Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/TExcVOfKSQ_2OBzwc-iWloGrZE8.roa
File:                     TExcVOfKSQ_2OBzwc-iWloGrZE8.roa (raw, json)
Hash identifier:          lvrTGtN7nUOQCaBWnfWITrqsmJRE3/Xq82vxPoYNTLM=
Subject key identifier:   4C:4C:5C:54:E7:CA:49:0F:F6:38:1C:F0:73:E8:96:96:81:AB:64:4F
Certificate issuer:       /CN=25c52687a5ff161d2edabc9f8e3a4876c4ad8da2
Certificate serial:       0190E79B2C44BE68A9B633C7B8656D4EAA45
Authority key identifier: 25:C5:26:87:A5:FF:16:1D:2E:DA:BC:9F:8E:3A:48:76:C4:AD:8D:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JcUmh6X_Fh0u2ryfjjpIdsStjaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/TExcVOfKSQ_2OBzwc-iWloGrZE8.roa
Signing time:             Thu 25 Jul 2024 01:57:04 +0000
ROA not before:           Thu 25 Jul 2024 01:57:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12985
IP address blocks:        91.206.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/JcUmh6X_Fh0u2ryfjjpIdsStjaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/JcUmh6X_Fh0u2ryfjjpIdsStjaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JcUmh6X_Fh0u2ryfjjpIdsStjaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e7:9b:2c:44:be:68:a9:b6:33:c7:b8:65:6d:4e:aa:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25c52687a5ff161d2edabc9f8e3a4876c4ad8da2
        Validity
            Not Before: Jul 25 01:57:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c4c5c54e7ca490ff6381cf073e8969681ab644f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ca:27:db:89:54:43:12:0c:2d:f2:7f:b6:7c:
                    e0:ca:1b:d2:bb:30:05:a9:21:c8:a6:45:ee:b4:07:
                    a8:49:28:ff:e1:03:43:f0:99:c4:98:8d:b0:23:5e:
                    fc:89:8e:a5:c3:0d:ca:89:fd:05:26:11:68:05:f6:
                    b5:4d:b9:bf:f9:ce:04:5c:bf:ef:f2:25:99:db:d3:
                    f9:46:6c:97:2a:b5:6c:03:95:ba:10:b9:43:b8:d9:
                    dd:50:88:a2:dd:8f:2b:b2:7b:4f:89:2a:7e:b8:3f:
                    c8:15:ee:b0:b7:4b:61:84:4d:2f:df:38:25:30:3a:
                    e8:5d:10:dc:da:63:70:28:b2:80:44:b6:54:45:d0:
                    8b:a8:a2:7a:69:fa:5d:8c:e4:a7:6e:f0:4e:a3:d1:
                    88:f5:dc:71:af:f4:95:af:34:60:e3:ca:e9:e0:9a:
                    ea:1d:06:a8:0b:30:29:68:d9:a6:15:bd:b5:c1:96:
                    04:dd:d9:4f:4d:6e:9e:72:0b:cd:81:14:03:a2:be:
                    6d:87:18:be:9a:43:5d:ef:2b:24:d0:4d:89:94:e1:
                    7c:60:2c:09:7a:60:c5:4d:09:66:8d:ff:19:ee:65:
                    ff:e8:10:d7:69:7b:5a:f4:40:ef:d6:34:7e:95:fe:
                    46:18:d8:d7:16:1b:df:6a:d9:4b:bf:d1:97:65:9e:
                    a1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:4C:5C:54:E7:CA:49:0F:F6:38:1C:F0:73:E8:96:96:81:AB:64:4F
            X509v3 Authority Key Identifier:
