Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/YZI9pw8ObjpNHIXPD0Ax221-ArA.roa
File:                     YZI9pw8ObjpNHIXPD0Ax221-ArA.roa (raw, json)
Hash identifier:          p7k3QdDauTIPvxsNBE2idDFYxAcpd5bGbYy/oGtmz98=
Subject key identifier:   61:92:3D:A7:0F:0E:6E:3A:4D:1C:85:CF:0F:40:31:DB:6D:7E:02:B0
Certificate issuer:       /CN=8407f0063ee9af31d87cfe65b9bc193eb42c8969
Certificate serial:       018CC5DCC3A1C55CE15D47A60F8C3AC78898
Authority key identifier: 84:07:F0:06:3E:E9:AF:31:D8:7C:FE:65:B9:BC:19:3E:B4:2C:89:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hAfwBj7przHYfP5lubwZPrQsiWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/YZI9pw8ObjpNHIXPD0Ax221-ArA.roa
Signing time:             Mon 01 Jan 2024 16:30:28 +0000
ROA not before:           Mon 01 Jan 2024 16:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29684
IP address blocks:        91.223.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/hAfwBj7przHYfP5lubwZPrQsiWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/hAfwBj7przHYfP5lubwZPrQsiWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hAfwBj7przHYfP5lubwZPrQsiWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c3:a1:c5:5c:e1:5d:47:a6:0f:8c:3a:c7:88:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8407f0063ee9af31d87cfe65b9bc193eb42c8969
        Validity
            Not Before: Jan  1 16:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61923da70f0e6e3a4d1c85cf0f4031db6d7e02b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:8a:a3:3e:cf:9f:4b:b2:da:35:2e:3a:49:33:
                    9b:47:94:ef:62:6b:6e:78:b1:49:25:22:34:7f:d5:
                    54:03:ba:94:d5:43:bd:7c:c6:b7:49:3a:d4:4f:fd:
                    3f:ad:fb:74:cf:c8:a9:27:de:95:15:5e:75:49:64:
                    88:68:78:88:c8:27:1d:9d:20:92:ef:94:90:ff:8b:
                    df:84:99:8e:91:6f:bb:fa:48:d3:e1:df:7d:df:6d:
                    99:70:e0:3e:b9:c0:9e:09:f3:3b:de:aa:90:14:3e:
                    7b:67:50:8c:4f:af:b2:45:11:a2:2c:72:66:45:00:
                    80:99:83:5e:55:b1:ce:3e:32:14:be:be:a7:c6:d2:
                    01:3a:cf:27:bb:08:02:40:79:a2:8e:8c:40:ea:fa:
                    8b:ca:e3:44:39:7a:e9:ab:30:af:c4:9a:b1:05:6d:
                    12:67:ff:2b:c3:fe:0f:2c:c1:3c:62:5a:36:e5:f1:
                    a3:5a:aa:e2:41:6b:84:d3:57:69:98:39:3b:78:72:
                    e3:de:50:a4:ca:78:84:f6:9a:6c:69:60:9f:34:d8:
                    a8:43:e6:20:35:68:da:68:39:a0:04:34:d1:8a:54:
                    7f:23:ef:0a:74:94:85:04:e8:57:a2:ac:76:b3:59:
                    ed:53:98:c9:82:26:1e:79:a1:7a:a1:23:66:8a:7e:
                    11:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:92:3D:A7:0F:0E:6E:3A:4D:1C:85:CF:0F:40:31:DB:6D:7E:02:B0
            X509v3 Authority Key Identifier:
