Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/45830c-4a86-402c-a1ee-4009d879b97e/1/g2L_j_OlF8oNJJm5RDJfW4NvqQY.roa
File:                     g2L_j_OlF8oNJJm5RDJfW4NvqQY.roa (raw, json)
Hash identifier:          SyCsv5iIE6MdHBA8IaYkdHxnGbUHoOSIzGIpbOe5urQ=
Subject key identifier:   83:62:FF:8F:F3:A5:17:CA:0D:24:99:B9:44:32:5F:5B:83:6F:A9:06
Certificate issuer:       /CN=112d0c4f16dc8922129ff6050e235562317565e5
Certificate serial:       018CC86F1E8B1BA5C1EB42EE5CA8BECAA555
Authority key identifier: 11:2D:0C:4F:16:DC:89:22:12:9F:F6:05:0E:23:55:62:31:75:65:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ES0MTxbciSISn_YFDiNVYjF1ZeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/45830c-4a86-402c-a1ee-4009d879b97e/1/g2L_j_OlF8oNJJm5RDJfW4NvqQY.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51724
IP address blocks:        91.221.36.0/24 maxlen: 24
                          91.221.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/45830c-4a86-402c-a1ee-4009d879b97e/1/ES0MTxbciSISn_YFDiNVYjF1ZeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/45830c-4a86-402c-a1ee-4009d879b97e/1/ES0MTxbciSISn_YFDiNVYjF1ZeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ES0MTxbciSISn_YFDiNVYjF1ZeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1e:8b:1b:a5:c1:eb:42:ee:5c:a8:be:ca:a5:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=112d0c4f16dc8922129ff6050e235562317565e5
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8362ff8ff3a517ca0d2499b944325f5b836fa906
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:db:4f:1d:65:75:dd:b4:85:6d:f1:97:32:9e:
                    9c:cd:3b:b6:93:09:14:71:66:f7:7e:2b:d6:62:c4:
                    80:dc:06:35:9e:b5:48:85:88:26:1d:7c:c9:34:a9:
                    bc:dc:27:9e:f4:cb:a1:e2:8c:9f:21:53:d1:91:42:
                    cb:c5:96:4d:95:51:92:c7:6f:a8:e7:bf:27:c3:9c:
                    57:b5:9f:3b:13:6a:19:a1:c9:31:82:dd:3a:c5:56:
                    0c:f2:7f:b8:81:e2:4d:77:ff:52:f0:20:de:8c:1c:
                    f3:9b:b3:dd:2e:79:34:d3:63:2e:a2:60:69:b0:a3:
                    89:3d:8d:b3:21:d4:17:e5:66:3b:00:da:5d:2b:28:
                    ec:f2:dc:2d:02:31:d5:65:c7:fd:b8:59:65:4f:c8:
                    09:0b:ad:95:1c:36:44:5a:d1:2d:d9:45:55:a3:68:
                    2a:d3:33:4f:b7:dc:96:94:2b:ae:3f:ca:1f:f5:3d:
                    47:78:4a:25:94:25:b0:1b:04:20:9d:e6:37:71:5f:
                    81:fa:31:9f:85:1c:bb:93:68:27:71:5e:5e:6e:16:
                    34:25:d3:51:81:3f:e9:78:db:83:d5:48:96:a9:9b:
                    92:9d:49:a0:44:d8:71:67:a5:76:18:4a:11:77:94:
                    d5:49:f6:33:fd:0d:c1:5e:f9:21:64:0a:46:a7:57:
                    32:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:62:FF:8F:F3:A5:17:CA:0D:24:99:B9:44:32:5F:5B:83:6F:A9:06
            X509v3 Authority Key Identifier:
