Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/9_LsePrRnG3kWS66LWp7tDq-FQs.roa
File:                     9_LsePrRnG3kWS66LWp7tDq-FQs.roa (raw, json)
Hash identifier:          caDvpkAIRw4WyP3h0qsJjj4oImK0ugTxWGGPqvkEvJU=
Subject key identifier:   F7:F2:EC:78:FA:D1:9C:6D:E4:59:2E:BA:2D:6A:7B:B4:3A:BE:15:0B
Certificate issuer:       /CN=406f014a2bc76ae04e6d304d06aacbfc8e85d514
Certificate serial:       018CC492CB2595D71E4132D2E4EF4F2A9F6E
Authority key identifier: 40:6F:01:4A:2B:C7:6A:E0:4E:6D:30:4D:06:AA:CB:FC:8E:85:D5:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QG8BSivHauBObTBNBqrL_I6F1RQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/9_LsePrRnG3kWS66LWp7tDq-FQs.roa
Signing time:             Mon 01 Jan 2024 10:30:03 +0000
ROA not before:           Mon 01 Jan 2024 10:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31077
IP address blocks:        91.192.184.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/QG8BSivHauBObTBNBqrL_I6F1RQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/QG8BSivHauBObTBNBqrL_I6F1RQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QG8BSivHauBObTBNBqrL_I6F1RQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:cb:25:95:d7:1e:41:32:d2:e4:ef:4f:2a:9f:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=406f014a2bc76ae04e6d304d06aacbfc8e85d514
        Validity
            Not Before: Jan  1 10:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7f2ec78fad19c6de4592eba2d6a7bb43abe150b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:1e:90:a3:56:8f:cf:26:6f:35:f5:9a:dd:7d:
                    30:83:8d:39:68:e1:08:e7:38:0d:71:3b:04:5b:7a:
                    fd:55:2c:af:25:ba:b4:ca:1e:61:a5:de:51:db:6e:
                    ed:aa:1a:f5:71:f5:10:5c:7f:45:1b:f4:0e:c7:df:
                    24:da:68:a0:42:3d:53:86:b2:92:f4:f2:99:1a:72:
                    f3:34:1a:f9:48:e4:3b:9d:67:de:a9:54:35:3a:9d:
                    82:cf:e7:7e:28:8d:21:b9:1d:0e:4a:10:1d:34:c8:
                    c5:e5:63:e8:89:55:ce:3c:98:25:c0:d2:d0:cc:2c:
                    f5:a6:c2:e7:ce:57:ec:45:c0:10:9a:fb:9e:91:50:
                    f3:ac:d8:ac:a4:a9:c0:01:ea:a5:11:91:1d:74:e8:
                    70:c1:da:c7:60:f9:7a:b9:12:50:ef:97:56:54:3c:
                    27:7e:f3:2c:c4:87:8b:93:23:37:b7:0e:fe:7f:b0:
                    44:30:73:e1:78:4b:ed:0d:9b:34:de:dc:2b:37:6a:
                    12:f4:72:de:2e:82:40:a1:82:22:6d:10:9b:de:42:
                    09:2a:8f:33:71:61:d2:2a:b5:c8:32:a1:81:78:76:
                    30:a5:6c:35:74:9d:44:91:a4:ef:4d:c9:9d:f7:fa:
                    31:2d:11:3c:8c:02:17:26:23:17:ba:5b:8f:da:63:
                    eb:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:F2:EC:78:FA:D1:9C:6D:E4:59:2E:BA:2D:6A:7B:B4:3A:BE:15:0B
            X509v3 Authority Key Identifier:
                keyid:40:6F:01:4A:2B:C7:6A:E0:4E:6D:30:4D:06:AA:CB:FC:8E:85:D5:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QG8BSivHauBObTBNBqrL_I6F1RQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/9_LsePrRnG3kWS66LWp7tDq-FQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/QG8BSivHauBObTBNBqrL_I6F1RQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:0e:93:3b:37:89:b6:55:48:f6:01:43:1d:7d:6d:d3:a3:5e:
         cb:77:46:7f:c6:d5:8a:48:be:08:22:3a:b7:1e:6d:96:c3:ae:
         7a:06:45:2f:66:45:8f:66:0d:a2:51:b1:22:d0:4b:3c:52:17:
         9e:da:e3:b0:33:d1:16:65:4d:9f:ff:4e:eb:cd:2f:1b:7d:e9:
         1c:34:9c:08:5e:7a:6c:4e:a4:d6:06:c3:9b:81:68:c2:46:69:
         88:15:55:6b:62:97:4b:83:04:88:be:63:d0:01:2f:7a:ab:ca:
         39:58:e3:89:ba:62:0a:dd:27:52:c9:55:4c:1a:df:53:a2:74:
         d7:03:79:5f:a1:dc:aa:f0:f7:87:24:07:6b:e0:a6:79:32:ba:
         2b:c7:50:0e:dc:30:11:96:2a:71:8b:da:a4:6c:2a:19:13:59:
         c0:be:0f:e6:49:96:8f:fc:dd:d1:4b:c6:8b:2f:d7:6e:79:5f:
         df:6c:10:c3:d7:4d:bc:c1:b2:14:4f:d9:6c:7d:de:a5:f7:65:
         33:e4:a2:0d:b8:fd:05:ea:a1:73:0f:52:dc:8a:55:67:3e:b6:
         28:53:cd:68:5f:d0:0c:ba:6a:77:d8:2e:9d:6d:b6:3f:17:6e:
         5d:32:42:ce:14:fb:37:12:44:3f:bf:6a:fe:3b:7a:58:a1:6a:
         5d:f9:a5:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEksslldceQTLS5O9PKp9uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNmYwMTRhMmJjNzZhZTA0ZTZkMzA0ZDA2YWFjYmZjOGU4
NWQ1MTQwHhcNMjQwMTAxMTAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2YyZWM3OGZhZDE5YzZkZTQ1OTJlYmEyZDZhN2JiNDNhYmUxNTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB6Qo1aPzyZvNfWa3X0wg405aOEI
5zgNcTsEW3r9VSyvJbq0yh5hpd5R227tqhr1cfUQXH9FG/QOx98k2migQj1ThrKS
9PKZGnLzNBr5SOQ7nWfeqVQ1Op2Cz+d+KI0huR0OShAdNMjF5WPoiVXOPJglwNLQ
zCz1psLnzlfsRcAQmvuekVDzrNispKnAAeqlEZEddOhwwdrHYPl6uRJQ75dWVDwn
fvMsxIeLkyM3tw7+f7BEMHPheEvtDZs03twrN2oS9HLeLoJAoYIibRCb3kIJKo8z
cWHSKrXIMqGBeHYwpWw1dJ1EkaTvTcmd9/oxLRE8jAIXJiMXuluP2mPrnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfy7Hj60Zxt5Fkuui1qe7Q6vhULMB8GA1UdIwQY
MBaAFEBvAUorx2rgTm0wTQaqy/yOhdUUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUc4QlNpdkhhdUJPYlRCTkJxckxfSTZGMVJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hYjNjYWEtMzEzZS00NjgzLTg0ZGIt
OWVlNWE3OGVjNTdiLzEvOV9Mc2VQclJuRzNrV1M2NkxXcDd0RHEtRlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hYjNjYWEtMzEzZS00NjgzLTg0ZGItOWVlNWE3OGVjNTdi
LzEvUUc4QlNpdkhhdUJPYlRCTkJxckxfSTZGMVJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8C4MA0G
CSqGSIb3DQEBCwUAA4IBAQAcDpM7N4m2VUj2AUMdfW3To17Ld0Z/xtWKSL4IIjq3
Hm2Ww656BkUvZkWPZg2iUbEi0Es8Uhee2uOwM9EWZU2f/07rzS8bfekcNJwIXnps
TqTWBsObgWjCRmmIFVVrYpdLgwSIvmPQAS96q8o5WOOJumIK3SdSyVVMGt9TonTX
A3lfodyq8PeHJAdr4KZ5Mrorx1AO3DARlipxi9qkbCoZE1nAvg/mSZaP/N3RS8aL
L9dueV/fbBDD1028wbIUT9lsfd6l92Uz5KINuP0F6qFzD1LcilVnPrYoU81oX9AM
ump32C6dbbY/F25dMkLOFPs3EkQ/v2r+O3pYoWpd+aX5
-----END CERTIFICATE-----