Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/df97ef-3435-4657-a1a2-6066d89f05b8/1/r7cjoyzrMMFRbhl0N6Eu4zYkn-8.roa
File:                     r7cjoyzrMMFRbhl0N6Eu4zYkn-8.roa (raw, json)
Hash identifier:          VWNH27/md6V3ZjRCR0MxtReqv07wuNEpCn9DkrKOfaY=
Subject key identifier:   AF:B7:23:A3:2C:EB:30:C1:51:6E:19:74:37:A1:2E:E3:36:24:9F:EF
Certificate issuer:       /CN=559349644323315f806dc64ca4d9ed9557762757
Certificate serial:       018CC8DF8A4BB3BA0ACC14BFCD524F47A947
Authority key identifier: 55:93:49:64:43:23:31:5F:80:6D:C6:4C:A4:D9:ED:95:57:76:27:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VZNJZEMjMV-AbcZMpNntlVd2J1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/df97ef-3435-4657-a1a2-6066d89f05b8/1/r7cjoyzrMMFRbhl0N6Eu4zYkn-8.roa
Signing time:             Tue 02 Jan 2024 06:32:22 +0000
ROA not before:           Tue 02 Jan 2024 06:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206892
IP address blocks:        91.206.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/df97ef-3435-4657-a1a2-6066d89f05b8/1/VZNJZEMjMV-AbcZMpNntlVd2J1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/df97ef-3435-4657-a1a2-6066d89f05b8/1/VZNJZEMjMV-AbcZMpNntlVd2J1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VZNJZEMjMV-AbcZMpNntlVd2J1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8a:4b:b3:ba:0a:cc:14:bf:cd:52:4f:47:a9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=559349644323315f806dc64ca4d9ed9557762757
        Validity
            Not Before: Jan  2 06:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afb723a32ceb30c1516e197437a12ee336249fef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ea:6a:3a:5b:22:0e:1e:92:ad:b2:98:bd:10:
                    79:91:dd:76:25:08:2b:68:9c:10:3a:30:e2:6a:bd:
                    f9:e8:de:7c:53:e3:98:77:7b:f7:25:38:32:a2:7b:
                    4e:8d:b3:24:95:2e:3e:7f:e2:3c:92:0a:f9:49:50:
                    51:b6:7a:41:ba:6c:3c:8f:1b:cf:aa:39:2e:6d:3d:
                    74:b3:7d:39:69:de:37:17:33:b0:1e:08:48:cb:73:
                    c3:d3:c9:d7:77:d4:4d:a6:6e:ec:8f:95:63:c4:46:
                    19:c6:05:4a:70:76:8c:a3:4e:62:0c:45:fc:a5:84:
                    9f:16:93:af:66:f3:fa:1e:eb:c4:28:c8:f1:0b:5f:
                    27:9a:86:8f:35:f7:c1:5e:0e:58:51:2b:87:7e:a3:
                    15:b0:6b:f6:e1:40:11:d6:1c:d1:b1:7f:ab:53:90:
                    02:3f:b8:67:e8:ef:83:c7:c3:89:95:f6:10:4e:dd:
                    08:40:40:c4:14:f5:49:43:a3:e3:fa:a8:7f:53:d2:
                    67:ab:97:05:80:25:24:05:11:36:d2:2c:d3:a5:2e:
                    ac:0d:90:35:7b:ef:c1:75:e6:0f:98:6b:49:af:96:
                    8d:13:e2:c6:36:70:70:e5:6b:5e:af:fc:98:6f:8b:
                    1c:ba:0f:70:d0:00:24:85:a2:0a:00:99:e4:9e:93:
                    5b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:B7:23:A3:2C:EB:30:C1:51:6E:19:74:37:A1:2E:E3:36:24:9F:EF
            X509v3 Authority Key Identifier:
