Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/b24786-e777-4b2f-9d81-5a7bfb3cd08b/1/xn4fQfIdJFnwi8XE5iz-X8FxxmI.roa
File:                     xn4fQfIdJFnwi8XE5iz-X8FxxmI.roa (raw, json)
Hash identifier:          sn0KsSRWqmgGfUDlfZZ5IqQqaiuMJuVxTljHXvRXdXI=
Subject key identifier:   C6:7E:1F:41:F2:1D:24:59:F0:8B:C5:C4:E6:2C:FE:5F:C1:71:C6:62
Certificate issuer:       /CN=b9aa01ab3526b8ebb8afb17b98a7127f0f54ca45
Certificate serial:       018CC86F51DB0014EAD869AC213D83ED0D81
Authority key identifier: B9:AA:01:AB:35:26:B8:EB:B8:AF:B1:7B:98:A7:12:7F:0F:54:CA:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uaoBqzUmuOu4r7F7mKcSfw9UykU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/b24786-e777-4b2f-9d81-5a7bfb3cd08b/1/xn4fQfIdJFnwi8XE5iz-X8FxxmI.roa
Signing time:             Tue 02 Jan 2024 04:29:47 +0000
ROA not before:           Tue 02 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197060
IP address blocks:        91.216.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/b24786-e777-4b2f-9d81-5a7bfb3cd08b/1/uaoBqzUmuOu4r7F7mKcSfw9UykU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/b24786-e777-4b2f-9d81-5a7bfb3cd08b/1/uaoBqzUmuOu4r7F7mKcSfw9UykU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uaoBqzUmuOu4r7F7mKcSfw9UykU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:51:db:00:14:ea:d8:69:ac:21:3d:83:ed:0d:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9aa01ab3526b8ebb8afb17b98a7127f0f54ca45
        Validity
            Not Before: Jan  2 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c67e1f41f21d2459f08bc5c4e62cfe5fc171c662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ae:de:f8:92:5e:27:92:f0:07:23:28:7d:cd:
                    24:94:b3:d3:61:d8:10:99:c9:da:a0:4a:3f:ea:4e:
                    f2:7b:d9:d2:b3:4b:11:b6:8d:5f:16:4d:8c:4a:79:
                    ae:ab:bd:29:5c:07:2c:94:92:46:01:30:b5:27:80:
                    55:54:5e:ca:14:b7:80:eb:7c:9a:13:b6:97:e8:4f:
                    6d:a8:12:ba:76:22:ea:47:02:61:2d:88:b5:23:5b:
                    c7:7c:a5:44:1d:65:a5:5d:c4:e5:f4:a6:87:dd:35:
                    a6:2b:2e:cf:2c:04:ef:3c:9e:3d:64:37:22:04:ee:
                    2c:37:7a:7e:19:f9:d0:ec:11:b2:bc:70:a6:89:27:
                    c8:cd:24:ea:af:02:18:7b:3c:4d:63:66:d8:a5:74:
                    8c:02:2d:06:c1:7a:54:2c:c6:be:a5:8e:5e:0f:25:
                    70:c7:dc:72:97:dd:1b:bb:1d:d3:62:e3:04:1c:a0:
                    e0:0a:29:54:6d:70:44:5b:17:26:42:bc:0a:43:1b:
                    f4:7d:d5:2e:34:b3:15:5c:bd:51:ac:81:2f:f2:74:
                    ec:d9:6e:b0:00:ac:07:56:62:39:ef:ee:5f:60:51:
                    d3:9f:11:35:7a:f6:94:51:6c:e8:4a:40:6f:6b:c7:
                    3d:43:72:e9:64:72:ff:ad:8d:8b:50:b1:7d:63:39:
                    fa:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:7E:1F:41:F2:1D:24:59:F0:8B:C5:C4:E6:2C:FE:5F:C1:71:C6:62
            X509v3 Authority Key Identifier:
                keyid:B9:AA:01:AB:35:26:B8:EB:B8:AF:B1:7B:98:A7:12:7F:0F:54:CA:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uaoBqzUmuOu4r7F7mKcSfw9UykU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/b24786-e777-4b2f-9d81-5a7bfb3cd08b/1/xn4fQfIdJFnwi8XE5iz-X8FxxmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/b24786-e777-4b2f-9d81-5a7bfb3cd08b/1/uaoBqzUmuOu4r7F7mKcSfw9UykU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:d3:49:48:25:3c:f1:36:73:43:79:e8:69:2a:02:4b:23:5f:
         69:c8:50:8d:3b:dc:06:59:d9:6f:49:88:62:ab:a5:00:5f:4a:
         04:cc:4a:29:72:73:de:6d:df:1f:90:a5:a6:e0:15:eb:a5:07:
         c3:02:ee:51:0c:95:c8:8c:b7:90:b7:8a:ae:4f:f4:05:f2:05:
         46:40:30:c3:3f:df:c7:dc:10:f4:66:19:ad:46:c1:ca:cd:a6:
         ff:47:bd:1e:1e:8b:23:46:9e:d0:47:46:62:d0:52:c3:f7:a9:
         7c:9d:bd:dd:83:ee:30:5c:51:4c:bd:40:65:83:9d:b7:bb:50:
         7c:38:7a:0f:3f:41:2c:63:d8:1d:66:69:12:4b:b7:b9:a8:5a:
         cc:d6:2f:ca:be:d8:af:82:5a:63:c8:b5:ee:bb:78:aa:34:3a:
         75:0d:88:e0:30:1d:2d:e6:fa:ca:bc:43:18:06:3b:b2:59:49:
         22:06:b3:d2:17:e8:3a:25:44:06:00:eb:e4:02:aa:fe:0f:f8:
         f9:f6:32:70:3a:86:8d:be:04:aa:79:56:31:f5:57:3e:2e:a3:
         42:f2:71:6a:1d:7a:56:4b:b3:a2:f8:27:f0:3d:9b:0d:6c:56:
         3b:42:ae:68:05:f2:e2:71:20:c4:95:10:97:7c:bd:ab:f2:be:
         81:28:1f:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1HbABTq2GmsIT2D7Q2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YWEwMWFiMzUyNmI4ZWJiOGFmYjE3Yjk4YTcxMjdmMGY1
NGNhNDUwHhcNMjQwMTAyMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjdlMWY0MWYyMWQyNDU5ZjA4YmM1YzRlNjJjZmU1ZmMxNzFjNjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxa7e+JJeJ5LwByMofc0klLPTYdgQ
mcnaoEo/6k7ye9nSs0sRto1fFk2MSnmuq70pXAcslJJGATC1J4BVVF7KFLeA63ya
E7aX6E9tqBK6diLqRwJhLYi1I1vHfKVEHWWlXcTl9KaH3TWmKy7PLATvPJ49ZDci
BO4sN3p+GfnQ7BGyvHCmiSfIzSTqrwIYezxNY2bYpXSMAi0GwXpULMa+pY5eDyVw
x9xyl90bux3TYuMEHKDgCilUbXBEWxcmQrwKQxv0fdUuNLMVXL1RrIEv8nTs2W6w
AKwHVmI57+5fYFHTnxE1evaUUWzoSkBva8c9Q3LpZHL/rY2LULF9Yzn65wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZ+H0HyHSRZ8IvFxOYs/l/BccZiMB8GA1UdIwQY
MBaAFLmqAas1JrjruK+xe5inEn8PVMpFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWFvQnF6VW11T3U0cjdGN21LY1NmdzlVeWtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9iMjQ3ODYtZTc3Ny00YjJmLTlkODEt
NWE3YmZiM2NkMDhiLzEveG40ZlFmSWRKRm53aThYRTVpei1YOEZ4eG1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9iMjQ3ODYtZTc3Ny00YjJmLTlkODEtNWE3YmZiM2NkMDhi
LzEvdWFvQnF6VW11T3U0cjdGN21LY1NmdzlVeWtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hWMA0G
CSqGSIb3DQEBCwUAA4IBAQBb00lIJTzxNnNDeehpKgJLI19pyFCNO9wGWdlvSYhi
q6UAX0oEzEopcnPebd8fkKWm4BXrpQfDAu5RDJXIjLeQt4quT/QF8gVGQDDDP9/H
3BD0ZhmtRsHKzab/R70eHosjRp7QR0Zi0FLD96l8nb3dg+4wXFFMvUBlg523u1B8
OHoPP0EsY9gdZmkSS7e5qFrM1i/KvtivglpjyLXuu3iqNDp1DYjgMB0t5vrKvEMY
BjuyWUkiBrPSF+g6JUQGAOvkAqr+D/j59jJwOoaNvgSqeVYx9Vc+LqNC8nFqHXpW
S7Oi+CfwPZsNbFY7Qq5oBfLicSDElRCXfL2r8r6BKB9p
-----END CERTIFICATE-----