Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/trggNIZrjNlnjSfmiVu90bHo1YY.roa
File:                     trggNIZrjNlnjSfmiVu90bHo1YY.roa (raw, json)
Hash identifier:          mPtNgzXOMagmtBWZykzH2CcCRByS1E6KtqGWmo8HH3Q=
Subject key identifier:   B6:B8:20:34:86:6B:8C:D9:67:8D:27:E6:89:5B:BD:D1:B1:E8:D5:86
Certificate issuer:       /CN=ea846006cf8b9e388f31451358092502cecc1136
Certificate serial:       018CC8DCCA2B6CF872A4FF1C6C84C68A0DC6
Authority key identifier: EA:84:60:06:CF:8B:9E:38:8F:31:45:13:58:09:25:02:CE:CC:11:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/trggNIZrjNlnjSfmiVu90bHo1YY.roa
Signing time:             Tue 02 Jan 2024 06:29:21 +0000
ROA not before:           Tue 02 Jan 2024 06:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        91.197.55.0/24 maxlen: 24
                          2a06:8ac0::/45 maxlen: 45

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ca:2b:6c:f8:72:a4:ff:1c:6c:84:c6:8a:0d:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea846006cf8b9e388f31451358092502cecc1136
        Validity
            Not Before: Jan  2 06:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6b82034866b8cd9678d27e6895bbdd1b1e8d586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9d:0f:9b:33:4b:ff:9b:57:d1:ca:67:6f:18:
                    75:d6:8f:b3:07:5c:d9:0e:49:d5:66:64:54:68:3e:
                    1e:78:1a:ad:5d:b8:09:67:11:59:de:51:da:5f:4e:
                    f5:45:18:00:9d:dc:cd:83:94:32:90:78:66:e8:23:
                    f7:a0:81:83:4b:5b:80:64:de:12:db:e7:98:66:d0:
                    3f:35:1f:d3:22:4f:cd:d2:de:f6:c9:6b:86:3a:f0:
                    72:0c:1a:b8:8d:a6:f3:87:1d:ce:d5:f6:8f:1b:c8:
                    3c:a6:ad:cc:30:f9:c3:8c:8a:8a:7c:15:6a:35:47:
                    24:c1:50:fd:dc:d2:34:15:7c:6f:31:eb:00:c4:26:
                    da:13:2c:36:bf:cc:72:05:8c:e4:9f:76:c8:bd:ba:
                    7b:a5:39:c4:92:0b:e1:08:0a:70:10:2c:92:f7:74:
                    e1:ef:4f:60:d5:41:4f:00:fe:23:c1:e9:0c:5e:03:
                    4e:6e:be:10:1f:43:32:0c:19:a7:7a:92:55:3b:fa:
                    c5:c4:03:b9:49:ca:97:4f:36:e2:0c:da:cf:a8:1a:
                    17:91:b2:ca:3a:e9:a6:cb:80:fc:31:0a:17:4e:b7:
                    f2:60:56:25:6f:bf:9a:5e:0a:ab:6f:b6:20:ef:83:
                    65:de:95:ed:04:e7:13:e1:f3:28:32:26:1c:61:0d:
                    49:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:B8:20:34:86:6B:8C:D9:67:8D:27:E6:89:5B:BD:D1:B1:E8:D5:86
            X509v3 Authority Key Identifier:
                keyid:EA:84:60:06:CF:8B:9E:38:8F:31:45:13:58:09:25:02:CE:CC:11:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/trggNIZrjNlnjSfmiVu90bHo1YY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.55.0/24
