Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/3084de-b159-4e54-9ed7-42d67840944d/1/M756CFoajzZ7V1XG1fTMzxvl25w.roa
File:                     M756CFoajzZ7V1XG1fTMzxvl25w.roa (raw, json)
Hash identifier:          KJjH1GclAYagNm97oPho87bEuRKc9VfGaS4oX+NjnR4=
Subject key identifier:   33:BE:7A:08:5A:1A:8F:36:7B:57:55:C6:D5:F4:CC:CF:1B:E5:DB:9C
Certificate issuer:       /CN=0f22a0ee3bc6e32d892edde257cbb799179f2cd6
Certificate serial:       0190BA6BF071BFA86A2B015A8836A3D94296
Authority key identifier: 0F:22:A0:EE:3B:C6:E3:2D:89:2E:DD:E2:57:CB:B7:99:17:9F:2C:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DyKg7jvG4y2JLt3iV8u3mRefLNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/3084de-b159-4e54-9ed7-42d67840944d/1/M756CFoajzZ7V1XG1fTMzxvl25w.roa
Signing time:             Tue 16 Jul 2024 07:22:34 +0000
ROA not before:           Tue 16 Jul 2024 07:22:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60667
IP address blocks:        91.132.102.0/24 maxlen: 24
                          2a13:1e00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/3084de-b159-4e54-9ed7-42d67840944d/1/DyKg7jvG4y2JLt3iV8u3mRefLNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/3084de-b159-4e54-9ed7-42d67840944d/1/DyKg7jvG4y2JLt3iV8u3mRefLNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DyKg7jvG4y2JLt3iV8u3mRefLNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:02:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ba:6b:f0:71:bf:a8:6a:2b:01:5a:88:36:a3:d9:42:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f22a0ee3bc6e32d892edde257cbb799179f2cd6
        Validity
            Not Before: Jul 16 07:22:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33be7a085a1a8f367b5755c6d5f4cccf1be5db9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ad:65:ea:26:35:dc:fe:36:aa:2c:3c:16:14:
                    4b:d8:61:15:33:44:04:d0:69:19:50:cc:aa:45:5f:
                    5a:2c:5e:72:81:67:38:60:be:10:e3:51:22:c2:54:
                    d8:d1:c1:01:d5:84:69:73:77:25:fd:1e:37:6a:c3:
                    03:e4:6e:90:68:32:96:aa:33:7f:ec:99:3f:57:c3:
                    88:ce:c6:23:25:89:83:6b:3c:56:9e:2b:ab:fc:f0:
                    f6:e6:64:03:2b:50:68:6d:1e:e1:b5:90:a0:8a:34:
                    e6:9c:99:80:75:ea:87:8e:43:86:b4:53:b5:96:e5:
                    14:da:7c:b8:57:d6:f4:cc:a7:70:3d:05:e5:0a:32:
                    e8:b2:83:56:05:06:fe:a6:a9:cd:00:88:c0:6b:f7:
                    fe:e5:db:6d:5a:14:00:29:b9:08:6d:e8:dd:5c:08:
                    dc:23:d3:60:6b:a3:cb:cc:a2:75:29:a7:cd:22:3e:
                    f2:f0:eb:32:59:4a:33:48:ce:cc:0d:e9:5f:87:dd:
                    3e:cd:ee:8f:3d:4f:7a:b5:c3:d0:a6:3a:91:dc:e8:
                    97:1a:d3:ff:48:0c:7a:ef:ae:cc:57:75:3a:0d:66:
                    4e:5d:70:01:18:d8:20:09:10:f1:86:a2:03:3b:a9:
                    14:5d:23:07:b9:82:97:86:59:52:92:ed:f6:59:76:
                    3a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:BE:7A:08:5A:1A:8F:36:7B:57:55:C6:D5:F4:CC:CF:1B:E5:DB:9C
            X509v3 Authority Key Identifier:
