Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/d88fb2-a77b-4490-afc1-46c1aa098268/1/Vczi2mJByt6FJKWRi4cp_YQvyJQ.roa
File:                     Vczi2mJByt6FJKWRi4cp_YQvyJQ.roa (raw, json)
Hash identifier:          yn5+/qItNXzU4EUGk6MBVvxACu0Imqy3WwBovqqK8/M=
Subject key identifier:   55:CC:E2:DA:62:41:CA:DE:85:24:A5:91:8B:87:29:FD:84:2F:C8:94
Certificate issuer:       /CN=cb6b9c413711df48d006b9e16b5a30efe39ffaae
Certificate serial:       018CC8DF2AC0A728C3C8E74F48252407BAC1
Authority key identifier: CB:6B:9C:41:37:11:DF:48:D0:06:B9:E1:6B:5A:30:EF:E3:9F:FA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2ucQTcR30jQBrnha1ow7-Of-q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/d88fb2-a77b-4490-afc1-46c1aa098268/1/Vczi2mJByt6FJKWRi4cp_YQvyJQ.roa
Signing time:             Tue 02 Jan 2024 06:31:57 +0000
ROA not before:           Tue 02 Jan 2024 06:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.207.13.0/24 maxlen: 24
                          91.207.12.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/d88fb2-a77b-4490-afc1-46c1aa098268/1/y2ucQTcR30jQBrnha1ow7-Of-q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/d88fb2-a77b-4490-afc1-46c1aa098268/1/y2ucQTcR30jQBrnha1ow7-Of-q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2ucQTcR30jQBrnha1ow7-Of-q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:2a:c0:a7:28:c3:c8:e7:4f:48:25:24:07:ba:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb6b9c413711df48d006b9e16b5a30efe39ffaae
        Validity
            Not Before: Jan  2 06:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55cce2da6241cade8524a5918b8729fd842fc894
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:cf:23:b4:fe:fb:d8:a9:89:89:ac:ff:35:37:
                    57:7e:ee:1f:c9:76:df:31:4e:e9:ed:16:d7:bf:56:
                    a9:72:97:50:79:d3:fb:47:a6:64:66:0e:e8:3e:79:
                    07:89:f8:c1:f3:c0:b8:f2:91:1d:05:16:f0:6a:2c:
                    2d:7c:3d:a7:bf:85:bd:7f:95:a9:ec:21:cb:1e:dc:
                    64:e4:e5:08:be:14:db:2e:50:a0:a2:63:d0:76:01:
                    68:c9:8d:88:67:cf:b4:da:1a:69:e1:8b:94:07:09:
                    46:ef:48:23:97:b6:81:40:0e:b6:eb:e4:76:7d:84:
                    bb:ae:c6:ec:01:ff:d6:0f:87:b3:f6:2d:bc:37:67:
                    5f:6c:b7:cd:89:3b:6d:49:6f:67:56:b8:1b:9e:14:
                    e2:b6:f4:12:1c:eb:77:cc:5d:8d:8f:56:e6:33:f7:
                    3c:29:43:7e:3e:b3:c6:81:58:90:d0:15:4a:33:eb:
                    1e:e1:eb:a1:d4:3b:33:a3:60:86:5a:7c:43:47:7c:
                    91:66:fc:01:b8:0b:70:04:9c:3f:e2:6f:b0:9e:76:
                    99:c8:12:b6:49:f1:cb:ef:e2:92:0c:68:f9:ff:6a:
                    3b:89:3f:70:b4:08:31:7a:52:d0:e9:81:a4:2f:b9:
                    a1:31:eb:a7:ae:0b:29:49:7c:13:ad:25:b2:b6:c2:
                    8e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:CC:E2:DA:62:41:CA:DE:85:24:A5:91:8B:87:29:FD:84:2F:C8:94
            X509v3 Authority Key Identifier:
                keyid:CB:6B:9C:41:37:11:DF:48:D0:06:B9:E1:6B:5A:30:EF:E3:9F:FA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2ucQTcR30jQBrnha1ow7-Of-q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/d88fb2-a77b-4490-afc1-46c1aa098268/1/Vczi2mJByt6FJKWRi4cp_YQvyJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/d88fb2-a77b-4490-afc1-46c1aa098268/1/y2ucQTcR30jQBrnha1ow7-Of-q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:72:df:a6:bd:92:11:e9:a3:e6:09:1a:36:ff:09:5f:1d:f0:
         c6:c3:ab:12:54:ba:1b:a7:16:fc:8a:8d:51:1d:25:4a:f4:1b:
         d9:4d:64:9e:4a:01:8b:f4:d5:1f:be:d2:82:cf:18:df:23:23:
         af:a6:86:04:3b:c7:5a:d2:50:6b:6e:6c:b8:ce:61:9d:55:54:
         76:9e:59:17:b8:69:ab:b8:23:83:27:15:9a:b9:91:de:f0:79:
         65:a8:04:9c:5e:e7:9f:7e:94:97:c7:91:d4:ac:d9:10:4b:24:
         3d:90:d9:dc:01:ed:ac:a2:e2:e6:1b:75:4c:82:81:91:52:46:
         11:9d:a0:93:ad:c8:11:a6:6d:36:4c:6c:df:40:b5:ac:aa:a4:
         db:b3:ee:47:b1:44:5b:9c:bb:aa:36:b9:38:17:8c:ea:2c:7f:
         80:94:cd:1b:5f:a0:8b:53:32:f8:2b:04:52:a9:53:d0:68:8f:
         b5:aa:fd:d3:db:d9:c7:4d:4d:59:f5:6d:e2:52:4e:90:ca:05:
         7e:a1:09:0c:04:90:4f:d9:59:ad:bb:d6:c7:dd:fc:38:29:5d:
         e4:cb:c1:a9:24:bc:0c:69:ec:4e:46:69:b1:13:7b:cf:58:8f:
         ac:80:4c:e7:ef:25:bd:37:e2:9d:67:52:43:7f:d3:a6:21:0c:
         f7:58:f6:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3yrApyjDyOdPSCUkB7rBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNmI5YzQxMzcxMWRmNDhkMDA2YjllMTZiNWEzMGVmZTM5
ZmZhYWUwHhcNMjQwMTAyMDYzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWNjZTJkYTYyNDFjYWRlODUyNGE1OTE4Yjg3MjlmZDg0MmZjODk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmM8jtP772KmJiaz/NTdXfu4fyXbf
MU7p7RbXv1apcpdQedP7R6ZkZg7oPnkHifjB88C48pEdBRbwaiwtfD2nv4W9f5Wp
7CHLHtxk5OUIvhTbLlCgomPQdgFoyY2IZ8+02hpp4YuUBwlG70gjl7aBQA626+R2
fYS7rsbsAf/WD4ez9i28N2dfbLfNiTttSW9nVrgbnhTitvQSHOt3zF2Nj1bmM/c8
KUN+PrPGgViQ0BVKM+se4euh1Dszo2CGWnxDR3yRZvwBuAtwBJw/4m+wnnaZyBK2
SfHL7+KSDGj5/2o7iT9wtAgxelLQ6YGkL7mhMeunrgspSXwTrSWytsKOrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXM4tpiQcrehSSlkYuHKf2EL8iUMB8GA1UdIwQY
MBaAFMtrnEE3Ed9I0Aa54WtaMO/jn/quMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJ1Y1FUY1IzMGpRQnJuaGExb3c3LU9mLXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9kODhmYjItYTc3Yi00NDkwLWFmYzEt
NDZjMWFhMDk4MjY4LzEvVmN6aTJtSkJ5dDZGSktXUmk0Y3BfWVF2eUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9kODhmYjItYTc3Yi00NDkwLWFmYzEtNDZjMWFhMDk4MjY4
LzEveTJ1Y1FUY1IzMGpRQnJuaGExb3c3LU9mLXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW88MMA0G
CSqGSIb3DQEBCwUAA4IBAQBfct+mvZIR6aPmCRo2/wlfHfDGw6sSVLobpxb8io1R
HSVK9BvZTWSeSgGL9NUfvtKCzxjfIyOvpoYEO8da0lBrbmy4zmGdVVR2nlkXuGmr
uCODJxWauZHe8HllqAScXueffpSXx5HUrNkQSyQ9kNncAe2souLmG3VMgoGRUkYR
naCTrcgRpm02TGzfQLWsqqTbs+5HsURbnLuqNrk4F4zqLH+AlM0bX6CLUzL4KwRS
qVPQaI+1qv3T29nHTU1Z9W3iUk6QygV+oQkMBJBP2Vmtu9bH3fw4KV3ky8GpJLwM
aexORmmxE3vPWI+sgEzn7yW9N+KdZ1JDf9OmIQz3WPYK
-----END CERTIFICATE-----