Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/367748-885c-4621-b44c-1195fe050de1/1/XBzZyIG8kn6q8p-NdmjKwJMgy_k.roa
File:                     XBzZyIG8kn6q8p-NdmjKwJMgy_k.roa (raw, json)
Hash identifier:          /tQRFvIHtA8tTIsKx/psa8bQCraIFIMLtK5n1XSTFgw=
Subject key identifier:   5C:1C:D9:C8:81:BC:92:7E:AA:F2:9F:8D:76:68:CA:C0:93:20:CB:F9
Certificate issuer:       /CN=4be919a84e1a229f789d939d1aaa712a4d3c399d
Certificate serial:       018FDDAB14D116D92700AF669B044D5041F0
Authority key identifier: 4B:E9:19:A8:4E:1A:22:9F:78:9D:93:9D:1A:AA:71:2A:4D:3C:39:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-kZqE4aIp94nZOdGqpxKk08OZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/367748-885c-4621-b44c-1195fe050de1/1/XBzZyIG8kn6q8p-NdmjKwJMgy_k.roa
Signing time:             Mon 03 Jun 2024 10:35:27 +0000
ROA not before:           Mon 03 Jun 2024 10:35:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198746
IP address blocks:        91.238.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/367748-885c-4621-b44c-1195fe050de1/1/S-kZqE4aIp94nZOdGqpxKk08OZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/367748-885c-4621-b44c-1195fe050de1/1/S-kZqE4aIp94nZOdGqpxKk08OZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-kZqE4aIp94nZOdGqpxKk08OZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:ab:14:d1:16:d9:27:00:af:66:9b:04:4d:50:41:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4be919a84e1a229f789d939d1aaa712a4d3c399d
        Validity
            Not Before: Jun  3 10:35:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c1cd9c881bc927eaaf29f8d7668cac09320cbf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:42:6f:38:fc:97:51:99:14:06:88:3a:39:3e:
                    5f:b1:f8:d0:87:dc:ba:df:92:ee:44:b9:49:92:a6:
                    56:91:2c:7f:43:8f:42:1d:40:58:76:64:8b:69:db:
                    4f:3c:c2:3f:21:92:d6:19:20:ef:c7:d5:e9:1f:c6:
                    50:6c:9e:49:d7:a1:d0:05:3f:03:e2:b3:5d:c0:6b:
                    4c:fb:ca:ae:3a:21:54:ac:b6:6e:55:cc:ca:e6:f4:
                    3a:4f:a8:d6:12:e0:b9:74:8c:32:25:84:13:ff:77:
                    3f:62:02:98:be:a5:81:71:b5:0c:42:77:02:dd:2d:
                    e9:ce:7b:01:3b:e8:83:9a:a7:d5:65:37:7d:9f:78:
                    96:00:44:79:1e:e3:7e:4d:27:ee:c2:57:1a:d0:70:
                    80:da:3f:a5:40:e4:42:16:ae:e8:7f:f4:de:48:af:
                    e2:88:cc:21:26:00:4c:87:2a:7c:01:f5:7b:f9:20:
                    27:44:68:ec:cf:d9:53:7d:12:e2:4a:00:f6:f5:49:
                    4e:a8:55:b0:8c:33:07:a5:d7:3f:f1:f5:84:a5:ab:
                    71:1b:cf:15:1d:72:a6:45:4f:3b:7c:5a:04:2c:8a:
                    4e:b3:e2:27:2a:3a:b0:8a:a3:32:7e:40:86:57:8f:
                    2b:a2:7c:cf:81:09:35:9e:16:33:b9:94:84:5f:09:
                    af:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:1C:D9:C8:81:BC:92:7E:AA:F2:9F:8D:76:68:CA:C0:93:20:CB:F9
            X509v3 Authority Key Identifier:
                keyid:4B:E9:19:A8:4E:1A:22:9F:78:9D:93:9D:1A:AA:71:2A:4D:3C:39:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-kZqE4aIp94nZOdGqpxKk08OZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/367748-885c-4621-b44c-1195fe050de1/1/XBzZyIG8kn6q8p-NdmjKwJMgy_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/367748-885c-4621-b44c-1195fe050de1/1/S-kZqE4aIp94nZOdGqpxKk08OZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:4e:3f:ca:56:1e:e6:79:3a:de:b6:2b:54:9a:6f:b0:46:14:
         46:0f:3a:1c:50:38:45:18:8b:d3:3b:06:64:e3:75:01:f4:7f:
         8d:67:a3:81:53:6e:da:09:a1:64:fc:88:4d:dc:30:d3:d9:06:
         f2:c6:63:b4:f1:38:10:17:3f:38:c7:46:26:b7:6a:97:71:0b:
         38:64:3c:f7:c5:11:a8:cf:67:0f:f4:bf:0d:77:6a:a5:ff:8f:
         6b:c0:b5:88:a1:51:e6:89:89:25:7a:b0:3b:0f:f6:11:44:28:
         b0:29:d3:b1:90:3f:0e:65:3f:68:af:80:f6:2b:8d:a6:1b:f5:
         03:56:fc:02:dc:8b:b3:85:3c:24:b0:96:c9:5e:6e:32:05:cf:
         b6:c5:5c:69:ae:dc:ef:38:9b:8b:05:f6:a4:74:61:c4:8f:5a:
         16:c2:3b:bb:28:1f:0a:23:d3:53:36:9d:a3:af:be:8e:e9:f4:
         cf:b9:99:46:52:2d:54:39:8d:c3:dc:ce:3b:2d:76:72:6c:c3:
         6f:79:14:47:ef:03:9e:dc:82:f7:69:28:25:f0:f7:25:5c:ec:
         37:42:fc:f3:f5:12:c4:62:17:87:30:ec:4a:02:92:db:51:b2:
         40:dd:db:6c:bd:64:07:ba:a9:49:06:49:b7:85:65:7b:a3:ba:
         ad:ef:40:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/dqxTRFtknAK9mmwRNUEHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTkxOWE4NGUxYTIyOWY3ODlkOTM5ZDFhYWE3MTJhNGQz
YzM5OWQwHhcNMjQwNjAzMTAzNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzFjZDljODgxYmM5MjdlYWFmMjlmOGQ3NjY4Y2FjMDkzMjBjYmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0JvOPyXUZkUBog6OT5fsfjQh9y6
35LuRLlJkqZWkSx/Q49CHUBYdmSLadtPPMI/IZLWGSDvx9XpH8ZQbJ5J16HQBT8D
4rNdwGtM+8quOiFUrLZuVczK5vQ6T6jWEuC5dIwyJYQT/3c/YgKYvqWBcbUMQncC
3S3pznsBO+iDmqfVZTd9n3iWAER5HuN+TSfuwlca0HCA2j+lQORCFq7of/TeSK/i
iMwhJgBMhyp8AfV7+SAnRGjsz9lTfRLiSgD29UlOqFWwjDMHpdc/8fWEpatxG88V
HXKmRU87fFoELIpOs+InKjqwiqMyfkCGV48ronzPgQk1nhYzuZSEXwmvzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwc2ciBvJJ+qvKfjXZoysCTIMv5MB8GA1UdIwQY
MBaAFEvpGahOGiKfeJ2TnRqqcSpNPDmdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1rWnFFNGFJcDk0blpPZEdxcHhLazA4T1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8zNjc3NDgtODg1Yy00NjIxLWI0NGMt
MTE5NWZlMDUwZGUxLzEvWEJ6WnlJRzhrbjZxOHAtTmRtakt3Sk1neV9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8zNjc3NDgtODg1Yy00NjIxLWI0NGMtMTE5NWZlMDUwZGUx
LzEvUy1rWnFFNGFJcDk0blpPZEdxcHhLazA4T1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+7+MA0G
CSqGSIb3DQEBCwUAA4IBAQBYTj/KVh7meTretitUmm+wRhRGDzocUDhFGIvTOwZk
43UB9H+NZ6OBU27aCaFk/IhN3DDT2QbyxmO08TgQFz84x0Ymt2qXcQs4ZDz3xRGo
z2cP9L8Nd2ql/49rwLWIoVHmiYklerA7D/YRRCiwKdOxkD8OZT9or4D2K42mG/UD
VvwC3IuzhTwksJbJXm4yBc+2xVxprtzvOJuLBfakdGHEj1oWwju7KB8KI9NTNp2j
r76O6fTPuZlGUi1UOY3D3M47LXZybMNveRRH7wOe3IL3aSgl8PclXOw3Qvzz9RLE
YheHMOxKApLbUbJA3dtsvWQHuqlJBkm3hWV7o7qt70DQ
-----END CERTIFICATE-----