Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/a16acc-1dfb-4b2f-b243-6f1c974e8637/1/RHGT4hJsJ6zwe4vHuNUNVhnuMWc.roa
File:                     RHGT4hJsJ6zwe4vHuNUNVhnuMWc.roa (raw, json)
Hash identifier:          cT1b9kG//2M/nDW9+YvUop8Hz0FR1SOV+EJf3AyZc/U=
Subject key identifier:   44:71:93:E2:12:6C:27:AC:F0:7B:8B:C7:B8:D5:0D:56:19:EE:31:67
Certificate issuer:       /CN=ec8ff96eae2d448ec7849d173b552f15f0f704c1
Certificate serial:       018CC3B70EC9499899D1E901F2F2E456587F
Authority key identifier: EC:8F:F9:6E:AE:2D:44:8E:C7:84:9D:17:3B:55:2F:15:F0:F7:04:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7I_5bq4tRI7HhJ0XO1UvFfD3BME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/a16acc-1dfb-4b2f-b243-6f1c974e8637/1/RHGT4hJsJ6zwe4vHuNUNVhnuMWc.roa
Signing time:             Mon 01 Jan 2024 06:30:03 +0000
ROA not before:           Mon 01 Jan 2024 06:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57586
IP address blocks:        91.233.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/a16acc-1dfb-4b2f-b243-6f1c974e8637/1/7I_5bq4tRI7HhJ0XO1UvFfD3BME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/a16acc-1dfb-4b2f-b243-6f1c974e8637/1/7I_5bq4tRI7HhJ0XO1UvFfD3BME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7I_5bq4tRI7HhJ0XO1UvFfD3BME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0e:c9:49:98:99:d1:e9:01:f2:f2:e4:56:58:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec8ff96eae2d448ec7849d173b552f15f0f704c1
        Validity
            Not Before: Jan  1 06:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=447193e2126c27acf07b8bc7b8d50d5619ee3167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:99:9a:d5:1b:a9:fe:4f:32:c7:02:d6:1d:ed:
                    34:d5:6f:b2:b5:4b:fd:71:4f:78:b7:4b:d5:55:c9:
                    8e:48:47:27:25:56:4c:f2:be:0e:0b:7c:f3:3b:43:
                    86:ef:d6:74:35:8f:b2:bc:ed:23:95:1e:5a:d7:ad:
                    e0:31:58:75:b1:2a:8f:f1:e9:18:71:11:16:f2:8b:
                    4c:4d:19:ab:a3:03:c3:1c:be:e4:96:8b:c6:86:3a:
                    2f:df:7e:f5:e1:63:b8:0a:78:1e:95:98:1f:0f:32:
                    8e:fd:5e:0d:bb:74:76:4e:30:e5:2d:c0:dc:4f:38:
                    eb:15:72:5e:7d:f9:5d:40:c5:f0:70:d8:3e:0a:40:
                    53:59:98:e9:bc:4c:18:20:c4:e1:42:b8:54:73:f4:
                    a3:e3:93:f0:d2:9a:93:33:32:d8:1b:60:e6:7e:a6:
                    6c:bd:27:7e:30:a9:6a:2f:6d:90:89:d2:18:70:ed:
                    c2:14:ae:5d:a5:31:1a:b1:c0:ac:f9:b9:f6:7c:e7:
                    00:1e:dd:08:47:d0:e7:6f:29:26:be:70:55:a8:c9:
                    89:e9:20:53:67:12:89:99:dc:4a:89:08:03:2c:0b:
                    a7:d0:45:32:44:5a:dd:6d:f5:18:7f:6a:ff:c0:96:
                    a4:ed:59:4c:0b:e1:8a:dd:6d:02:b5:6a:54:3f:62:
                    19:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:71:93:E2:12:6C:27:AC:F0:7B:8B:C7:B8:D5:0D:56:19:EE:31:67
            X509v3 Authority Key Identifier:
                keyid:EC:8F:F9:6E:AE:2D:44:8E:C7:84:9D:17:3B:55:2F:15:F0:F7:04:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7I_5bq4tRI7HhJ0XO1UvFfD3BME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/a16acc-1dfb-4b2f-b243-6f1c974e8637/1/RHGT4hJsJ6zwe4vHuNUNVhnuMWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/a16acc-1dfb-4b2f-b243-6f1c974e8637/1/7I_5bq4tRI7HhJ0XO1UvFfD3BME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:cf:da:d9:e9:8f:48:79:c8:b8:4e:3c:73:c8:14:35:f8:c8:
         47:67:78:93:c4:53:72:d0:07:b5:4d:8c:44:59:15:4b:7d:a4:
         27:54:8f:57:f8:11:c6:69:e4:ea:8f:0c:3c:77:86:22:e2:00:
         3b:33:da:40:34:c9:d3:f9:06:c7:c8:ca:96:57:84:f4:49:60:
         b5:be:19:54:ba:0d:e8:10:8a:8d:c5:78:e5:31:cb:a5:2f:3a:
         27:2e:5c:f5:38:09:62:0e:30:d0:88:0c:c6:8e:2b:81:6e:2d:
         74:f9:22:ca:01:e5:1e:ce:a7:de:39:cf:91:f5:98:18:b9:06:
         62:22:cd:24:37:f4:3f:00:17:7a:cb:72:91:68:a6:db:27:1e:
         b1:83:ab:1d:71:db:6d:8e:47:61:44:9f:a0:d6:0b:43:52:9c:
         a8:dd:cc:71:7b:91:e2:48:d0:bb:56:5e:d2:41:bd:5e:ed:47:
         ca:90:1e:a8:a0:c9:c7:8d:ce:c5:b8:7e:04:45:14:e3:1e:a2:
         50:29:2e:22:24:b1:04:b2:3f:bb:f4:96:b7:6b:cf:f2:20:fa:
         28:f7:de:ec:90:f5:c8:7f:88:c1:02:89:a3:8b:53:63:ea:5c:
         62:39:66:99:ec:cb:d0:e0:1e:ad:58:85:85:16:fc:b4:c9:02:
         bf:fa:6d:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtw7JSZiZ0ekB8vLkVlh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOGZmOTZlYWUyZDQ0OGVjNzg0OWQxNzNiNTUyZjE1ZjBm
NzA0YzEwHhcNMjQwMTAxMDYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDcxOTNlMjEyNmMyN2FjZjA3YjhiYzdiOGQ1MGQ1NjE5ZWUzMTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Zma1Rup/k8yxwLWHe001W+ytUv9
cU94t0vVVcmOSEcnJVZM8r4OC3zzO0OG79Z0NY+yvO0jlR5a163gMVh1sSqP8ekY
cREW8otMTRmrowPDHL7klovGhjov33714WO4CngelZgfDzKO/V4Nu3R2TjDlLcDc
TzjrFXJeffldQMXwcNg+CkBTWZjpvEwYIMThQrhUc/Sj45Pw0pqTMzLYG2DmfqZs
vSd+MKlqL22QidIYcO3CFK5dpTEascCs+bn2fOcAHt0IR9DnbykmvnBVqMmJ6SBT
ZxKJmdxKiQgDLAun0EUyRFrdbfUYf2r/wJak7VlMC+GK3W0CtWpUP2IZNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERxk+ISbCes8HuLx7jVDVYZ7jFnMB8GA1UdIwQY
MBaAFOyP+W6uLUSOx4SdFztVLxXw9wTBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0lfNWJxNHRSSTdIaEowWE8xVXZGZkQzQk1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9hMTZhY2MtMWRmYi00YjJmLWIyNDMt
NmYxYzk3NGU4NjM3LzEvUkhHVDRoSnNKNnp3ZTR2SHVOVU5WaG51TVdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9hMTZhY2MtMWRmYi00YjJmLWIyNDMtNmYxYzk3NGU4NjM3
LzEvN0lfNWJxNHRSSTdIaEowWE8xVXZGZkQzQk1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+k+MA0G
CSqGSIb3DQEBCwUAA4IBAQBfz9rZ6Y9Ieci4TjxzyBQ1+MhHZ3iTxFNy0Ae1TYxE
WRVLfaQnVI9X+BHGaeTqjww8d4Yi4gA7M9pANMnT+QbHyMqWV4T0SWC1vhlUug3o
EIqNxXjlMculLzonLlz1OAliDjDQiAzGjiuBbi10+SLKAeUezqfeOc+R9ZgYuQZi
Is0kN/Q/ABd6y3KRaKbbJx6xg6sdcdttjkdhRJ+g1gtDUpyo3cxxe5HiSNC7Vl7S
Qb1e7UfKkB6ooMnHjc7FuH4ERRTjHqJQKS4iJLEEsj+79Ja3a8/yIPoo997skPXI
f4jBAomji1Nj6lxiOWaZ7MvQ4B6tWIWFFvy0yQK/+m3d
-----END CERTIFICATE-----