Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/rWU7qyJuILHz8HxyVvNjc7ZbA4U.roa
File:                     rWU7qyJuILHz8HxyVvNjc7ZbA4U.roa (raw, json)
Hash identifier:          JHTuyBo8nc6fcgqCOMQOAw2Q1Zo6OC6QKWRVcOvsTTk=
Subject key identifier:   AD:65:3B:AB:22:6E:20:B1:F3:F0:7C:72:56:F3:63:73:B6:5B:03:85
Certificate issuer:       /CN=950082a85946722c7fc1c864f0fbd80dc54dcd29
Certificate serial:       018CC7275D78C930852611A0955055672B93
Authority key identifier: 95:00:82:A8:59:46:72:2C:7F:C1:C8:64:F0:FB:D8:0D:C5:4D:CD:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQCCqFlGcix_wchk8PvYDcVNzSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/rWU7qyJuILHz8HxyVvNjc7ZbA4U.roa
Signing time:             Mon 01 Jan 2024 22:31:34 +0000
ROA not before:           Mon 01 Jan 2024 22:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.240.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/lQCCqFlGcix_wchk8PvYDcVNzSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/lQCCqFlGcix_wchk8PvYDcVNzSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lQCCqFlGcix_wchk8PvYDcVNzSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5d:78:c9:30:85:26:11:a0:95:50:55:67:2b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=950082a85946722c7fc1c864f0fbd80dc54dcd29
        Validity
            Not Before: Jan  1 22:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad653bab226e20b1f3f07c7256f36373b65b0385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f0:80:a3:fb:9b:10:20:88:e2:ce:d1:72:90:
                    e0:3d:b4:94:8d:13:db:3b:36:cf:45:62:83:96:d2:
                    6b:79:58:2d:1a:f4:36:15:d3:62:cb:b2:ff:68:96:
                    73:67:e2:0b:e7:c9:5c:44:b0:04:91:62:6d:ce:dc:
                    aa:c5:ff:d6:e3:56:ff:22:09:39:87:8c:cf:39:1a:
                    f5:48:db:8e:17:40:da:33:8c:01:50:55:38:10:91:
                    31:b7:9c:a5:d4:50:68:a3:e2:9f:c3:fa:21:cd:da:
                    8d:7f:4a:66:12:0e:b1:d9:a2:4f:ea:f1:ce:1d:cd:
                    a1:a8:71:df:6f:63:4f:3a:d7:a4:b7:c4:88:bb:9b:
                    7b:f5:75:12:03:d3:bb:71:6c:73:69:63:c2:31:33:
                    92:ff:aa:2f:68:e8:76:f2:3b:d9:a2:47:a1:67:8b:
                    fa:01:bb:87:6f:99:b6:f8:76:b4:91:0c:36:54:25:
                    a0:ea:e2:3c:ca:87:04:65:76:57:25:56:96:d6:95:
                    00:8f:66:3a:6e:44:21:9e:ff:95:47:42:47:72:45:
                    cf:68:b5:1e:39:68:b1:67:45:ce:40:e2:22:89:e9:
                    3b:60:2a:22:c6:19:f4:f8:fe:d2:12:ab:10:8a:35:
                    0b:75:b0:c0:3c:f0:18:c2:21:78:97:52:ab:4c:74:
                    1e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:65:3B:AB:22:6E:20:B1:F3:F0:7C:72:56:F3:63:73:B6:5B:03:85
            X509v3 Authority Key Identifier:
