Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/68b1bf-8f48-4169-a9a2-5dac720223ab/1/1ZyUIIbeu8Rp0VNjzW7zqwP_wf8.roa
File:                     1ZyUIIbeu8Rp0VNjzW7zqwP_wf8.roa (raw, json)
Hash identifier:          lHIkPmWKRTVREWSBh0qS7R5q9pbx7uFT6d62kFFHJkg=
Subject key identifier:   D5:9C:94:20:86:DE:BB:C4:69:D1:53:63:CD:6E:F3:AB:03:FF:C1:FF
Certificate issuer:       /CN=f816865928eeeee5cbc92f4c4d38ae5c601dee0a
Certificate serial:       018CCA2AECD26C2DBD7E460DFC2599331537
Authority key identifier: F8:16:86:59:28:EE:EE:E5:CB:C9:2F:4C:4D:38:AE:5C:60:1D:EE:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-BaGWSju7uXLyS9MTTiuXGAd7go.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/68b1bf-8f48-4169-a9a2-5dac720223ab/1/1ZyUIIbeu8Rp0VNjzW7zqwP_wf8.roa
Signing time:             Tue 02 Jan 2024 12:34:19 +0000
ROA not before:           Tue 02 Jan 2024 12:34:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50399
IP address blocks:        91.209.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/68b1bf-8f48-4169-a9a2-5dac720223ab/1/1-BaGWSju7uXLyS9MTTiuXGAd7go.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/68b1bf-8f48-4169-a9a2-5dac720223ab/1/1-BaGWSju7uXLyS9MTTiuXGAd7go.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-BaGWSju7uXLyS9MTTiuXGAd7go.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:ec:d2:6c:2d:bd:7e:46:0d:fc:25:99:33:15:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f816865928eeeee5cbc92f4c4d38ae5c601dee0a
        Validity
            Not Before: Jan  2 12:34:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d59c942086debbc469d15363cd6ef3ab03ffc1ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f1:11:b1:ea:c1:be:65:31:aa:99:5c:4d:55:
                    70:c5:20:f0:89:1c:f7:2a:31:bf:29:64:5e:e0:b1:
                    2c:ab:28:d6:4a:5c:30:58:c7:16:72:e4:bd:1e:0e:
                    74:67:06:cb:6f:75:99:3b:f8:22:1f:81:c8:1e:7b:
                    31:60:20:97:80:0f:21:43:fb:d7:81:39:64:d9:47:
                    33:e3:c2:47:e4:e3:38:91:93:55:eb:2a:5d:72:1e:
                    c8:d9:7b:ed:52:44:57:d7:81:bf:d5:5c:18:54:6c:
                    ba:6e:0f:65:7c:72:96:ca:67:71:75:b6:03:89:6b:
                    fa:48:43:52:9c:71:d5:6b:1b:87:2a:f6:35:cd:03:
                    d2:e6:82:63:4c:44:87:37:12:de:67:0a:74:a8:73:
                    fa:33:4e:db:59:0f:1d:52:b0:01:73:66:c9:e3:ac:
                    ba:88:d1:84:8e:96:cf:bd:8b:b5:17:24:c9:97:45:
                    01:f6:b2:2b:27:fa:76:b7:29:28:c3:9e:5d:f5:09:
                    b0:18:97:fa:a3:e2:43:1a:70:bc:52:28:b7:4a:76:
                    cd:85:f8:cf:66:e4:8f:98:fa:bb:57:0a:73:5a:ec:
                    e5:58:9f:b2:44:21:3a:0c:0a:11:a9:a9:99:07:2a:
                    76:5e:ba:48:26:cd:99:10:35:57:e8:69:e7:8b:c3:
                    e4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:9C:94:20:86:DE:BB:C4:69:D1:53:63:CD:6E:F3:AB:03:FF:C1:FF
            X509v3 Authority Key Identifier:
