Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/7fc80b-8d14-457b-ad5e-83fc48044923/1/AdIrcXhSlZShDw2D6pkvkyP2xm0.roa
File:                     AdIrcXhSlZShDw2D6pkvkyP2xm0.roa (raw, json)
Hash identifier:          sn4/1MPjfvQ8cZ1f7OErrQC9U6JMTw1hi9NulOzTH3Y=
Subject key identifier:   01:D2:2B:71:78:52:95:94:A1:0F:0D:83:EA:99:2F:93:23:F6:C6:6D
Certificate issuer:       /CN=724994bb7a6a3f4333d668c498fb965b172c3455
Certificate serial:       018DA9395025AAF32246A2F22D2F56BDB88B
Authority key identifier: 72:49:94:BB:7A:6A:3F:43:33:D6:68:C4:98:FB:96:5B:17:2C:34:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ckmUu3pqP0Mz1mjEmPuWWxcsNFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/7fc80b-8d14-457b-ad5e-83fc48044923/1/AdIrcXhSlZShDw2D6pkvkyP2xm0.roa
Signing time:             Wed 14 Feb 2024 20:05:21 +0000
ROA not before:           Wed 14 Feb 2024 20:05:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215585
IP address blocks:        91.195.36.0/24 maxlen: 24
                          2a13:5c40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/7fc80b-8d14-457b-ad5e-83fc48044923/1/ckmUu3pqP0Mz1mjEmPuWWxcsNFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/7fc80b-8d14-457b-ad5e-83fc48044923/1/ckmUu3pqP0Mz1mjEmPuWWxcsNFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ckmUu3pqP0Mz1mjEmPuWWxcsNFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a9:39:50:25:aa:f3:22:46:a2:f2:2d:2f:56:bd:b8:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=724994bb7a6a3f4333d668c498fb965b172c3455
        Validity
            Not Before: Feb 14 20:05:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01d22b7178529594a10f0d83ea992f9323f6c66d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4b:d0:3c:46:33:3a:f2:f0:99:17:ba:07:17:
                    e3:63:b8:d8:8f:48:95:52:5f:c9:9f:17:54:fc:de:
                    90:25:61:74:45:55:b8:0a:a8:83:95:58:95:a8:e8:
                    11:d5:b7:57:4f:5b:f7:38:63:2c:c1:21:96:49:d5:
                    c1:17:74:2a:e1:26:bc:88:8c:ec:cf:af:35:4a:03:
                    f1:91:e2:81:9a:8a:79:91:44:0f:d0:b3:e5:4a:cb:
                    fb:ad:7f:5c:b4:9c:88:83:f8:c7:eb:80:93:54:97:
                    8a:81:3d:b7:b1:ec:ae:4c:94:15:8c:bf:53:8e:dd:
                    56:ff:a1:5a:92:c4:01:5a:0d:f9:5d:d6:d6:01:83:
                    02:95:a8:73:3d:68:37:d5:74:90:52:cc:b6:45:42:
                    c7:fc:62:83:5b:7c:23:30:01:b4:18:c3:99:7b:14:
                    8d:0f:3a:45:87:4b:b1:79:31:3f:1e:4b:ca:73:50:
                    4a:14:55:a8:0f:cf:25:80:75:67:8a:bb:d1:e9:4a:
                    e6:11:9b:a6:2c:a5:fc:8d:fc:cf:7f:8b:43:c5:aa:
                    df:25:f6:e0:75:9b:a1:57:da:f7:a7:69:3d:5c:9a:
                    ba:0c:a3:82:41:c0:e9:f9:46:b5:29:79:f9:b7:ea:
                    05:8e:94:d5:a6:af:d4:10:74:07:66:f4:cd:8c:57:
                    e5:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:D2:2B:71:78:52:95:94:A1:0F:0D:83:EA:99:2F:93:23:F6:C6:6D
            X509v3 Authority Key Identifier:
