Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/z-UgkfhMAzY4S3fwW0TP8zH1xVs.roa
File:                     z-UgkfhMAzY4S3fwW0TP8zH1xVs.roa (raw, json)
Hash identifier:          gRjexmf3bTJhuHl28VavXvq7v8F5vJH8l6ndu20l3Gs=
Subject key identifier:   CF:E5:20:91:F8:4C:03:36:38:4B:77:F0:5B:44:CF:F3:31:F5:C5:5B
Certificate issuer:       /CN=75d0ebd8f566e3fab7e2354b714060c6fa47e254
Certificate serial:       018CC80194DB2292DF4FFF931709B8754D5D
Authority key identifier: 75:D0:EB:D8:F5:66:E3:FA:B7:E2:35:4B:71:40:60:C6:FA:47:E2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ddDr2PVm4_q34jVLcUBgxvpH4lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/z-UgkfhMAzY4S3fwW0TP8zH1xVs.roa
Signing time:             Tue 02 Jan 2024 02:29:56 +0000
ROA not before:           Tue 02 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60510
IP address blocks:        91.238.34.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/ddDr2PVm4_q34jVLcUBgxvpH4lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/ddDr2PVm4_q34jVLcUBgxvpH4lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ddDr2PVm4_q34jVLcUBgxvpH4lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:94:db:22:92:df:4f:ff:93:17:09:b8:75:4d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75d0ebd8f566e3fab7e2354b714060c6fa47e254
        Validity
            Not Before: Jan  2 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfe52091f84c0336384b77f05b44cff331f5c55b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:3c:e5:7b:8c:fe:a3:bf:ed:85:bf:76:68:bb:
                    3f:da:d2:e7:d6:b1:61:70:ef:c2:95:63:0f:4c:6e:
                    39:62:6c:35:f1:cd:91:b8:8b:af:d9:aa:c0:f7:29:
                    1a:0f:d2:0c:2c:18:61:df:9f:f7:b2:0e:1b:31:af:
                    a8:12:c5:9d:56:28:ad:09:af:14:0e:3a:9a:a9:ca:
                    18:6a:5a:d5:2c:4c:3b:e2:19:51:3e:3e:1d:76:4d:
                    52:91:29:05:38:f0:61:35:af:b3:bf:8c:af:2a:74:
                    6f:f1:2c:c2:a9:6d:c2:cb:65:79:a9:87:3a:e8:b6:
                    b6:b7:9b:8c:bd:b6:cd:ea:e7:d0:09:9e:c6:ef:70:
                    7b:36:46:19:81:22:41:66:e1:dc:d7:47:70:9c:86:
                    2c:86:bf:ec:34:96:29:4b:44:1a:0f:e9:5c:9e:6a:
                    6d:9e:97:b6:6d:12:05:06:71:26:17:f5:b4:ce:dd:
                    cd:c1:a5:39:a6:28:23:39:b0:49:94:c7:6e:0c:04:
                    fe:a0:ce:79:40:92:32:eb:c7:f1:4e:b4:92:76:f4:
                    ed:3b:58:f2:d1:33:aa:85:c8:d3:48:21:ff:de:e5:
                    66:30:62:b4:03:3f:07:16:92:77:e6:89:ac:90:ba:
                    fb:89:dd:db:0a:94:ea:23:7d:58:ce:b6:89:7c:52:
                    ad:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:E5:20:91:F8:4C:03:36:38:4B:77:F0:5B:44:CF:F3:31:F5:C5:5B
            X509v3 Authority Key Identifier:
