Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/RQy0Y7o4MJr6QoU-9AU9O_LXivE.roa
File:                     RQy0Y7o4MJr6QoU-9AU9O_LXivE.roa (raw, json)
Hash identifier:          R1hVZjUuoECjV1Zxs8291NS8WHsQGWcUMTvkIVnRxTI=
Subject key identifier:   45:0C:B4:63:BA:38:30:9A:FA:42:85:3E:F4:05:3D:3B:F2:D7:8A:F1
Certificate issuer:       /CN=728627f95026514b42654058f49eeb9b7c48f020
Certificate serial:       01925122A81C234813767565EDD3A25C2643
Authority key identifier: 72:86:27:F9:50:26:51:4B:42:65:40:58:F4:9E:EB:9B:7C:48:F0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/RQy0Y7o4MJr6QoU-9AU9O_LXivE.roa
Signing time:             Thu 03 Oct 2024 06:47:58 +0000
ROA not before:           Thu 03 Oct 2024 06:47:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        91.240.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:22:a8:1c:23:48:13:76:75:65:ed:d3:a2:5c:26:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=728627f95026514b42654058f49eeb9b7c48f020
        Validity
            Not Before: Oct  3 06:47:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=450cb463ba38309afa42853ef4053d3bf2d78af1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:99:00:20:e2:63:af:b7:bc:88:ba:63:32:45:
                    6d:50:19:24:44:bc:19:c0:51:67:a0:b7:8f:9b:14:
                    06:7a:05:43:3e:a2:55:01:cc:50:52:21:57:74:6c:
                    92:dc:ad:3c:5b:cc:84:f2:08:4e:2a:8c:6b:bd:00:
                    74:84:8d:e0:29:21:91:51:2e:8b:63:01:d7:51:75:
                    a6:37:8e:f5:d2:53:71:2a:dc:69:db:c2:cf:f4:ce:
                    07:94:d8:24:40:0e:a5:ec:35:ea:a0:1c:50:75:db:
                    9c:0c:46:e8:04:b4:62:25:08:e4:9a:24:0c:05:b4:
                    1a:ac:e7:0b:43:69:39:93:5e:e2:dc:60:e0:eb:fa:
                    7a:14:b5:f8:b2:00:c0:60:cc:9a:15:f5:df:c2:a1:
                    b5:c7:29:f3:ae:19:46:0f:82:a0:db:2d:3d:8e:4a:
                    37:3a:32:6c:67:3c:d0:d9:3b:6a:f2:5f:09:d9:b3:
                    30:ed:82:e8:77:5c:a1:37:01:84:dd:28:6e:16:bc:
                    2f:12:d2:62:6b:27:d5:12:6c:e3:f0:1b:9b:60:f8:
                    a5:a8:ce:66:a4:37:69:53:98:43:1c:6a:b2:f0:5b:
                    1a:13:e1:a0:fe:06:47:1c:d1:7a:da:f2:d6:72:34:
                    ce:f1:1b:d7:b0:c6:fc:d8:50:af:56:2c:65:c1:d5:
                    cf:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:0C:B4:63:BA:38:30:9A:FA:42:85:3E:F4:05:3D:3B:F2:D7:8A:F1
            X509v3 Authority Key Identifier:
                keyid:72:86:27:F9:50:26:51:4B:42:65:40:58:F4:9E:EB:9B:7C:48:F0:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/RQy0Y7o4MJr6QoU-9AU9O_LXivE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:f6:5d:24:fb:dc:62:45:7a:00:2b:66:ec:6f:ab:18:4c:03:
