Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/9bTwMsZMJ8_EgYGADmJzuFBGPWc.roa
File:                     9bTwMsZMJ8_EgYGADmJzuFBGPWc.roa (raw, json)
Hash identifier:          t6uDMZiVASviMYW/qQF5uu5AqELwLe7XoG+stVVPB0k=
Subject key identifier:   F5:B4:F0:32:C6:4C:27:CF:C4:81:81:80:0E:62:73:B8:50:46:3D:67
Certificate issuer:       /CN=e31722d79bff4384a597cb544d9e7974490d8734
Certificate serial:       018CC801615672CA0552A4E1A32E9BE566B6
Authority key identifier: E3:17:22:D7:9B:FF:43:84:A5:97:CB:54:4D:9E:79:74:49:0D:87:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xci15v_Q4Sll8tUTZ55dEkNhzQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/9bTwMsZMJ8_EgYGADmJzuFBGPWc.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        91.239.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/4xci15v_Q4Sll8tUTZ55dEkNhzQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/4xci15v_Q4Sll8tUTZ55dEkNhzQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xci15v_Q4Sll8tUTZ55dEkNhzQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:61:56:72:ca:05:52:a4:e1:a3:2e:9b:e5:66:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e31722d79bff4384a597cb544d9e7974490d8734
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5b4f032c64c27cfc48181800e6273b850463d67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c0:5b:a4:81:4a:09:f7:7b:85:46:81:e9:d8:
                    53:3c:b2:8d:e6:23:58:63:29:61:ac:2d:ce:4b:b5:
                    f9:d4:c1:9d:5a:8a:1d:66:b4:4c:a1:9d:3a:7e:22:
                    f9:db:73:12:88:16:ac:d5:39:07:03:86:68:6b:d1:
                    8b:c9:9d:67:d0:6e:e1:6b:a2:4b:7d:1b:3f:ee:27:
                    99:f1:83:74:b5:2f:6e:cd:cf:d6:e3:af:f5:b9:6f:
                    a7:63:cb:ef:86:73:cc:a7:a1:08:c8:6d:26:bb:43:
                    72:09:63:7d:86:e2:ad:42:67:7d:f0:42:18:1b:86:
                    1c:61:f0:fa:fa:3b:43:2a:78:6f:07:23:c3:8b:7d:
                    4c:e7:35:99:fb:8c:d7:8c:47:cd:3a:35:21:a2:20:
                    54:6e:a4:c0:b0:22:71:ec:86:fc:b7:09:bd:36:d7:
                    4f:34:d0:f4:17:fc:26:cc:fd:e4:83:9e:0a:5e:34:
                    c7:0d:6d:20:ea:f0:9a:25:4a:f7:e0:80:67:4a:c6:
                    03:68:2c:a0:b4:bf:94:10:37:f0:ee:9e:41:fd:95:
                    21:80:94:68:3c:47:38:df:63:72:9f:48:79:0c:d2:
                    21:c3:93:d7:d3:33:d4:32:d0:6f:a0:b3:e7:d1:cd:
                    29:89:67:4c:05:2d:8f:3c:98:53:70:eb:30:92:e1:
                    db:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:B4:F0:32:C6:4C:27:CF:C4:81:81:80:0E:62:73:B8:50:46:3D:67
            X509v3 Authority Key Identifier:
