Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/OBlw2ayty3_ztay60BQM-4Nw6iI.roa
File:                     OBlw2ayty3_ztay60BQM-4Nw6iI.roa (raw, json)
Hash identifier:          9F1q/lB7dKAgfTq6ogDoFurEnR4ZQUin1yKfZQVyKGk=
Subject key identifier:   38:19:70:D9:AC:AD:CB:7F:F3:B5:AC:BA:D0:14:0C:FB:83:70:EA:22
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       018CC8DEDD58DE521C7874D35F986E41EBA1
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/OBlw2ayty3_ztay60BQM-4Nw6iI.roa
Signing time:             Tue 02 Jan 2024 06:31:38 +0000
ROA not before:           Tue 02 Jan 2024 06:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58000
IP address blocks:        91.237.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:dd:58:de:52:1c:78:74:d3:5f:98:6e:41:eb:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 06:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=381970d9acadcb7ff3b5acbad0140cfb8370ea22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:00:9a:c6:61:0c:00:b2:9b:b7:2d:7c:f4:36:
                    90:4b:35:3c:32:13:f7:6a:30:71:48:6d:24:05:e0:
                    91:47:2f:a5:3f:ee:8a:2c:8e:e0:c5:00:66:b1:98:
                    04:8e:64:c0:14:71:d3:7b:91:0b:d0:a8:90:89:f8:
                    17:ec:41:d0:5b:8b:4e:5b:b8:3d:ff:d5:84:89:e3:
                    e7:d1:9d:73:b7:76:52:52:35:95:89:b8:72:f5:41:
                    04:b6:10:80:e7:34:e6:78:4c:9e:55:a9:b4:b7:7f:
                    b7:18:ed:77:fe:8a:51:a2:17:58:fd:2c:aa:9f:e4:
                    66:a1:ee:15:a1:a1:66:f6:55:4a:3d:3b:57:8c:af:
                    c0:68:cc:83:96:c3:59:12:bb:4d:67:1e:49:d2:ce:
                    9d:b6:1d:12:34:1e:b7:ae:8c:d6:cf:49:61:b1:b4:
                    79:c9:c5:8d:ea:22:e0:7d:df:42:4e:f5:48:a2:a5:
                    ba:74:70:d8:5f:07:84:29:48:d8:46:00:27:62:c2:
                    ee:12:22:e9:c1:f5:1e:3a:4a:ad:7f:64:98:24:ac:
                    e6:1a:1d:9c:7b:97:bc:5a:5d:54:e4:ae:4c:56:6e:
                    ed:fb:5b:d6:f9:ff:49:df:3c:86:20:e4:3b:f5:6f:
                    52:66:d8:70:e9:66:8c:72:83:a3:bb:8c:a8:7a:ac:
                    8e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:19:70:D9:AC:AD:CB:7F:F3:B5:AC:BA:D0:14:0C:FB:83:70:EA:22
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/OBlw2ayty3_ztay60BQM-4Nw6iI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:d5:62:e8:92:e8:d4:c3:ff:88:cb:11:0f:ca:94:cd:41:fe:
         e5:16:df:dd:f2:b9:b8:55:6f:66:6e:9b:e4:f4:1c:fc:4b:22:
         c1:c7:0a:b7:ad:72:c2:62:bf:37:80:a5:83:84:e8:4d:1e:78:
         2f:0a:85:fe:28:db:41:3f:66:77:b8:c1:05:76:e2:a9:bc:6c:
         53:28:aa:d5:d8:99:bc:e1:ec:66:2c:4c:5c:c4:46:f6:af:68:
         bb:ad:01:9c:82:3e:8d:78:96:5d:6c:64:b2:cb:ab:04:8a:c5:
         b4:0f:c1:b3:64:fb:e7:b6:42:cc:85:df:65:f1:50:a1:23:ca:
         66:19:a2:71:48:dd:94:d0:bd:df:81:69:7e:5c:c8:1d:3a:1b:
         17:18:e3:49:98:ad:23:3b:12:85:90:f2:b0:9b:d2:bd:76:33:
         05:68:11:18:b0:15:60:79:23:fd:43:f0:80:14:98:6a:1f:40:
         7c:86:8d:e0:02:95:46:e5:70:49:d0:71:6c:e0:2f:20:83:bf:
         9d:82:4a:26:38:01:0d:66:83:63:16:0b:a7:05:99:cc:ad:c8:
         9c:a2:34:b3:5f:c4:24:72:99:7c:cc:4b:db:31:c8:cc:33:e1:
         f0:b3:5e:9f:13:c3:b3:8a:1e:b6:2e:1a:95:4a:b0:d1:45:23:
         71:db:2d:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3t1Y3lIceHTTX5huQeuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwMTAyMDYzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODE5NzBkOWFjYWRjYjdmZjNiNWFjYmFkMDE0MGNmYjgzNzBlYTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQCaxmEMALKbty189DaQSzU8MhP3
ajBxSG0kBeCRRy+lP+6KLI7gxQBmsZgEjmTAFHHTe5EL0KiQifgX7EHQW4tOW7g9
/9WEiePn0Z1zt3ZSUjWVibhy9UEEthCA5zTmeEyeVam0t3+3GO13/opRohdY/Syq
n+Rmoe4VoaFm9lVKPTtXjK/AaMyDlsNZErtNZx5J0s6dth0SNB63rozWz0lhsbR5
ycWN6iLgfd9CTvVIoqW6dHDYXweEKUjYRgAnYsLuEiLpwfUeOkqtf2SYJKzmGh2c
e5e8Wl1U5K5MVm7t+1vW+f9J3zyGIOQ79W9SZthw6WaMcoOju4yoeqyOeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgZcNmsrct/87WsutAUDPuDcOoiMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvT0JsdzJheXR5M196dGF5NjBCUU0tNE53NmlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+22MA0G
CSqGSIb3DQEBCwUAA4IBAQAJ1WLokujUw/+IyxEPypTNQf7lFt/d8rm4VW9mbpvk
9Bz8SyLBxwq3rXLCYr83gKWDhOhNHngvCoX+KNtBP2Z3uMEFduKpvGxTKKrV2Jm8
4exmLExcxEb2r2i7rQGcgj6NeJZdbGSyy6sEisW0D8GzZPvntkLMhd9l8VChI8pm
GaJxSN2U0L3fgWl+XMgdOhsXGONJmK0jOxKFkPKwm9K9djMFaBEYsBVgeSP9Q/CA
FJhqH0B8ho3gApVG5XBJ0HFs4C8gg7+dgkomOAENZoNjFgunBZnMrcicojSzX8Qk
cpl8zEvbMcjMM+Hws16fE8Ozih62LhqVSrDRRSNx2y38
-----END CERTIFICATE-----