Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/21b69a-a117-4b6d-86d5-9a15bc0d3988/1/V-OFJbRGM_9v0T7n89lMojJh5mI.roa
File:                     V-OFJbRGM_9v0T7n89lMojJh5mI.roa (raw, json)
Hash identifier:          jwRHcPJk85x04fXyvZR5aPN0Lfg/J64JmtsfKSc/bvg=
Subject key identifier:   57:E3:85:25:B4:46:33:FF:6F:D1:3E:E7:F3:D9:4C:A2:32:61:E6:62
Certificate issuer:       /CN=65b48d0a37abfc34b41d2d2bae8c682ed23ec426
Certificate serial:       018CC492F6FB1F5E5F55DF019A362E373850
Authority key identifier: 65:B4:8D:0A:37:AB:FC:34:B4:1D:2D:2B:AE:8C:68:2E:D2:3E:C4:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbSNCjer_DS0HS0rroxoLtI-xCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/21b69a-a117-4b6d-86d5-9a15bc0d3988/1/V-OFJbRGM_9v0T7n89lMojJh5mI.roa
Signing time:             Mon 01 Jan 2024 10:30:14 +0000
ROA not before:           Mon 01 Jan 2024 10:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42112
IP address blocks:        91.199.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/21b69a-a117-4b6d-86d5-9a15bc0d3988/1/ZbSNCjer_DS0HS0rroxoLtI-xCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/21b69a-a117-4b6d-86d5-9a15bc0d3988/1/ZbSNCjer_DS0HS0rroxoLtI-xCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbSNCjer_DS0HS0rroxoLtI-xCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f6:fb:1f:5e:5f:55:df:01:9a:36:2e:37:38:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b48d0a37abfc34b41d2d2bae8c682ed23ec426
        Validity
            Not Before: Jan  1 10:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57e38525b44633ff6fd13ee7f3d94ca23261e662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:63:cb:1f:f1:51:d5:c9:a7:2e:ff:2f:c6:e1:
                    cd:eb:21:51:cf:04:c7:5a:8a:91:04:c4:68:84:bc:
                    13:15:00:d8:fe:23:c9:df:cb:ae:95:d0:a3:ff:56:
                    28:d3:44:d3:ca:31:72:d6:4c:51:1c:67:c7:6c:4d:
                    84:61:83:85:47:af:d9:29:39:bb:0a:39:3b:f2:8e:
                    08:94:59:0b:83:61:d2:1c:92:a3:fb:54:05:e2:3e:
                    59:5b:c9:b1:ad:fe:67:39:b2:07:02:7b:7a:29:6f:
                    02:d6:ae:03:c7:a2:2f:fa:1c:c0:77:81:57:03:a9:
                    6a:9d:4b:56:1d:d6:57:c6:b4:2e:b5:26:56:b5:ce:
                    44:fa:c9:bf:8c:d9:57:20:90:26:3f:7a:df:79:1f:
                    7c:08:0d:01:13:9c:78:28:fb:f5:08:a8:40:ec:4b:
                    24:f6:e8:90:19:27:23:c2:c5:03:98:9b:73:58:82:
                    c3:fb:3e:fa:d6:4e:0f:03:63:54:50:03:83:c3:84:
                    3c:47:bb:01:0a:52:90:93:4e:15:6e:ba:c5:1a:b8:
                    cf:ee:6a:a5:91:1f:09:e4:34:3f:b6:58:11:6e:e6:
                    0b:e9:37:fb:9d:bc:68:cb:b1:fa:d7:56:76:a5:6c:
                    d2:65:2b:f0:2f:ae:9f:bc:62:b1:36:8a:56:2f:be:
                    5a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E3:85:25:B4:46:33:FF:6F:D1:3E:E7:F3:D9:4C:A2:32:61:E6:62
            X509v3 Authority Key Identifier:
                keyid:65:B4:8D:0A:37:AB:FC:34:B4:1D:2D:2B:AE:8C:68:2E:D2:3E:C4:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbSNCjer_DS0HS0rroxoLtI-xCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/21b69a-a117-4b6d-86d5-9a15bc0d3988/1/V-OFJbRGM_9v0T7n89lMojJh5mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/21b69a-a117-4b6d-86d5-9a15bc0d3988/1/ZbSNCjer_DS0HS0rroxoLtI-xCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:ac:98:0f:18:85:d9:de:11:43:d8:f1:02:44:9c:d0:28:5a:
         e1:75:d8:6d:2e:38:1c:b6:ea:5c:be:1c:ab:19:e4:15:ef:b6:
         c3:e9:3a:f9:84:b3:d2:c3:32:c9:bc:12:37:23:24:83:a7:8c:
         94:e0:03:b4:40:70:c6:3b:43:54:4d:4b:bd:9a:6c:67:57:db:
         70:a3:e5:3d:88:4b:aa:80:ed:df:84:43:15:e8:74:78:08:28:
         66:a8:65:26:eb:98:0b:0f:b6:a6:a2:72:33:35:2a:8c:52:59:
         45:13:c7:5c:3a:9b:36:c6:95:57:65:1d:57:88:1b:6c:31:ac:
         e4:f6:7f:e1:f6:9e:38:ac:91:e5:be:de:2d:c1:5d:b5:b6:1d:
         57:45:11:08:8a:35:44:db:7a:13:a4:51:07:fc:c4:27:44:83:
         fa:5e:62:91:67:d1:4e:ca:95:c4:f8:78:c7:9e:11:35:ef:72:
         e5:c1:ef:a7:23:66:8a:7a:cf:d6:37:19:6e:2d:94:4e:8d:24:
         a7:42:18:80:36:6c:7d:e4:bb:2f:13:e7:ab:e6:51:89:cd:2e:
         29:78:41:46:ea:e7:36:16:95:04:af:32:3d:63:1b:d5:65:cf:
         b9:02:95:53:95:9d:93:8f:83:9a:a7:c4:57:64:34:1b:8b:a9:
         51:a2:8a:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkvb7H15fVd8BmjYuNzhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjQ4ZDBhMzdhYmZjMzRiNDFkMmQyYmFlOGM2ODJlZDIz
ZWM0MjYwHhcNMjQwMTAxMTAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2UzODUyNWI0NDYzM2ZmNmZkMTNlZTdmM2Q5NGNhMjMyNjFlNjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGPLH/FR1cmnLv8vxuHN6yFRzwTH
WoqRBMRohLwTFQDY/iPJ38uuldCj/1Yo00TTyjFy1kxRHGfHbE2EYYOFR6/ZKTm7
Cjk78o4IlFkLg2HSHJKj+1QF4j5ZW8mxrf5nObIHAnt6KW8C1q4Dx6Iv+hzAd4FX
A6lqnUtWHdZXxrQutSZWtc5E+sm/jNlXIJAmP3rfeR98CA0BE5x4KPv1CKhA7Esk
9uiQGScjwsUDmJtzWILD+z761k4PA2NUUAODw4Q8R7sBClKQk04VbrrFGrjP7mql
kR8J5DQ/tlgRbuYL6Tf7nbxoy7H611Z2pWzSZSvwL66fvGKxNopWL75a8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfjhSW0RjP/b9E+5/PZTKIyYeZiMB8GA1UdIwQY
MBaAFGW0jQo3q/w0tB0tK66MaC7SPsQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJTTkNqZXJfRFMwSFMwcnJveG9MdEkteENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8yMWI2OWEtYTExNy00YjZkLTg2ZDUt
OWExNWJjMGQzOTg4LzEvVi1PRkpiUkdNXzl2MFQ3bjg5bE1vakpoNW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8yMWI2OWEtYTExNy00YjZkLTg2ZDUtOWExNWJjMGQzOTg4
LzEvWmJTTkNqZXJfRFMwSFMwcnJveG9MdEkteENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8dbMA0G
CSqGSIb3DQEBCwUAA4IBAQCHrJgPGIXZ3hFD2PECRJzQKFrhddhtLjgctupcvhyr
GeQV77bD6Tr5hLPSwzLJvBI3IySDp4yU4AO0QHDGO0NUTUu9mmxnV9two+U9iEuq
gO3fhEMV6HR4CChmqGUm65gLD7amonIzNSqMUllFE8dcOps2xpVXZR1XiBtsMazk
9n/h9p44rJHlvt4twV21th1XRREIijVE23oTpFEH/MQnRIP6XmKRZ9FOypXE+HjH
nhE173Llwe+nI2aKes/WNxluLZROjSSnQhiANmx95LsvE+er5lGJzS4peEFG6uc2
FpUErzI9YxvVZc+5ApVTlZ2Tj4Oap8RXZDQbi6lRoopr
-----END CERTIFICATE-----