:a0:58:bf:20:6a:34:
         fb:b6:42:d4:ca:8f:8a:b1:04:e8:55:9b:cc:a6:13:f3:52:31:
         b0:d3:8a:45:fc:ad:9d:bc:38:aa:12:20:08:2e:d6:27:d2:b1:
         4d:22:fa:a8:4f:2e:b0:5d:46:ea:3c:fb:ed:98:79:90:3c:17:
         e4:28:fc:38:ef:66:b7:be:20:e1:c3:27:be:c9:85:20:d6:d5:
         f8:4d:33:0c:71:32:11:6d:25:77:18:20:a0:05:a9:2f:89:44:
         f7:c3:10:8d:56:0e:12:64:39:05:95:0e:cb:df:68:c2:c4:56:
         8d:52:05:12:75:d9:bb:bb:09:8d:29:b1:04:b5:1f:2a:15:78:
         bd:62:14:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyrvQ0u+4s3P0hKzRbKIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NmNjMjUwMTJlM2E0YzhiMTYyNmRkNzU3YzdiMDUxMGU0
NTczNDEwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjhhYTk3NmIyZTVkNTM5ZmI3N2ZlYTRkYmY0ZDI0OWNkNzgzZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKpPmgMqLofsWY04/Hx8bsBEEwBQ
GH095lqQTCn+Q6ibCj+z3aFFwCy0WzsEkPcciQlVdndvd0LoSKVjvEVKlBRihUHa
jHAk046EUJapQoAvQCbJe4j4HwCJdpvgQCZmaG4fPX8z8POrsPEeXEJk55aR1xOl
l2vzao/ftjDSDbhbOBwDAj9zx2H9GiNG6wwGVgOuCpxg34WphuKYyxV/osdgVWbz
Ts/4c3ewAtVzBsbMJqntDJOH5OobaAHqLWztezSzHJ+Vy7gKp2NE8qEK29dopS7D
3kqSSmKb8onS5eWEIeNiWt94I7qx457fA3dnANRnKQsPq+vmjeUS1lQ2RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+KqXay5dU5+3f+pNv00knNeD7AMB8GA1UdIwQY
MBaAFGVswlAS46TIsWJt11fHsFEORXNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWld6Q1VCTGpwTWl4WW0zWFY4ZXdVUTVGYzBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82ZGI0NmQtYmMyZC00NWQ3LWEyNzkt
ODIwMzI1ZjUzY2NiLzEvNzRxcGRyTGwxVG43ZF82azJfVFNTYzE0UHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi82ZGI0NmQtYmMyZC00NWQ3LWEyNzktODIwMzI1ZjUzY2Ni
LzEvWld6Q1VCTGpwTWl4WW0zWFY4ZXdVUTVGYzBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BpMA0G
CSqGSIb3DQEBCwUAA4IBAQAi6UnaSW6Y14mAS2/G6cMZzMZAvnxl19Keh7hdZN24
j6524TYL9HPlKnYGsmW5A2uxegYOlnZDNIMvR1grrUlgpFcImTK10oO0ufa9cdnP
Kdg4wStLsHIa9fHdZRrT96SruHdcbGJLH3JjkK9my38HFCL6XjAHOlygWL8gajT7
tkLUyo+KsQToVZvMphPzUjGw04pF/K2dvDiqEiAILtYn0rFNIvqoTy6wXUbqPPvt
mHmQPBfkKPw472a3viDhwye+yYUg1tX4TTMMcTIRbSV3GCCgBakviUT3wxCNVg4S
ZDkFlQ7L32jCxFaNUgUSddm7uwmNKbEEtR8qFXi9YhR7
-----END CERTIFICATE-----