                keyid:25:C5:26:87:A5:FF:16:1D:2E:DA:BC:9F:8E:3A:48:76:C4:AD:8D:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JcUmh6X_Fh0u2ryfjjpIdsStjaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/TExcVOfKSQ_2OBzwc-iWloGrZE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/596506-5ac6-49b3-bd70-75dae5ddfed3/1/JcUmh6X_Fh0u2ryfjjpIdsStjaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:17:71:67:51:1b:e2:3e:d5:71:14:86:fb:6d:d5:29:d1:38:
         cc:95:e0:11:f1:bd:88:58:d0:37:07:ff:b6:77:15:87:00:92:
         ca:84:60:43:39:22:dc:c9:52:db:67:e7:a6:25:35:54:eb:b6:
         3a:6f:3a:51:e6:f9:18:48:4c:e7:57:04:4b:f2:ac:ad:ce:18:
         42:1b:9d:b0:ea:d7:89:44:7b:05:0c:63:47:2d:89:9c:be:13:
         d6:f4:a2:a5:c0:01:f2:96:83:2c:62:75:89:fd:e6:2d:6f:45:
         65:95:4b:58:06:99:1e:56:00:39:d3:1d:f7:07:ab:c8:ff:32:
         4b:77:fb:f6:f6:5c:f1:4e:7f:8a:98:e4:b2:88:74:b0:0b:3f:
         eb:9d:89:e8:67:b4:ad:88:29:6f:46:bd:0b:23:e0:f4:89:ce:
         05:0a:38:aa:d4:8c:a6:fb:c8:91:92:5a:28:06:ae:dc:ea:4b:
         48:bc:9f:d3:5b:7e:82:8a:e5:3f:f3:d2:4a:25:77:58:28:07:
         a8:b3:ba:64:42:9c:7d:96:7b:a7:70:ef:2e:83:11:fb:6a:52:
         6a:7e:23:8d:71:3b:54:52:e2:f4:ea:78:00:07:2b:9c:50:f1:
         8a:8e:54:5f:29:e9:e3:90:a9:8a:6a:e1:9f:70:29:c9:21:3d:
         83:77:33:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDnmyxEvmiptjPHuGVtTqpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YzUyNjg3YTVmZjE2MWQyZWRhYmM5ZjhlM2E0ODc2YzRh
ZDhkYTIwHhcNMjQwNzI1MDE1NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzRjNWM1NGU3Y2E0OTBmZjYzODFjZjA3M2U4OTY5NjgxYWI2NDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqson24lUQxIMLfJ/tnzgyhvSuzAF
qSHIpkXutAeoSSj/4QND8JnEmI2wI178iY6lww3Kif0FJhFoBfa1Tbm/+c4EXL/v
8iWZ29P5RmyXKrVsA5W6ELlDuNndUIii3Y8rsntPiSp+uD/IFe6wt0thhE0v3zgl
MDroXRDc2mNwKLKARLZURdCLqKJ6afpdjOSnbvBOo9GI9dxxr/SVrzRg48rp4Jrq
HQaoCzApaNmmFb21wZYE3dlPTW6ecgvNgRQDor5thxi+mkNd7ysk0E2JlOF8YCwJ
emDFTQlmjf8Z7mX/6BDXaXta9EDv1jR+lf5GGNjXFhvfatlLv9GXZZ6hlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExMXFTnykkP9jgc8HPolpaBq2RPMB8GA1UdIwQY
MBaAFCXFJoel/xYdLtq8n446SHbErY2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmNVbWg2WF9GaDB1MnJ5ZmpqcElkc1N0amFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81OTY1MDYtNWFjNi00OWIzLWJkNzAt
NzVkYWU1ZGRmZWQzLzEvVEV4Y1ZPZktTUV8yT0J6d2MtaVdsb0dyWkU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81OTY1MDYtNWFjNi00OWIzLWJkNzAtNzVkYWU1ZGRmZWQz
LzEvSmNVbWg2WF9GaDB1MnJ5ZmpqcElkc1N0amFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW860MA0G
CSqGSIb3DQEBCwUAA4IBAQBaF3FnURviPtVxFIb7bdUp0TjMleAR8b2IWNA3B/+2
dxWHAJLKhGBDOSLcyVLbZ+emJTVU67Y6bzpR5vkYSEznVwRL8qytzhhCG52w6teJ
RHsFDGNHLYmcvhPW9KKlwAHyloMsYnWJ/eYtb0VllUtYBpkeVgA50x33B6vI/zJL
d/v29lzxTn+KmOSyiHSwCz/rnYnoZ7StiClvRr0LI+D0ic4FCjiq1Iym+8iRkloo
Bq7c6ktIvJ/TW36CiuU/89JKJXdYKAeos7pkQpx9lnuncO8ugxH7alJqfiONcTtU
UuL06ngAByucUPGKjlRfKenjkKmKauGfcCnJIT2DdzPm
-----END CERTIFICATE-----