Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/bQkOBAwpB6qMNmmRz5oPfNYXX1M.roa
File:                     bQkOBAwpB6qMNmmRz5oPfNYXX1M.roa (raw, json)
Hash identifier:          +EXVqF0TKq948trl2BRS0V/z+MzZAZaxD+7hPbkwzak=
Subject key identifier:   6D:09:0E:04:0C:29:07:AA:8C:36:69:91:CF:9A:0F:7C:D6:17:5F:53
Certificate issuer:       /CN=3a48c2701735cd5d2317d10ac63d7f2ec6618ce0
Certificate serial:       018CC5DCC561D7B08B97403FC0BE23AB63ED
Authority key identifier: 3A:48:C2:70:17:35:CD:5D:23:17:D1:0A:C6:3D:7F:2E:C6:61:8C:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OkjCcBc1zV0jF9EKxj1_LsZhjOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/bQkOBAwpB6qMNmmRz5oPfNYXX1M.roa
Signing time:             Mon 01 Jan 2024 16:30:29 +0000
ROA not before:           Mon 01 Jan 2024 16:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        91.199.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/OkjCcBc1zV0jF9EKxj1_LsZhjOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/OkjCcBc1zV0jF9EKxj1_LsZhjOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OkjCcBc1zV0jF9EKxj1_LsZhjOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 22:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c5:61:d7:b0:8b:97:40:3f:c0:be:23:ab:63:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a48c2701735cd5d2317d10ac63d7f2ec6618ce0
        Validity
            Not Before: Jan  1 16:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d090e040c2907aa8c366991cf9a0f7cd6175f53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b6:41:3c:bb:3c:67:fe:3b:dc:3b:66:d3:83:
                    b5:94:f1:7b:2e:19:2b:76:9f:bf:dd:e7:4d:73:29:
                    68:be:fa:6d:00:07:52:6a:c5:bc:a8:44:da:ac:08:
                    2a:59:fd:2d:6e:16:35:0c:21:77:2a:16:b0:5d:2a:
                    b9:13:e9:82:bf:f5:cc:d8:29:47:d7:8a:08:1f:46:
                    93:33:da:f3:91:5f:d2:31:b4:7c:b4:4c:04:c3:ab:
                    7c:ab:a4:6c:7b:46:46:30:d1:e5:cc:43:36:1f:70:
                    db:10:f8:0b:2c:38:78:2f:57:10:cf:a8:50:32:b8:
                    92:fb:a8:6e:ef:40:52:5e:c6:6e:d5:1e:97:eb:e6:
                    fa:f9:46:14:72:fd:64:9f:e9:55:0f:71:99:8d:fa:
                    96:6b:e8:22:78:fb:6a:cf:41:3c:5f:b5:a2:f9:6b:
                    f4:5d:97:b5:90:29:04:d0:bf:94:ef:58:55:01:b9:
                    aa:c4:06:46:75:56:59:bb:11:98:d1:37:ca:e3:d3:
                    f7:2c:68:af:79:2b:98:0f:47:22:64:f5:8b:20:0c:
                    2d:cd:f1:1d:b3:2a:06:90:43:2f:2c:e0:47:81:6a:
                    94:26:45:2a:c1:a6:09:1d:3e:fd:f0:fa:c6:41:7c:
                    d8:50:57:d3:55:ec:6d:af:1b:2c:7f:f3:61:07:0d:
                    e2:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:09:0E:04:0C:29:07:AA:8C:36:69:91:CF:9A:0F:7C:D6:17:5F:53
            X509v3 Authority Key Identifier:
                keyid:3A:48:C2:70:17:35:CD:5D:23:17:D1:0A:C6:3D:7F:2E:C6:61:8C:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OkjCcBc1zV0jF9EKxj1_LsZhjOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/bQkOBAwpB6qMNmmRz5oPfNYXX1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/OkjCcBc1zV0jF9EKxj1_LsZhjOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:7a:99:18:98:b2:0b:00:c3:85:a5:87:d7:f3:bd:7a:f4:34:
         3d:de:e3:ef:e0:43:28:0c:77:46:19:60:ba:23:4e:0d:80:f1:
         40:65:29:a7:43:67:39:ef:f3:b6:09:74:4d:37:23:48:28:4a:
         2a:50:ed:c8:29:b1:c7:42:a8:38:12:f7:f5:22:ef:6f:5f:3f:
         f1:30:ee:d1:75:1f:c5:7a:d3:87:61:b7:87:6d:fb:a0:35:c7:
         93:5c:44:58:00:89:58:cf:5e:a0:04:a2:09:4b:0f:0c:4f:5f:
         b0:29:3a:a4:11:d5:0f:d4:9f:59:49:c0:1e:2f:be:37:09:8b:
         d8:73:36:7d:91:fe:61:8e:e0:1e:36:e9:89:ba:6d:41:9b:f6:
         d3:aa:c2:11:e7:a0:bb:fa:f4:dc:21:61:e0:78:a3:60:44:0d:
         bd:99:ae:a0:8a:55:63:0f:cb:f5:ff:be:df:2e:fb:d4:b0:27:
         40:e6:eb:81:b5:fb:65:35:83:c0:af:9f:95:84:4d:ae:d6:e0:
         ec:12:4f:e6:22:76:b5:4e:da:2e:96:b6:7c:22:48:ff:25:4a:
         76:3e:18:38:61:3b:21:5a:ce:a7:c6:f5:a5:dd:5c:44:ba:0e:
         55:0b:61:62:18:f5:8b:78:1d:b9:2b:b3:09:26:a8:0d:f5:bf:
         94:87:9b:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3MVh17CLl0A/wL4jq2PtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDhjMjcwMTczNWNkNWQyMzE3ZDEwYWM2M2Q3ZjJlYzY2
MThjZTAwHhcNMjQwMTAxMTYzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA5MGUwNDBjMjkwN2FhOGMzNjY5OTFjZjlhMGY3Y2Q2MTc1ZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7ZBPLs8Z/473Dtm04O1lPF7Lhkr
dp+/3edNcylovvptAAdSasW8qETarAgqWf0tbhY1DCF3KhawXSq5E+mCv/XM2ClH
14oIH0aTM9rzkV/SMbR8tEwEw6t8q6Rse0ZGMNHlzEM2H3DbEPgLLDh4L1cQz6hQ
MriS+6hu70BSXsZu1R6X6+b6+UYUcv1kn+lVD3GZjfqWa+giePtqz0E8X7Wi+Wv0
XZe1kCkE0L+U71hVAbmqxAZGdVZZuxGY0TfK49P3LGiveSuYD0ciZPWLIAwtzfEd
syoGkEMvLOBHgWqUJkUqwaYJHT798PrGQXzYUFfTVextrxssf/NhBw3iuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0JDgQMKQeqjDZpkc+aD3zWF19TMB8GA1UdIwQY
MBaAFDpIwnAXNc1dIxfRCsY9fy7GYYzgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tqQ2NCYzF6VjBqRjlFS3hqMV9Mc1poak9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9lNzQ1OTUtZDY1Ny00YWI0LTgzMDkt
MGQ1N2M5NDEwMTI3LzEvYlFrT0JBd3BCNnFNTm1tUno1b1BmTllYWDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9lNzQ1OTUtZDY1Ny00YWI0LTgzMDktMGQ1N2M5NDEwMTI3
LzEvT2tqQ2NCYzF6VjBqRjlFS3hqMV9Mc1poak9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8e1MA0G
CSqGSIb3DQEBCwUAA4IBAQAWepkYmLILAMOFpYfX87169DQ93uPv4EMoDHdGGWC6
I04NgPFAZSmnQ2c57/O2CXRNNyNIKEoqUO3IKbHHQqg4Evf1Iu9vXz/xMO7RdR/F
etOHYbeHbfugNceTXERYAIlYz16gBKIJSw8MT1+wKTqkEdUP1J9ZScAeL743CYvY
czZ9kf5hjuAeNumJum1Bm/bTqsIR56C7+vTcIWHgeKNgRA29ma6gilVjD8v1/77f
LvvUsCdA5uuBtftlNYPAr5+VhE2u1uDsEk/mIna1TtoulrZ8Ikj/JUp2Phg4YTsh
Ws6nxvWl3VxEug5VC2FiGPWLeB25K7MJJqgN9b+Uh5uF
-----END CERTIFICATE-----