Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/ee6fd0-2792-49c4-b2d2-1714223b949e/1/1RoA426X5sTVF2X7zHjBvibaJKE.roa
File:                     1RoA426X5sTVF2X7zHjBvibaJKE.roa (raw, json)
Hash identifier:          ZA2zpF05BxMDUkvGDpFi2Dt5h4zc5tX17PxdutZuMhI=
Subject key identifier:   D5:1A:00:E3:6E:97:E6:C4:D5:17:65:FB:CC:78:C1:BE:26:DA:24:A1
Certificate issuer:       /CN=a35309368a8ad13bb08264497fc2e43151e6d5a6
Certificate serial:       018EC21C194215703FB8A7B2024311CD7354
Authority key identifier: A3:53:09:36:8A:8A:D1:3B:B0:82:64:49:7F:C2:E4:31:51:E6:D5:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o1MJNoqK0TuwgmRJf8LkMVHm1aY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/ee6fd0-2792-49c4-b2d2-1714223b949e/1/1RoA426X5sTVF2X7zHjBvibaJKE.roa
Signing time:             Tue 09 Apr 2024 09:06:45 +0000
ROA not before:           Tue 09 Apr 2024 09:06:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47827
IP address blocks:        91.206.222.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/ee6fd0-2792-49c4-b2d2-1714223b949e/1/o1MJNoqK0TuwgmRJf8LkMVHm1aY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/ee6fd0-2792-49c4-b2d2-1714223b949e/1/o1MJNoqK0TuwgmRJf8LkMVHm1aY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o1MJNoqK0TuwgmRJf8LkMVHm1aY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 15:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c2:1c:19:42:15:70:3f:b8:a7:b2:02:43:11:cd:73:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a35309368a8ad13bb08264497fc2e43151e6d5a6
        Validity
            Not Before: Apr  9 09:06:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d51a00e36e97e6c4d51765fbcc78c1be26da24a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8f:6c:36:75:45:76:e3:a6:c5:fe:83:cf:ff:
                    d9:c1:7b:78:7f:be:84:e9:c2:00:59:40:6a:72:20:
                    36:48:32:74:c1:59:54:87:49:82:b3:f8:d8:20:c5:
                    b7:20:0d:3f:78:ad:17:48:7a:98:4c:31:08:1a:85:
                    b9:28:f4:e3:25:d9:f2:1d:b1:48:fb:a7:04:ad:5b:
                    dc:c6:4a:65:d6:13:43:1e:b7:07:b5:81:73:7a:cf:
                    dc:33:05:eb:a4:d6:d7:7f:99:f2:b9:8f:52:39:c2:
                    95:4c:e8:70:b8:8b:ca:46:9c:b7:78:3a:9a:f6:fa:
                    a4:e5:9f:0f:c9:88:e9:be:9e:fc:a6:74:8d:bf:90:
                    14:1c:b4:5c:68:9a:b1:31:91:58:c3:cd:64:d0:82:
                    24:89:1c:79:00:bd:a3:d6:b8:9b:f4:d4:50:55:e7:
                    25:c9:e6:95:2d:32:ad:6e:96:ac:e3:b1:59:cc:69:
                    c8:9c:0a:28:c9:d3:6f:de:79:bb:2c:4d:a6:14:63:
                    34:e7:df:fc:e5:4b:50:2f:07:02:19:7e:5e:bf:2d:
                    c5:f2:57:10:5d:98:00:e9:c3:03:26:ef:08:d6:dd:
                    1d:02:ca:bd:12:41:11:02:86:25:3d:e4:2f:68:13:
                    1b:9c:05:81:dc:72:24:8c:71:54:89:16:c7:20:10:
                    cf:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:1A:00:E3:6E:97:E6:C4:D5:17:65:FB:CC:78:C1:BE:26:DA:24:A1
            X509v3 Authority Key Identifier:
                keyid:A3:53:09:36:8A:8A:D1:3B:B0:82:64:49:7F:C2:E4:31:51:E6:D5:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o1MJNoqK0TuwgmRJf8LkMVHm1aY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/ee6fd0-2792-49c4-b2d2-1714223b949e/1/1RoA426X5sTVF2X7zHjBvibaJKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/ee6fd0-2792-49c4-b2d2-1714223b949e/1/o1MJNoqK0TuwgmRJf8LkMVHm1aY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:55:93:d9:d2:1b:8c:97:82:a1:79:e7:bb:b2:0b:22:b8:aa:
         40:06:40:e1:b3:7e:b2:7b:06:38:55:e4:bc:e2:2a:07:e2:d7:
         22:d7:43:2f:a9:3e:47:ed:e5:27:03:e5:15:ed:74:50:d2:67:
         64:53:e5:b2:e5:75:4b:95:50:f5:f3:2b:ea:b4:ad:b6:5e:79:
         44:fa:06:82:bb:ea:d2:d5:00:f4:c3:7e:8f:76:35:e8:aa:74:
         01:1e:b6:2e:b6:05:c4:d7:ce:f1:89:d9:f3:07:be:35:83:b2:
         e0:c4:75:18:47:db:16:07:1e:95:5e:a9:96:05:eb:6b:9e:ef:
         13:61:39:bd:6c:c0:9c:ed:a7:ea:ec:50:e5:2e:bc:63:bd:44:
         ca:53:d2:0e:a6:47:70:95:72:64:24:ea:bc:a9:3f:14:f4:06:
         b7:02:c2:52:29:67:e6:82:c1:f2:45:5b:8c:6a:1e:64:56:e8:
         7c:19:06:16:05:7a:8d:72:81:82:b7:28:71:8b:1a:e2:45:55:
         17:34:1b:4b:2d:1d:d2:c1:c7:97:99:c5:2d:dc:7c:80:a3:28:
         33:2a:79:a5:60:3a:7d:54:5c:dd:dc:6b:e3:9f:95:a4:a5:9a:
         26:d6:8b:ef:e2:88:b2:12:31:b3:b6:a3:86:e6:17:97:eb:1e:
         e2:0b:e0:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7CHBlCFXA/uKeyAkMRzXNUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNTMwOTM2OGE4YWQxM2JiMDgyNjQ0OTdmYzJlNDMxNTFl
NmQ1YTYwHhcNMjQwNDA5MDkwNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTFhMDBlMzZlOTdlNmM0ZDUxNzY1ZmJjYzc4YzFiZTI2ZGEyNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi49sNnVFduOmxf6Dz//ZwXt4f76E
6cIAWUBqciA2SDJ0wVlUh0mCs/jYIMW3IA0/eK0XSHqYTDEIGoW5KPTjJdnyHbFI
+6cErVvcxkpl1hNDHrcHtYFzes/cMwXrpNbXf5nyuY9SOcKVTOhwuIvKRpy3eDqa
9vqk5Z8PyYjpvp78pnSNv5AUHLRcaJqxMZFYw81k0IIkiRx5AL2j1rib9NRQVecl
yeaVLTKtbpas47FZzGnInAooydNv3nm7LE2mFGM059/85UtQLwcCGX5evy3F8lcQ
XZgA6cMDJu8I1t0dAsq9EkERAoYlPeQvaBMbnAWB3HIkjHFUiRbHIBDPjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUaAONul+bE1Rdl+8x4wb4m2iShMB8GA1UdIwQY
MBaAFKNTCTaKitE7sIJkSX/C5DFR5tWmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzFNSk5vcUswVHV3Z21SSmY4TGtNVkhtMWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9lZTZmZDAtMjc5Mi00OWM0LWIyZDIt
MTcxNDIyM2I5NDllLzEvMVJvQTQyNlg1c1RWRjJYN3pIakJ2aWJhSktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9lZTZmZDAtMjc5Mi00OWM0LWIyZDItMTcxNDIyM2I5NDll
LzEvbzFNSk5vcUswVHV3Z21SSmY4TGtNVkhtMWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW87eMA0G
CSqGSIb3DQEBCwUAA4IBAQClVZPZ0huMl4Kheee7sgsiuKpABkDhs36yewY4VeS8
4ioH4tci10MvqT5H7eUnA+UV7XRQ0mdkU+Wy5XVLlVD18yvqtK22XnlE+gaCu+rS
1QD0w36PdjXoqnQBHrYutgXE187xidnzB741g7LgxHUYR9sWBx6VXqmWBetrnu8T
YTm9bMCc7afq7FDlLrxjvUTKU9IOpkdwlXJkJOq8qT8U9Aa3AsJSKWfmgsHyRVuM
ah5kVuh8GQYWBXqNcoGCtyhxixriRVUXNBtLLR3SwceXmcUt3HyAoygzKnmlYDp9
VFzd3Gvjn5WkpZom1ovv4oiyEjGztqOG5heX6x7iC+Cy
-----END CERTIFICATE-----