Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/Z-U2KXvNaE-nIIjh7298Tg91t5U.roa
File:                     Z-U2KXvNaE-nIIjh7298Tg91t5U.roa (raw, json)
Hash identifier:          Kd+iEIUg6uQ6WqenSjWx6h+cZZPVn4AKIdDjGoQ/IVc=
Subject key identifier:   67:E5:36:29:7B:CD:68:4F:A7:20:88:E1:EF:6F:7C:4E:0F:75:B7:95
Certificate issuer:       /CN=d33e131008def705a417f0d40d148a36f25a1a39
Certificate serial:       018CC5012A6029EFCFBA6123FC06FF6CB7F7
Authority key identifier: D3:3E:13:10:08:DE:F7:05:A4:17:F0:D4:0D:14:8A:36:F2:5A:1A:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0z4TEAje9wWkF_DUDRSKNvJaGjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/Z-U2KXvNaE-nIIjh7298Tg91t5U.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197326
IP address blocks:        91.220.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/0z4TEAje9wWkF_DUDRSKNvJaGjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/0z4TEAje9wWkF_DUDRSKNvJaGjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0z4TEAje9wWkF_DUDRSKNvJaGjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2a:60:29:ef:cf:ba:61:23:fc:06:ff:6c:b7:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d33e131008def705a417f0d40d148a36f25a1a39
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67e536297bcd684fa72088e1ef6f7c4e0f75b795
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1f:ad:3f:b0:a0:6b:ca:3f:21:45:dc:8b:10:
                    fa:a9:26:e3:c5:05:3b:3c:95:fd:1c:b6:aa:20:3c:
                    f4:24:7d:d7:fa:c5:9c:c1:6c:75:0c:26:a5:d8:b9:
                    41:ed:23:7b:1c:97:f0:34:7e:fb:b1:a4:5b:07:72:
                    ea:37:9d:4a:29:97:cf:27:5e:ad:9b:42:d4:2c:46:
                    f9:b5:f8:d1:45:c3:ce:5e:f8:4f:d4:a0:7c:83:1b:
                    84:f1:76:0d:d2:0a:c3:a9:8b:01:d6:78:2d:1d:a7:
                    54:11:29:58:b5:9f:37:61:06:be:ef:e5:1b:44:f4:
                    71:aa:aa:15:7b:a4:36:7b:3a:da:df:e5:e1:f6:c7:
                    a3:ea:8e:67:c0:46:77:18:4c:d0:40:fb:27:58:f8:
                    c9:0e:1e:4d:68:fc:29:4a:ae:0d:ac:30:31:9e:ec:
                    f6:81:0b:c8:e7:64:af:90:34:11:16:18:ca:98:b9:
                    5b:b5:61:cf:0d:a0:50:de:7f:b9:fb:63:58:99:d3:
                    0c:5a:fb:37:e6:cb:50:bd:11:3d:5f:21:37:56:fb:
                    4d:49:8b:e8:77:c9:71:5d:a7:8f:45:ae:cb:89:e3:
                    2c:c0:ac:53:2b:ee:69:04:47:90:46:82:77:2e:f9:
                    df:e0:e7:57:72:9a:01:5d:1d:e0:34:82:ec:1f:4c:
                    7f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:E5:36:29:7B:CD:68:4F:A7:20:88:E1:EF:6F:7C:4E:0F:75:B7:95
            X509v3 Authority Key Identifier:
                keyid:D3:3E:13:10:08:DE:F7:05:A4:17:F0:D4:0D:14:8A:36:F2:5A:1A:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0z4TEAje9wWkF_DUDRSKNvJaGjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/Z-U2KXvNaE-nIIjh7298Tg91t5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/0z4TEAje9wWkF_DUDRSKNvJaGjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:dd:6b:8f:e9:2b:8e:1f:19:3d:e0:2a:9a:33:e2:06:ab:34:
         dc:5b:0f:34:f3:b6:67:0a:84:4f:cb:7c:78:9b:6d:2b:37:5a:
         ef:7c:a5:bd:76:bd:30:12:c9:f5:ad:a6:dc:c3:97:02:0c:32:
         27:05:9c:70:3f:1d:d4:a4:22:05:8c:f0:1c:9f:96:e9:b1:be:
         c8:a5:a1:88:9f:d3:a5:d3:f1:0b:2e:c8:14:9e:25:b6:9e:42:
         85:db:4a:ad:0c:37:30:0f:14:3f:4d:b4:a4:0a:24:2d:96:81:
         4c:99:45:6f:be:f9:e0:c1:b2:f2:37:47:11:b0:d2:55:b8:ac:
         4f:23:a2:30:72:01:d4:c3:cb:0e:4e:2b:90:1a:e2:50:34:02:
         77:ac:d1:c9:27:be:52:85:f5:e7:d0:4d:fd:a1:42:b6:76:ea:
         74:a4:50:3c:7e:9f:7a:2a:e0:6d:cd:3b:37:76:5e:85:c8:ae:
         f5:6f:39:fd:0a:27:63:b6:17:5f:34:18:b1:91:6d:cc:ff:6f:
         c3:61:d9:76:3b:d0:35:d6:b8:96:76:57:c5:cf:db:f1:a6:8a:
         12:70:b9:1f:e6:d0:e9:3c:32:0b:e9:d6:40:50:2f:80:dd:33:
         59:57:e5:31:f1:fc:f8:db:dd:80:7b:25:c2:61:b4:11:18:be:
         ce:51:33:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASpgKe/PumEj/Ab/bLf3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzM2UxMzEwMDhkZWY3MDVhNDE3ZjBkNDBkMTQ4YTM2ZjI1
YTFhMzkwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2U1MzYyOTdiY2Q2ODRmYTcyMDg4ZTFlZjZmN2M0ZTBmNzViNzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiB+tP7Cga8o/IUXcixD6qSbjxQU7
PJX9HLaqIDz0JH3X+sWcwWx1DCal2LlB7SN7HJfwNH77saRbB3LqN51KKZfPJ16t
m0LULEb5tfjRRcPOXvhP1KB8gxuE8XYN0grDqYsB1ngtHadUESlYtZ83YQa+7+Ub
RPRxqqoVe6Q2ezra3+Xh9sej6o5nwEZ3GEzQQPsnWPjJDh5NaPwpSq4NrDAxnuz2
gQvI52SvkDQRFhjKmLlbtWHPDaBQ3n+5+2NYmdMMWvs35stQvRE9XyE3VvtNSYvo
d8lxXaePRa7LieMswKxTK+5pBEeQRoJ3Lvnf4OdXcpoBXR3gNILsH0x/YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGflNil7zWhPpyCI4e9vfE4PdbeVMB8GA1UdIwQY
MBaAFNM+ExAI3vcFpBfw1A0UijbyWho5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHo0VEVBamU5d1drRl9EVURSU0tOdkphR2prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC81NDZkZDktYWE0OC00NDVlLWJlNjAt
MDkwN2FkMzRjYjlmLzEvWi1VMktYdk5hRS1uSUlqaDcyOThUZzkxdDVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC81NDZkZDktYWE0OC00NDVlLWJlNjAtMDkwN2FkMzRjYjlm
LzEvMHo0VEVBamU5d1drRl9EVURSU0tOdkphR2prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9w3MA0G
CSqGSIb3DQEBCwUAA4IBAQAR3WuP6SuOHxk94CqaM+IGqzTcWw8087ZnCoRPy3x4
m20rN1rvfKW9dr0wEsn1rabcw5cCDDInBZxwPx3UpCIFjPAcn5bpsb7IpaGIn9Ol
0/ELLsgUniW2nkKF20qtDDcwDxQ/TbSkCiQtloFMmUVvvvngwbLyN0cRsNJVuKxP
I6IwcgHUw8sOTiuQGuJQNAJ3rNHJJ75ShfXn0E39oUK2dup0pFA8fp96KuBtzTs3
dl6FyK71bzn9CidjthdfNBixkW3M/2/DYdl2O9A11riWdlfFz9vxpooScLkf5tDp
PDIL6dZAUC+A3TNZV+Ux8fz4292AeyXCYbQRGL7OUTOX
-----END CERTIFICATE-----