Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/0d903f-1831-4d03-aab4-81af7c657e05/1/JxRLeDXWIQEVsvn6kXjvEX65gkQ.roa
File:                     JxRLeDXWIQEVsvn6kXjvEX65gkQ.roa (raw, json)
Hash identifier:          uRRLz6emT2cimBaPjSAggiBUt2m4Qx4negjpI2BOcnI=
Subject key identifier:   27:14:4B:78:35:D6:21:01:15:B2:F9:FA:91:78:EF:11:7E:B9:82:44
Certificate issuer:       /CN=d123b8d462134667ec6a9d1e154e5c7f0596662c
Certificate serial:       018CC94BF864396F86A35CA73BF18107A7C9
Authority key identifier: D1:23:B8:D4:62:13:46:67:EC:6A:9D:1E:15:4E:5C:7F:05:96:66:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0SO41GITRmfsap0eFU5cfwWWZiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/0d903f-1831-4d03-aab4-81af7c657e05/1/JxRLeDXWIQEVsvn6kXjvEX65gkQ.roa
Signing time:             Tue 02 Jan 2024 08:30:48 +0000
ROA not before:           Tue 02 Jan 2024 08:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13094
IP address blocks:        91.221.180.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/0d903f-1831-4d03-aab4-81af7c657e05/1/0SO41GITRmfsap0eFU5cfwWWZiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/0d903f-1831-4d03-aab4-81af7c657e05/1/0SO41GITRmfsap0eFU5cfwWWZiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0SO41GITRmfsap0eFU5cfwWWZiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:f8:64:39:6f:86:a3:5c:a7:3b:f1:81:07:a7:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d123b8d462134667ec6a9d1e154e5c7f0596662c
        Validity
            Not Before: Jan  2 08:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27144b7835d6210115b2f9fa9178ef117eb98244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:29:bf:5a:81:76:de:82:d7:53:85:14:fd:5f:
                    67:d6:9d:e8:34:66:8b:e5:df:69:69:4e:1d:39:33:
                    ea:59:eb:34:ca:33:11:64:b9:9f:c7:6a:33:1d:0d:
                    01:1b:36:74:a4:ba:cc:1d:49:47:c1:aa:83:16:3d:
                    5c:61:d6:58:3b:ed:07:d8:c1:3f:0e:ce:2b:6b:b4:
                    3a:db:92:77:74:9d:2e:79:4a:f2:e4:81:f5:19:1e:
                    7e:f8:5a:32:60:17:5d:03:69:c3:09:29:f2:05:ce:
                    cc:72:87:65:b7:0f:f5:97:d2:6c:20:d8:ec:39:84:
                    8d:19:4c:a6:bd:e8:37:f1:f4:d3:82:c6:e2:8e:60:
                    bf:58:7c:0f:c2:82:66:2b:3b:46:90:f5:cd:73:79:
                    e5:57:2e:4d:a5:14:ee:40:c8:fd:11:27:2d:03:41:
                    33:82:2a:4b:c2:50:95:32:fc:40:73:23:a0:20:61:
                    13:8e:f2:3b:75:d8:23:09:82:a8:1a:e3:22:32:5e:
                    26:fd:5a:65:ef:9a:0f:3d:5a:69:c8:95:bc:a5:87:
                    f3:98:c1:cb:57:fa:f8:2f:bf:0d:83:a0:63:6a:8a:
                    b1:28:e8:0e:2e:03:86:1c:96:9f:da:24:e4:61:53:
                    ce:99:25:ea:3a:cf:4e:89:f3:67:21:46:30:2b:a8:
                    5b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:14:4B:78:35:D6:21:01:15:B2:F9:FA:91:78:EF:11:7E:B9:82:44
            X509v3 Authority Key Identifier:
                keyid:D1:23:B8:D4:62:13:46:67:EC:6A:9D:1E:15:4E:5C:7F:05:96:66:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0SO41GITRmfsap0eFU5cfwWWZiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0d903f-1831-4d03-aab4-81af7c657e05/1/JxRLeDXWIQEVsvn6kXjvEX65gkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0d903f-1831-4d03-aab4-81af7c657e05/1/0SO41GITRmfsap0eFU5cfwWWZiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:cc:e5:bc:2e:6b:7c:0d:88:d3:9d:26:06:0e:c5:58:31:df:
         18:53:b6:e1:45:fd:d7:54:c1:26:7e:c8:11:14:0c:7a:1b:6a:
         14:33:f6:47:b4:24:d4:fa:47:89:cb:b9:e9:6d:3e:6b:02:e1:
         62:e2:f3:86:70:4c:02:ae:56:45:8d:73:0f:7b:a0:65:70:a2:
         f3:85:31:e3:9f:db:c7:e0:60:92:69:29:ee:db:85:fe:91:66:
         f7:e8:bc:66:b3:e8:3c:ac:01:3c:65:2c:f9:b7:1b:2d:8e:86:
         7c:b1:08:9e:ca:24:a3:73:a0:40:70:2f:cb:75:13:39:3b:b9:
         6e:e4:8a:63:a0:1d:e8:8c:b3:02:bd:d3:10:3c:e6:91:0f:25:
         08:95:56:9f:53:69:92:6a:a6:e9:43:83:3d:c9:96:1d:5d:cd:
         43:48:fc:77:cc:3e:3a:e8:77:93:fe:d6:93:3f:a4:8e:8c:97:
         3c:64:da:9a:1d:fe:77:f0:12:6d:00:98:d6:69:34:59:d2:12:
         13:00:33:a3:55:81:1f:cd:18:70:6c:ab:b4:20:30:18:da:bf:
         53:5e:6e:bf:1a:35:65:ff:54:16:ae:7a:ca:52:1b:59:d6:fb:
         2f:88:27:52:4a:87:92:a5:86:29:7a:ca:68:ea:16:2f:c6:90:
         2e:4b:3b:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS/hkOW+Go1ynO/GBB6fJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMjNiOGQ0NjIxMzQ2NjdlYzZhOWQxZTE1NGU1YzdmMDU5
NjY2MmMwHhcNMjQwMTAyMDgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzE0NGI3ODM1ZDYyMTAxMTViMmY5ZmE5MTc4ZWYxMTdlYjk4MjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Cm/WoF23oLXU4UU/V9n1p3oNGaL
5d9paU4dOTPqWes0yjMRZLmfx2ozHQ0BGzZ0pLrMHUlHwaqDFj1cYdZYO+0H2ME/
Ds4ra7Q625J3dJ0ueUry5IH1GR5++FoyYBddA2nDCSnyBc7Mcodltw/1l9JsINjs
OYSNGUymveg38fTTgsbijmC/WHwPwoJmKztGkPXNc3nlVy5NpRTuQMj9ESctA0Ez
gipLwlCVMvxAcyOgIGETjvI7ddgjCYKoGuMiMl4m/Vpl75oPPVppyJW8pYfzmMHL
V/r4L78Ng6BjaoqxKOgOLgOGHJaf2iTkYVPOmSXqOs9OifNnIUYwK6hb0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcUS3g11iEBFbL5+pF47xF+uYJEMB8GA1UdIwQY
MBaAFNEjuNRiE0Zn7GqdHhVOXH8FlmYsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFNPNDFHSVRSbWZzYXAwZUZVNWNmd1dXWml3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8wZDkwM2YtMTgzMS00ZDAzLWFhYjQt
ODFhZjdjNjU3ZTA1LzEvSnhSTGVEWFdJUUVWc3ZuNmtYanZFWDY1Z2tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8wZDkwM2YtMTgzMS00ZDAzLWFhYjQtODFhZjdjNjU3ZTA1
LzEvMFNPNDFHSVRSbWZzYXAwZUZVNWNmd1dXWml3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW920MA0G
CSqGSIb3DQEBCwUAA4IBAQCNzOW8Lmt8DYjTnSYGDsVYMd8YU7bhRf3XVMEmfsgR
FAx6G2oUM/ZHtCTU+keJy7npbT5rAuFi4vOGcEwCrlZFjXMPe6BlcKLzhTHjn9vH
4GCSaSnu24X+kWb36Lxms+g8rAE8ZSz5txstjoZ8sQieyiSjc6BAcC/LdRM5O7lu
5IpjoB3ojLMCvdMQPOaRDyUIlVafU2mSaqbpQ4M9yZYdXc1DSPx3zD466HeT/taT
P6SOjJc8ZNqaHf538BJtAJjWaTRZ0hITADOjVYEfzRhwbKu0IDAY2r9TXm6/GjVl
/1QWrnrKUhtZ1vsviCdSSoeSpYYpespo6hYvxpAuSzt9
-----END CERTIFICATE-----