Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/z6IgVo5jVeEMm3toFh7t_3Rtbsc.roa
File:                     z6IgVo5jVeEMm3toFh7t_3Rtbsc.roa (raw, json)
Hash identifier:          ATWijIObf0mXu80VOBwQcm83szkTD+Nptf8bEAtPC1U=
Subject key identifier:   CF:A2:20:56:8E:63:55:E1:0C:9B:7B:68:16:1E:ED:FF:74:6D:6E:C7
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       01927FBFD774D602FBCDB23BC84299E45DF8
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/z6IgVo5jVeEMm3toFh7t_3Rtbsc.roa
Signing time:             Sat 12 Oct 2024 08:02:11 +0000
ROA not before:           Sat 12 Oct 2024 08:02:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61138
IP address blocks:        91.108.84.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7f:bf:d7:74:d6:02:fb:cd:b2:3b:c8:42:99:e4:5d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Oct 12 08:02:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfa220568e6355e10c9b7b68161eedff746d6ec7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:1e:65:d1:64:15:dd:f7:7f:78:b6:df:83:0e:
                    0b:70:cc:9d:2a:e3:71:f8:6b:c4:c0:8d:7b:77:f2:
                    cd:4a:2f:43:bb:1f:70:8b:7f:0f:f4:52:86:fc:93:
                    a3:c3:bd:a7:c3:09:a6:f8:b5:0d:05:64:66:4a:40:
                    3d:e6:09:5c:45:a9:08:70:d3:d2:79:6b:c5:99:2a:
                    d6:6a:d3:8e:a7:e2:7f:bb:18:6a:4b:ee:9d:fa:cc:
                    53:3d:f2:94:19:c2:6f:ec:7d:99:04:1f:9f:14:35:
                    32:2e:03:d5:b3:49:39:7f:4d:d8:1a:89:27:56:ce:
                    08:47:2d:ab:d9:0d:57:e7:55:c6:cb:4e:fd:4a:e3:
                    23:2f:eb:ec:99:b7:cf:15:15:cf:57:02:1e:90:27:
                    31:d7:d7:5b:51:d6:9b:7e:d3:ff:b9:7f:30:28:f0:
                    ff:ab:54:91:c5:99:61:45:39:a6:0d:21:d0:9a:ad:
                    54:88:40:80:8f:42:5b:ea:3e:04:ef:dc:c8:62:81:
                    c9:1b:a1:14:52:fd:85:3e:92:54:4b:69:c9:5c:21:
                    3c:89:7a:82:8f:44:35:e9:56:2a:f9:da:31:ec:a3:
                    a4:24:a0:80:1c:9c:4d:14:86:88:b7:82:d4:67:c4:
                    82:1e:5f:dc:9f:4c:b1:86:c4:cd:da:fd:2f:91:63:
                    1f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:A2:20:56:8E:63:55:E1:0C:9B:7B:68:16:1E:ED:FF:74:6D:6E:C7
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/z6IgVo5jVeEMm3toFh7t_3Rtbsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:08:95:18:c8:a7:67:a7:df:1b:42:37:58:74:62:49:91:03:
         1e:f1:af:0f:68:e8:4a:24:3f:66:fb:90:53:54:f1:81:f1:db:
         55:51:49:6e:cf:e0:06:d9:38:e0:ae:ee:de:6d:f3:f6:22:87:
         89:24:b3:e1:72:c4:c7:8f:0a:2a:f5:c4:17:c5:c9:47:3c:b6:
         9f:1e:9b:1b:db:66:18:79:a9:9e:32:68:70:fa:52:90:0e:e9:
         2b:8b:44:1e:20:a4:ce:b9:d5:d0:f1:98:7d:3f:14:9e:25:f8:
         b4:2d:0e:01:42:73:4d:e7:2a:49:3c:73:07:51:45:5f:aa:df:
         25:c1:39:80:2f:7c:63:b2:b8:e2:5b:38:05:81:59:8e:86:18:
         a7:c8:27:f6:a2:3f:80:70:21:f6:e2:b7:5f:90:12:cb:3a:24:
         f6:2e:05:1d:06:c9:96:06:4c:3c:da:28:7f:91:92:15:8a:02:
         b6:e0:52:00:4d:45:79:ff:b6:fd:e5:fb:3f:7a:78:ed:24:51:
         fe:27:b8:aa:0b:7a:8b:a3:93:ef:cd:3b:94:c4:2c:40:62:bc:
         cb:47:71:8a:24:3d:b2:3b:e6:e3:19:14:60:0b:7f:cc:70:80:
         4a:4f:d0:24:0b:85:32:6e:42:27:6d:45:54:72:61:c7:0e:f1:
         be:c6:85:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ/v9d01gL7zbI7yEKZ5F34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjQxMDEyMDgwMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmEyMjA1NjhlNjM1NWUxMGM5YjdiNjgxNjFlZWRmZjc0NmQ2ZWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4R5l0WQV3fd/eLbfgw4LcMydKuNx
+GvEwI17d/LNSi9Dux9wi38P9FKG/JOjw72nwwmm+LUNBWRmSkA95glcRakIcNPS
eWvFmSrWatOOp+J/uxhqS+6d+sxTPfKUGcJv7H2ZBB+fFDUyLgPVs0k5f03YGokn
Vs4IRy2r2Q1X51XGy079SuMjL+vsmbfPFRXPVwIekCcx19dbUdabftP/uX8wKPD/
q1SRxZlhRTmmDSHQmq1UiECAj0Jb6j4E79zIYoHJG6EUUv2FPpJUS2nJXCE8iXqC
j0Q16VYq+dox7KOkJKCAHJxNFIaIt4LUZ8SCHl/cn0yxhsTN2v0vkWMfpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+iIFaOY1XhDJt7aBYe7f90bW7HMB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvejZJZ1ZvNWpWZUVNbTN0b0ZoN3RfM1J0YnNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW2xUMA0G
CSqGSIb3DQEBCwUAA4IBAQBBCJUYyKdnp98bQjdYdGJJkQMe8a8PaOhKJD9m+5BT
VPGB8dtVUUluz+AG2Tjgru7ebfP2IoeJJLPhcsTHjwoq9cQXxclHPLafHpsb22YY
eameMmhw+lKQDukri0QeIKTOudXQ8Zh9PxSeJfi0LQ4BQnNN5ypJPHMHUUVfqt8l
wTmAL3xjsrjiWzgFgVmOhhinyCf2oj+AcCH24rdfkBLLOiT2LgUdBsmWBkw82ih/
kZIVigK24FIATUV5/7b95fs/enjtJFH+J7iqC3qLo5PvzTuUxCxAYrzLR3GKJD2y
O+bjGRRgC3/McIBKT9AkC4UybkInbUVUcmHHDvG+xoXM
-----END CERTIFICATE-----