                keyid:95:00:82:A8:59:46:72:2C:7F:C1:C8:64:F0:FB:D8:0D:C5:4D:CD:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQCCqFlGcix_wchk8PvYDcVNzSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/rWU7qyJuILHz8HxyVvNjc7ZbA4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/lQCCqFlGcix_wchk8PvYDcVNzSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:b1:95:b9:b8:48:c3:4f:b6:84:a0:bb:70:4e:20:f4:a6:00:
         16:5e:7a:42:5b:ba:fa:d7:83:4e:59:c1:36:32:7b:f8:26:ac:
         27:77:22:bb:a7:69:21:c5:da:c7:8d:b3:40:7c:ef:95:17:4a:
         e2:07:35:5e:ea:0e:87:6b:38:52:3f:e6:08:82:f2:7f:e6:62:
         91:08:23:8f:ff:05:cf:75:0b:29:34:b4:29:ad:b9:98:89:b6:
         44:56:c4:db:2a:06:dc:89:f5:22:f4:75:64:61:5a:83:66:7a:
         f3:31:60:bb:68:5e:25:23:d5:58:ba:e7:9e:5e:27:7c:7a:7d:
         0a:49:ba:cc:6d:65:6d:aa:a7:91:c5:6f:3e:c0:66:56:97:16:
         32:65:2a:cb:ad:f1:44:89:e7:0b:78:55:30:88:76:e7:30:97:
         25:cd:b9:66:c6:1f:91:8a:3b:52:8f:4d:4b:80:18:cd:f5:a4:
         61:8f:17:30:16:c2:0b:25:e0:18:46:2c:c3:1d:44:f0:5d:fa:
         af:3e:ae:03:69:35:bd:92:70:0c:a6:89:7f:c5:41:1e:68:8a:
         e5:27:f1:5a:66:51:70:e6:db:99:54:04:8e:31:d0:50:bb:15:
         2b:cb:85:4a:d5:21:56:e4:e2:11:c7:90:27:81:70:cb:8d:72:
         72:50:eb:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ114yTCFJhGglVBVZyuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDA4MmE4NTk0NjcyMmM3ZmMxYzg2NGYwZmJkODBkYzU0
ZGNkMjkwHhcNMjQwMTAxMjIzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDY1M2JhYjIyNmUyMGIxZjNmMDdjNzI1NmYzNjM3M2I2NWIwMzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvCAo/ubECCI4s7RcpDgPbSUjRPb
OzbPRWKDltJreVgtGvQ2FdNiy7L/aJZzZ+IL58lcRLAEkWJtztyqxf/W41b/Igk5
h4zPORr1SNuOF0DaM4wBUFU4EJExt5yl1FBoo+Kfw/ohzdqNf0pmEg6x2aJP6vHO
Hc2hqHHfb2NPOtekt8SIu5t79XUSA9O7cWxzaWPCMTOS/6ovaOh28jvZokehZ4v6
AbuHb5m2+Ha0kQw2VCWg6uI8yocEZXZXJVaW1pUAj2Y6bkQhnv+VR0JHckXPaLUe
OWixZ0XOQOIiiek7YCoixhn0+P7SEqsQijULdbDAPPAYwiF4l1KrTHQe7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1lO6sibiCx8/B8clbzY3O2WwOFMB8GA1UdIwQY
MBaAFJUAgqhZRnIsf8HIZPD72A3FTc0pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFDQ3FGbEdjaXhfd2NoazhQdllEY1ZOelNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8zNGU0MGYtZTFkMi00ZDI5LTg5YzUt
YzY5YTdmMDNlMThmLzEvcldVN3F5SnVJTEh6OEh4eVZ2TmpjN1piQTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8zNGU0MGYtZTFkMi00ZDI5LTg5YzUtYzY5YTdmMDNlMThm
LzEvbFFDQ3FGbEdjaXhfd2NoazhQdllEY1ZOelNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/DpMA0G
CSqGSIb3DQEBCwUAA4IBAQAHsZW5uEjDT7aEoLtwTiD0pgAWXnpCW7r614NOWcE2
Mnv4JqwndyK7p2khxdrHjbNAfO+VF0riBzVe6g6HazhSP+YIgvJ/5mKRCCOP/wXP
dQspNLQprbmYibZEVsTbKgbcifUi9HVkYVqDZnrzMWC7aF4lI9VYuueeXid8en0K
SbrMbWVtqqeRxW8+wGZWlxYyZSrLrfFEiecLeFUwiHbnMJclzblmxh+RijtSj01L
gBjN9aRhjxcwFsILJeAYRizDHUTwXfqvPq4DaTW9knAMpol/xUEeaIrlJ/FaZlFw
5tuZVASOMdBQuxUry4VK1SFW5OIRx5AngXDLjXJyUOte
-----END CERTIFICATE-----