Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/dECZFLwlxs8WZAJMtp5t4kI7_Fk.roa
File:                     dECZFLwlxs8WZAJMtp5t4kI7_Fk.roa (raw, json)
Hash identifier:          vPgsxCNQHz18eH1pQnzT4MKxAQ3Pds4WePQB6M/u77U=
Subject key identifier:   74:40:99:14:BC:25:C6:CF:16:64:02:4C:B6:9E:6D:E2:42:3B:FC:59
Certificate issuer:       /CN=c84758053a0c4c6d5e003f3c869a89e4f2a9e177
Certificate serial:       018CC56ED05E4B23348CD1B6B2E538D73877
Authority key identifier: C8:47:58:05:3A:0C:4C:6D:5E:00:3F:3C:86:9A:89:E4:F2:A9:E1:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yEdYBToMTG1eAD88hpqJ5PKp4Xc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/dECZFLwlxs8WZAJMtp5t4kI7_Fk.roa
Signing time:             Mon 01 Jan 2024 14:30:22 +0000
ROA not before:           Mon 01 Jan 2024 14:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43040
IP address blocks:        91.194.44.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/yEdYBToMTG1eAD88hpqJ5PKp4Xc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/yEdYBToMTG1eAD88hpqJ5PKp4Xc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yEdYBToMTG1eAD88hpqJ5PKp4Xc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d0:5e:4b:23:34:8c:d1:b6:b2:e5:38:d7:38:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84758053a0c4c6d5e003f3c869a89e4f2a9e177
        Validity
            Not Before: Jan  1 14:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74409914bc25c6cf1664024cb69e6de2423bfc59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a0:e1:ca:67:0d:6b:98:0d:c2:a3:74:ee:05:
                    5e:12:d2:0a:93:87:d0:ba:c0:a6:ea:79:a1:a0:be:
                    fe:ef:76:50:1b:17:f3:06:a3:67:9a:46:e9:01:d5:
                    ae:d9:8f:60:94:c0:e4:4a:c3:37:1d:d7:4b:b8:c3:
                    52:f7:3a:ab:08:12:06:e9:63:8a:2c:a2:91:b8:1a:
                    f3:8b:d9:fd:ba:9d:b0:f8:d3:3a:23:64:e6:9f:9c:
                    fd:ed:7c:de:f4:89:b1:8e:da:0a:be:d4:e3:ef:22:
                    a6:74:b2:88:c1:b4:4d:34:20:17:10:b1:f6:ca:f7:
                    4a:2b:b3:ce:9b:76:5f:b3:9f:89:7c:ef:44:ee:d5:
                    1c:be:c9:63:f4:ff:d1:e6:3e:a3:0c:8c:a7:b6:39:
                    1b:54:6c:15:4a:7b:dc:00:9a:95:62:34:be:af:d7:
                    52:c8:18:5d:48:6c:a4:07:03:29:db:bc:c7:5b:01:
                    ff:6e:dd:69:e5:4f:1a:4c:62:d4:65:9b:bd:75:97:
                    9d:dd:77:06:42:5f:a0:fb:b2:58:1d:d7:12:10:75:
                    6c:77:2c:73:f6:1e:15:cd:73:a2:9a:10:58:13:d1:
                    d9:54:b6:2e:d6:80:86:44:1c:f5:23:5b:dd:cb:4d:
                    4d:0e:59:35:07:88:09:87:8f:7f:9c:28:38:e5:51:
                    d4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:40:99:14:BC:25:C6:CF:16:64:02:4C:B6:9E:6D:E2:42:3B:FC:59
            X509v3 Authority Key Identifier:
