Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/J5i5UGJ2oM3Wv9QBua0KFkA9PPg.roa
File:                     J5i5UGJ2oM3Wv9QBua0KFkA9PPg.roa (raw, json)
Hash identifier:          H65xiRHkD5u9GzYuyb9s25lG5c9spG1Hf5ZvpuuE5wQ=
Subject key identifier:   27:98:B9:50:62:76:A0:CD:D6:BF:D4:01:B9:AD:0A:16:40:3D:3C:F8
Certificate issuer:       /CN=79c7ea4d39f5cb5f45860a09ea3833ef8add6828
Certificate serial:       018CC3B72984277FA5CCD5D6B5499624D9AA
Authority key identifier: 79:C7:EA:4D:39:F5:CB:5F:45:86:0A:09:EA:38:33:EF:8A:DD:68:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ecfqTTn1y19FhgoJ6jgz74rdaCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/J5i5UGJ2oM3Wv9QBua0KFkA9PPg.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197391
IP address blocks:        91.220.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/ecfqTTn1y19FhgoJ6jgz74rdaCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/ecfqTTn1y19FhgoJ6jgz74rdaCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ecfqTTn1y19FhgoJ6jgz74rdaCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:29:84:27:7f:a5:cc:d5:d6:b5:49:96:24:d9:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79c7ea4d39f5cb5f45860a09ea3833ef8add6828
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2798b9506276a0cdd6bfd401b9ad0a16403d3cf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:dc:cf:ee:15:02:69:4b:97:c0:d5:e4:05:d8:
                    c8:cb:0c:74:24:de:a6:7c:ac:5c:96:78:8e:02:85:
                    cf:40:63:e6:b7:1c:25:87:04:5a:78:16:9a:a2:7b:
                    08:10:de:10:18:fa:b0:7a:8a:cc:21:e4:e3:eb:65:
                    04:9d:fb:4d:df:8b:b7:3a:aa:57:b9:20:ea:37:d3:
                    29:5b:4d:26:84:bd:f4:7c:b7:e9:0c:84:78:ba:2a:
                    b1:43:9a:f1:cd:60:8d:eb:da:f2:7f:db:6d:2c:61:
                    09:cd:47:e4:40:5e:80:36:09:cb:82:e9:8b:0f:f0:
                    10:26:d1:91:05:26:76:ed:bc:69:47:d1:28:a2:dc:
                    57:e5:45:dc:d5:f9:12:87:17:ca:f0:c6:39:fc:62:
                    f1:16:8a:b4:af:fe:b1:5f:d3:02:0e:dc:40:87:d3:
                    ce:5d:85:c1:0e:7d:5f:ef:44:e9:5f:54:e2:5d:71:
                    3c:2c:10:7e:4d:27:76:0a:8c:72:35:12:50:cc:f0:
                    df:51:78:84:97:87:e1:40:96:ef:d1:11:c2:ae:3b:
                    1d:f1:ec:61:ab:5f:4b:8b:a3:7b:e8:a8:cc:9f:79:
                    cf:34:53:66:bf:8e:32:d8:d5:49:90:a0:b6:be:01:
                    17:db:35:55:7a:9b:a5:a8:ed:cb:ce:86:1c:e9:4f:
                    1e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:98:B9:50:62:76:A0:CD:D6:BF:D4:01:B9:AD:0A:16:40:3D:3C:F8
            X509v3 Authority Key Identifier:
                keyid:79:C7:EA:4D:39:F5:CB:5F:45:86:0A:09:EA:38:33:EF:8A:DD:68:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ecfqTTn1y19FhgoJ6jgz74rdaCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/J5i5UGJ2oM3Wv9QBua0KFkA9PPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/ecfqTTn1y19FhgoJ6jgz74rdaCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:d0:25:e4:a7:a3:b1:84:d4:3c:35:6e:f0:2e:1a:ff:47:b6:
         ee:5c:cb:a9:06:13:33:d3:30:a5:b5:4a:7b:a8:7e:55:9a:f9:
         f2:87:36:08:c8:76:ab:cc:a5:16:f0:0d:e9:fc:c1:15:1b:34:
         dc:69:c3:a4:b5:02:84:a8:29:e9:60:20:f6:8f:04:c7:81:ed:
         03:94:80:8a:77:0a:cc:e6:83:70:b7:75:a1:1e:39:f0:1c:bf:
         6d:39:63:98:6e:49:29:25:45:50:81:df:0a:63:cd:e0:24:5b:
         d2:72:dc:00:9a:9d:4a:4f:f4:8f:7d:41:29:8d:59:4b:1e:87:
         32:89:34:54:be:eb:6f:29:87:66:d8:f2:fe:be:ef:1c:7c:c5:
         98:37:19:27:a0:40:3d:9a:c6:05:35:42:69:83:6d:01:99:36:
         56:59:7a:0a:d6:09:32:75:e2:7f:6c:40:63:0d:e1:b8:8e:31:
         54:a3:ff:c0:11:7d:13:90:c6:db:c8:45:4d:86:a0:b8:ca:f9:
         6a:3b:17:29:fd:2a:65:2e:4f:aa:48:9e:42:cc:21:8c:ee:81:
         b0:86:23:f1:ac:67:34:87:33:19:8f:70:0f:83:07:26:97:91:
         57:f4:67:4b:69:f7:de:06:76:cf:be:a7:70:97:7e:23:ab:8f:
         14:ef:4e:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtymEJ3+lzNXWtUmWJNmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YzdlYTRkMzlmNWNiNWY0NTg2MGEwOWVhMzgzM2VmOGFk
ZDY4MjgwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzk4Yjk1MDYyNzZhMGNkZDZiZmQ0MDFiOWFkMGExNjQwM2QzY2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndzP7hUCaUuXwNXkBdjIywx0JN6m
fKxclniOAoXPQGPmtxwlhwRaeBaaonsIEN4QGPqweorMIeTj62UEnftN34u3OqpX
uSDqN9MpW00mhL30fLfpDIR4uiqxQ5rxzWCN69ryf9ttLGEJzUfkQF6ANgnLgumL
D/AQJtGRBSZ27bxpR9EootxX5UXc1fkShxfK8MY5/GLxFoq0r/6xX9MCDtxAh9PO
XYXBDn1f70TpX1TiXXE8LBB+TSd2CoxyNRJQzPDfUXiEl4fhQJbv0RHCrjsd8exh
q19Li6N76KjMn3nPNFNmv44y2NVJkKC2vgEX2zVVepulqO3LzoYc6U8ePwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeYuVBidqDN1r/UAbmtChZAPTz4MB8GA1UdIwQY
MBaAFHnH6k059ctfRYYKCeo4M++K3WgoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWNmcVRUbjF5MTlGaGdvSjZqZ3o3NHJkYUNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iZWVkOTMtNDE3MC00ZjY4LWEzOTIt
MjhiZjNkOTBiZDdiLzEvSjVpNVVHSjJvTTNXdjlRQnVhMEtGa0E5UFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iZWVkOTMtNDE3MC00ZjY4LWEzOTItMjhiZjNkOTBiZDdi
LzEvZWNmcVRUbjF5MTlGaGdvSjZqZ3o3NHJkYUNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9x3MA0G
CSqGSIb3DQEBCwUAA4IBAQA80CXkp6OxhNQ8NW7wLhr/R7buXMupBhMz0zCltUp7
qH5VmvnyhzYIyHarzKUW8A3p/MEVGzTcacOktQKEqCnpYCD2jwTHge0DlICKdwrM
5oNwt3WhHjnwHL9tOWOYbkkpJUVQgd8KY83gJFvSctwAmp1KT/SPfUEpjVlLHocy
iTRUvutvKYdm2PL+vu8cfMWYNxknoEA9msYFNUJpg20BmTZWWXoK1gkydeJ/bEBj
DeG4jjFUo//AEX0TkMbbyEVNhqC4yvlqOxcp/SplLk+qSJ5CzCGM7oGwhiPxrGc0
hzMZj3APgwcml5FX9GdLaffeBnbPvqdwl34jq48U7059
-----END CERTIFICATE-----