                keyid:72:49:94:BB:7A:6A:3F:43:33:D6:68:C4:98:FB:96:5B:17:2C:34:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ckmUu3pqP0Mz1mjEmPuWWxcsNFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/7fc80b-8d14-457b-ad5e-83fc48044923/1/AdIrcXhSlZShDw2D6pkvkyP2xm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/7fc80b-8d14-457b-ad5e-83fc48044923/1/ckmUu3pqP0Mz1mjEmPuWWxcsNFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.36.0/24
                IPv6:
                  2a13:5c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:fb:e4:62:bb:97:9f:48:b0:99:f7:9d:f2:21:6f:41:b8:20:
         54:cd:9d:8c:65:bc:f9:8b:cb:94:0b:5a:0f:c6:21:83:4c:0e:
         52:b5:7d:f2:07:e5:cf:e7:b4:d8:8a:05:58:29:87:89:c8:a4:
         8a:5a:f0:a1:85:50:91:f7:71:6b:1e:8b:2f:84:6d:dc:ee:cb:
         8f:1d:6f:aa:e2:6f:b8:e1:a3:63:8b:77:45:8d:f6:41:67:70:
         8a:14:fd:f9:e1:65:b2:fa:09:35:6f:eb:cb:f4:15:f4:06:56:
         75:24:87:ee:22:d7:96:28:52:06:e3:e3:1b:0b:86:56:2c:e9:
         14:2d:ac:7c:09:67:3f:a5:16:f5:c0:23:e8:df:45:3a:33:52:
         c5:1d:11:f7:4a:e9:72:4e:e0:41:be:56:b7:63:24:36:2b:3d:
         44:2b:af:95:26:ef:2a:f8:96:2d:b1:68:8c:a2:5e:f5:cf:3a:
         f7:f5:85:12:1d:6d:44:c5:a6:0d:ac:0b:8f:15:7e:06:4b:3d:
         8d:58:f8:7a:c5:f6:87:5f:02:37:fd:30:46:dd:95:2a:45:77:
         d6:d3:98:9f:4b:d9:39:e6:e6:57:a9:85:54:13:81:42:f1:8a:
         f9:26:ef:8b:66:4c:8d:1f:fb:b8:35:0b:d8:6f:c6:9a:b7:8e:
         4a:17:7c:29
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2pOVAlqvMiRqLyLS9WvbiLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNDk5NGJiN2E2YTNmNDMzM2Q2NjhjNDk4ZmI5NjViMTcy
YzM0NTUwHhcNMjQwMjE0MjAwNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWQyMmI3MTc4NTI5NTk0YTEwZjBkODNlYTk5MmY5MzIzZjZjNjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkvQPEYzOvLwmRe6BxfjY7jYj0iV
Ul/JnxdU/N6QJWF0RVW4CqiDlViVqOgR1bdXT1v3OGMswSGWSdXBF3Qq4Sa8iIzs
z681SgPxkeKBmop5kUQP0LPlSsv7rX9ctJyIg/jH64CTVJeKgT23seyuTJQVjL9T
jt1W/6FaksQBWg35XdbWAYMClahzPWg31XSQUsy2RULH/GKDW3wjMAG0GMOZexSN
DzpFh0uxeTE/HkvKc1BKFFWoD88lgHVnirvR6UrmEZumLKX8jfzPf4tDxarfJfbg
dZuhV9r3p2k9XJq6DKOCQcDp+Ua1KXn5t+oFjpTVpq/UEHQHZvTNjFflNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAHSK3F4UpWUoQ8Ng+qZL5Mj9sZtMB8GA1UdIwQY
MBaAFHJJlLt6aj9DM9ZoxJj7llsXLDRVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2ttVXUzcHFQME16MW1qRW1QdVdXeGNzTkZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC83ZmM4MGItOGQxNC00NTdiLWFkNWUt
ODNmYzQ4MDQ0OTIzLzEvQWRJcmNYaFNsWlNoRHcyRDZwa3ZreVAyeG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC83ZmM4MGItOGQxNC00NTdiLWFkNWUtODNmYzQ4MDQ0OTIz
LzEvY2ttVXUzcHFQME16MW1qRW1QdVdXeGNzTkZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8MkMA0E
AgACMAcDBQMqE1xAMA0GCSqGSIb3DQEBCwUAA4IBAQAA++Riu5efSLCZ953yIW9B
uCBUzZ2MZbz5i8uUC1oPxiGDTA5StX3yB+XP57TYigVYKYeJyKSKWvChhVCR93Fr
HosvhG3c7suPHW+q4m+44aNji3dFjfZBZ3CKFP354WWy+gk1b+vL9BX0BlZ1JIfu
IteWKFIG4+MbC4ZWLOkULax8CWc/pRb1wCPo30U6M1LFHRH3SulyTuBBvla3YyQ2
Kz1EK6+VJu8q+JYtsWiMol71zzr39YUSHW1ExaYNrAuPFX4GSz2NWPh6xfaHXwI3
/TBG3ZUqRXfW05ifS9k55uZXqYVUE4FC8Yr5Ju+LZkyNH/u4NQvYb8aat45KF3wp
-----END CERTIFICATE-----