Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/6c37zfN0inDJdqY3dKyontcC8e4.roa
File:                     6c37zfN0inDJdqY3dKyontcC8e4.roa (raw, json)
Hash identifier:          tAEVHarb7ccO9o50JmGcQPkkYRnm3kEJUfLc0wIPuKk=
Subject key identifier:   E9:CD:FB:CD:F3:74:8A:70:C9:76:A6:37:74:AC:A8:9E:D7:02:F1:EE
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       018CC8DEDBA070A185E1B92B496E9FBA534E
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/6c37zfN0inDJdqY3dKyontcC8e4.roa
Signing time:             Tue 02 Jan 2024 06:31:37 +0000
ROA not before:           Tue 02 Jan 2024 06:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35381
IP address blocks:        91.207.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:db:a0:70:a1:85:e1:b9:2b:49:6e:9f:ba:53:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 06:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9cdfbcdf3748a70c976a63774aca89ed702f1ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:86:f1:43:8e:75:ad:a6:eb:f2:12:78:49:46:
                    18:80:c9:5b:b7:9b:6c:a8:c3:f0:84:bc:b6:1b:a6:
                    9f:46:b2:99:87:cc:7e:a9:ea:e8:82:4a:6c:ae:5f:
                    b5:d2:04:a9:5e:52:87:48:30:1a:50:a2:70:08:ac:
                    8d:b7:57:0f:cb:49:bd:fe:45:d3:3a:33:28:47:99:
                    74:86:2a:34:8f:7d:1e:da:3c:f0:49:8a:de:31:81:
                    80:9b:e0:f8:51:58:a3:d8:b6:75:8b:48:7a:2c:5f:
                    0c:32:5c:90:2c:43:4a:ba:87:28:8d:7b:3b:d9:a7:
                    28:7e:b6:cd:77:fc:0e:bd:42:13:1b:c1:fa:9c:e1:
                    62:e9:fc:f1:44:bd:6e:15:cb:d1:96:99:4f:b0:ad:
                    11:17:9f:fc:e1:67:30:b4:fe:37:5f:34:e2:6b:22:
                    4d:1c:18:7a:1b:de:d9:cc:70:47:57:3d:5b:89:6e:
                    65:46:9b:1e:78:dc:d9:8a:0d:71:58:ef:91:ba:6b:
                    15:7e:07:fa:d6:43:3f:f6:e9:65:50:b8:38:34:75:
                    a1:7a:1e:6d:e4:75:c5:7c:9e:ba:69:ad:c3:47:0c:
                    d8:a5:23:4f:02:c8:df:90:5e:e0:d4:6d:21:7b:60:
                    d4:75:33:2b:b3:d4:18:25:11:bc:e8:2a:c3:4d:04:
                    e0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:CD:FB:CD:F3:74:8A:70:C9:76:A6:37:74:AC:A8:9E:D7:02:F1:EE
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/6c37zfN0inDJdqY3dKyontcC8e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:64:94:b4:dd:8d:50:ff:88:2f:49:ea:2c:53:03:b5:e7:b0:
         07:1a:e4:70:fa:c9:fb:94:2e:e7:ea:4b:27:ed:a5:07:44:fc:
         7d:2c:99:46:00:b7:54:4a:da:c2:6e:9a:1a:e0:2c:7a:41:fd:
         08:1c:88:b6:95:ad:c6:64:49:31:87:9b:9b:10:03:f2:23:be:
         41:7d:90:08:4e:51:43:7d:0e:6f:af:84:b1:e3:59:72:0f:7d:
         98:9c:3f:ec:40:ec:f8:61:ed:c0:44:27:d2:5b:4f:61:1c:a8:
         2a:a6:cb:59:be:8b:68:9a:ad:27:f6:e6:ab:d9:ac:fc:37:79:
         d8:de:91:44:99:11:52:6a:0e:cd:a1:a0:c1:ba:71:36:84:c9:
         26:40:c1:f0:94:54:8e:a9:ed:63:b6:9c:f2:2a:67:9f:bb:29:
         8c:37:8c:5b:5d:58:2b:6b:34:aa:6c:47:b6:94:9f:37:88:aa:
         a5:c9:94:3b:ad:79:62:30:9f:64:45:6b:50:7a:01:c3:e4:3b:
         de:ab:fa:93:82:8d:b6:58:a4:86:16:34:5d:df:f7:08:1c:80:
         83:d1:e5:43:72:03:04:9e:b1:4b:05:67:b9:9f:15:ee:60:78:
         86:4f:ef:3d:52:0a:78:da:6f:07:28:c2:25:94:a3:a1:e6:2d:
         4f:2d:68:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tugcKGF4bkrSW6fulNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwMTAyMDYzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWNkZmJjZGYzNzQ4YTcwYzk3NmE2Mzc3NGFjYTg5ZWQ3MDJmMWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IbxQ451rabr8hJ4SUYYgMlbt5ts
qMPwhLy2G6afRrKZh8x+qerogkpsrl+10gSpXlKHSDAaUKJwCKyNt1cPy0m9/kXT
OjMoR5l0hio0j30e2jzwSYreMYGAm+D4UVij2LZ1i0h6LF8MMlyQLENKuocojXs7
2acofrbNd/wOvUITG8H6nOFi6fzxRL1uFcvRlplPsK0RF5/84WcwtP43XzTiayJN
HBh6G97ZzHBHVz1biW5lRpseeNzZig1xWO+RumsVfgf61kM/9ullULg4NHWheh5t
5HXFfJ66aa3DRwzYpSNPAsjfkF7g1G0he2DUdTMrs9QYJRG86CrDTQTgeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnN+83zdIpwyXamN3SsqJ7XAvHuMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvNmMzN3pmTjBpbkRKZHFZM2RLeW9udGNDOGU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW89rMA0G
CSqGSIb3DQEBCwUAA4IBAQC4ZJS03Y1Q/4gvSeosUwO157AHGuRw+sn7lC7n6ksn
7aUHRPx9LJlGALdUStrCbpoa4Cx6Qf0IHIi2la3GZEkxh5ubEAPyI75BfZAITlFD
fQ5vr4Sx41lyD32YnD/sQOz4Ye3ARCfSW09hHKgqpstZvotomq0n9uar2az8N3nY
3pFEmRFSag7NoaDBunE2hMkmQMHwlFSOqe1jtpzyKmefuymMN4xbXVgrazSqbEe2
lJ83iKqlyZQ7rXliMJ9kRWtQegHD5Dveq/qTgo22WKSGFjRd3/cIHICD0eVDcgME
nrFLBWe5nxXuYHiGT+89Ugp42m8HKMIllKOh5i1PLWjY
-----END CERTIFICATE-----