                keyid:84:07:F0:06:3E:E9:AF:31:D8:7C:FE:65:B9:BC:19:3E:B4:2C:89:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hAfwBj7przHYfP5lubwZPrQsiWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/YZI9pw8ObjpNHIXPD0Ax221-ArA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/hAfwBj7przHYfP5lubwZPrQsiWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:12:89:42:b8:eb:87:c6:9c:81:43:e1:61:17:2d:25:e6:79:
         33:ee:bf:d5:98:8a:8e:95:41:d5:4b:a7:b9:0d:c0:ab:53:b5:
         18:9b:2d:94:77:04:f7:6a:3f:9e:8a:75:b0:b8:6f:f5:ae:66:
         d3:5f:1d:80:93:f4:83:23:ba:85:9f:18:87:20:ca:0f:dd:a0:
         5a:59:57:73:a2:4d:73:3f:20:7e:4b:22:54:78:ba:7b:93:4c:
         ba:f6:97:e7:8b:2e:90:d4:23:13:39:be:67:61:52:75:12:7a:
         bf:1c:e1:67:d2:a5:1a:54:c4:40:fd:eb:f1:68:ed:2c:a1:87:
         ad:41:80:5e:e5:00:08:29:7d:ee:1f:8b:98:67:c0:f3:4d:0c:
         c5:f4:2e:86:f6:9b:d3:9c:07:a0:1d:dd:40:1d:71:45:46:2d:
         02:cf:eb:59:4f:5a:67:fa:23:7b:91:80:61:2c:86:bb:de:63:
         82:50:ec:7c:50:20:56:64:1f:7d:30:19:e7:df:14:fa:3f:80:
         d1:b6:db:6a:a0:66:a6:6a:04:c5:e1:2d:27:d0:aa:07:06:28:
         d2:a3:d7:26:6b:f3:26:9e:3d:73:9f:c8:14:45:44:17:f5:d8:
         a2:86:08:e1:0a:20:3d:5f:87:20:51:a3:74:37:7a:9f:81:61:
         2e:e7:71:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3MOhxVzhXUemD4w6x4iYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MDdmMDA2M2VlOWFmMzFkODdjZmU2NWI5YmMxOTNlYjQy
Yzg5NjkwHhcNMjQwMTAxMTYzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTkyM2RhNzBmMGU2ZTNhNGQxYzg1Y2YwZjQwMzFkYjZkN2UwMmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIqjPs+fS7LaNS46STObR5TvYmtu
eLFJJSI0f9VUA7qU1UO9fMa3STrUT/0/rft0z8ipJ96VFV51SWSIaHiIyCcdnSCS
75SQ/4vfhJmOkW+7+kjT4d99322ZcOA+ucCeCfM73qqQFD57Z1CMT6+yRRGiLHJm
RQCAmYNeVbHOPjIUvr6nxtIBOs8nuwgCQHmijoxA6vqLyuNEOXrpqzCvxJqxBW0S
Z/8rw/4PLME8Ylo25fGjWqriQWuE01dpmDk7eHLj3lCkyniE9ppsaWCfNNioQ+Yg
NWjaaDmgBDTRilR/I+8KdJSFBOhXoqx2s1ntU5jJgiYeeaF6oSNmin4R2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGSPacPDm46TRyFzw9AMdttfgKwMB8GA1UdIwQY
MBaAFIQH8AY+6a8x2Hz+Zbm8GT60LIlpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEFmd0JqN3ByekhZZlA1bHVid1pQclFzaVdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82NTdjNTktZTNiOS00MDRmLWFmYWIt
ZTFlZmNmMmVkMGE3LzEvWVpJOXB3OE9ianBOSElYUEQwQXgyMjEtQXJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82NTdjNTktZTNiOS00MDRmLWFmYWItZTFlZmNmMmVkMGE3
LzEvaEFmd0JqN3ByekhZZlA1bHVid1pQclFzaVdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/SMA0G
CSqGSIb3DQEBCwUAA4IBAQBBEolCuOuHxpyBQ+FhFy0l5nkz7r/VmIqOlUHVS6e5
DcCrU7UYmy2UdwT3aj+einWwuG/1rmbTXx2Ak/SDI7qFnxiHIMoP3aBaWVdzok1z
PyB+SyJUeLp7k0y69pfniy6Q1CMTOb5nYVJ1Enq/HOFn0qUaVMRA/evxaO0soYet
QYBe5QAIKX3uH4uYZ8DzTQzF9C6G9pvTnAegHd1AHXFFRi0Cz+tZT1pn+iN7kYBh
LIa73mOCUOx8UCBWZB99MBnn3xT6P4DRtttqoGamagTF4S0n0KoHBijSo9cma/Mm
nj1zn8gURUQX9diihgjhCiA9X4cgUaN0N3qfgWEu53Hf
-----END CERTIFICATE-----