                IPv6:
                  2a06:8ac0::/45

    Signature Algorithm: sha256WithRSAEncryption
         84:72:fd:5b:96:3f:2a:d7:bb:9c:58:8a:0f:47:39:a6:e9:d2:
         4d:65:fb:37:ca:fd:fc:32:71:4e:cb:be:2e:ec:c5:80:d9:34:
         f7:85:fd:e0:3a:0e:aa:f8:0c:5c:55:d2:af:3f:ad:25:03:03:
         92:b3:37:6f:99:06:6e:6c:66:06:52:ea:74:30:e6:e1:59:f3:
         9a:33:b6:d2:e7:07:98:ba:f3:0b:a7:c5:91:be:25:b6:47:b0:
         78:54:dc:fa:13:a8:a3:4d:ef:1d:80:d3:62:f9:62:27:40:5d:
         fb:4b:f5:65:11:15:5c:1f:f7:13:08:8e:4c:79:8c:c0:7e:03:
         a5:0e:5a:af:b6:29:d3:83:8f:43:f8:3c:ea:6b:e9:4e:7a:f9:
         bd:70:2a:48:8e:3c:17:0c:af:b5:04:14:cd:d8:87:f8:66:c7:
         dc:68:aa:01:4f:e6:20:2c:0b:2b:22:e5:ad:ae:f6:01:54:5d:
         2d:29:77:01:63:31:2b:aa:ff:2b:48:50:2f:da:5a:c1:ae:f1:
         39:6d:06:22:72:ee:ae:4f:50:5d:2f:4d:e0:ba:88:9e:37:1b:
         91:53:78:96:3b:da:5c:4e:07:83:1d:c3:ff:5c:f6:6a:07:cf:
         0c:fe:fd:4c:32:db:44:26:d9:ec:97:67:9b:0d:f3:67:18:fa:
         28:33:09:2e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3MorbPhypP8cbITGig3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhODQ2MDA2Y2Y4YjllMzg4ZjMxNDUxMzU4MDkyNTAyY2Vj
YzExMzYwHhcNMjQwMTAyMDYyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmI4MjAzNDg2NmI4Y2Q5Njc4ZDI3ZTY4OTViYmRkMWIxZThkNTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1p0PmzNL/5tX0cpnbxh11o+zB1zZ
DknVZmRUaD4eeBqtXbgJZxFZ3lHaX071RRgAndzNg5QykHhm6CP3oIGDS1uAZN4S
2+eYZtA/NR/TIk/N0t72yWuGOvByDBq4jabzhx3O1faPG8g8pq3MMPnDjIqKfBVq
NUckwVD93NI0FXxvMesAxCbaEyw2v8xyBYzkn3bIvbp7pTnEkgvhCApwECyS93Th
709g1UFPAP4jwekMXgNObr4QH0MyDBmnepJVO/rFxAO5ScqXTzbiDNrPqBoXkbLK
Oummy4D8MQoXTrfyYFYlb7+aXgqrb7Yg74Nl3pXtBOcT4fMoMiYcYQ1JHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLa4IDSGa4zZZ40n5olbvdGx6NWGMB8GA1UdIwQY
MBaAFOqEYAbPi544jzFFE1gJJQLOzBE2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNm9SZ0JzLUxuamlQTVVVVFdBa2xBczdNRVRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yMWNkNzctMWVjYS00NmI5LTlhYmEt
Zjc0Y2NjYzRlMGExLzEvdHJnZ05JWnJqTmxualNmbWlWdTkwYkhvMVlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yMWNkNzctMWVjYS00NmI5LTlhYmEtZjc0Y2NjYzRlMGEx
LzEvNm9SZ0JzLUxuamlQTVVVVFdBa2xBczdNRVRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8U3MA8E
AgACMAkDBwMqBorAAAAwDQYJKoZIhvcNAQELBQADggEBAIRy/VuWPyrXu5xYig9H
Oabp0k1l+zfK/fwycU7Lvi7sxYDZNPeF/eA6Dqr4DFxV0q8/rSUDA5KzN2+ZBm5s
ZgZS6nQw5uFZ85ozttLnB5i68wunxZG+JbZHsHhU3PoTqKNN7x2A02L5YidAXftL
9WURFVwf9xMIjkx5jMB+A6UOWq+2KdODj0P4POpr6U56+b1wKkiOPBcMr7UEFM3Y
h/hmx9xoqgFP5iAsCysi5a2u9gFUXS0pdwFjMSuq/ytIUC/aWsGu8TltBiJy7q5P
UF0vTeC6iJ43G5FTeJY72lxOB4Mdw/9c9moHzwz+/Uwy20Qm2eyXZ5sN82cY+igz
CS4=
-----END CERTIFICATE-----