                keyid:11:2D:0C:4F:16:DC:89:22:12:9F:F6:05:0E:23:55:62:31:75:65:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ES0MTxbciSISn_YFDiNVYjF1ZeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/45830c-4a86-402c-a1ee-4009d879b97e/1/g2L_j_OlF8oNJJm5RDJfW4NvqQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/45830c-4a86-402c-a1ee-4009d879b97e/1/ES0MTxbciSISn_YFDiNVYjF1ZeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:c0:1b:a6:36:a0:e5:e6:a4:8c:7e:ee:20:34:17:5d:57:f1:
         b2:1c:f9:37:1b:c0:bb:65:ca:35:9b:39:0d:53:59:b5:c1:2a:
         80:29:32:56:1f:53:67:65:9e:76:7f:16:c6:13:33:c5:19:74:
         45:66:a3:9a:60:48:a2:b5:9f:8a:44:d4:cc:04:de:27:03:f8:
         6f:10:22:31:93:00:f2:a9:43:04:a9:84:4f:2b:75:64:c1:f3:
         cd:7b:92:cd:bd:c2:ca:5b:38:ec:5a:81:fb:58:e4:17:93:e9:
         f0:c8:5f:20:39:78:4a:b3:51:37:4f:cb:c5:6e:b2:e2:41:ce:
         ba:5d:4a:72:cf:89:a5:31:5b:28:01:72:c1:c6:3f:dd:04:26:
         12:5c:e7:05:fb:88:1e:11:39:6d:d1:30:90:59:12:2a:94:df:
         43:73:f5:94:a1:ee:77:ba:f2:c2:65:d1:cd:a5:20:66:3d:77:
         90:10:0b:84:57:5d:c9:e4:d7:a3:b9:63:9b:b8:ac:c5:60:6a:
         8f:46:aa:74:e9:85:26:ee:96:45:47:2c:2c:d9:f7:b0:97:02:
         fc:f5:4e:e9:ef:cb:df:ef:a5:0b:30:66:e5:b9:49:44:0d:b2:
         bc:16:26:83:0c:ec:e2:98:3e:1d:aa:f1:b4:44:63:05:f6:91:
         02:34:cf:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbx6LG6XB60LuXKi+yqVVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMmQwYzRmMTZkYzg5MjIxMjlmZjYwNTBlMjM1NTYyMzE3
NTY1ZTUwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzYyZmY4ZmYzYTUxN2NhMGQyNDk5Yjk0NDMyNWY1YjgzNmZhOTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9tPHWV13bSFbfGXMp6czTu2kwkU
cWb3fivWYsSA3AY1nrVIhYgmHXzJNKm83Cee9Muh4oyfIVPRkULLxZZNlVGSx2+o
578nw5xXtZ87E2oZockxgt06xVYM8n+4geJNd/9S8CDejBzzm7PdLnk002MuomBp
sKOJPY2zIdQX5WY7ANpdKyjs8twtAjHVZcf9uFllT8gJC62VHDZEWtEt2UVVo2gq
0zNPt9yWlCuuP8of9T1HeEollCWwGwQgneY3cV+B+jGfhRy7k2gncV5ebhY0JdNR
gT/peNuD1UiWqZuSnUmgRNhxZ6V2GEoRd5TVSfYz/Q3BXvkhZApGp1cy/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINi/4/zpRfKDSSZuUQyX1uDb6kGMB8GA1UdIwQY
MBaAFBEtDE8W3IkiEp/2BQ4jVWIxdWXlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVMwTVR4YmNpU0lTbl9ZRkRpTlZZakYxWmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS80NTgzMGMtNGE4Ni00MDJjLWExZWUt
NDAwOWQ4NzliOTdlLzEvZzJMX2pfT2xGOG9OSkptNVJESmZXNE52cVFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS80NTgzMGMtNGE4Ni00MDJjLWExZWUtNDAwOWQ4NzliOTdl
LzEvRVMwTVR4YmNpU0lTbl9ZRkRpTlZZakYxWmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW90kMA0G
CSqGSIb3DQEBCwUAA4IBAQCPwBumNqDl5qSMfu4gNBddV/GyHPk3G8C7Zco1mzkN
U1m1wSqAKTJWH1NnZZ52fxbGEzPFGXRFZqOaYEiitZ+KRNTMBN4nA/hvECIxkwDy
qUMEqYRPK3VkwfPNe5LNvcLKWzjsWoH7WOQXk+nwyF8gOXhKs1E3T8vFbrLiQc66
XUpyz4mlMVsoAXLBxj/dBCYSXOcF+4geETlt0TCQWRIqlN9Dc/WUoe53uvLCZdHN
pSBmPXeQEAuEV13J5NejuWObuKzFYGqPRqp06YUm7pZFRyws2fewlwL89U7p78vf
76ULMGbluUlEDbK8FiaDDOzimD4dqvG0RGMF9pECNM9r
-----END CERTIFICATE-----