Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/B91FisyC2agEIbu12j4obygu-1k.roa
File:                     B91FisyC2agEIbu12j4obygu-1k.roa (raw, json)
Hash identifier:          lrWVvfR5kVmJiN1hsnwk23Bni2kDjgtAckGCqgwXqQg=
Subject key identifier:   07:DD:45:8A:CC:82:D9:A8:04:21:BB:B5:DA:3E:28:6F:28:2E:FB:59
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB63C17BCA442120B55380570B43E5
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/B91FisyC2agEIbu12j4obygu-1k.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48031
IP address blocks:        194.32.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:63:c1:7b:ca:44:21:20:b5:53:80:57:0b:43:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07dd458acc82d9a80421bbb5da3e286f282efb59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:56:9d:bd:51:6a:80:1b:3c:38:b6:6b:49:9d:
                    59:36:9b:45:c4:ef:0e:e2:d3:de:4c:09:1a:21:26:
                    6c:cd:65:cb:c6:7e:93:b0:de:f5:5a:c5:c8:0d:6c:
                    db:50:27:8c:80:63:c7:10:4c:11:e4:01:c5:6a:5d:
                    9a:b4:d6:63:4c:f3:7e:82:d9:38:fc:f5:d1:e3:e2:
                    74:41:f0:7e:4d:a4:cd:f9:13:31:58:c9:ae:22:eb:
                    98:45:58:2e:32:f1:6b:61:8d:67:83:93:34:6f:fb:
                    99:be:cd:31:c7:56:8a:58:06:1c:50:49:41:1c:11:
                    19:c5:f3:6a:7c:32:1f:f3:18:fa:a0:38:09:b9:58:
                    19:b4:90:b7:cb:73:89:0a:21:13:52:d3:ba:52:7e:
                    4c:c4:a8:82:7b:e7:63:4b:d8:06:4a:a1:29:ae:d0:
                    b0:f8:26:73:f0:1c:a4:12:8d:15:0f:64:ac:68:b8:
                    49:6e:47:dd:dc:fe:9c:61:5d:25:09:8c:7b:91:24:
                    ef:7f:26:ec:21:ea:4a:32:e1:2b:23:09:49:e8:a0:
                    09:9e:33:72:89:44:95:09:38:f5:7c:37:b2:ab:62:
                    b5:60:cd:fa:f8:70:15:c1:3b:4e:7f:eb:6e:38:eb:
                    ac:4b:63:c8:c3:a0:59:48:e6:db:af:14:34:d5:ca:
                    2d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:DD:45:8A:CC:82:D9:A8:04:21:BB:B5:DA:3E:28:6F:28:2E:FB:59
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/B91FisyC2agEIbu12j4obygu-1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ef:7a:c3:e6:0e:d5:25:80:a7:b7:d9:9a:87:f4:5d:e2:d2:
         6f:9a:1f:c2:d1:4f:75:3f:a2:40:3a:47:d2:02:c4:f2:0f:08:
         02:71:a7:5e:b6:aa:57:aa:c7:cc:6a:61:09:01:5d:dd:b1:65:
         6d:63:07:1d:37:a6:e4:13:5e:a9:79:d4:5b:3e:cb:ab:20:d6:
         dd:bf:03:c4:9b:6d:a9:80:24:57:f0:be:78:97:72:40:ed:87:
         71:a4:92:22:8b:79:a4:08:73:f4:af:40:22:95:ca:f7:d6:f7:
         5c:12:09:f0:98:fe:89:47:f2:18:8c:8a:54:d2:bf:0b:ca:55:
         9d:76:ac:5c:6c:a2:90:f2:14:e6:1b:dd:ff:26:0f:89:f4:7a:
         68:19:64:82:7b:4f:c7:2e:05:ad:3f:04:2f:6c:59:9f:0b:8b:
         e8:7e:cd:5f:75:b0:bd:b9:e2:94:91:91:80:72:27:9e:47:00:
         ee:0c:77:a6:69:ec:ba:fa:18:9c:0e:34:58:f5:c0:54:e0:f2:
         b8:01:a9:e7:a7:e1:2f:ce:57:7e:31:5f:55:ab:d5:53:cd:f5:
         7e:97:89:b8:78:de:fa:f6:e8:79:e2:f7:80:4e:ce:7c:6e:22:
         6d:2f:17:c7:fc:b1:59:71:5a:1f:52:8f:31:15:04:f6:a9:d8:
         c1:e4:c9:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22PBe8pEISC1U4BXC0PlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2RkNDU4YWNjODJkOWE4MDQyMWJiYjVkYTNlMjg2ZjI4MmVmYjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ladvVFqgBs8OLZrSZ1ZNptFxO8O
4tPeTAkaISZszWXLxn6TsN71WsXIDWzbUCeMgGPHEEwR5AHFal2atNZjTPN+gtk4
/PXR4+J0QfB+TaTN+RMxWMmuIuuYRVguMvFrYY1ng5M0b/uZvs0xx1aKWAYcUElB
HBEZxfNqfDIf8xj6oDgJuVgZtJC3y3OJCiETUtO6Un5MxKiCe+djS9gGSqEprtCw
+CZz8BykEo0VD2SsaLhJbkfd3P6cYV0lCYx7kSTvfybsIepKMuErIwlJ6KAJnjNy
iUSVCTj1fDeyq2K1YM36+HAVwTtOf+tuOOusS2PIw6BZSObbrxQ01cot8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfdRYrMgtmoBCG7tdo+KG8oLvtZMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvQjkxRmlzeUMyYWdFSWJ1MTJqNG9ieWd1LTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiDkMA0G
CSqGSIb3DQEBCwUAA4IBAQCY73rD5g7VJYCnt9mah/Rd4tJvmh/C0U91P6JAOkfS
AsTyDwgCcadetqpXqsfMamEJAV3dsWVtYwcdN6bkE16pedRbPsurINbdvwPEm22p
gCRX8L54l3JA7YdxpJIii3mkCHP0r0Ailcr31vdcEgnwmP6JR/IYjIpU0r8LylWd
dqxcbKKQ8hTmG93/Jg+J9HpoGWSCe0/HLgWtPwQvbFmfC4vofs1fdbC9ueKUkZGA
cieeRwDuDHemaey6+hicDjRY9cBU4PK4Aannp+Evzld+MV9Vq9VTzfV+l4m4eN76
9uh54veATs58biJtLxfH/LFZcVofUo8xFQT2qdjB5Mld
-----END CERTIFICATE-----