Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/HUSB6hZ5KSsjeL5MPpH39VClwwk.roa
File:                     HUSB6hZ5KSsjeL5MPpH39VClwwk.roa (raw, json)
Hash identifier:          Ujs/oMHLysDwQ+kH+KTSKyvCSPPoLHFHmQe2M7cWVe4=
Subject key identifier:   1D:44:81:EA:16:79:29:2B:23:78:BE:4C:3E:91:F7:F5:50:A5:C3:09
Certificate issuer:       /CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
Certificate serial:       018CCA99E8C86028BAABECED7A388705B0CC
Authority key identifier: 91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/HUSB6hZ5KSsjeL5MPpH39VClwwk.roa
Signing time:             Tue 02 Jan 2024 14:35:33 +0000
ROA not before:           Tue 02 Jan 2024 14:35:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201268
IP address blocks:        91.221.248.0/24 maxlen: 24
                          91.221.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:e8:c8:60:28:ba:ab:ec:ed:7a:38:87:05:b0:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
        Validity
            Not Before: Jan  2 14:35:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d4481ea1679292b2378be4c3e91f7f550a5c309
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:af:79:ca:6a:a9:5c:46:f9:da:68:c0:dc:2d:
                    2e:a0:59:0a:38:d4:54:a8:e1:1a:53:96:e5:e2:f5:
                    9d:aa:f7:a8:11:5a:0a:0d:c2:c2:30:32:dd:9f:dc:
                    8b:8e:f6:d4:23:0a:25:2c:a1:d8:31:b6:3a:b1:8a:
                    05:a3:ad:dc:a8:5c:e7:aa:9d:da:f0:cd:fd:96:4c:
                    81:e2:32:90:e0:46:dc:5e:73:73:79:17:98:bd:e9:
                    11:e5:61:da:0d:d7:33:93:13:1f:fc:1b:b7:20:27:
                    af:77:11:fe:c8:b6:07:6c:98:65:3c:a9:2c:e7:30:
                    cb:95:39:33:ca:66:fc:0c:98:00:1d:89:89:bc:3a:
                    a7:5f:1c:7e:1a:8e:6f:3b:f8:59:41:f2:93:28:83:
                    1f:c2:85:cf:2d:11:a7:f5:1e:d0:a1:fd:74:dc:0b:
                    af:05:8a:6f:d7:5f:8b:3a:3c:99:b6:16:7e:6e:f0:
                    d9:b8:64:a7:2f:74:7f:bb:91:1d:ff:23:2e:c6:5b:
                    a4:db:4b:23:dd:d0:08:7d:b5:ab:bb:47:a7:88:d5:
                    65:5f:64:fd:bb:95:d0:ed:07:03:11:f8:4f:1c:8b:
                    e7:87:62:7a:50:dd:41:2f:e7:a8:12:f7:a2:1b:1d:
                    29:8d:29:47:4d:93:a7:74:b1:25:ad:80:a2:5e:44:
                    17:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:44:81:EA:16:79:29:2B:23:78:BE:4C:3E:91:F7:F5:50:A5:C3:09
            X509v3 Authority Key Identifier:
                keyid:91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/HUSB6hZ5KSsjeL5MPpH39VClwwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:1b:97:a8:05:a5:ea:46:fb:cd:41:a9:06:05:3b:f4:ff:f7:
         f5:f5:42:d6:06:36:86:84:61:7e:97:10:9c:2f:e7:ff:b0:b9:
         26:4e:f8:61:52:b6:a0:0e:17:7e:cc:3d:fb:a1:14:19:87:48:
         94:5a:38:a0:73:ba:dc:41:ee:de:a8:45:a5:5f:bd:9a:5a:1d:
         72:d4:3a:22:24:e3:a6:bd:ef:da:a8:23:43:07:33:b4:22:cc:
         cb:aa:be:f4:f4:ca:af:1f:f6:76:06:39:cf:37:9d:ec:fa:c9:
         e3:de:d2:b7:0b:e2:88:ab:00:76:8f:7d:2e:8b:47:f1:cf:47:
         9c:d7:74:3f:7c:16:53:99:5d:ac:3c:fe:d1:64:60:81:58:7e:
         ee:6a:8b:19:ec:04:f5:93:87:d5:36:f3:2c:e4:83:d8:5c:82:
         9c:ce:d7:d0:d8:8d:c7:ae:74:b5:9d:68:b7:36:21:3a:93:81:
         e6:6a:af:01:ad:a5:a8:c6:ff:0f:6e:18:c9:ae:ff:29:14:70:
         5f:34:a1:2c:0d:a9:45:91:c6:3d:fb:8f:06:4d:c4:c0:ee:0f:
         b9:68:6a:80:71:4b:af:51:9d:2c:66:b3:f6:ec:d3:25:85:bd:
         4d:93:13:4b:8b:e1:94:9a:b9:59:bd:a0:5a:ac:1a:16:a4:22:
         09:7e:fe:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmejIYCi6q+ztejiHBbDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDAxYzQ3ZjAwZTY0ZjM1Y2M3NTJkMDNiMzRhNzFiNzE0
MDZiM2YwHhcNMjQwMTAyMTQzNTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDQ0ODFlYTE2NzkyOTJiMjM3OGJlNGMzZTkxZjdmNTUwYTVjMzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmq95ymqpXEb52mjA3C0uoFkKONRU
qOEaU5bl4vWdqveoEVoKDcLCMDLdn9yLjvbUIwolLKHYMbY6sYoFo63cqFznqp3a
8M39lkyB4jKQ4EbcXnNzeReYvekR5WHaDdczkxMf/Bu3ICevdxH+yLYHbJhlPKks
5zDLlTkzymb8DJgAHYmJvDqnXxx+Go5vO/hZQfKTKIMfwoXPLRGn9R7Qof103Auv
BYpv11+LOjyZthZ+bvDZuGSnL3R/u5Ed/yMuxluk20sj3dAIfbWru0eniNVlX2T9
u5XQ7QcDEfhPHIvnh2J6UN1BL+eoEveiGx0pjSlHTZOndLElrYCiXkQXLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1EgeoWeSkrI3i+TD6R9/VQpcMJMB8GA1UdIwQY
MBaAFJHQHEfwDmTzXMdS0Ds0pxtxQGs/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWIt
NTZiMDA2ZWYwZDNiLzEvSFVTQjZoWjVLU3NqZUw1TVBwSDM5VkNsd3drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWItNTZiMDA2ZWYwZDNi
LzEva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW934MA0G
CSqGSIb3DQEBCwUAA4IBAQAiG5eoBaXqRvvNQakGBTv0//f19ULWBjaGhGF+lxCc
L+f/sLkmTvhhUragDhd+zD37oRQZh0iUWjigc7rcQe7eqEWlX72aWh1y1DoiJOOm
ve/aqCNDBzO0IszLqr709MqvH/Z2BjnPN53s+snj3tK3C+KIqwB2j30ui0fxz0ec
13Q/fBZTmV2sPP7RZGCBWH7uaosZ7AT1k4fVNvMs5IPYXIKcztfQ2I3HrnS1nWi3
NiE6k4Hmaq8BraWoxv8PbhjJrv8pFHBfNKEsDalFkcY9+48GTcTA7g+5aGqAcUuv
UZ0sZrP27NMlhb1NkxNLi+GUmrlZvaBarBoWpCIJfv54
-----END CERTIFICATE-----