Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/282ac6-72c6-4b2c-9df9-8f1f2c914f04/1/U_zJ2ohl8pwluFdM2POLYKyQkR8.roa
File:                     U_zJ2ohl8pwluFdM2POLYKyQkR8.roa (raw, json)
Hash identifier:          Nw/I8usu+doC+nJyBJ1Uj6K2Gh4ZnH4SZOGP5Qt3pBc=
Subject key identifier:   53:FC:C9:DA:88:65:F2:9C:25:B8:57:4C:D8:F3:8B:60:AC:90:91:1F
Certificate issuer:       /CN=e08142b42e39480048d1fcea587a3693da4c0b8a
Certificate serial:       0190BC2539CCC41F76E41379E1338F09D544
Authority key identifier: E0:81:42:B4:2E:39:48:00:48:D1:FC:EA:58:7A:36:93:DA:4C:0B:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4IFCtC45SABI0fzqWHo2k9pMC4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/282ac6-72c6-4b2c-9df9-8f1f2c914f04/1/U_zJ2ohl8pwluFdM2POLYKyQkR8.roa
Signing time:             Tue 16 Jul 2024 15:24:34 +0000
ROA not before:           Tue 16 Jul 2024 15:24:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56754
IP address blocks:        91.227.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/282ac6-72c6-4b2c-9df9-8f1f2c914f04/1/4IFCtC45SABI0fzqWHo2k9pMC4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/282ac6-72c6-4b2c-9df9-8f1f2c914f04/1/4IFCtC45SABI0fzqWHo2k9pMC4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4IFCtC45SABI0fzqWHo2k9pMC4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bc:25:39:cc:c4:1f:76:e4:13:79:e1:33:8f:09:d5:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e08142b42e39480048d1fcea587a3693da4c0b8a
        Validity
            Not Before: Jul 16 15:24:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53fcc9da8865f29c25b8574cd8f38b60ac90911f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:34:aa:4b:f6:0d:40:0b:99:a4:88:a1:f0:2e:
                    e3:93:9d:0c:89:26:8b:29:43:47:64:b4:39:38:3d:
                    75:e5:22:fe:be:db:1a:f8:d5:51:c3:91:10:c8:69:
                    ba:24:e1:76:c4:97:67:0f:65:bb:cf:5b:9d:c0:47:
                    9a:1d:b5:26:77:e3:fc:b4:b9:21:4a:3d:99:f4:8c:
                    cc:25:1e:b2:76:2a:64:52:56:50:04:a7:69:5d:71:
                    ed:a8:3f:d7:fe:2c:81:2a:1a:43:b0:f4:85:9e:dc:
                    76:8e:b9:5c:aa:0a:2b:fc:f9:70:0f:69:60:e3:39:
                    06:8f:4d:89:0c:6e:a9:4b:d4:33:04:9c:92:54:ea:
                    ee:7f:bc:b4:6f:0e:a5:c5:74:10:3f:bc:ab:d0:6c:
                    da:36:77:40:63:f6:80:54:c1:96:a6:3d:48:6b:6a:
                    73:29:a7:fd:88:07:b2:74:79:75:bc:62:23:ce:97:
                    d1:5d:02:e0:85:8d:94:91:79:38:90:08:77:29:b4:
                    2b:06:d6:63:e3:6a:f1:60:85:9d:47:10:ad:d4:48:
                    5f:83:75:58:4b:ad:d3:96:33:b5:9c:41:6d:fc:fb:
                    4d:0c:06:b2:29:38:8d:05:0e:d5:50:61:93:0b:8a:
                    97:80:6a:7e:b2:f7:5d:a9:f5:96:a5:79:64:3e:88:
                    28:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:FC:C9:DA:88:65:F2:9C:25:B8:57:4C:D8:F3:8B:60:AC:90:91:1F
            X509v3 Authority Key Identifier:
                keyid:E0:81:42:B4:2E:39:48:00:48:D1:FC:EA:58:7A:36:93:DA:4C:0B:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4IFCtC45SABI0fzqWHo2k9pMC4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/282ac6-72c6-4b2c-9df9-8f1f2c914f04/1/U_zJ2ohl8pwluFdM2POLYKyQkR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/282ac6-72c6-4b2c-9df9-8f1f2c914f04/1/4IFCtC45SABI0fzqWHo2k9pMC4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:34:a7:70:7a:3b:ab:aa:fe:a0:82:14:e6:5c:3b:67:82:52:
         32:89:d1:2c:ac:d4:69:78:8a:c9:5b:0a:5a:5b:48:7d:98:f8:
         cd:6d:83:14:e6:b7:68:13:2a:ee:84:63:e5:a6:52:63:b2:6f:
         6d:ed:9b:9b:83:2b:39:0b:dd:98:5e:6e:e1:5e:83:5b:12:c9:
         99:48:dc:67:02:64:0e:b1:38:64:fc:ee:41:18:fe:8f:9a:b4:
         82:7b:f0:59:4f:0a:6c:52:2b:4b:ba:bb:0d:f0:76:d5:36:85:
         41:ff:87:e4:f2:76:b6:23:ce:47:05:ad:41:3e:3a:22:e8:b5:
         e4:e9:c0:cf:b2:e8:c1:70:00:00:90:e9:82:99:d6:83:8d:7b:
         4f:01:27:dd:05:bc:33:1d:4b:96:5f:d1:2e:08:14:a1:b6:44:
         64:63:45:30:27:f9:50:69:f5:32:34:c0:4f:04:1c:69:6e:99:
         3e:01:00:ec:a7:4f:16:6a:0b:93:58:75:40:1e:e0:b7:64:6f:
         d1:96:8b:b0:6a:34:61:1b:14:a5:b7:2d:10:9b:9c:3f:cb:34:
         16:e3:3e:bc:9a:55:fa:5f:d0:a3:ef:b0:06:0b:a8:1b:01:fb:
         db:cf:47:31:78:70:47:94:62:b7:b0:f9:6c:bf:94:3e:d4:19:
         e5:e0:d5:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC8JTnMxB925BN54TOPCdVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwODE0MmI0MmUzOTQ4MDA0OGQxZmNlYTU4N2EzNjkzZGE0
YzBiOGEwHhcNMjQwNzE2MTUyNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ZjYzlkYTg4NjVmMjljMjViODU3NGNkOGYzOGI2MGFjOTA5MTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDSqS/YNQAuZpIih8C7jk50MiSaL
KUNHZLQ5OD115SL+vtsa+NVRw5EQyGm6JOF2xJdnD2W7z1udwEeaHbUmd+P8tLkh
Sj2Z9IzMJR6ydipkUlZQBKdpXXHtqD/X/iyBKhpDsPSFntx2jrlcqgor/PlwD2lg
4zkGj02JDG6pS9QzBJySVOruf7y0bw6lxXQQP7yr0GzaNndAY/aAVMGWpj1Ia2pz
Kaf9iAeydHl1vGIjzpfRXQLghY2UkXk4kAh3KbQrBtZj42rxYIWdRxCt1Ehfg3VY
S63TljO1nEFt/PtNDAayKTiNBQ7VUGGTC4qXgGp+svddqfWWpXlkPogotwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFP8ydqIZfKcJbhXTNjzi2CskJEfMB8GA1UdIwQY
MBaAFOCBQrQuOUgASNH86lh6NpPaTAuKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNElGQ3RDNDVTQUJJMGZ6cVdIbzJrOXBNQzRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yODJhYzYtNzJjNi00YjJjLTlkZjkt
OGYxZjJjOTE0ZjA0LzEvVV96SjJvaGw4cHdsdUZkTTJQT0xZS3lRa1I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yODJhYzYtNzJjNi00YjJjLTlkZjktOGYxZjJjOTE0ZjA0
LzEvNElGQ3RDNDVTQUJJMGZ6cVdIbzJrOXBNQzRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+NtMA0G
CSqGSIb3DQEBCwUAA4IBAQCINKdwejurqv6gghTmXDtnglIyidEsrNRpeIrJWwpa
W0h9mPjNbYMU5rdoEyruhGPlplJjsm9t7Zubgys5C92YXm7hXoNbEsmZSNxnAmQO
sThk/O5BGP6PmrSCe/BZTwpsUitLursN8HbVNoVB/4fk8na2I85HBa1BPjoi6LXk
6cDPsujBcAAAkOmCmdaDjXtPASfdBbwzHUuWX9EuCBShtkRkY0UwJ/lQafUyNMBP
BBxpbpk+AQDsp08WaguTWHVAHuC3ZG/RlouwajRhGxSlty0Qm5w/yzQW4z68mlX6
X9Cj77AGC6gbAfvbz0cxeHBHlGK3sPlsv5Q+1Bnl4NVE
-----END CERTIFICATE-----