                keyid:75:D0:EB:D8:F5:66:E3:FA:B7:E2:35:4B:71:40:60:C6:FA:47:E2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ddDr2PVm4_q34jVLcUBgxvpH4lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/z-UgkfhMAzY4S3fwW0TP8zH1xVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/ddDr2PVm4_q34jVLcUBgxvpH4lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:e8:ee:02:3c:0f:38:67:7c:da:7e:91:2e:0b:c6:98:08:5d:
         19:e4:e9:36:1f:f4:44:b0:c4:71:55:59:12:cf:35:b6:d4:4c:
         60:2a:23:c9:fb:f0:a1:4c:4c:dc:bf:92:2b:43:32:11:9a:50:
         86:62:e4:af:2b:17:18:39:0f:69:ea:ec:f3:2f:4d:3c:64:e3:
         db:fa:b4:e5:31:3e:8f:ee:35:ad:92:61:bc:0c:1d:56:1c:5a:
         26:4d:2d:c3:b6:d3:3b:31:f6:a6:2a:23:11:92:5a:60:e1:99:
         08:1f:6d:22:44:77:84:53:0a:1a:67:1d:7f:c2:44:ad:83:5c:
         a2:1a:1a:91:2a:55:a8:42:59:f6:85:32:f0:9a:41:65:5c:39:
         1a:40:9c:32:cf:7c:1c:78:45:e3:9b:fb:20:45:58:bc:6e:1d:
         b1:a5:5c:ef:d6:bd:50:64:f8:5a:05:24:2a:6a:11:74:59:68:
         8e:88:85:96:4d:0f:d2:f9:1f:fa:ba:3b:68:61:70:77:e9:55:
         c9:e2:77:6c:b7:bb:48:8c:e2:d8:de:12:39:21:70:b2:66:11:
         92:c0:2a:09:09:02:a8:92:a4:45:db:6a:1d:33:27:bb:ac:3d:
         0b:89:49:67:53:b4:07:c8:44:ce:32:7b:ea:25:8e:26:24:88:
         9a:5e:da:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAZTbIpLfT/+TFwm4dU1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZDBlYmQ4ZjU2NmUzZmFiN2UyMzU0YjcxNDA2MGM2ZmE0
N2UyNTQwHhcNMjQwMTAyMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmU1MjA5MWY4NGMwMzM2Mzg0Yjc3ZjA1YjQ0Y2ZmMzMxZjVjNTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3jzle4z+o7/thb92aLs/2tLn1rFh
cO/ClWMPTG45Ymw18c2RuIuv2arA9ykaD9IMLBhh35/3sg4bMa+oEsWdViitCa8U
DjqaqcoYalrVLEw74hlRPj4ddk1SkSkFOPBhNa+zv4yvKnRv8SzCqW3Cy2V5qYc6
6La2t5uMvbbN6ufQCZ7G73B7NkYZgSJBZuHc10dwnIYshr/sNJYpS0QaD+lcnmpt
npe2bRIFBnEmF/W0zt3NwaU5pigjObBJlMduDAT+oM55QJIy68fxTrSSdvTtO1jy
0TOqhcjTSCH/3uVmMGK0Az8HFpJ35omskLr7id3bCpTqI31YzraJfFKtuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/lIJH4TAM2OEt38FtEz/Mx9cVbMB8GA1UdIwQY
MBaAFHXQ69j1ZuP6t+I1S3FAYMb6R+JUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGREcjJQVm00X3EzNGpWTGNVQmd4dnBINGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy80ODMyNDEtM2RiYS00MzkyLWFhYjAt
Mzk3NjVhM2Y5ZGJjLzEvei1VZ2tmaE1Belk0UzNmd1cwVFA4ekgxeFZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy80ODMyNDEtM2RiYS00MzkyLWFhYjAtMzk3NjVhM2Y5ZGJj
LzEvZGREcjJQVm00X3EzNGpWTGNVQmd4dnBINGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+4iMA0G
CSqGSIb3DQEBCwUAA4IBAQB96O4CPA84Z3zafpEuC8aYCF0Z5Ok2H/REsMRxVVkS
zzW21ExgKiPJ+/ChTEzcv5IrQzIRmlCGYuSvKxcYOQ9p6uzzL008ZOPb+rTlMT6P
7jWtkmG8DB1WHFomTS3DttM7MfamKiMRklpg4ZkIH20iRHeEUwoaZx1/wkStg1yi
GhqRKlWoQln2hTLwmkFlXDkaQJwyz3wceEXjm/sgRVi8bh2xpVzv1r1QZPhaBSQq
ahF0WWiOiIWWTQ/S+R/6ujtoYXB36VXJ4ndst7tIjOLY3hI5IXCyZhGSwCoJCQKo
kqRF22odMye7rD0LiUlnU7QHyETOMnvqJY4mJIiaXtrj
-----END CERTIFICATE-----