Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/97c414-3afa-49ee-ab70-a4407a5d321a/1/vpT-aB4KWbBy2ecDEFEikKZHxFA.roa
File:                     vpT-aB4KWbBy2ecDEFEikKZHxFA.roa (raw, json)
Hash identifier:          oCso5g+zlwlxAIJeQgjTq+1YfVn/sB82qiPF3VrtOvc=
Subject key identifier:   BE:94:FE:68:1E:0A:59:B0:72:D9:E7:03:10:51:22:90:A6:47:C4:50
Certificate issuer:       /CN=5e5810557cb0670bc9c0933e027e9bd82ab156df
Certificate serial:       018CC9BC638AC3BD587F96C2E769D1E34F5C
Authority key identifier: 5E:58:10:55:7C:B0:67:0B:C9:C0:93:3E:02:7E:9B:D8:2A:B1:56:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XlgQVXywZwvJwJM-An6b2CqxVt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/97c414-3afa-49ee-ab70-a4407a5d321a/1/vpT-aB4KWbBy2ecDEFEikKZHxFA.roa
Signing time:             Tue 02 Jan 2024 10:33:35 +0000
ROA not before:           Tue 02 Jan 2024 10:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52148
IP address blocks:        91.209.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/97c414-3afa-49ee-ab70-a4407a5d321a/1/XlgQVXywZwvJwJM-An6b2CqxVt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/97c414-3afa-49ee-ab70-a4407a5d321a/1/XlgQVXywZwvJwJM-An6b2CqxVt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XlgQVXywZwvJwJM-An6b2CqxVt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:63:8a:c3:bd:58:7f:96:c2:e7:69:d1:e3:4f:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e5810557cb0670bc9c0933e027e9bd82ab156df
        Validity
            Not Before: Jan  2 10:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be94fe681e0a59b072d9e70310512290a647c450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:26:be:79:d6:d4:0d:27:42:6a:a4:15:41:a9:
                    c1:2b:71:33:e5:3a:d6:f8:ff:4a:5b:6b:d3:b0:2f:
                    13:70:23:22:1f:bd:e3:be:67:e9:7e:4e:3c:d9:b7:
                    eb:0d:13:41:6d:01:ff:c1:55:fe:f6:83:ac:3b:eb:
                    73:9c:40:60:49:d1:7d:90:e7:4f:54:9c:47:56:36:
                    4a:4f:fb:6a:d3:08:63:87:10:1f:25:d3:eb:eb:bb:
                    d7:17:c2:61:fa:0d:d1:c1:fe:45:ea:6a:76:44:a0:
                    5a:cd:6d:2b:3f:b1:0f:25:6b:f5:8d:cd:04:19:ac:
                    13:25:8f:8c:18:43:20:b2:3d:23:3c:7d:1e:90:71:
                    e3:54:41:59:32:22:64:00:67:aa:aa:87:d8:8e:80:
                    6b:4f:f5:66:bc:c6:a3:fa:82:3c:2f:84:7f:09:6b:
                    95:5b:b6:a7:b9:85:88:01:a7:2d:35:2b:d0:e7:c3:
                    09:46:0d:0e:83:14:21:b1:92:28:18:b2:85:6c:f8:
                    50:37:ae:98:71:f1:71:cc:25:87:43:f1:6b:49:ad:
                    ef:af:e5:82:2b:e1:23:9c:66:d2:c4:ce:f9:ac:50:
                    89:b8:b5:33:05:57:be:c4:cc:be:6c:92:ee:01:70:
                    1c:4f:d2:a8:42:c7:a0:56:dd:8e:cf:9f:6d:52:6f:
                    b2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:94:FE:68:1E:0A:59:B0:72:D9:E7:03:10:51:22:90:A6:47:C4:50
            X509v3 Authority Key Identifier:
                keyid:5E:58:10:55:7C:B0:67:0B:C9:C0:93:3E:02:7E:9B:D8:2A:B1:56:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XlgQVXywZwvJwJM-An6b2CqxVt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/97c414-3afa-49ee-ab70-a4407a5d321a/1/vpT-aB4KWbBy2ecDEFEikKZHxFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/97c414-3afa-49ee-ab70-a4407a5d321a/1/XlgQVXywZwvJwJM-An6b2CqxVt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:0b:49:87:20:a3:5c:66:83:a9:85:3e:5e:3b:8f:df:9a:72:
         73:40:57:f7:8d:c5:53:ed:a4:8f:9c:3a:56:8c:ef:3b:41:f4:
         eb:e7:bd:6d:ef:a6:df:ae:82:a7:9d:3d:10:12:14:f9:aa:48:
         8e:25:b5:86:bb:23:e0:4e:2e:21:07:89:04:10:e5:bd:2e:71:
         1b:ea:28:6f:28:fd:7d:0c:0c:fa:66:44:f6:19:7a:f5:25:30:
         07:cd:2d:73:45:4b:7d:54:02:36:d6:41:9a:88:1c:9d:80:ae:
         d7:e9:ec:77:97:06:7b:ba:d8:18:66:14:f1:55:18:31:59:6b:
         0f:de:be:0f:fa:ec:c2:ce:01:8b:cc:18:c9:88:92:00:11:61:
         2e:5b:fa:9e:b9:47:be:5a:b8:3a:8e:60:d1:60:8d:91:58:68:
         33:c9:3b:15:49:ae:c5:31:be:34:4e:55:15:33:76:a1:30:c6:
         29:a0:f4:eb:3e:98:5b:b7:14:e4:ed:8e:25:a2:22:0d:fc:1e:
         8b:da:97:f8:50:ee:dd:b5:ed:ab:29:92:bb:e8:b6:17:69:a1:
         5e:72:fc:a3:8f:1e:d7:c8:c9:79:ea:aa:46:25:95:78:1f:05:
         2c:62:bc:78:e7:71:b9:dd:8e:29:a1:53:64:ae:d9:ff:41:64:
         29:b2:a2:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGOKw71Yf5bC52nR409cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNTgxMDU1N2NiMDY3MGJjOWMwOTMzZTAyN2U5YmQ4MmFi
MTU2ZGYwHhcNMjQwMTAyMTAzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTk0ZmU2ODFlMGE1OWIwNzJkOWU3MDMxMDUxMjI5MGE2NDdjNDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCa+edbUDSdCaqQVQanBK3Ez5TrW
+P9KW2vTsC8TcCMiH73jvmfpfk482bfrDRNBbQH/wVX+9oOsO+tznEBgSdF9kOdP
VJxHVjZKT/tq0whjhxAfJdPr67vXF8Jh+g3Rwf5F6mp2RKBazW0rP7EPJWv1jc0E
GawTJY+MGEMgsj0jPH0ekHHjVEFZMiJkAGeqqofYjoBrT/VmvMaj+oI8L4R/CWuV
W7anuYWIAactNSvQ58MJRg0OgxQhsZIoGLKFbPhQN66YcfFxzCWHQ/FrSa3vr+WC
K+EjnGbSxM75rFCJuLUzBVe+xMy+bJLuAXAcT9KoQsegVt2Oz59tUm+yqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL6U/mgeClmwctnnAxBRIpCmR8RQMB8GA1UdIwQY
MBaAFF5YEFV8sGcLycCTPgJ+m9gqsVbfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGxnUVZYeXdad3ZKd0pNLUFuNmIyQ3F4VnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS85N2M0MTQtM2FmYS00OWVlLWFiNzAt
YTQ0MDdhNWQzMjFhLzEvdnBULWFCNEtXYkJ5MmVjREVGRWlrS1pIeEZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS85N2M0MTQtM2FmYS00OWVlLWFiNzAtYTQ0MDdhNWQzMjFh
LzEvWGxnUVZYeXdad3ZKd0pNLUFuNmIyQ3F4VnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ElMA0G
CSqGSIb3DQEBCwUAA4IBAQA5C0mHIKNcZoOphT5eO4/fmnJzQFf3jcVT7aSPnDpW
jO87QfTr571t76bfroKnnT0QEhT5qkiOJbWGuyPgTi4hB4kEEOW9LnEb6ihvKP19
DAz6ZkT2GXr1JTAHzS1zRUt9VAI21kGaiBydgK7X6ex3lwZ7utgYZhTxVRgxWWsP
3r4P+uzCzgGLzBjJiJIAEWEuW/qeuUe+Wrg6jmDRYI2RWGgzyTsVSa7FMb40TlUV
M3ahMMYpoPTrPphbtxTk7Y4loiIN/B6L2pf4UO7dte2rKZK76LYXaaFecvyjjx7X
yMl56qpGJZV4HwUsYrx453G53Y4poVNkrtn/QWQpsqL4
-----END CERTIFICATE-----