Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/a5d98f-fa7e-401f-808f-44a91ba17b08/1/bV-qhc1iXWVIdpRVXbCw-IjG_8k.roa
File:                     bV-qhc1iXWVIdpRVXbCw-IjG_8k.roa (raw, json)
Hash identifier:          APy4bu9puTI7LF2iI/VEOT6mU/+/+OrWF7V03BXzy/U=
Subject key identifier:   6D:5F:AA:85:CD:62:5D:65:48:76:94:55:5D:B0:B0:F8:88:C6:FF:C9
Certificate issuer:       /CN=90516379a042df7445e42efb3646d1f25a67d504
Certificate serial:       018CC5DC33B8FE5CA65FBE82BA4873B8B464
Authority key identifier: 90:51:63:79:A0:42:DF:74:45:E4:2E:FB:36:46:D1:F2:5A:67:D5:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kFFjeaBC33RF5C77NkbR8lpn1QQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/a5d98f-fa7e-401f-808f-44a91ba17b08/1/bV-qhc1iXWVIdpRVXbCw-IjG_8k.roa
Signing time:             Mon 01 Jan 2024 16:29:51 +0000
ROA not before:           Mon 01 Jan 2024 16:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198348
IP address blocks:        91.233.230.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/a5d98f-fa7e-401f-808f-44a91ba17b08/1/kFFjeaBC33RF5C77NkbR8lpn1QQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/a5d98f-fa7e-401f-808f-44a91ba17b08/1/kFFjeaBC33RF5C77NkbR8lpn1QQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kFFjeaBC33RF5C77NkbR8lpn1QQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:33:b8:fe:5c:a6:5f:be:82:ba:48:73:b8:b4:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90516379a042df7445e42efb3646d1f25a67d504
        Validity
            Not Before: Jan  1 16:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d5faa85cd625d65487694555db0b0f888c6ffc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e8:41:e2:47:70:69:53:0a:aa:b2:e9:fe:34:
                    02:a8:55:58:f1:a2:19:d0:1f:d5:c6:b9:18:be:87:
                    90:a5:c2:53:3b:de:a0:17:33:bb:34:d3:e6:26:3e:
                    df:5b:39:55:f7:a3:22:ad:d4:e5:09:17:23:c3:90:
                    f0:39:70:41:22:a7:c2:1d:10:aa:6b:14:d1:56:36:
                    c6:f0:54:e2:73:03:e4:80:a6:cd:f2:f0:83:01:8e:
                    9c:1f:64:40:68:d2:d1:60:9d:02:b3:7e:2f:fc:0c:
                    d2:59:25:20:26:9e:91:1c:cd:0c:6d:51:57:24:81:
                    37:cb:4d:91:a0:0d:72:06:be:bf:71:9d:62:f5:d4:
                    63:cc:e6:10:05:c8:bf:7a:16:10:f6:40:da:e1:f6:
                    11:9d:55:53:9a:10:d8:31:81:0c:8b:49:22:4a:4d:
                    ab:84:48:06:90:20:0a:c8:72:95:24:68:ab:82:39:
                    fc:a7:60:fa:23:ab:74:d1:d8:56:e3:c7:23:18:31:
                    03:9a:22:95:2f:1c:7c:0f:87:67:6e:72:25:41:5a:
                    53:20:c8:95:47:1b:ec:83:53:94:84:3d:e6:08:31:
                    29:6e:2c:e3:a4:73:c5:33:71:da:3a:79:00:3a:71:
                    bb:e8:52:06:a6:19:36:dd:96:79:e3:67:a7:9f:c7:
                    c1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:5F:AA:85:CD:62:5D:65:48:76:94:55:5D:B0:B0:F8:88:C6:FF:C9
            X509v3 Authority Key Identifier:
                keyid:90:51:63:79:A0:42:DF:74:45:E4:2E:FB:36:46:D1:F2:5A:67:D5:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kFFjeaBC33RF5C77NkbR8lpn1QQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/a5d98f-fa7e-401f-808f-44a91ba17b08/1/bV-qhc1iXWVIdpRVXbCw-IjG_8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/a5d98f-fa7e-401f-808f-44a91ba17b08/1/kFFjeaBC33RF5C77NkbR8lpn1QQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:6e:ee:90:ad:07:2a:a4:3d:ca:96:8d:bc:0b:93:67:20:7b:
         23:35:cd:88:d3:d8:4a:9e:eb:53:67:95:22:e8:cf:e5:d7:f3:
         cd:1a:40:bb:12:e3:19:e2:b5:bc:ea:ba:e3:34:8d:b5:2f:79:
         ce:09:3f:7b:db:10:ed:9b:8b:ab:1c:da:ca:ad:b7:89:5f:cb:
         f3:55:76:6d:52:30:cf:6f:76:30:ab:69:b9:91:33:69:9e:b5:
         c9:a5:f8:d2:43:7e:37:90:0f:39:4b:53:dc:30:d9:6e:23:fd:
         d7:43:33:23:21:0f:85:ee:e3:cc:86:83:21:67:c8:f2:17:a4:
         b8:e7:40:a8:74:7d:40:83:b4:21:05:e5:7b:d1:a5:c0:39:0c:
         b2:d0:c4:7a:af:f2:75:37:fb:2b:bd:cd:c7:38:65:3f:a4:bb:
         4d:b4:5e:56:e6:31:3f:3b:6f:83:cd:8f:a1:0a:d7:ad:d1:91:
         07:3e:d9:93:6c:9a:03:06:8c:01:53:70:d7:b0:c4:aa:df:3a:
         86:44:53:36:60:98:83:f8:52:d1:e5:86:09:6e:41:75:90:91:
         8b:3b:9b:73:39:19:54:b4:e4:45:27:85:52:cb:0b:8a:12:ed:
         ec:db:2b:02:db:e8:b5:43:8c:2d:c7:27:61:4b:c3:a3:fc:61:
         81:f8:26:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DO4/lymX76CukhzuLRkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNTE2Mzc5YTA0MmRmNzQ0NWU0MmVmYjM2NDZkMWYyNWE2
N2Q1MDQwHhcNMjQwMTAxMTYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDVmYWE4NWNkNjI1ZDY1NDg3Njk0NTU1ZGIwYjBmODg4YzZmZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOhB4kdwaVMKqrLp/jQCqFVY8aIZ
0B/VxrkYvoeQpcJTO96gFzO7NNPmJj7fWzlV96MirdTlCRcjw5DwOXBBIqfCHRCq
axTRVjbG8FTicwPkgKbN8vCDAY6cH2RAaNLRYJ0Cs34v/AzSWSUgJp6RHM0MbVFX
JIE3y02RoA1yBr6/cZ1i9dRjzOYQBci/ehYQ9kDa4fYRnVVTmhDYMYEMi0kiSk2r
hEgGkCAKyHKVJGirgjn8p2D6I6t00dhW48cjGDEDmiKVLxx8D4dnbnIlQVpTIMiV
Rxvsg1OUhD3mCDEpbizjpHPFM3HaOnkAOnG76FIGphk23ZZ542enn8fB0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1fqoXNYl1lSHaUVV2wsPiIxv/JMB8GA1UdIwQY
MBaAFJBRY3mgQt90ReQu+zZG0fJaZ9UEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0ZGamVhQkMzM1JGNUM3N05rYlI4bHBuMVFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9hNWQ5OGYtZmE3ZS00MDFmLTgwOGYt
NDRhOTFiYTE3YjA4LzEvYlYtcWhjMWlYV1ZJZHBSVlhiQ3ctSWpHXzhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9hNWQ5OGYtZmE3ZS00MDFmLTgwOGYtNDRhOTFiYTE3YjA4
LzEva0ZGamVhQkMzM1JGNUM3N05rYlI4bHBuMVFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+nmMA0G
CSqGSIb3DQEBCwUAA4IBAQADbu6QrQcqpD3Klo28C5NnIHsjNc2I09hKnutTZ5Ui
6M/l1/PNGkC7EuMZ4rW86rrjNI21L3nOCT972xDtm4urHNrKrbeJX8vzVXZtUjDP
b3Ywq2m5kTNpnrXJpfjSQ343kA85S1PcMNluI/3XQzMjIQ+F7uPMhoMhZ8jyF6S4
50CodH1Ag7QhBeV70aXAOQyy0MR6r/J1N/srvc3HOGU/pLtNtF5W5jE/O2+DzY+h
Ctet0ZEHPtmTbJoDBowBU3DXsMSq3zqGRFM2YJiD+FLR5YYJbkF1kJGLO5tzORlU
tORFJ4VSywuKEu3s2ysC2+i1Q4wtxydhS8Oj/GGB+CZt
-----END CERTIFICATE-----