                keyid:E3:17:22:D7:9B:FF:43:84:A5:97:CB:54:4D:9E:79:74:49:0D:87:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xci15v_Q4Sll8tUTZ55dEkNhzQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/9bTwMsZMJ8_EgYGADmJzuFBGPWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/4xci15v_Q4Sll8tUTZ55dEkNhzQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:76:69:29:b1:07:74:43:ba:74:64:a1:25:3a:6b:35:70:70:
         16:4d:2d:3b:e7:b7:73:98:79:7b:27:c3:0f:3b:af:65:54:64:
         d1:51:20:1a:82:49:d0:a4:c6:62:6b:1f:ee:5a:a0:a8:9e:55:
         35:d0:39:85:a6:7b:75:95:86:a8:a4:b8:a5:15:97:57:c5:b0:
         18:e2:66:df:e1:bd:19:4f:35:12:ef:74:9f:fd:dd:38:ce:d5:
         b4:c4:8b:56:72:2d:cf:f9:7d:ea:2b:9f:42:ba:c7:28:1a:13:
         a1:81:79:a4:79:04:32:02:fb:35:f3:d7:70:ca:5c:4d:a5:da:
         3c:6b:37:fc:3f:36:6f:c9:4d:80:04:39:5b:a7:82:23:bb:7a:
         a4:18:7c:78:86:5c:b8:67:d8:3e:32:22:8b:de:ec:6d:3e:9e:
         31:ac:e7:af:9b:84:b3:66:36:4f:b7:f2:ee:6d:e1:65:06:ca:
         41:60:73:80:65:8e:e5:a7:be:bc:f7:9d:83:c0:df:d6:86:10:
         e5:1d:a1:b8:7b:42:a6:cf:1d:63:22:83:cd:b5:e8:fe:69:cf:
         d2:6c:12:77:5c:62:92:40:95:3f:5a:3f:d8:f6:ea:8b:ea:04:
         46:93:9f:a6:59:0e:09:aa:0a:9d:52:ce:af:5e:c1:4d:70:66:
         04:1f:a0:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWFWcsoFUqThoy6b5Wa2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTcyMmQ3OWJmZjQzODRhNTk3Y2I1NDRkOWU3OTc0NDkw
ZDg3MzQwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWI0ZjAzMmM2NGMyN2NmYzQ4MTgxODAwZTYyNzNiODUwNDYzZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsBbpIFKCfd7hUaB6dhTPLKN5iNY
YylhrC3OS7X51MGdWoodZrRMoZ06fiL523MSiBas1TkHA4Zoa9GLyZ1n0G7ha6JL
fRs/7ieZ8YN0tS9uzc/W46/1uW+nY8vvhnPMp6EIyG0mu0NyCWN9huKtQmd98EIY
G4YcYfD6+jtDKnhvByPDi31M5zWZ+4zXjEfNOjUhoiBUbqTAsCJx7Ib8twm9NtdP
NND0F/wmzP3kg54KXjTHDW0g6vCaJUr34IBnSsYDaCygtL+UEDfw7p5B/ZUhgJRo
PEc432Nyn0h5DNIhw5PX0zPUMtBvoLPn0c0piWdMBS2PPJhTcOswkuHbLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPW08DLGTCfPxIGBgA5ic7hQRj1nMB8GA1UdIwQY
MBaAFOMXIteb/0OEpZfLVE2eeXRJDYc0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhjaTE1dl9RNFNsbDh0VVRaNTVkRWtOaHpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9iNTU1OWUtOTUwYi00OGY0LWEyYWIt
YjI2ZjFhNzBhZjBkLzEvOWJUd01zWk1KOF9FZ1lHQURtSnp1RkJHUFdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9iNTU1OWUtOTUwYi00OGY0LWEyYWItYjI2ZjFhNzBhZjBk
LzEvNHhjaTE1dl9RNFNsbDh0VVRaNTVkRWtOaHpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+81MA0G
CSqGSIb3DQEBCwUAA4IBAQAsdmkpsQd0Q7p0ZKElOms1cHAWTS0757dzmHl7J8MP
O69lVGTRUSAagknQpMZiax/uWqConlU10DmFpnt1lYaopLilFZdXxbAY4mbf4b0Z
TzUS73Sf/d04ztW0xItWci3P+X3qK59CuscoGhOhgXmkeQQyAvs189dwylxNpdo8
azf8PzZvyU2ABDlbp4Iju3qkGHx4hly4Z9g+MiKL3uxtPp4xrOevm4SzZjZPt/Lu
beFlBspBYHOAZY7lp768952DwN/WhhDlHaG4e0Kmzx1jIoPNtej+ac/SbBJ3XGKS
QJU/Wj/Y9uqL6gRGk5+mWQ4JqgqdUs6vXsFNcGYEH6Do
-----END CERTIFICATE-----