                keyid:55:93:49:64:43:23:31:5F:80:6D:C6:4C:A4:D9:ED:95:57:76:27:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VZNJZEMjMV-AbcZMpNntlVd2J1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/df97ef-3435-4657-a1a2-6066d89f05b8/1/r7cjoyzrMMFRbhl0N6Eu4zYkn-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/df97ef-3435-4657-a1a2-6066d89f05b8/1/VZNJZEMjMV-AbcZMpNntlVd2J1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:d6:14:09:5f:91:aa:30:a0:f0:62:d2:6f:a6:21:cc:3e:17:
         4b:35:aa:7a:e1:b2:0c:8e:33:86:67:0a:2e:08:0d:af:87:bd:
         d3:4a:0b:70:01:b9:3e:a2:95:36:51:37:4a:c1:87:0e:cb:cd:
         9b:85:1f:c8:95:54:2d:72:73:84:94:4c:37:20:44:1c:b2:a4:
         98:0a:91:62:0b:16:fb:7a:c6:22:29:75:40:8f:73:37:ce:72:
         51:52:32:04:34:5c:10:f9:a6:ec:8a:c3:8d:02:a4:c2:32:0c:
         b7:76:58:77:b8:03:49:7e:0d:18:43:ed:b5:2e:dc:a1:64:74:
         db:d3:44:50:c0:e9:12:e6:3f:bc:5b:fc:ba:f4:95:12:c9:67:
         26:18:08:04:89:d2:08:6a:c1:8f:05:8d:21:67:39:73:cb:d8:
         6e:b5:0c:b1:8f:04:71:04:74:4a:0c:30:6a:9b:36:45:9a:b2:
         28:35:59:f5:94:c2:e3:97:4d:2e:c6:56:7c:65:3e:39:cf:b2:
         51:3d:33:6c:e4:55:8e:34:30:93:39:2a:3f:c0:6d:7f:b8:0e:
         f9:85:dd:59:00:a4:7a:29:72:5c:f7:4e:ac:8b:19:3b:24:89:
         69:0e:36:ea:c2:95:91:4d:02:55:5d:47:ed:16:04:4e:ab:a0:
         c4:9c:d3:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34pLs7oKzBS/zVJPR6lHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OTM0OTY0NDMyMzMxNWY4MDZkYzY0Y2E0ZDllZDk1NTc3
NjI3NTcwHhcNMjQwMTAyMDYzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmI3MjNhMzJjZWIzMGMxNTE2ZTE5NzQzN2ExMmVlMzM2MjQ5ZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOpqOlsiDh6SrbKYvRB5kd12JQgr
aJwQOjDiar356N58U+OYd3v3JTgyontOjbMklS4+f+I8kgr5SVBRtnpBumw8jxvP
qjkubT10s305ad43FzOwHghIy3PD08nXd9RNpm7sj5VjxEYZxgVKcHaMo05iDEX8
pYSfFpOvZvP6HuvEKMjxC18nmoaPNffBXg5YUSuHfqMVsGv24UAR1hzRsX+rU5AC
P7hn6O+Dx8OJlfYQTt0IQEDEFPVJQ6Pj+qh/U9Jnq5cFgCUkBRE20izTpS6sDZA1
e+/BdeYPmGtJr5aNE+LGNnBw5Wter/yYb4scug9w0AAkhaIKAJnknpNbNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+3I6Ms6zDBUW4ZdDehLuM2JJ/vMB8GA1UdIwQY
MBaAFFWTSWRDIzFfgG3GTKTZ7ZVXdidXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlpOSlpFTWpNVi1BYmNaTXBObnRsVmQySjFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9kZjk3ZWYtMzQzNS00NjU3LWExYTIt
NjA2NmQ4OWYwNWI4LzEvcjdjam95enJNTUZSYmhsME42RXU0ellrbi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9kZjk3ZWYtMzQzNS00NjU3LWExYTItNjA2NmQ4OWYwNWI4
LzEvVlpOSlpFTWpNVi1BYmNaTXBObnRsVmQySjFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW85wMA0G
CSqGSIb3DQEBCwUAA4IBAQBY1hQJX5GqMKDwYtJvpiHMPhdLNap64bIMjjOGZwou
CA2vh73TSgtwAbk+opU2UTdKwYcOy82bhR/IlVQtcnOElEw3IEQcsqSYCpFiCxb7
esYiKXVAj3M3znJRUjIENFwQ+absisONAqTCMgy3dlh3uANJfg0YQ+21LtyhZHTb
00RQwOkS5j+8W/y69JUSyWcmGAgEidIIasGPBY0hZzlzy9hutQyxjwRxBHRKDDBq
mzZFmrIoNVn1lMLjl00uxlZ8ZT45z7JRPTNs5FWONDCTOSo/wG1/uA75hd1ZAKR6
KXJc906sixk7JIlpDjbqwpWRTQJVXUftFgROq6DEnNPg
-----END CERTIFICATE-----