Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/80b442-5039-408e-9813-1e7c17728b50/1/qOSR6aXYIPm7EQ8PcHTCr9Z-yQg.roa
File:                     qOSR6aXYIPm7EQ8PcHTCr9Z-yQg.roa (raw, json)
Hash identifier:          2bXqc/Z8GJiOAOsv9jjnuGCz4i/2yhAS0oCaLcgIotY=
Subject key identifier:   A8:E4:91:E9:A5:D8:20:F9:BB:11:0F:0F:70:74:C2:AF:D6:7E:C9:08
Certificate issuer:       /CN=66689087e787990916878db20d555684c22cd9d5
Certificate serial:       018E328FBECB67A307324B02984BBE39104F
Authority key identifier: 66:68:90:87:E7:87:99:09:16:87:8D:B2:0D:55:56:84:C2:2C:D9:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmiQh-eHmQkWh42yDVVWhMIs2dU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/80b442-5039-408e-9813-1e7c17728b50/1/qOSR6aXYIPm7EQ8PcHTCr9Z-yQg.roa
Signing time:             Tue 12 Mar 2024 12:07:45 +0000
ROA not before:           Tue 12 Mar 2024 12:07:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        91.226.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/80b442-5039-408e-9813-1e7c17728b50/1/ZmiQh-eHmQkWh42yDVVWhMIs2dU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/80b442-5039-408e-9813-1e7c17728b50/1/ZmiQh-eHmQkWh42yDVVWhMIs2dU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZmiQh-eHmQkWh42yDVVWhMIs2dU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:8f:be:cb:67:a3:07:32:4b:02:98:4b:be:39:10:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66689087e787990916878db20d555684c22cd9d5
        Validity
            Not Before: Mar 12 12:07:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8e491e9a5d820f9bb110f0f7074c2afd67ec908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d0:f6:89:bd:ff:12:3f:9e:b7:c9:dc:bd:5b:
                    8e:3c:2f:94:d8:bf:ed:0d:a4:cd:7c:83:9b:d6:12:
                    b4:bd:6e:04:2a:a6:7f:4f:2a:8f:ae:4f:fb:8e:82:
                    39:9b:ca:81:eb:04:b3:3f:df:9e:a5:ab:38:e2:c6:
                    c8:77:78:74:55:33:68:e2:45:f8:d8:5f:53:bc:55:
                    4e:c4:80:fd:b4:f8:15:14:6b:64:27:5f:d7:48:af:
                    70:17:db:e7:e8:a9:38:31:67:15:4f:79:59:82:77:
                    cc:a3:7d:d2:f7:0a:b7:d7:ad:2c:74:34:03:40:2e:
                    26:55:9e:51:6c:f0:16:af:e1:c3:0f:38:17:04:c2:
                    83:62:d7:5b:61:5d:85:98:7d:13:41:e2:2d:42:fa:
                    9b:fa:b3:82:cc:06:c0:dd:e8:d3:8f:b9:f2:a1:ae:
                    26:55:dd:a9:6a:26:05:70:4c:4e:11:08:f1:b1:e6:
                    45:6b:d9:3f:8b:57:c4:8a:a7:fe:06:8e:65:35:eb:
                    0d:77:05:ba:1d:6e:6d:8b:2c:bd:48:34:05:03:e6:
                    e0:ec:51:6c:9f:80:3c:e6:c5:14:ce:24:ed:fa:09:
                    8f:45:5b:4c:fa:9d:21:45:6f:1e:09:a0:a0:d8:41:
                    e1:04:de:bf:53:da:1e:d2:22:47:2c:ff:92:61:66:
                    c1:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E4:91:E9:A5:D8:20:F9:BB:11:0F:0F:70:74:C2:AF:D6:7E:C9:08
            X509v3 Authority Key Identifier:
                keyid:66:68:90:87:E7:87:99:09:16:87:8D:B2:0D:55:56:84:C2:2C:D9:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmiQh-eHmQkWh42yDVVWhMIs2dU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/80b442-5039-408e-9813-1e7c17728b50/1/qOSR6aXYIPm7EQ8PcHTCr9Z-yQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/80b442-5039-408e-9813-1e7c17728b50/1/ZmiQh-eHmQkWh42yDVVWhMIs2dU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:4b:95:db:97:37:cb:92:47:b3:58:63:a8:78:a3:d9:cb:07:
         78:7b:2f:ec:9e:e7:16:c0:1b:ed:d5:3c:62:8c:ad:10:6e:9d:
         75:72:b3:3a:b2:38:ea:2e:cc:2d:8b:91:8b:23:d0:93:5a:76:
         ec:b2:9a:80:9b:29:49:f6:9c:ae:00:d9:f9:f0:03:89:0d:e8:
         bb:26:88:45:36:31:7e:52:3e:7c:3d:54:9a:a0:6d:35:cf:fa:
         7f:fd:29:58:11:cc:8a:de:6a:b8:a7:3e:88:d7:c1:65:8c:01:
         50:d7:dd:8c:37:83:54:da:93:13:0e:bc:17:f0:07:bb:b5:48:
         35:4a:54:8f:a2:6a:72:93:0b:6b:d6:4f:e6:e0:fd:a1:6f:31:
         38:e7:b8:00:13:4a:96:04:3d:7d:0c:17:aa:1f:21:47:0a:e0:
         37:67:37:36:11:d0:3d:e5:18:2c:78:a8:7e:b2:9d:35:e0:62:
         a6:c8:08:11:dc:55:4c:7b:1f:88:7b:f7:90:65:c3:e7:19:41:
         b9:b4:43:23:40:65:46:f7:7a:26:a7:b4:d6:a8:0b:73:b0:87:
         5e:1b:a3:39:e0:c7:9d:87:84:5c:c3:2c:2c:18:e9:49:32:97:
         be:06:b4:ba:78:21:bd:7d:71:e7:8a:21:f3:7c:a0:9c:a5:dd:
         ec:b0:4a:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4yj77LZ6MHMksCmEu+ORBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2Njg5MDg3ZTc4Nzk5MDkxNjg3OGRiMjBkNTU1Njg0YzIy
Y2Q5ZDUwHhcNMjQwMzEyMTIwNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGU0OTFlOWE1ZDgyMGY5YmIxMTBmMGY3MDc0YzJhZmQ2N2VjOTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9D2ib3/Ej+et8ncvVuOPC+U2L/t
DaTNfIOb1hK0vW4EKqZ/TyqPrk/7joI5m8qB6wSzP9+epas44sbId3h0VTNo4kX4
2F9TvFVOxID9tPgVFGtkJ1/XSK9wF9vn6Kk4MWcVT3lZgnfMo33S9wq3160sdDQD
QC4mVZ5RbPAWr+HDDzgXBMKDYtdbYV2FmH0TQeItQvqb+rOCzAbA3ejTj7nyoa4m
Vd2paiYFcExOEQjxseZFa9k/i1fEiqf+Bo5lNesNdwW6HW5tiyy9SDQFA+bg7FFs
n4A85sUUziTt+gmPRVtM+p0hRW8eCaCg2EHhBN6/U9oe0iJHLP+SYWbBTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjkkeml2CD5uxEPD3B0wq/WfskIMB8GA1UdIwQY
MBaAFGZokIfnh5kJFoeNsg1VVoTCLNnVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1pUWgtZUhtUWtXaDQyeURWVldoTUlzMmRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi84MGI0NDItNTAzOS00MDhlLTk4MTMt
MWU3YzE3NzI4YjUwLzEvcU9TUjZhWFlJUG03RVE4UGNIVENyOVoteVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi84MGI0NDItNTAzOS00MDhlLTk4MTMtMWU3YzE3NzI4YjUw
LzEvWm1pUWgtZUhtUWtXaDQyeURWVldoTUlzMmRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+IgMA0G
CSqGSIb3DQEBCwUAA4IBAQABS5XblzfLkkezWGOoeKPZywd4ey/snucWwBvt1Txi
jK0Qbp11crM6sjjqLswti5GLI9CTWnbsspqAmylJ9pyuANn58AOJDei7JohFNjF+
Uj58PVSaoG01z/p//SlYEcyK3mq4pz6I18FljAFQ192MN4NU2pMTDrwX8Ae7tUg1
SlSPompykwtr1k/m4P2hbzE457gAE0qWBD19DBeqHyFHCuA3Zzc2EdA95RgseKh+
sp014GKmyAgR3FVMex+Ie/eQZcPnGUG5tEMjQGVG93omp7TWqAtzsIdeG6M54Med
h4RcwywsGOlJMpe+BrS6eCG9fXHniiHzfKCcpd3ssEqZ
-----END CERTIFICATE-----