Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/c3p4s6DYZLDQz-1E2qXRDMEnT00.roa
File:                     c3p4s6DYZLDQz-1E2qXRDMEnT00.roa (raw, json)
Hash identifier:          vDZ1VLwt5+lxEU03QhLEpMa8VR3Da+q71rhSYrzVIWc=
Subject key identifier:   73:7A:78:B3:A0:D8:64:B0:D0:CF:ED:44:DA:A5:D1:0C:C1:27:4F:4D
Certificate issuer:       /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial:       018CC2DB1FF4F845D78F41FC05527311E0CA
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/c3p4s6DYZLDQz-1E2qXRDMEnT00.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51789
IP address blocks:        91.220.109.0/24 maxlen: 24
                          193.164.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 01:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1f:f4:f8:45:d7:8f:41:fc:05:52:73:11:e0:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=737a78b3a0d864b0d0cfed44daa5d10cc1274f4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:5d:f5:12:a8:71:85:f8:fd:ea:6b:29:c0:7d:
                    75:8e:c1:2e:d6:7f:d5:51:83:f9:e2:b7:ec:99:eb:
                    fa:53:71:2d:b3:18:cc:18:ac:00:02:91:31:26:9b:
                    63:2d:e7:0a:81:84:86:18:19:54:04:a8:5a:ad:40:
                    95:2c:92:4d:ad:22:99:91:73:84:56:7f:04:74:b5:
                    99:8a:b5:6c:51:b9:56:12:3b:6f:78:a3:b7:bf:77:
                    8b:23:71:08:50:3c:cc:38:01:ae:db:90:b7:e5:c2:
                    63:e4:23:bb:18:50:94:bd:4e:00:74:0f:a1:bf:4a:
                    ab:cd:47:b8:06:14:26:75:58:6d:ab:4c:bf:87:ba:
                    94:94:f5:a2:48:f6:46:b0:39:da:4d:18:81:22:45:
                    94:9e:0d:3e:25:c0:d4:c9:99:65:96:c8:f4:3e:ac:
                    a3:34:f4:2f:d6:7e:78:e0:58:a7:ed:21:93:8a:24:
                    d7:33:3a:2e:62:4d:b7:33:3f:b1:fc:32:c0:b4:30:
                    0b:70:e3:e6:c7:6e:de:02:75:d6:67:64:39:9c:62:
                    40:85:a1:13:a4:32:64:41:f0:ca:89:fa:af:e0:0e:
                    04:4d:16:1b:73:26:d6:e4:33:c2:6b:88:0d:ba:9e:
                    e6:3a:c5:95:1c:26:ca:14:f9:24:74:e3:9b:2f:73:
                    6c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:7A:78:B3:A0:D8:64:B0:D0:CF:ED:44:DA:A5:D1:0C:C1:27:4F:4D
            X509v3 Authority Key Identifier:
                keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/c3p4s6DYZLDQz-1E2qXRDMEnT00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.109.0/24
                  193.164.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:b2:96:60:ba:19:76:b4:99:f4:8b:90:37:29:21:80:1d:55:
         16:b1:6c:85:32:e0:0b:76:54:4f:69:45:11:35:05:6d:76:04:
         18:14:f5:26:3e:7c:54:60:33:90:5b:80:10:97:d4:78:85:57:
         1e:4d:70:b4:c7:ca:6d:ab:78:6e:81:86:9b:ce:c1:a8:7c:d9:
         c0:80:05:78:ab:ff:d2:49:25:2e:69:3e:76:c9:ae:81:c4:37:
         e3:df:26:fb:94:4c:57:61:96:de:57:6f:38:0f:c1:6f:64:15:
         a2:28:6a:9a:b9:f9:9d:28:e5:e6:21:1a:2f:44:50:1e:28:b9:
         14:4d:43:67:ca:cc:d5:65:74:f4:cb:34:aa:68:42:1f:d0:62:
         57:90:d8:fb:85:95:50:d2:02:ee:43:08:d5:39:40:29:32:ff:
         a8:ef:52:51:6f:ab:0f:a0:14:b2:9b:8b:1b:e3:c0:58:4d:9d:
         41:04:7b:a1:87:49:18:57:c2:8b:6b:5e:6c:76:3e:4c:43:0b:
         8d:5c:7e:c0:5e:3d:b0:66:ac:e6:01:21:df:1a:f8:92:e0:ee:
         b9:57:5c:bd:aa:ae:db:4b:74:b9:67:11:f0:58:67:5b:1f:71:
         1f:d3:19:0d:a1:bc:e4:95:74:95:82:4e:68:f4:96:dd:10:31:
         6b:75:57:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2x/0+EXXj0H8BVJzEeDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzdhNzhiM2EwZDg2NGIwZDBjZmVkNDRkYWE1ZDEwY2MxMjc0ZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg131Eqhxhfj96mspwH11jsEu1n/V
UYP54rfsmev6U3EtsxjMGKwAApExJptjLecKgYSGGBlUBKharUCVLJJNrSKZkXOE
Vn8EdLWZirVsUblWEjtveKO3v3eLI3EIUDzMOAGu25C35cJj5CO7GFCUvU4AdA+h
v0qrzUe4BhQmdVhtq0y/h7qUlPWiSPZGsDnaTRiBIkWUng0+JcDUyZlllsj0Pqyj
NPQv1n544Fin7SGTiiTXMzouYk23Mz+x/DLAtDALcOPmx27eAnXWZ2Q5nGJAhaET
pDJkQfDKifqv4A4ETRYbcybW5DPCa4gNup7mOsWVHCbKFPkkdOObL3Ns7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHN6eLOg2GSw0M/tRNql0QzBJ09NMB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvYzNwNHM2RFlaTERRei0xRTJxWFJETUVuVDAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9xtAwQA
waSYMA0GCSqGSIb3DQEBCwUAA4IBAQBDspZguhl2tJn0i5A3KSGAHVUWsWyFMuAL
dlRPaUURNQVtdgQYFPUmPnxUYDOQW4AQl9R4hVceTXC0x8ptq3hugYabzsGofNnA
gAV4q//SSSUuaT52ya6BxDfj3yb7lExXYZbeV284D8FvZBWiKGqaufmdKOXmIRov
RFAeKLkUTUNnyszVZXT0yzSqaEIf0GJXkNj7hZVQ0gLuQwjVOUApMv+o71JRb6sP
oBSym4sb48BYTZ1BBHuhh0kYV8KLa15sdj5MQwuNXH7AXj2wZqzmASHfGviS4O65
V1y9qq7bS3S5ZxHwWGdbH3Ef0xkNobzklXSVgk5o9JbdEDFrdVex
-----END CERTIFICATE-----