Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/fr9_kFmuJsyRDTvZFkHG3gwebNI.roa
File:                     fr9_kFmuJsyRDTvZFkHG3gwebNI.roa (raw, json)
Hash identifier:          xTpUxB8IBk2z4+vlPoUL5fNaJsppzxoBzQvKp95rs/A=
Subject key identifier:   7E:BF:7F:90:59:AE:26:CC:91:0D:3B:D9:16:41:C6:DE:0C:1E:6C:D2
Certificate issuer:       /CN=46d713ada8dabcf77681c0ca42d9969e447c8ea7
Certificate serial:       019311BE415F06A079FC373D312E1B702F43
Authority key identifier: 46:D7:13:AD:A8:DA:BC:F7:76:81:C0:CA:42:D9:96:9E:44:7C:8E:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RtcTrajavPd2gcDKQtmWnkR8jqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/fr9_kFmuJsyRDTvZFkHG3gwebNI.roa
Signing time:             Sat 09 Nov 2024 16:25:01 +0000
ROA not before:           Sat 09 Nov 2024 16:25:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        91.209.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/RtcTrajavPd2gcDKQtmWnkR8jqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/RtcTrajavPd2gcDKQtmWnkR8jqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RtcTrajavPd2gcDKQtmWnkR8jqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:11:be:41:5f:06:a0:79:fc:37:3d:31:2e:1b:70:2f:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46d713ada8dabcf77681c0ca42d9969e447c8ea7
        Validity
            Not Before: Nov  9 16:25:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ebf7f9059ae26cc910d3bd91641c6de0c1e6cd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:87:bc:b7:ba:d3:ee:e2:e1:26:bf:00:2f:74:
                    8a:4f:77:48:f9:52:7b:66:8c:fe:07:81:5b:13:c1:
                    a3:73:b1:ec:90:8d:6d:d8:1f:66:4f:93:b6:a5:d8:
                    9c:0c:81:38:e4:3d:03:23:5a:5c:99:94:a5:d2:7f:
                    20:91:77:c8:65:6d:ad:42:ba:e8:df:ed:6a:80:2c:
                    d9:1a:fc:da:f3:a5:64:60:1d:68:0b:cd:ef:61:2c:
                    70:8e:f5:8a:d7:74:0a:68:a8:c2:f7:38:1f:eb:f8:
                    99:f1:ac:41:8d:41:e6:87:bd:e2:fe:66:52:22:09:
                    ab:48:80:b0:5e:0e:82:37:e2:ed:76:cd:cb:87:d1:
                    22:b3:de:40:69:18:81:86:82:8f:92:a7:92:1a:81:
                    17:ea:6d:be:6b:e2:e2:2f:ad:85:d1:e2:1f:8f:b5:
                    0d:e0:df:25:18:bd:93:82:04:3c:a4:08:61:bb:41:
                    2f:10:25:e7:ca:e6:72:32:91:1e:08:f7:1f:d4:3e:
                    a7:c1:c5:59:45:3b:84:ca:36:a4:28:a6:08:d5:7c:
                    2f:9f:eb:15:3f:ab:bd:a6:d5:02:0a:55:49:1c:b5:
                    d3:68:4c:60:f1:4b:97:d4:7d:e1:38:d0:3c:b5:26:
                    af:4e:a5:8c:ee:58:2f:99:4c:49:e4:ff:96:09:ba:
                    c7:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:BF:7F:90:59:AE:26:CC:91:0D:3B:D9:16:41:C6:DE:0C:1E:6C:D2
            X509v3 Authority Key Identifier:
                keyid:46:D7:13:AD:A8:DA:BC:F7:76:81:C0:CA:42:D9:96:9E:44:7C:8E:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RtcTrajavPd2gcDKQtmWnkR8jqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/fr9_kFmuJsyRDTvZFkHG3gwebNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/RtcTrajavPd2gcDKQtmWnkR8jqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:b5:98:34:44:e0:6a:80:e8:52:e5:60:82:3b:9a:62:ca:ab:
         24:77:7e:d8:e6:c3:d3:6e:22:c8:aa:db:81:f7:33:18:e6:37:
         a2:75:5f:4c:ed:6a:61:04:72:a6:1e:ac:36:60:c6:0d:99:ca:
         37:d3:77:1b:69:de:11:5c:68:97:3d:97:80:a3:34:ad:b6:9e:
         2a:42:7e:fa:c2:ca:97:4c:4e:16:28:54:c7:f4:a5:f8:0e:94:
         03:07:4d:b3:ad:a0:57:67:25:15:e8:a9:e9:32:bc:08:17:f3:
         b1:1a:9a:15:e1:05:c4:09:72:2c:98:9f:08:e7:b3:ec:92:37:
         40:6e:bc:d0:1f:8f:8f:ee:7d:69:8c:52:7a:5c:3a:f9:96:37:
         4a:7c:96:e9:ba:cb:12:78:5b:27:6c:7a:dd:90:c2:ab:43:57:
         9e:4e:53:23:fc:da:7e:58:44:c2:29:9f:29:af:18:e9:19:e0:
         a9:63:f9:79:44:a7:53:41:a2:f6:e9:dc:45:96:09:32:e2:ea:
         af:cd:c1:cf:b5:84:8a:c0:27:b9:43:2e:54:1c:14:d6:c3:e4:
         6b:63:4b:0d:a7:2c:e4:bf:8e:29:57:54:ef:03:ce:f3:dd:45:
         6b:8f:c4:4c:c9:43:99:1f:97:76:e8:3b:e9:fb:8b:40:aa:a9:
         07:54:ec:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMRvkFfBqB5/Dc9MS4bcC9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZDcxM2FkYThkYWJjZjc3NjgxYzBjYTQyZDk5NjllNDQ3
YzhlYTcwHhcNMjQxMTA5MTYyNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWJmN2Y5MDU5YWUyNmNjOTEwZDNiZDkxNjQxYzZkZTBjMWU2Y2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYe8t7rT7uLhJr8AL3SKT3dI+VJ7
Zoz+B4FbE8Gjc7HskI1t2B9mT5O2pdicDIE45D0DI1pcmZSl0n8gkXfIZW2tQrro
3+1qgCzZGvza86VkYB1oC83vYSxwjvWK13QKaKjC9zgf6/iZ8axBjUHmh73i/mZS
IgmrSICwXg6CN+Ltds3Lh9Eis95AaRiBhoKPkqeSGoEX6m2+a+LiL62F0eIfj7UN
4N8lGL2TggQ8pAhhu0EvECXnyuZyMpEeCPcf1D6nwcVZRTuEyjakKKYI1Xwvn+sV
P6u9ptUCClVJHLXTaExg8UuX1H3hONA8tSavTqWM7lgvmUxJ5P+WCbrHcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6/f5BZribMkQ072RZBxt4MHmzSMB8GA1UdIwQY
MBaAFEbXE62o2rz3doHAykLZlp5EfI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnRjVHJhamF2UGQyZ2NES1F0bVdua1I4anFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84OWYwZjYtYTVhYy00NjdiLWE0YWQt
YmUyMThjZWY0YTExLzEvZnI5X2tGbXVKc3lSRFR2WkZrSEczZ3dlYk5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84OWYwZjYtYTVhYy00NjdiLWE0YWQtYmUyMThjZWY0YTEx
LzEvUnRjVHJhamF2UGQyZ2NES1F0bVdua1I4anFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9EwMA0G
CSqGSIb3DQEBCwUAA4IBAQALtZg0ROBqgOhS5WCCO5piyqskd37Y5sPTbiLIqtuB
9zMY5jeidV9M7WphBHKmHqw2YMYNmco303cbad4RXGiXPZeAozSttp4qQn76wsqX
TE4WKFTH9KX4DpQDB02zraBXZyUV6KnpMrwIF/OxGpoV4QXECXIsmJ8I57PskjdA
brzQH4+P7n1pjFJ6XDr5ljdKfJbpussSeFsnbHrdkMKrQ1eeTlMj/Np+WETCKZ8p
rxjpGeCpY/l5RKdTQaL26dxFlgky4uqvzcHPtYSKwCe5Qy5UHBTWw+RrY0sNpyzk
v44pV1TvA87z3UVrj8RMyUOZH5d26Dvp+4tAqqkHVOzS
-----END CERTIFICATE-----