Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/ZGgv_fkjMY_6FLQ_CkVQ6F-09xA.roa
File:                     ZGgv_fkjMY_6FLQ_CkVQ6F-09xA.roa (raw, json)
Hash identifier:          DmazKwFDSjpRVnc6VPSmdUq73W8v7cO+mPv+y2OaUKs=
Subject key identifier:   64:68:2F:FD:F9:23:31:8F:FA:14:B4:3F:0A:45:50:E8:5F:B4:F7:10
Certificate issuer:       /CN=7af1a7bf74285db2e82091fbf463a2eef6e3a578
Certificate serial:       01920F3118A9AC0DB82852ACD01860D2CF45
Authority key identifier: 7A:F1:A7:BF:74:28:5D:B2:E8:20:91:FB:F4:63:A2:EE:F6:E3:A5:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evGnv3QoXbLoIJH79GOi7vbjpXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/ZGgv_fkjMY_6FLQ_CkVQ6F-09xA.roa
Signing time:             Fri 20 Sep 2024 11:28:48 +0000
ROA not before:           Fri 20 Sep 2024 11:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        91.90.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/evGnv3QoXbLoIJH79GOi7vbjpXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/evGnv3QoXbLoIJH79GOi7vbjpXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evGnv3QoXbLoIJH79GOi7vbjpXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0f:31:18:a9:ac:0d:b8:28:52:ac:d0:18:60:d2:cf:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7af1a7bf74285db2e82091fbf463a2eef6e3a578
        Validity
            Not Before: Sep 20 11:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64682ffdf923318ffa14b43f0a4550e85fb4f710
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:99:c0:5e:a5:94:3c:31:44:39:83:cd:84:f2:
                    fe:0d:b7:3d:a7:45:12:2a:18:75:da:d6:60:db:e0:
                    ab:29:82:20:20:96:ac:48:66:fb:a9:4d:0e:18:94:
                    e5:b6:5c:d1:ca:f3:26:f0:d0:8b:10:3c:5c:b4:fa:
                    1f:7b:90:22:37:24:4c:ba:4c:e2:5f:5a:56:a8:0f:
                    78:d1:0a:96:c5:5d:2b:6d:8c:ae:96:03:4f:36:b9:
                    6a:0b:cc:e0:a7:e7:78:95:fc:cd:f7:88:9b:27:46:
                    87:20:20:2a:74:c1:d1:c6:d2:ad:72:30:be:0b:f3:
                    4e:ae:66:9e:c5:33:08:9a:6b:8c:9f:c4:ab:3d:27:
                    91:a3:bd:2b:3d:3d:9a:12:1d:df:38:24:52:6b:49:
                    cd:dd:fe:78:46:e4:4c:92:6e:7a:4f:2e:8c:d3:41:
                    af:c1:3a:37:6e:1a:23:1d:5f:8b:67:c5:87:34:83:
                    b0:84:d5:00:e7:c5:de:f5:e4:97:cc:8f:0a:9e:25:
                    38:d5:10:7b:23:5f:44:41:3e:fa:ae:1d:56:0c:e9:
                    b3:4b:d0:f3:9a:a4:4c:d5:4c:6e:d2:d2:f3:8c:b7:
                    f7:30:e8:31:37:be:d1:ef:89:2c:3c:84:a2:3d:41:
                    5b:7a:ae:3f:2d:5c:a0:0e:f5:a7:3f:c8:e3:d0:4e:
                    f4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:68:2F:FD:F9:23:31:8F:FA:14:B4:3F:0A:45:50:E8:5F:B4:F7:10
            X509v3 Authority Key Identifier:
                keyid:7A:F1:A7:BF:74:28:5D:B2:E8:20:91:FB:F4:63:A2:EE:F6:E3:A5:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evGnv3QoXbLoIJH79GOi7vbjpXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/ZGgv_fkjMY_6FLQ_CkVQ6F-09xA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/evGnv3QoXbLoIJH79GOi7vbjpXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.90.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:5a:ac:7f:65:92:3e:76:1d:4d:96:86:6a:14:bb:ec:ed:17:
         9e:4c:4b:a1:9d:dd:8b:c6:bc:8d:0f:e3:72:30:04:8b:c2:01:
         61:b8:4c:37:f7:4a:e5:6f:00:b9:85:3a:82:1b:42:f6:1d:95:
         27:16:25:a2:02:48:7f:ad:04:f7:cb:6e:4e:5d:73:11:7b:cc:
         a0:5d:42:53:d2:26:8f:98:9b:3f:77:bd:39:1b:dc:83:41:7c:
         a7:4b:79:cf:08:45:75:6e:c7:61:f8:80:b0:1f:97:af:b4:d6:
         1a:f7:59:f8:e1:70:43:97:90:14:24:cc:4b:35:03:24:a6:95:
         b5:32:68:8b:ba:85:02:01:4d:a9:48:50:4e:54:2f:41:81:bf:
         96:0d:09:9d:7f:36:b4:c9:4d:42:f8:0e:3d:8b:df:bd:27:ad:
         98:67:ce:38:bc:50:31:fd:3d:e6:a3:04:9b:b4:cc:76:ee:c8:
         ae:d3:7d:cb:d4:53:08:73:33:c9:0e:3c:b0:9b:93:c3:22:c4:
         13:4c:a7:e1:ba:a8:0d:3d:47:aa:2e:d9:8b:fd:d6:65:a8:02:
         27:35:7c:aa:18:e0:36:8c:b5:f4:7b:e3:c0:3f:a8:41:d5:59:
         37:0a:c8:65:57:f6:7c:26:17:3d:f2:4d:b8:7f:bb:7c:48:c4:
         0a:7c:cc:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIPMRiprA24KFKs0Bhg0s9FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZjFhN2JmNzQyODVkYjJlODIwOTFmYmY0NjNhMmVlZjZl
M2E1NzgwHhcNMjQwOTIwMTEyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDY4MmZmZGY5MjMzMThmZmExNGI0M2YwYTQ1NTBlODVmYjRmNzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJnAXqWUPDFEOYPNhPL+Dbc9p0US
Khh12tZg2+CrKYIgIJasSGb7qU0OGJTltlzRyvMm8NCLEDxctPofe5AiNyRMukzi
X1pWqA940QqWxV0rbYyulgNPNrlqC8zgp+d4lfzN94ibJ0aHICAqdMHRxtKtcjC+
C/NOrmaexTMImmuMn8SrPSeRo70rPT2aEh3fOCRSa0nN3f54RuRMkm56Ty6M00Gv
wTo3bhojHV+LZ8WHNIOwhNUA58Xe9eSXzI8KniU41RB7I19EQT76rh1WDOmzS9Dz
mqRM1Uxu0tLzjLf3MOgxN77R74ksPISiPUFbeq4/LVygDvWnP8jj0E70jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRoL/35IzGP+hS0PwpFUOhftPcQMB8GA1UdIwQY
MBaAFHrxp790KF2y6CCR+/Rjou7246V4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZHbnYzUW9YYkxvSUpINzlHT2k3dmJqcFhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8wNTg0MzUtYTFjNi00NDM2LTk1YTIt
YjcxMTRiNjlmODRjLzEvWkdndl9ma2pNWV82RkxRX0NrVlE2Ri0wOXhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8wNTg0MzUtYTFjNi00NDM2LTk1YTItYjcxMTRiNjlmODRj
LzEvZXZHbnYzUW9YYkxvSUpINzlHT2k3dmJqcFhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1qhMA0G
CSqGSIb3DQEBCwUAA4IBAQBSWqx/ZZI+dh1NloZqFLvs7ReeTEuhnd2LxryND+Ny
MASLwgFhuEw390rlbwC5hTqCG0L2HZUnFiWiAkh/rQT3y25OXXMRe8ygXUJT0iaP
mJs/d705G9yDQXynS3nPCEV1bsdh+ICwH5evtNYa91n44XBDl5AUJMxLNQMkppW1
MmiLuoUCAU2pSFBOVC9Bgb+WDQmdfza0yU1C+A49i9+9J62YZ844vFAx/T3mowSb
tMx27siu033L1FMIczPJDjywm5PDIsQTTKfhuqgNPUeqLtmL/dZlqAInNXyqGOA2
jLX0e+PAP6hB1Vk3CshlV/Z8Jhc98k24f7t8SMQKfMz2
-----END CERTIFICATE-----