Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/NeungtjKv_I_3jA0eL_VsuDkJDo.roa
File:                     NeungtjKv_I_3jA0eL_VsuDkJDo.roa (raw, json)
Hash identifier:          /5lOzppG23f1V27u6UbJkzKHcSlnt+SKQInQhmgDtyc=
Subject key identifier:   35:EB:A7:82:D8:CA:BF:F2:3F:DE:30:34:78:BF:D5:B2:E0:E4:24:3A
Certificate issuer:       /CN=a6ac6d069d8fb732f4fe92b4e13cd7dc4d393a42
Certificate serial:       018CC3B71DD5C3999A21E19D248EB132B38D
Authority key identifier: A6:AC:6D:06:9D:8F:B7:32:F4:FE:92:B4:E1:3C:D7:DC:4D:39:3A:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pqxtBp2PtzL0_pK04TzX3E05OkI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/NeungtjKv_I_3jA0eL_VsuDkJDo.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48944
IP address blocks:        91.239.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/pqxtBp2PtzL0_pK04TzX3E05OkI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/pqxtBp2PtzL0_pK04TzX3E05OkI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pqxtBp2PtzL0_pK04TzX3E05OkI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1d:d5:c3:99:9a:21:e1:9d:24:8e:b1:32:b3:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6ac6d069d8fb732f4fe92b4e13cd7dc4d393a42
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35eba782d8cabff23fde303478bfd5b2e0e4243a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fc:98:3a:4b:98:58:68:54:12:9e:e2:f3:46:
                    4e:a9:b9:b1:2d:e3:b3:9d:e6:7a:26:ed:75:63:18:
                    75:d8:2f:13:e2:61:54:0c:f9:76:86:a9:b8:58:81:
                    2d:96:b4:e4:03:f1:bd:92:5e:b4:94:eb:0f:14:91:
                    d0:7d:b8:db:b2:c3:13:78:ca:e7:4f:86:52:4b:45:
                    ce:b0:5c:dd:f8:e8:a3:70:bf:dd:a3:f3:3b:e9:c2:
                    23:e0:ec:e6:27:be:b3:d7:8b:50:ee:7d:16:90:74:
                    70:dd:2f:f4:be:eb:53:d7:c7:a9:97:70:2e:a1:ca:
                    24:8c:99:d2:e1:57:cc:a4:08:67:91:f3:34:9a:61:
                    97:4f:d4:f8:13:48:83:9e:d4:be:6b:c9:ae:f6:cc:
                    a5:68:6e:67:bc:18:f3:27:42:88:3f:48:37:e8:0b:
                    7b:08:52:02:9c:ab:93:ce:32:60:ac:9f:b5:39:92:
                    b4:97:5f:7b:a6:3d:3c:2f:1d:30:3d:1c:a1:49:a1:
                    74:58:b7:10:19:d1:a2:83:40:73:de:58:9d:b9:8f:
                    00:3f:20:12:fc:70:71:62:2b:8a:94:46:22:04:ea:
                    3c:8d:91:b0:be:05:d8:66:6d:f8:22:33:0f:c2:2b:
                    98:64:a1:4e:21:7c:d1:ab:c5:65:2c:ab:2d:f4:02:
                    d8:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:EB:A7:82:D8:CA:BF:F2:3F:DE:30:34:78:BF:D5:B2:E0:E4:24:3A
            X509v3 Authority Key Identifier:
                keyid:A6:AC:6D:06:9D:8F:B7:32:F4:FE:92:B4:E1:3C:D7:DC:4D:39:3A:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pqxtBp2PtzL0_pK04TzX3E05OkI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/NeungtjKv_I_3jA0eL_VsuDkJDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/pqxtBp2PtzL0_pK04TzX3E05OkI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:b2:52:fb:9b:fa:10:a4:0f:da:15:91:9f:79:1d:97:8f:46:
         7e:21:9d:42:4a:63:a6:e9:c8:ea:86:e8:d2:60:83:81:9b:7f:
         f3:f3:0a:79:2f:69:b6:a6:a0:4b:a7:75:57:ba:f4:be:d2:35:
         a1:32:dc:59:6a:b4:cd:df:de:47:70:33:4b:bd:e8:b9:2e:22:
         36:bb:d4:4e:85:18:b8:b4:60:29:17:0e:b4:40:47:88:1d:76:
         d5:14:84:c3:d2:f3:a9:5a:6e:e4:78:60:e2:d5:89:66:fa:39:
         8d:f6:87:ae:d6:c1:cd:2f:30:6c:54:49:cc:cc:b2:88:d1:e7:
         fe:45:53:ff:64:d7:64:06:57:85:a9:e9:4c:29:67:60:cc:c8:
         69:1b:01:1d:96:00:6c:62:e1:61:0d:86:0d:ba:35:2c:80:0b:
         91:2f:87:77:17:26:58:3d:b9:43:69:1e:2e:2a:62:8e:5b:59:
         76:28:6a:7c:f2:4b:54:c8:63:85:a6:dd:d0:76:bb:10:f6:65:
         28:01:9f:e0:04:14:80:1e:51:6d:10:a9:98:2c:61:a9:c6:5e:
         f4:c0:2d:a7:dd:06:4f:25:a2:7d:ab:1b:2a:6b:85:46:13:27:
         02:14:ee:64:ed:e6:cb:32:67:3f:e3:a3:50:6a:e6:89:55:8b:
         d9:46:5d:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtx3Vw5maIeGdJI6xMrONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2YWM2ZDA2OWQ4ZmI3MzJmNGZlOTJiNGUxM2NkN2RjNGQz
OTNhNDIwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWViYTc4MmQ4Y2FiZmYyM2ZkZTMwMzQ3OGJmZDViMmUwZTQyNDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/yYOkuYWGhUEp7i80ZOqbmxLeOz
neZ6Ju11Yxh12C8T4mFUDPl2hqm4WIEtlrTkA/G9kl60lOsPFJHQfbjbssMTeMrn
T4ZSS0XOsFzd+OijcL/do/M76cIj4OzmJ76z14tQ7n0WkHRw3S/0vutT18epl3Au
ocokjJnS4VfMpAhnkfM0mmGXT9T4E0iDntS+a8mu9sylaG5nvBjzJ0KIP0g36At7
CFICnKuTzjJgrJ+1OZK0l197pj08Lx0wPRyhSaF0WLcQGdGig0Bz3liduY8APyAS
/HBxYiuKlEYiBOo8jZGwvgXYZm34IjMPwiuYZKFOIXzRq8VlLKst9ALYOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXrp4LYyr/yP94wNHi/1bLg5CQ6MB8GA1UdIwQY
MBaAFKasbQadj7cy9P6StOE819xNOTpCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHF4dEJwMlB0ekwwX3BLMDRUelgzRTA1T2tJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9jMDlmMDItNzUxMC00MmVhLWIyODEt
YmZhMDNhNjY4NTc3LzEvTmV1bmd0akt2X0lfM2pBMGVMX1ZzdURrSkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9jMDlmMDItNzUxMC00MmVhLWIyODEtYmZhMDNhNjY4NTc3
LzEvcHF4dEJwMlB0ekwwX3BLMDRUelgzRTA1T2tJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/SMA0G
CSqGSIb3DQEBCwUAA4IBAQA+slL7m/oQpA/aFZGfeR2Xj0Z+IZ1CSmOm6cjqhujS
YIOBm3/z8wp5L2m2pqBLp3VXuvS+0jWhMtxZarTN395HcDNLvei5LiI2u9ROhRi4
tGApFw60QEeIHXbVFITD0vOpWm7keGDi1Ylm+jmN9oeu1sHNLzBsVEnMzLKI0ef+
RVP/ZNdkBleFqelMKWdgzMhpGwEdlgBsYuFhDYYNujUsgAuRL4d3FyZYPblDaR4u
KmKOW1l2KGp88ktUyGOFpt3QdrsQ9mUoAZ/gBBSAHlFtEKmYLGGpxl70wC2n3QZP
JaJ9qxsqa4VGEycCFO5k7ebLMmc/46NQauaJVYvZRl30
-----END CERTIFICATE-----