                keyid:0F:22:A0:EE:3B:C6:E3:2D:89:2E:DD:E2:57:CB:B7:99:17:9F:2C:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DyKg7jvG4y2JLt3iV8u3mRefLNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/3084de-b159-4e54-9ed7-42d67840944d/1/M756CFoajzZ7V1XG1fTMzxvl25w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/3084de-b159-4e54-9ed7-42d67840944d/1/DyKg7jvG4y2JLt3iV8u3mRefLNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.102.0/24
                IPv6:
                  2a13:1e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:56:84:8e:a7:0b:8d:ba:a3:0d:03:00:68:f8:5c:38:17:5c:
         c7:33:61:43:de:2f:af:bb:ca:25:70:44:19:04:37:48:a3:fd:
         45:aa:0c:9c:c4:0f:c4:41:21:d8:fe:a2:9c:e2:a2:f6:45:60:
         70:2e:15:2b:61:68:d6:a5:85:09:a3:d9:25:e8:90:aa:bc:63:
         d1:a7:96:19:e4:a1:eb:b8:db:53:5b:68:70:81:5d:80:3b:ba:
         8d:c1:24:d2:99:31:d9:d0:10:6c:02:d0:45:55:3b:4c:12:6c:
         3f:46:c0:9d:ab:02:34:06:7f:3a:43:6d:69:0d:51:69:78:84:
         30:01:63:91:56:2a:c8:12:1e:ca:ca:46:e5:12:41:e4:dd:8f:
         0d:95:1a:0b:7f:db:d4:75:ec:0d:38:52:cd:7d:8b:15:d4:1c:
         54:3f:ae:a3:23:63:c3:f8:15:4b:71:89:ab:1f:bb:f8:85:1b:
         57:37:5e:83:0e:15:3b:c2:c8:64:af:94:e2:b3:44:14:d9:9c:
         99:d4:b3:d3:88:3d:d5:88:ee:3a:f9:9f:c8:f8:91:35:6a:8f:
         38:52:5b:d1:d2:62:7b:1f:fd:4b:32:1a:41:f3:8a:e9:ff:59:
         de:13:63:4a:ad:9e:e3:1d:1c:50:91:01:18:25:48:b2:4a:1a:
         6c:59:93:89
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZC6a/Bxv6hqKwFaiDaj2UKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMjJhMGVlM2JjNmUzMmQ4OTJlZGRlMjU3Y2JiNzk5MTc5
ZjJjZDYwHhcNMjQwNzE2MDcyMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2JlN2EwODVhMWE4ZjM2N2I1NzU1YzZkNWY0Y2NjZjFiZTVkYjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5K1l6iY13P42qiw8FhRL2GEVM0QE
0GkZUMyqRV9aLF5ygWc4YL4Q41EiwlTY0cEB1YRpc3cl/R43asMD5G6QaDKWqjN/
7Jk/V8OIzsYjJYmDazxWniur/PD25mQDK1BobR7htZCgijTmnJmAdeqHjkOGtFO1
luUU2ny4V9b0zKdwPQXlCjLosoNWBQb+pqnNAIjAa/f+5dttWhQAKbkIbejdXAjc
I9Nga6PLzKJ1KafNIj7y8OsyWUozSM7MDelfh90+ze6PPU96tcPQpjqR3OiXGtP/
SAx6767MV3U6DWZOXXABGNggCRDxhqIDO6kUXSMHuYKXhllSku32WXY6NQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDO+eghaGo82e1dVxtX0zM8b5ducMB8GA1UdIwQY
MBaAFA8ioO47xuMtiS7d4lfLt5kXnyzWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHlLZzdqdkc0eTJKTHQzaVY4dTNtUmVmTE5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8zMDg0ZGUtYjE1OS00ZTU0LTllZDct
NDJkNjc4NDA5NDRkLzEvTTc1NkNGb2Fqelo3VjFYRzFmVE16eHZsMjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8zMDg0ZGUtYjE1OS00ZTU0LTllZDctNDJkNjc4NDA5NDRk
LzEvRHlLZzdqdkc0eTJKTHQzaVY4dTNtUmVmTE5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW4RmMA0E
AgACMAcDBQMqEx4AMA0GCSqGSIb3DQEBCwUAA4IBAQCzVoSOpwuNuqMNAwBo+Fw4
F1zHM2FD3i+vu8olcEQZBDdIo/1FqgycxA/EQSHY/qKc4qL2RWBwLhUrYWjWpYUJ
o9kl6JCqvGPRp5YZ5KHruNtTW2hwgV2AO7qNwSTSmTHZ0BBsAtBFVTtMEmw/RsCd
qwI0Bn86Q21pDVFpeIQwAWORVirIEh7KykblEkHk3Y8NlRoLf9vUdewNOFLNfYsV
1BxUP66jI2PD+BVLcYmrH7v4hRtXN16DDhU7wshkr5Tis0QU2ZyZ1LPTiD3ViO46
+Z/I+JE1ao84UlvR0mJ7H/1LMhpB84rp/1neE2NKrZ7jHRxQkQEYJUiyShpsWZOJ
-----END CERTIFICATE-----