                keyid:F8:16:86:59:28:EE:EE:E5:CB:C9:2F:4C:4D:38:AE:5C:60:1D:EE:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-BaGWSju7uXLyS9MTTiuXGAd7go.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/68b1bf-8f48-4169-a9a2-5dac720223ab/1/1ZyUIIbeu8Rp0VNjzW7zqwP_wf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/68b1bf-8f48-4169-a9a2-5dac720223ab/1/1-BaGWSju7uXLyS9MTTiuXGAd7go.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:f0:7a:b4:89:ec:f1:83:d4:23:b5:44:b1:f7:de:c2:6b:68:
         8d:e6:73:27:26:bb:80:15:1b:d5:f7:14:d1:24:bf:b6:63:95:
         ec:d2:76:f4:b9:4d:c4:6f:14:32:2f:8e:fd:05:99:91:95:95:
         84:38:1a:c4:fb:18:05:7f:19:d1:0d:22:7c:16:dc:9e:42:19:
         a3:e9:e7:05:db:91:dc:d2:cb:7f:25:c8:9f:c2:ea:04:1e:73:
         91:ee:f1:5c:19:d7:94:6f:de:b1:80:31:ab:cc:c3:2d:be:54:
         21:68:14:b6:fe:dc:47:82:21:b5:4d:c6:a1:a9:74:ac:d7:c3:
         f4:0a:44:82:fa:72:6c:47:41:4b:fc:57:0f:d0:d0:3c:a0:85:
         68:1e:7f:f8:ca:b7:bd:2c:00:25:89:90:e2:e6:74:df:0a:b5:
         55:9b:1d:c3:fe:bd:00:6b:cf:78:14:bd:84:14:81:51:e6:c7:
         9c:a8:49:97:40:86:2d:34:3f:5c:e4:52:ac:16:09:e8:61:c6:
         de:45:64:94:21:7b:df:3a:83:6c:a8:60:36:a9:32:5a:d4:fa:
         04:aa:61:ea:c0:a6:48:15:34:00:fc:e8:33:f3:7b:27:e4:d5:
         d2:e3:af:59:cf:03:23:ec:f7:b0:d1:01:f8:a3:84:38:d8:d2:
         b8:cd:6d:92
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKuzSbC29fkYN/CWZMxU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MTY4NjU5MjhlZWVlZTVjYmM5MmY0YzRkMzhhZTVjNjAx
ZGVlMGEwHhcNMjQwMTAyMTIzNDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTljOTQyMDg2ZGViYmM0NjlkMTUzNjNjZDZlZjNhYjAzZmZjMWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/ERserBvmUxqplcTVVwxSDwiRz3
KjG/KWRe4LEsqyjWSlwwWMcWcuS9Hg50ZwbLb3WZO/giH4HIHnsxYCCXgA8hQ/vX
gTlk2Ucz48JH5OM4kZNV6ypdch7I2XvtUkRX14G/1VwYVGy6bg9lfHKWymdxdbYD
iWv6SENSnHHVaxuHKvY1zQPS5oJjTESHNxLeZwp0qHP6M07bWQ8dUrABc2bJ46y6
iNGEjpbPvYu1FyTJl0UB9rIrJ/p2tykow55d9QmwGJf6o+JDGnC8Uii3SnbNhfjP
ZuSPmPq7VwpzWuzlWJ+yRCE6DAoRqamZByp2XrpIJs2ZEDVX6Gnni8PkgQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNWclCCG3rvEadFTY81u86sD/8H/MB8GA1UdIwQY
MBaAFPgWhlko7u7ly8kvTE04rlxgHe4KMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1CYUdXU2p1N3VYTHlTOU1UVGl1WEdBZDdnby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYvNjhiMWJmLThmNDgtNDE2OS1hOWEy
LTVkYWM3MjAyMjNhYi8xLzFaeVVJSWJldThScDBWTmp6Vzd6cXdQX3dmOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGYvNjhiMWJmLThmNDgtNDE2OS1hOWEyLTVkYWM3MjAyMjNh
Yi8xLzEtQmFHV1NqdTd1WEx5UzlNVFRpdVhHQWQ3Z28uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb0dUw
DQYJKoZIhvcNAQELBQADggEBAG3werSJ7PGD1CO1RLH33sJraI3mcycmu4AVG9X3
FNEkv7ZjlezSdvS5TcRvFDIvjv0FmZGVlYQ4GsT7GAV/GdENInwW3J5CGaPp5wXb
kdzSy38lyJ/C6gQec5Hu8VwZ15Rv3rGAMavMwy2+VCFoFLb+3EeCIbVNxqGpdKzX
w/QKRIL6cmxHQUv8Vw/Q0DyghWgef/jKt70sACWJkOLmdN8KtVWbHcP+vQBrz3gU
vYQUgVHmx5yoSZdAhi00P1zkUqwWCehhxt5FZJQhe986g2yoYDapMlrU+gSqYerA
pkgVNAD86DPzeyfk1dLjr1nPAyPs97DRAfijhDjY0rjNbZI=
-----END CERTIFICATE-----