Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/10b28e-f928-4a30-94f3-69d406e18653/1/zRCIBU1Aq9DcEW7hsYMYh4cdg3U.roa
File:                     zRCIBU1Aq9DcEW7hsYMYh4cdg3U.roa (raw, json)
Hash identifier:          tuHYtqC8JyLcna9cmvADod1u6p9IVW8SJujyNdL1uqg=
Subject key identifier:   CD:10:88:05:4D:40:AB:D0:DC:11:6E:E1:B1:83:18:87:87:1D:83:75
Certificate issuer:       /CN=52c6dd1719e284ff5c707f8122e8ed0d8795af3d
Certificate serial:       018CC3B711EE9ECBEF4E9D9E5CC3F01DFBF2
Authority key identifier: 52:C6:DD:17:19:E2:84:FF:5C:70:7F:81:22:E8:ED:0D:87:95:AF:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UsbdFxnihP9ccH-BIujtDYeVrz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/10b28e-f928-4a30-94f3-69d406e18653/1/zRCIBU1Aq9DcEW7hsYMYh4cdg3U.roa
Signing time:             Mon 01 Jan 2024 06:30:03 +0000
ROA not before:           Mon 01 Jan 2024 06:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210593
IP address blocks:        91.247.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/10b28e-f928-4a30-94f3-69d406e18653/1/UsbdFxnihP9ccH-BIujtDYeVrz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/10b28e-f928-4a30-94f3-69d406e18653/1/UsbdFxnihP9ccH-BIujtDYeVrz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UsbdFxnihP9ccH-BIujtDYeVrz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:11:ee:9e:cb:ef:4e:9d:9e:5c:c3:f0:1d:fb:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52c6dd1719e284ff5c707f8122e8ed0d8795af3d
        Validity
            Not Before: Jan  1 06:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd1088054d40abd0dc116ee1b1831887871d8375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:32:15:c6:3e:3b:25:64:2a:03:d4:7f:4f:24:
                    04:eb:31:cf:ec:8f:97:8b:dc:69:7f:5e:fc:0f:e9:
                    1b:e6:6d:eb:80:96:7d:ae:b0:76:5a:76:98:13:f5:
                    f0:01:72:9a:f7:cc:7b:67:4b:0e:9d:43:c1:c6:08:
                    36:94:f6:c3:d8:04:d4:a9:8c:5d:b4:47:b2:4a:12:
                    dd:d1:44:e1:48:4a:00:fa:86:ab:86:28:6b:ae:a3:
                    99:06:cb:e1:27:34:14:95:c5:f8:db:b2:e7:bd:cc:
                    70:40:55:05:83:04:2b:15:66:64:bd:f9:2b:b2:4a:
                    6b:6b:b0:c3:f1:26:70:2b:ba:2a:d7:83:0f:81:53:
                    73:f5:6c:68:f2:51:0f:f4:66:3f:66:ae:22:1c:fe:
                    bc:fb:44:52:c9:16:f3:9f:82:52:6d:10:9b:ae:3d:
                    6c:fe:28:cf:87:0f:0d:c9:c5:57:18:56:e4:f6:3a:
                    1e:1a:5c:4a:b8:25:e2:4b:b5:1d:4e:7a:cb:f5:8a:
                    48:6b:ac:b1:b3:38:db:d4:72:90:b7:9a:77:e2:1d:
                    54:e8:3e:0a:11:38:d9:fa:78:14:6f:18:f9:63:25:
                    a4:5a:1a:92:e8:08:d8:14:08:b0:f1:1e:20:2a:12:
                    c9:ee:95:dc:e4:f6:45:7b:1b:97:21:bf:1d:1f:de:
                    e2:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:10:88:05:4D:40:AB:D0:DC:11:6E:E1:B1:83:18:87:87:1D:83:75
            X509v3 Authority Key Identifier:
                keyid:52:C6:DD:17:19:E2:84:FF:5C:70:7F:81:22:E8:ED:0D:87:95:AF:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UsbdFxnihP9ccH-BIujtDYeVrz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/10b28e-f928-4a30-94f3-69d406e18653/1/zRCIBU1Aq9DcEW7hsYMYh4cdg3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/10b28e-f928-4a30-94f3-69d406e18653/1/UsbdFxnihP9ccH-BIujtDYeVrz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:2e:ce:5b:50:b8:ab:27:f9:e6:59:99:7b:5a:13:38:1e:c9:
         e8:dc:4a:8f:f3:59:2f:79:2a:a0:93:41:51:d2:64:f0:eb:21:
         0b:bd:de:de:f4:42:4f:79:87:03:ba:9a:41:2a:9b:4f:2e:0e:
         33:e2:60:b2:1a:a0:99:a1:bb:6a:e9:7c:90:fc:f0:32:92:3d:
         0a:62:f3:17:b8:c8:6f:4d:04:76:31:67:20:c8:c9:8f:0b:83:
         0a:42:39:30:ae:57:9d:13:b1:37:ef:a9:6a:2c:e9:41:27:67:
         3e:96:c3:c1:a9:9e:f6:60:18:e5:c2:42:87:a0:71:77:a6:cf:
         d8:fc:2d:d9:77:21:e1:2f:46:48:d8:e9:3a:21:a8:1e:65:53:
         0d:22:78:89:0b:84:44:43:49:4c:34:c8:1f:18:6e:96:f4:f1:
         13:32:9b:0b:50:4a:66:1f:94:02:7d:33:b3:18:e0:d3:7f:22:
         e9:0f:88:85:ed:97:b7:90:cf:cd:7e:c2:c0:95:2f:19:fd:e7:
         b2:d1:cb:ae:1e:a8:61:7c:06:bf:fe:c9:0f:d2:18:59:14:31:
         83:56:fe:d6:9b:2e:f0:27:d5:c3:65:f5:28:f6:e5:16:50:a3:
         02:b5:d3:68:13:f5:57:b3:68:e2:ee:d8:7a:10:60:2d:7d:a6:
         5f:25:70:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxHunsvvTp2eXMPwHfvyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYzZkZDE3MTllMjg0ZmY1YzcwN2Y4MTIyZThlZDBkODc5
NWFmM2QwHhcNMjQwMTAxMDYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDEwODgwNTRkNDBhYmQwZGMxMTZlZTFiMTgzMTg4Nzg3MWQ4Mzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzIVxj47JWQqA9R/TyQE6zHP7I+X
i9xpf178D+kb5m3rgJZ9rrB2WnaYE/XwAXKa98x7Z0sOnUPBxgg2lPbD2ATUqYxd
tEeyShLd0UThSEoA+oarhihrrqOZBsvhJzQUlcX427LnvcxwQFUFgwQrFWZkvfkr
skpra7DD8SZwK7oq14MPgVNz9Wxo8lEP9GY/Zq4iHP68+0RSyRbzn4JSbRCbrj1s
/ijPhw8NycVXGFbk9joeGlxKuCXiS7UdTnrL9YpIa6yxszjb1HKQt5p34h1U6D4K
ETjZ+ngUbxj5YyWkWhqS6AjYFAiw8R4gKhLJ7pXc5PZFexuXIb8dH97ijwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0QiAVNQKvQ3BFu4bGDGIeHHYN1MB8GA1UdIwQY
MBaAFFLG3RcZ4oT/XHB/gSLo7Q2Hla89MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXNiZEZ4bmloUDljY0gtQkl1anREWWVWcnowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8xMGIyOGUtZjkyOC00YTMwLTk0ZjMt
NjlkNDA2ZTE4NjUzLzEvelJDSUJVMUFxOURjRVc3aHNZTVloNGNkZzNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8xMGIyOGUtZjkyOC00YTMwLTk0ZjMtNjlkNDA2ZTE4NjUz
LzEvVXNiZEZ4bmloUDljY0gtQkl1anREWWVWcnowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/evMA0G
CSqGSIb3DQEBCwUAA4IBAQArLs5bULirJ/nmWZl7WhM4Hsno3EqP81kveSqgk0FR
0mTw6yELvd7e9EJPeYcDuppBKptPLg4z4mCyGqCZobtq6XyQ/PAykj0KYvMXuMhv
TQR2MWcgyMmPC4MKQjkwrledE7E376lqLOlBJ2c+lsPBqZ72YBjlwkKHoHF3ps/Y
/C3ZdyHhL0ZI2Ok6IageZVMNIniJC4REQ0lMNMgfGG6W9PETMpsLUEpmH5QCfTOz
GODTfyLpD4iF7Ze3kM/NfsLAlS8Z/eey0cuuHqhhfAa//skP0hhZFDGDVv7Wmy7w
J9XDZfUo9uUWUKMCtdNoE/VXs2ji7th6EGAtfaZfJXCL
-----END CERTIFICATE-----