Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/fa836c-1cd3-4ba7-b598-9f5597b56b76/1/hUP90rVS4Bpdr3-_3xZFf6QV9CY.roa
File:                     hUP90rVS4Bpdr3-_3xZFf6QV9CY.roa (raw, json)
Hash identifier:          xYYw4KjNZ6tHKSTCPNMaONdgSy7RfQpmsYUoFxQNlio=
Subject key identifier:   85:43:FD:D2:B5:52:E0:1A:5D:AF:7F:BF:DF:16:45:7F:A4:15:F4:26
Certificate issuer:       /CN=68579722c3a0cb0c3351c595dfa3d7ead81f16bf
Certificate serial:       018CC50144BD72BF9DDDE043072A7A18C827
Authority key identifier: 68:57:97:22:C3:A0:CB:0C:33:51:C5:95:DF:A3:D7:EA:D8:1F:16:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aFeXIsOgywwzUcWV36PX6tgfFr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/fa836c-1cd3-4ba7-b598-9f5597b56b76/1/hUP90rVS4Bpdr3-_3xZFf6QV9CY.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56368
IP address blocks:        91.198.196.0/24 maxlen: 24
                          2a0f:8840::/29 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/fa836c-1cd3-4ba7-b598-9f5597b56b76/1/aFeXIsOgywwzUcWV36PX6tgfFr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/fa836c-1cd3-4ba7-b598-9f5597b56b76/1/aFeXIsOgywwzUcWV36PX6tgfFr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aFeXIsOgywwzUcWV36PX6tgfFr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:44:bd:72:bf:9d:dd:e0:43:07:2a:7a:18:c8:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68579722c3a0cb0c3351c595dfa3d7ead81f16bf
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8543fdd2b552e01a5daf7fbfdf16457fa415f426
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7f:5e:5b:f4:8f:60:d7:03:d5:5d:e5:a9:d6:
                    94:5c:83:cd:18:ad:4d:80:4d:28:d3:06:22:22:73:
                    9f:d8:0b:3d:e9:0f:11:53:50:2a:7a:15:19:5e:ec:
                    ce:49:b9:42:05:1f:2a:53:71:63:24:a0:b1:3d:91:
                    04:28:92:1f:76:95:37:fe:2c:97:ae:1a:24:f3:b2:
                    09:83:a9:9b:3d:27:51:cf:74:34:12:fc:30:58:e0:
                    5b:17:ec:9c:75:0c:ea:28:72:cc:b9:92:00:19:75:
                    e3:63:22:76:42:7a:18:8c:77:6d:45:d0:aa:cf:a6:
                    dd:fd:58:b8:0c:83:63:b3:1f:c3:3e:f1:b5:13:06:
                    8a:13:50:a0:80:1c:cb:0f:e8:72:15:70:93:af:de:
                    ff:4f:0b:13:09:76:e6:3b:40:73:22:8f:ec:13:4a:
                    3f:24:4c:7f:45:e0:78:17:f7:ce:2f:9b:1c:f0:a5:
                    da:99:4f:15:84:0d:53:59:c1:3c:b1:5c:67:eb:46:
                    34:28:0b:32:9f:51:a4:63:aa:f1:be:e0:1d:21:ab:
                    78:49:91:8b:70:0e:58:23:c7:f5:3a:1c:7d:c9:d0:
                    2d:75:e0:69:4d:cb:4a:9c:02:4b:96:26:59:be:fa:
                    50:39:c6:f0:f5:50:a3:ae:ca:a4:91:99:0f:45:44:
                    50:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:43:FD:D2:B5:52:E0:1A:5D:AF:7F:BF:DF:16:45:7F:A4:15:F4:26
            X509v3 Authority Key Identifier:
                keyid:68:57:97:22:C3:A0:CB:0C:33:51:C5:95:DF:A3:D7:EA:D8:1F:16:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aFeXIsOgywwzUcWV36PX6tgfFr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/fa836c-1cd3-4ba7-b598-9f5597b56b76/1/hUP90rVS4Bpdr3-_3xZFf6QV9CY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/fa836c-1cd3-4ba7-b598-9f5597b56b76/1/aFeXIsOgywwzUcWV36PX6tgfFr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.196.0/24
                IPv6:
                  2a0f:8840::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:7d:1a:4e:e4:8d:13:7f:bb:73:0d:b5:4f:19:f6:a5:40:be:
         8c:8f:39:3c:da:fe:a5:3e:63:1e:bd:48:e0:3b:89:1e:2c:73:
         dc:e0:6c:23:e3:03:a1:f6:33:82:d8:6f:85:2a:fe:a4:e5:ff:
         bd:dc:89:c4:9c:1a:7d:2d:ff:66:98:f0:87:b1:6d:a2:95:b2:
         f7:db:6e:9c:df:42:36:6a:2c:b8:3a:34:b7:f4:f2:ea:42:ae:
         2b:51:04:2b:ba:1e:0d:e6:4a:ad:fd:94:d4:83:b3:8c:11:ff:
         d0:0f:3a:e7:ae:ab:c9:57:21:aa:27:2c:e1:ea:83:fb:ba:50:
         6e:ef:33:32:0b:08:86:96:2e:9c:7f:3b:cb:e5:23:ad:8c:1c:
         14:44:3d:6b:1a:0c:ab:3b:84:7a:a4:ed:3d:7c:b7:8c:0c:15:
         8a:bc:5a:54:57:73:10:96:a4:0f:45:f4:67:ad:bf:6d:11:04:
         c5:9a:f0:2e:a2:d9:48:7e:0f:51:fa:fa:98:12:0a:9b:25:72:
         d4:91:3c:43:b5:4f:a7:e2:5e:3a:c0:b9:1c:4f:f9:55:00:39:
         dd:82:bb:65:ce:b4:78:d0:9a:da:a9:1b:c2:3c:cb:81:6b:f9:
         96:97:23:7f:aa:36:53:1b:e8:f2:76:75:85:4f:72:33:42:7f:
         cf:1d:b3:45
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAUS9cr+d3eBDByp6GMgnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NTc5NzIyYzNhMGNiMGMzMzUxYzU5NWRmYTNkN2VhZDgx
ZjE2YmYwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTQzZmRkMmI1NTJlMDFhNWRhZjdmYmZkZjE2NDU3ZmE0MTVmNDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzn9eW/SPYNcD1V3lqdaUXIPNGK1N
gE0o0wYiInOf2As96Q8RU1AqehUZXuzOSblCBR8qU3FjJKCxPZEEKJIfdpU3/iyX
rhok87IJg6mbPSdRz3Q0EvwwWOBbF+ycdQzqKHLMuZIAGXXjYyJ2QnoYjHdtRdCq
z6bd/Vi4DINjsx/DPvG1EwaKE1CggBzLD+hyFXCTr97/TwsTCXbmO0BzIo/sE0o/
JEx/ReB4F/fOL5sc8KXamU8VhA1TWcE8sVxn60Y0KAsyn1GkY6rxvuAdIat4SZGL
cA5YI8f1Ohx9ydAtdeBpTctKnAJLliZZvvpQOcbw9VCjrsqkkZkPRURQywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIVD/dK1UuAaXa9/v98WRX+kFfQmMB8GA1UdIwQY
MBaAFGhXlyLDoMsMM1HFld+j1+rYHxa/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUZlWElzT2d5d3d6VWNXVjM2UFg2dGdmRnI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9mYTgzNmMtMWNkMy00YmE3LWI1OTgt
OWY1NTk3YjU2Yjc2LzEvaFVQOTByVlM0QnBkcjMtXzN4WkZmNlFWOUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9mYTgzNmMtMWNkMy00YmE3LWI1OTgtOWY1NTk3YjU2Yjc2
LzEvYUZlWElzT2d5d3d6VWNXVjM2UFg2dGdmRnI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8bEMA0E
AgACMAcDBQMqD4hAMA0GCSqGSIb3DQEBCwUAA4IBAQBRfRpO5I0Tf7tzDbVPGfal
QL6Mjzk82v6lPmMevUjgO4keLHPc4Gwj4wOh9jOC2G+FKv6k5f+93InEnBp9Lf9m
mPCHsW2ilbL3226c30I2aiy4OjS39PLqQq4rUQQruh4N5kqt/ZTUg7OMEf/QDzrn
rqvJVyGqJyzh6oP7ulBu7zMyCwiGli6cfzvL5SOtjBwURD1rGgyrO4R6pO09fLeM
DBWKvFpUV3MQlqQPRfRnrb9tEQTFmvAuotlIfg9R+vqYEgqbJXLUkTxDtU+n4l46
wLkcT/lVADndgrtlzrR40JraqRvCPMuBa/mWlyN/qjZTG+jydnWFT3IzQn/PHbNF
-----END CERTIFICATE-----