         27:d7:9f:bc:34:64:ed:08:49:af:09:3a:47:42:5d:6f:72:7b:
         20:3a:99:51:e8:8c:4f:ad:fe:e9:8e:b6:19:c5:6c:b9:00:85:
         44:a7:e3:36:e7:47:01:5a:34:9c:36:67:05:94:e5:e4:b6:98:
         a4:2a:56:7f:2e:f6:20:ae:57:02:84:dd:63:dd:b3:76:7e:43:
         3d:30:c6:87:14:8d:d1:24:a5:b8:41:b5:74:dc:7f:99:3c:70:
         05:16:a6:27:e5:8e:25:45:c3:95:d9:6e:a2:41:9c:a6:40:1f:
         53:a9:3e:c7:27:99:48:7a:f2:a1:c5:61:06:a0:28:53:f8:36:
         1e:88:3e:20:82:f3:e8:af:4c:83:f4:80:ee:48:02:3f:98:eb:
         d7:4c:5d:12:3e:d8:b5:ec:6c:ce:0c:44:e4:48:76:11:f8:34:
         b1:12:45:87:d5:64:1e:2c:57:b0:16:ce:38:10:00:6c:ed:62:
         b1:2c:5b:0d:aa:51:55:aa:6a:d1:d2:47:6f:5a:cd:06:49:cb:
         9b:82:e5:99:29:52:de:0e:30:f4:25:93:18:a6:24:c8:5c:33:
         50:09:e3:7a:b1:75:6c:2f:e9:ee:cd:6e:68:f1:fc:4d:08:2c:
         2d:be:62:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRIqgcI0gTdnVl7dOiXCZDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyODYyN2Y5NTAyNjUxNGI0MjY1NDA1OGY0OWVlYjliN2M0
OGYwMjAwHhcNMjQxMDAzMDY0NzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTBjYjQ2M2JhMzgzMDlhZmE0Mjg1M2VmNDA1M2QzYmYyZDc4YWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpkAIOJjr7e8iLpjMkVtUBkkRLwZ
wFFnoLePmxQGegVDPqJVAcxQUiFXdGyS3K08W8yE8ghOKoxrvQB0hI3gKSGRUS6L
YwHXUXWmN4710lNxKtxp28LP9M4HlNgkQA6l7DXqoBxQdducDEboBLRiJQjkmiQM
BbQarOcLQ2k5k17i3GDg6/p6FLX4sgDAYMyaFfXfwqG1xynzrhlGD4Kg2y09jko3
OjJsZzzQ2Ttq8l8J2bMw7YLod1yhNwGE3ShuFrwvEtJiayfVEmzj8BubYPilqM5m
pDdpU5hDHGqy8FsaE+Gg/gZHHNF62vLWcjTO8RvXsMb82FCvVixlwdXPNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUMtGO6ODCa+kKFPvQFPTvy14rxMB8GA1UdIwQY
MBaAFHKGJ/lQJlFLQmVAWPSe65t8SPAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY29Zbi1WQW1VVXRDWlVCWTlKN3JtM3hJOENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9iOTZjZWUtOTAwOS00NThiLWFhNjAt
YjMzYTQwOTdiY2IwLzEvUlF5MFk3bzRNSnI2UW9VLTlBVTlPX0xYaXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9iOTZjZWUtOTAwOS00NThiLWFhNjAtYjMzYTQwOTdiY2Iw
LzEvY29Zbi1WQW1VVXRDWlVCWTlKN3JtM3hJOENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/C9MA0G
CSqGSIb3DQEBCwUAA4IBAQBh9l0k+9xiRXoAK2bsb6sYTAMn15+8NGTtCEmvCTpH
Ql1vcnsgOplR6IxPrf7pjrYZxWy5AIVEp+M250cBWjScNmcFlOXktpikKlZ/LvYg
rlcChN1j3bN2fkM9MMaHFI3RJKW4QbV03H+ZPHAFFqYn5Y4lRcOV2W6iQZymQB9T
qT7HJ5lIevKhxWEGoChT+DYeiD4ggvPor0yD9IDuSAI/mOvXTF0SPti17GzODETk
SHYR+DSxEkWH1WQeLFewFs44EABs7WKxLFsNqlFVqmrR0kdvWs0GScubguWZKVLe
DjD0JZMYpiTIXDNQCeN6sXVsL+nuzW5o8fxNCCwtvmJX
-----END CERTIFICATE-----