Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/x3xW71BO51t2eGX9yE0I4lGZI2c.roa
File:                     x3xW71BO51t2eGX9yE0I4lGZI2c.roa (raw, json)
Hash identifier:          rwYP3AO/FX9djyIfBXT47CYRQzNMnxCIc6wVVqaz7QI=
Subject key identifier:   C7:7C:56:EF:50:4E:E7:5B:76:78:65:FD:C8:4D:08:E2:51:99:23:67
Certificate issuer:       /CN=827313247c486fe434833c09087a00a900301840
Certificate serial:       0190015DE0204CDC52703D52FDCF0F8924DB
Authority key identifier: 82:73:13:24:7C:48:6F:E4:34:83:3C:09:08:7A:00:A9:00:30:18:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/x3xW71BO51t2eGX9yE0I4lGZI2c.roa
Signing time:             Mon 10 Jun 2024 08:57:27 +0000
ROA not before:           Mon 10 Jun 2024 08:57:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198040
IP address blocks:        91.233.204.0/23 maxlen: 23
                          176.103.160.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:01:5d:e0:20:4c:dc:52:70:3d:52:fd:cf:0f:89:24:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827313247c486fe434833c09087a00a900301840
        Validity
            Not Before: Jun 10 08:57:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c77c56ef504ee75b767865fdc84d08e251992367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:95:6d:05:02:92:9f:68:5f:a4:14:63:94:a0:
                    39:0a:84:b6:0c:a8:85:7b:7f:a7:91:c8:4a:de:a3:
                    ff:f9:6f:8f:b9:8d:95:21:6c:d9:70:d2:2c:a8:e1:
                    84:9b:e3:49:cb:5c:30:b3:a8:32:dd:f9:ca:d1:44:
                    fc:4e:d8:26:e5:6a:0d:a3:d5:eb:d9:05:05:28:c9:
                    56:7b:87:d1:d7:f3:f6:f7:8b:f9:f7:8d:8f:ad:fc:
                    da:a4:61:f5:4a:32:f0:37:09:7a:92:31:d2:47:93:
                    b1:80:4f:8d:53:15:1e:b3:c0:dc:83:93:d2:28:00:
                    18:63:38:d9:e9:75:a0:a1:5c:fc:31:78:3d:b2:87:
                    53:88:88:54:48:77:39:cf:57:eb:ee:93:79:f4:9f:
                    d8:8c:9f:d7:61:a8:13:73:ba:29:f3:9d:90:eb:b6:
                    7a:09:3a:ca:3f:c8:f3:e7:5b:91:30:8c:33:ea:15:
                    88:95:8e:6a:6c:a7:07:fb:d3:35:69:ad:4c:ef:0b:
                    3e:f1:b3:e7:22:ac:7f:4c:4d:05:c8:50:6f:1c:e7:
                    0e:df:f1:9d:32:d8:48:a7:66:1e:47:13:4f:66:da:
                    44:71:0f:7f:5c:df:d3:70:e0:70:b3:16:49:aa:1e:
                    a0:2d:33:2d:a1:c5:81:d3:4c:99:be:fa:58:89:27:
                    40:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:7C:56:EF:50:4E:E7:5B:76:78:65:FD:C8:4D:08:E2:51:99:23:67
            X509v3 Authority Key Identifier:
                keyid:82:73:13:24:7C:48:6F:E4:34:83:3C:09:08:7A:00:A9:00:30:18:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/x3xW71BO51t2eGX9yE0I4lGZI2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.204.0/23
