Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32eaa2-ccb9-48e1-962d-e3ea6494d4ea/1/bZPJ3qr30r4ZiERwe-7B5bpbaVU.roa
File:                     bZPJ3qr30r4ZiERwe-7B5bpbaVU.roa (raw, json)
Hash identifier:          K6wNjoDZekkES7Rm3nEtFoZ8Md6TQHKza7iH9CW3Jpw=
Subject key identifier:   6D:93:C9:DE:AA:F7:D2:BE:19:88:44:70:7B:EE:C1:E5:BA:5B:69:55
Certificate issuer:       /CN=384c679cbaf8c2ad7bd7e159086fdf0a27d2a284
Certificate serial:       018CC86F52E7576A493A67F7CFE930DAA608
Authority key identifier: 38:4C:67:9C:BA:F8:C2:AD:7B:D7:E1:59:08:6F:DF:0A:27:D2:A2:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OExnnLr4wq171-FZCG_fCifSooQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/32eaa2-ccb9-48e1-962d-e3ea6494d4ea/1/bZPJ3qr30r4ZiERwe-7B5bpbaVU.roa
Signing time:             Tue 02 Jan 2024 04:29:47 +0000
ROA not before:           Tue 02 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51816
IP address blocks:        91.220.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/32eaa2-ccb9-48e1-962d-e3ea6494d4ea/1/OExnnLr4wq171-FZCG_fCifSooQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/32eaa2-ccb9-48e1-962d-e3ea6494d4ea/1/OExnnLr4wq171-FZCG_fCifSooQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OExnnLr4wq171-FZCG_fCifSooQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:52:e7:57:6a:49:3a:67:f7:cf:e9:30:da:a6:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=384c679cbaf8c2ad7bd7e159086fdf0a27d2a284
        Validity
            Not Before: Jan  2 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d93c9deaaf7d2be198844707beec1e5ba5b6955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:35:a4:7f:6b:44:f0:c1:87:d6:4e:8d:02:70:
                    f1:f9:77:ae:af:53:ab:7e:78:bd:86:7b:26:f0:02:
                    8d:e2:f4:ae:8a:9d:cd:69:fc:5e:73:d8:36:c0:b9:
                    52:04:04:38:ea:17:cc:0b:53:86:12:c5:04:b2:8c:
                    fb:93:23:1e:13:2c:91:a3:6c:ab:da:e0:14:09:7b:
                    64:57:06:c1:c5:3f:de:f4:2d:8f:e3:af:bb:0d:2b:
                    ef:28:b7:ac:36:3c:a2:02:7b:bd:54:73:34:c6:c7:
                    14:58:10:f9:02:ce:02:fa:8b:77:78:7e:46:f4:50:
                    88:99:87:e7:de:3f:a8:af:8e:63:90:90:b0:ff:8a:
                    a7:7f:f9:72:8a:02:45:97:77:af:f0:39:ee:a9:4f:
                    59:1e:e8:ce:32:5a:8d:aa:09:40:4d:8d:28:bf:52:
                    46:13:af:41:f7:7c:79:b2:af:b5:9a:04:83:16:69:
                    8c:ea:d4:db:d2:7f:50:b8:5e:78:4e:b3:00:d1:34:
                    ca:dc:e1:8a:d8:22:c7:63:34:f8:73:02:b9:f2:ea:
                    8e:4c:52:d4:df:f4:b1:5f:26:4f:e2:cf:1d:72:38:
                    59:c9:7e:57:6f:ec:74:b3:77:ba:ee:f6:51:e3:6b:
                    27:6a:50:14:bf:a8:16:99:83:1f:7a:18:12:59:e4:
                    e9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:93:C9:DE:AA:F7:D2:BE:19:88:44:70:7B:EE:C1:E5:BA:5B:69:55
            X509v3 Authority Key Identifier:
                keyid:38:4C:67:9C:BA:F8:C2:AD:7B:D7:E1:59:08:6F:DF:0A:27:D2:A2:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OExnnLr4wq171-FZCG_fCifSooQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32eaa2-ccb9-48e1-962d-e3ea6494d4ea/1/bZPJ3qr30r4ZiERwe-7B5bpbaVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32eaa2-ccb9-48e1-962d-e3ea6494d4ea/1/OExnnLr4wq171-FZCG_fCifSooQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:4c:49:4a:41:dd:4a:f4:a1:fe:97:e8:80:a4:fc:0b:c9:69:
         83:4e:b3:2c:05:f0:4e:10:5d:f6:a7:bc:0c:32:62:cc:c8:fa:
         f3:fb:5e:28:e5:89:8a:78:14:05:d5:6d:21:51:25:1b:06:73:
         26:a2:1b:6b:ce:7c:02:d3:fb:bb:2d:9e:1f:dd:d4:f0:61:57:
         cf:72:8d:ec:b0:4d:91:bc:01:42:fa:39:6e:1a:18:2f:a0:97:
         bd:24:80:9c:4f:3c:ee:79:11:50:be:df:d9:2a:bf:05:51:20:
         6b:3a:c1:db:84:a0:89:c7:e0:3e:08:bb:56:3b:c0:57:e9:f2:
         f5:67:46:f9:33:46:a1:43:65:19:c1:23:c8:87:0a:f8:b6:46:
         f1:67:33:d2:41:6a:37:65:0f:6b:e8:9d:15:82:33:f7:d0:13:
         52:68:17:71:09:0e:f6:9f:e2:57:c3:b6:b3:69:90:49:46:ff:
         4f:eb:e8:0b:5e:53:2f:4a:61:1b:f7:10:69:d5:3e:6c:21:5c:
         60:46:80:dc:46:6d:c7:50:03:72:b7:94:a7:dd:b9:64:6a:fb:
         a6:e6:e6:3e:4a:2e:b5:21:db:c0:e9:26:21:0c:d1:66:61:c3:
         f0:84:1d:10:2d:71:30:62:96:0c:c8:38:3b:0e:bd:fe:07:3b:
         a6:a6:f1:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1LnV2pJOmf3z+kw2qYIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NGM2NzljYmFmOGMyYWQ3YmQ3ZTE1OTA4NmZkZjBhMjdk
MmEyODQwHhcNMjQwMTAyMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDkzYzlkZWFhZjdkMmJlMTk4ODQ0NzA3YmVlYzFlNWJhNWI2OTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzWkf2tE8MGH1k6NAnDx+Xeur1Or
fni9hnsm8AKN4vSuip3Nafxec9g2wLlSBAQ46hfMC1OGEsUEsoz7kyMeEyyRo2yr
2uAUCXtkVwbBxT/e9C2P46+7DSvvKLesNjyiAnu9VHM0xscUWBD5As4C+ot3eH5G
9FCImYfn3j+or45jkJCw/4qnf/lyigJFl3ev8DnuqU9ZHujOMlqNqglATY0ov1JG
E69B93x5sq+1mgSDFmmM6tTb0n9QuF54TrMA0TTK3OGK2CLHYzT4cwK58uqOTFLU
3/SxXyZP4s8dcjhZyX5Xb+x0s3e67vZR42snalAUv6gWmYMfehgSWeTp4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2Tyd6q99K+GYhEcHvuweW6W2lVMB8GA1UdIwQY
MBaAFDhMZ5y6+MKte9fhWQhv3won0qKEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0V4bm5McjR3cTE3MS1GWkNHX2ZDaWZTb29RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMmVhYTItY2NiOS00OGUxLTk2MmQt
ZTNlYTY0OTRkNGVhLzEvYlpQSjNxcjMwcjRaaUVSd2UtN0I1YnBiYVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMmVhYTItY2NiOS00OGUxLTk2MmQtZTNlYTY0OTRkNGVh
LzEvT0V4bm5McjR3cTE3MS1GWkNHX2ZDaWZTb29RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xrMA0G
CSqGSIb3DQEBCwUAA4IBAQB8TElKQd1K9KH+l+iApPwLyWmDTrMsBfBOEF32p7wM
MmLMyPrz+14o5YmKeBQF1W0hUSUbBnMmohtrznwC0/u7LZ4f3dTwYVfPco3ssE2R
vAFC+jluGhgvoJe9JICcTzzueRFQvt/ZKr8FUSBrOsHbhKCJx+A+CLtWO8BX6fL1
Z0b5M0ahQ2UZwSPIhwr4tkbxZzPSQWo3ZQ9r6J0VgjP30BNSaBdxCQ72n+JXw7az
aZBJRv9P6+gLXlMvSmEb9xBp1T5sIVxgRoDcRm3HUANyt5Sn3blkavum5uY+Si61
IdvA6SYhDNFmYcPwhB0QLXEwYpYMyDg7Dr3+BzumpvGp
-----END CERTIFICATE-----