Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/audzbGEIAJ_W_wwgdwTZr54XyrI.roa
File:                     audzbGEIAJ_W_wwgdwTZr54XyrI.roa (raw, json)
Hash identifier:          gw+Q/OvqWMasyGKGT4u9XTD9pE27M1NAk42XHcOopzQ=
Subject key identifier:   6A:E7:73:6C:61:08:00:9F:D6:FF:0C:20:77:04:D9:AF:9E:17:CA:B2
Certificate issuer:       /CN=163d2572180f4b784fb4f2a5ed50e9fe5e6be6a7
Certificate serial:       018CC2DB5843B5BC7427875A8B3298CAC0F8
Authority key identifier: 16:3D:25:72:18:0F:4B:78:4F:B4:F2:A5:ED:50:E9:FE:5E:6B:E6:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fj0lchgPS3hPtPKl7VDp_l5r5qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/audzbGEIAJ_W_wwgdwTZr54XyrI.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48637
IP address blocks:        91.209.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/Fj0lchgPS3hPtPKl7VDp_l5r5qc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/Fj0lchgPS3hPtPKl7VDp_l5r5qc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fj0lchgPS3hPtPKl7VDp_l5r5qc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 19:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:58:43:b5:bc:74:27:87:5a:8b:32:98:ca:c0:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=163d2572180f4b784fb4f2a5ed50e9fe5e6be6a7
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ae7736c6108009fd6ff0c207704d9af9e17cab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1e:8d:8b:d1:69:13:c3:64:39:21:66:9c:d7:
                    47:68:21:e3:21:9a:10:23:df:84:54:a2:69:1a:7b:
                    7f:a7:ad:c7:4e:40:2c:14:7d:e6:8a:54:09:4f:98:
                    44:3e:6d:57:a3:82:66:31:8d:c6:69:bb:a7:3e:11:
                    b0:e7:07:e4:c5:fa:bc:64:90:4d:44:d9:f9:95:59:
                    81:7c:d3:07:98:11:7e:34:7f:31:d9:fa:b2:eb:9b:
                    bd:89:bb:1f:37:6a:e3:db:19:a1:5a:ec:d0:f2:5d:
                    b9:3d:e8:28:75:0f:41:2d:0c:1f:98:ae:a0:45:d0:
                    99:37:04:91:2e:fa:24:f7:62:f7:f7:29:b9:0c:89:
                    6e:80:97:59:51:9b:f2:65:b1:66:83:8e:17:3a:78:
                    98:38:93:09:7d:62:60:63:ee:d9:c7:3f:d2:4b:36:
                    5c:03:f5:51:f6:32:4e:e9:03:1f:6b:b8:fd:b1:f5:
                    11:1e:e4:84:64:df:aa:5a:82:f5:eb:ee:56:41:99:
                    62:d0:b4:38:fc:07:e3:eb:7e:4d:d2:21:ba:28:eb:
                    8e:3a:60:72:7b:81:9a:44:a0:4c:45:e2:e9:c3:15:
                    de:86:3b:d7:24:83:b8:e4:70:40:01:e6:45:cf:c5:
                    84:fc:8c:62:69:57:4b:ee:c4:b4:b5:aa:86:33:0b:
                    78:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:E7:73:6C:61:08:00:9F:D6:FF:0C:20:77:04:D9:AF:9E:17:CA:B2
            X509v3 Authority Key Identifier:
                keyid:16:3D:25:72:18:0F:4B:78:4F:B4:F2:A5:ED:50:E9:FE:5E:6B:E6:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fj0lchgPS3hPtPKl7VDp_l5r5qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/audzbGEIAJ_W_wwgdwTZr54XyrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/Fj0lchgPS3hPtPKl7VDp_l5r5qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:57:7d:fb:d2:a4:11:0e:f2:db:d4:e2:f3:20:be:d6:20:5a:
         14:72:7b:9c:d9:69:fb:ee:41:49:89:5b:8b:4d:01:ed:80:b5:
         86:3e:15:83:fe:a6:c8:65:8c:88:e7:a8:73:70:71:b3:82:be:
         c8:41:02:65:b0:13:5c:61:05:5a:6f:67:86:8d:62:3c:2a:e2:
         25:d2:d9:d8:01:96:9f:c8:24:61:99:5a:dc:e3:da:e3:80:ac:
         42:f8:4a:88:85:84:4f:22:cf:c7:1c:46:6c:5d:6e:3a:3d:4f:
         47:34:f3:f5:5b:0e:97:f7:43:cf:79:56:3a:8e:b0:49:ae:28:
         7e:0c:d7:61:f9:de:88:b0:e2:11:9d:db:2a:2e:87:5c:c0:65:
         29:80:8a:b3:f0:7a:c3:c6:4a:25:a7:6a:76:1b:f9:69:79:7d:
         93:fc:66:c9:8b:6b:16:18:87:27:63:69:92:f5:da:5b:73:d8:
         6e:80:a9:d9:cd:cf:da:26:3d:2a:97:76:93:98:92:c3:f5:34:
         dc:cc:1b:b4:db:9b:4d:32:d8:26:f7:09:45:be:bb:59:dc:b9:
         65:6a:36:c8:71:a8:a4:1d:c5:3d:07:0d:13:ba:b6:fc:70:48:
         c9:77:25:89:68:64:78:1a:59:49:7e:6d:db:d0:9e:87:16:0e:
         0b:64:ac:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21hDtbx0J4daizKYysD4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2M2QyNTcyMTgwZjRiNzg0ZmI0ZjJhNWVkNTBlOWZlNWU2
YmU2YTcwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWU3NzM2YzYxMDgwMDlmZDZmZjBjMjA3NzA0ZDlhZjllMTdjYWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzh6Ni9FpE8NkOSFmnNdHaCHjIZoQ
I9+EVKJpGnt/p63HTkAsFH3milQJT5hEPm1Xo4JmMY3GabunPhGw5wfkxfq8ZJBN
RNn5lVmBfNMHmBF+NH8x2fqy65u9ibsfN2rj2xmhWuzQ8l25PegodQ9BLQwfmK6g
RdCZNwSRLvok92L39ym5DIlugJdZUZvyZbFmg44XOniYOJMJfWJgY+7Zxz/SSzZc
A/VR9jJO6QMfa7j9sfURHuSEZN+qWoL16+5WQZli0LQ4/Afj635N0iG6KOuOOmBy
e4GaRKBMReLpwxXehjvXJIO45HBAAeZFz8WE/IxiaVdL7sS0taqGMwt4XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrnc2xhCACf1v8MIHcE2a+eF8qyMB8GA1UdIwQY
MBaAFBY9JXIYD0t4T7Type1Q6f5ea+anMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmowbGNoZ1BTM2hQdFBLbDdWRHBfbDVyNXFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9lOWEwYTEtMTEzNS00OTVjLTg2OWEt
NzBiYmM3YzBhOWE1LzEvYXVkemJHRUlBSl9XX3d3Z2R3VFpyNTRYeXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9lOWEwYTEtMTEzNS00OTVjLTg2OWEtNzBiYmM3YzBhOWE1
LzEvRmowbGNoZ1BTM2hQdFBLbDdWRHBfbDVyNXFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9HWMA0G
CSqGSIb3DQEBCwUAA4IBAQBEV3370qQRDvLb1OLzIL7WIFoUcnuc2Wn77kFJiVuL
TQHtgLWGPhWD/qbIZYyI56hzcHGzgr7IQQJlsBNcYQVab2eGjWI8KuIl0tnYAZaf
yCRhmVrc49rjgKxC+EqIhYRPIs/HHEZsXW46PU9HNPP1Ww6X90PPeVY6jrBJrih+
DNdh+d6IsOIRndsqLodcwGUpgIqz8HrDxkolp2p2G/lpeX2T/GbJi2sWGIcnY2mS
9dpbc9hugKnZzc/aJj0ql3aTmJLD9TTczBu025tNMtgm9wlFvrtZ3LllajbIcaik
HcU9Bw0Turb8cEjJdyWJaGR4GllJfm3b0J6HFg4LZKxV
-----END CERTIFICATE-----