                  176.103.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9e:19:25:e3:8c:83:8f:10:0d:69:28:8a:de:bf:8e:79:6c:38:
         b9:21:84:58:a3:57:08:56:7b:42:3c:f6:6d:fa:d3:f0:bc:2c:
         f0:37:d8:3e:42:98:7a:9d:1b:d9:86:27:29:4d:18:b6:a2:e3:
         18:27:a0:70:f0:ac:46:d8:19:92:41:b5:c0:5e:4f:18:9b:28:
         64:e0:2f:59:6a:41:ae:f6:29:42:f2:bd:5a:9d:04:de:ba:9e:
         a0:e1:19:d4:fb:3b:9b:bc:4b:51:03:d4:5b:34:fe:8b:97:be:
         ca:5c:1d:55:d8:8b:a0:52:54:00:84:89:cf:e5:a6:ee:32:0e:
         98:1b:38:96:39:2d:25:14:32:ad:da:59:ad:bc:85:b3:6a:ca:
         33:7e:88:0e:03:0f:b9:3f:7a:2a:40:f7:ea:a4:17:ec:55:9e:
         7b:e7:28:be:cf:5b:bd:d4:58:98:f3:87:8a:0f:d1:29:73:9c:
         b1:c2:ed:3f:d7:b7:b1:e0:c1:62:23:9c:d0:89:5c:cf:51:f1:
         96:0a:ea:21:cf:37:66:56:48:b1:7c:e5:76:de:a5:41:f6:f9:
         e1:f7:44:73:ce:48:43:a6:7b:c5:d1:e4:b7:5c:ea:0e:6e:e3:
         ba:bc:0a:b4:6d:41:88:d9:8e:fc:c9:8e:d3:31:86:a9:f1:33:
         41:2d:7e:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZABXeAgTNxScD1S/c8PiSTbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzMxMzI0N2M0ODZmZTQzNDgzM2MwOTA4N2EwMGE5MDAz
MDE4NDAwHhcNMjQwNjEwMDg1NzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzdjNTZlZjUwNGVlNzViNzY3ODY1ZmRjODRkMDhlMjUxOTkyMzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJVtBQKSn2hfpBRjlKA5CoS2DKiF
e3+nkchK3qP/+W+PuY2VIWzZcNIsqOGEm+NJy1wws6gy3fnK0UT8Ttgm5WoNo9Xr
2QUFKMlWe4fR1/P294v5942PrfzapGH1SjLwNwl6kjHSR5OxgE+NUxUes8Dcg5PS
KAAYYzjZ6XWgoVz8MXg9sodTiIhUSHc5z1fr7pN59J/YjJ/XYagTc7op852Q67Z6
CTrKP8jz51uRMIwz6hWIlY5qbKcH+9M1aa1M7ws+8bPnIqx/TE0FyFBvHOcO3/Gd
MthIp2YeRxNPZtpEcQ9/XN/TcOBwsxZJqh6gLTMtocWB00yZvvpYiSdAfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMd8Vu9QTudbdnhl/chNCOJRmSNnMB8GA1UdIwQY
MBaAFIJzEyR8SG/kNIM8CQh6AKkAMBhAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25NVEpIeEliLVEwZ3p3SkNIb0FxUUF3R0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC84NWIwNDMtMzZkOC00MTM2LTk4MzUt
OGQ0NzcyNTk4MzliLzEveDN4VzcxQk81MXQyZUdYOXlFMEk0bEdaSTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC84NWIwNDMtMzZkOC00MTM2LTk4MzUtOGQ0NzcyNTk4Mzli
LzEvZ25NVEpIeEliLVEwZ3p3SkNIb0FxUUF3R0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+nMAwQD
sGegMA0GCSqGSIb3DQEBCwUAA4IBAQCeGSXjjIOPEA1pKIrev455bDi5IYRYo1cI
VntCPPZt+tPwvCzwN9g+Qph6nRvZhicpTRi2ouMYJ6Bw8KxG2BmSQbXAXk8Ymyhk
4C9ZakGu9ilC8r1anQTeup6g4RnU+zubvEtRA9RbNP6Ll77KXB1V2IugUlQAhInP
5abuMg6YGziWOS0lFDKt2lmtvIWzasozfogOAw+5P3oqQPfqpBfsVZ575yi+z1u9
1FiY84eKD9Epc5yxwu0/17ex4MFiI5zQiVzPUfGWCuohzzdmVkixfOV23qVB9vnh
90RzzkhDpnvF0eS3XOoObuO6vAq0bUGI2Y78yY7TMYap8TNBLX6a
-----END CERTIFICATE-----