                keyid:C8:47:58:05:3A:0C:4C:6D:5E:00:3F:3C:86:9A:89:E4:F2:A9:E1:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yEdYBToMTG1eAD88hpqJ5PKp4Xc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/dECZFLwlxs8WZAJMtp5t4kI7_Fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/yEdYBToMTG1eAD88hpqJ5PKp4Xc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:8f:4c:68:50:3d:eb:45:7b:ae:f5:48:08:2a:36:d3:19:c9:
         a3:09:b9:ac:9a:98:34:d4:8e:fd:c1:b9:1a:63:24:d0:7f:dc:
         3b:71:43:00:10:1f:c4:f0:12:99:a6:ff:25:d1:e0:53:29:8a:
         7a:b5:61:78:6e:db:1e:c7:79:20:3c:38:9d:fb:2b:57:42:96:
         2e:c0:2f:13:f9:49:86:c1:05:13:0f:2a:c0:c2:9e:5f:5f:6c:
         05:8c:4e:3a:e5:3d:f1:e0:60:da:83:e1:e5:bc:fe:86:5e:8a:
         93:80:c1:cd:bb:71:c2:4b:7f:fe:93:7e:6c:47:ed:48:d5:76:
         4a:dd:ec:2c:51:b2:86:b4:30:d5:a3:5e:3e:8b:1e:c8:ad:de:
         6e:03:ee:d7:76:da:e0:73:8a:b1:bf:ab:2c:0b:7f:58:b4:8c:
         75:0a:fb:a8:d4:7f:87:d8:fa:0d:ed:36:4d:bd:96:9b:86:9a:
         9a:b4:2b:a9:96:ea:06:03:91:3c:f5:82:77:ee:10:be:8a:a1:
         60:d1:0d:ae:86:63:ee:d2:f6:b8:e5:d5:89:85:03:e1:9b:ed:
         d4:b5:6d:9f:64:3c:99:c9:8c:59:b0:88:26:2f:07:7d:ba:3d:
         71:39:5a:88:d5:88:6f:d1:f8:2a:b3:0e:d7:8f:28:ee:e2:9a:
         dd:1d:31:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtBeSyM0jNG2suU41zh3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NDc1ODA1M2EwYzRjNmQ1ZTAwM2YzYzg2OWE4OWU0ZjJh
OWUxNzcwHhcNMjQwMTAxMTQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDQwOTkxNGJjMjVjNmNmMTY2NDAyNGNiNjllNmRlMjQyM2JmYzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6DhymcNa5gNwqN07gVeEtIKk4fQ
usCm6nmhoL7+73ZQGxfzBqNnmkbpAdWu2Y9glMDkSsM3HddLuMNS9zqrCBIG6WOK
LKKRuBrzi9n9up2w+NM6I2Tmn5z97Xze9ImxjtoKvtTj7yKmdLKIwbRNNCAXELH2
yvdKK7POm3Zfs5+JfO9E7tUcvslj9P/R5j6jDIyntjkbVGwVSnvcAJqVYjS+r9dS
yBhdSGykBwMp27zHWwH/bt1p5U8aTGLUZZu9dZed3XcGQl+g+7JYHdcSEHVsdyxz
9h4VzXOimhBYE9HZVLYu1oCGRBz1I1vdy01NDlk1B4gJh49/nCg45VHUgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRAmRS8JcbPFmQCTLaebeJCO/xZMB8GA1UdIwQY
MBaAFMhHWAU6DExtXgA/PIaaieTyqeF3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUVkWUJUb01URzFlQUQ4OGhwcUo1UEtwNFhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9mMDhkOWMtNWNhOS00ZTUzLTk3ZTMt
OWFmMmNiNWRjY2YzLzEvZEVDWkZMd2x4czhXWkFKTXRwNXQ0a0k3X0ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9mMDhkOWMtNWNhOS00ZTUzLTk3ZTMtOWFmMmNiNWRjY2Yz
LzEveUVkWUJUb01URzFlQUQ4OGhwcUo1UEtwNFhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8IsMA0G
CSqGSIb3DQEBCwUAA4IBAQBMj0xoUD3rRXuu9UgIKjbTGcmjCbmsmpg01I79wbka
YyTQf9w7cUMAEB/E8BKZpv8l0eBTKYp6tWF4btsex3kgPDid+ytXQpYuwC8T+UmG
wQUTDyrAwp5fX2wFjE465T3x4GDag+HlvP6GXoqTgMHNu3HCS3/+k35sR+1I1XZK
3ewsUbKGtDDVo14+ix7Ird5uA+7Xdtrgc4qxv6ssC39YtIx1Cvuo1H+H2PoN7TZN
vZabhpqatCupluoGA5E89YJ37hC+iqFg0Q2uhmPu0va45dWJhQPhm+3UtW2fZDyZ
yYxZsIgmLwd9uj1xOVqI1Yhv0fgqsw7Xjyju4prdHTEQ
-----END CERTIFICATE-----