Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/9a6cf5-1342-4c3b-87af-160c24c66630/1/NkrAmFn-tB2D7-muHxhJ0VmGXFw.roa
File:                     NkrAmFn-tB2D7-muHxhJ0VmGXFw.roa (raw, json)
Hash identifier:          7k7yND85EvuJCUyszKT3io2nlw8MXNjHwXtrnNSGvYc=
Subject key identifier:   36:4A:C0:98:59:FE:B4:1D:83:EF:E9:AE:1F:18:49:D1:59:86:5C:5C
Certificate issuer:       /CN=8898db8cb861bbbdd1fb7562def4d77d8642c324
Certificate serial:       018CC5008588E546548A0CB91452D333B2C9
Authority key identifier: 88:98:DB:8C:B8:61:BB:BD:D1:FB:75:62:DE:F4:D7:7D:86:42:C3:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iJjbjLhhu73R-3Vi3vTXfYZCwyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/9a6cf5-1342-4c3b-87af-160c24c66630/1/NkrAmFn-tB2D7-muHxhJ0VmGXFw.roa
Signing time:             Mon 01 Jan 2024 12:29:54 +0000
ROA not before:           Mon 01 Jan 2024 12:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44351
IP address blocks:        91.199.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/9a6cf5-1342-4c3b-87af-160c24c66630/1/iJjbjLhhu73R-3Vi3vTXfYZCwyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/9a6cf5-1342-4c3b-87af-160c24c66630/1/iJjbjLhhu73R-3Vi3vTXfYZCwyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iJjbjLhhu73R-3Vi3vTXfYZCwyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:85:88:e5:46:54:8a:0c:b9:14:52:d3:33:b2:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8898db8cb861bbbdd1fb7562def4d77d8642c324
        Validity
            Not Before: Jan  1 12:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=364ac09859feb41d83efe9ae1f1849d159865c5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9b:d2:25:7a:c0:72:77:b0:a3:a9:d1:d8:6c:
                    b1:04:e2:9b:4e:f8:b4:0d:58:9d:0c:03:7c:99:80:
                    e1:82:1b:0e:56:e0:fc:f5:ab:e0:70:53:2c:63:5b:
                    b6:a6:1e:25:39:70:1e:90:7a:73:ca:81:d5:a8:4c:
                    3f:56:ee:4f:e7:ec:4b:dd:09:97:6e:2d:f0:02:65:
                    50:2c:f9:62:38:bf:62:3e:7f:11:53:aa:a9:4a:f4:
                    a2:da:9f:8f:c8:c1:48:57:a9:f6:97:db:18:bd:f8:
                    77:64:8a:c9:69:9d:6c:35:23:0e:a5:bd:f4:39:71:
                    e7:c5:53:c1:98:3e:88:f4:82:68:c6:85:7c:1f:01:
                    3d:7e:bf:22:af:01:dd:7f:c1:38:0e:39:fe:1b:34:
                    6f:6f:7c:c4:f6:2e:a9:b4:59:9b:af:a0:5c:ad:62:
                    05:0c:5d:e1:84:7e:42:1c:9b:70:d0:67:15:07:e7:
                    a1:82:e9:0e:29:5d:95:80:33:9a:49:d3:34:3c:f9:
                    95:71:f7:52:d7:11:04:5c:ce:11:09:62:13:5a:91:
                    47:b8:17:44:f6:2f:d5:d2:11:fb:96:02:e6:60:e0:
                    4c:f4:9b:fb:38:eb:65:4e:f4:9a:3d:08:34:0a:62:
                    f1:cd:e9:26:ee:c8:f7:52:9c:00:e2:78:6b:a1:1b:
                    ec:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:4A:C0:98:59:FE:B4:1D:83:EF:E9:AE:1F:18:49:D1:59:86:5C:5C
            X509v3 Authority Key Identifier:
                keyid:88:98:DB:8C:B8:61:BB:BD:D1:FB:75:62:DE:F4:D7:7D:86:42:C3:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iJjbjLhhu73R-3Vi3vTXfYZCwyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/9a6cf5-1342-4c3b-87af-160c24c66630/1/NkrAmFn-tB2D7-muHxhJ0VmGXFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/9a6cf5-1342-4c3b-87af-160c24c66630/1/iJjbjLhhu73R-3Vi3vTXfYZCwyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:65:c4:39:5b:ad:b1:e1:93:ee:5e:77:85:92:9c:ce:e2:be:
         64:b0:34:bf:3f:4c:94:c5:90:01:18:d7:21:67:a4:8e:96:c3:
         46:8a:dd:8d:00:c9:ee:cb:b3:18:fe:5b:1d:58:a8:8a:c9:2c:
         6b:a9:93:4b:ad:4b:48:af:2f:4f:b2:09:3d:a5:ae:5c:32:d3:
         af:8c:73:77:a0:ff:a2:bf:8e:24:fd:99:8b:e8:d0:2c:e1:c4:
         10:a9:14:23:35:b8:98:32:02:82:3b:2e:78:3c:66:6e:78:6e:
         6b:92:ca:f4:39:d8:e5:3d:52:89:02:b7:a1:9c:c4:ad:b0:d1:
         91:81:ea:d5:9f:a7:15:9c:ed:2a:1f:5d:df:92:eb:72:2e:c3:
         4e:dd:2a:3c:c4:86:5e:be:e8:ef:1b:28:ea:0f:38:3d:2f:ca:
         bf:42:83:63:c7:8f:08:af:7b:64:a0:66:60:75:3d:09:0b:56:
         6a:49:f9:b1:e9:01:46:59:4d:c7:7a:c0:77:20:d1:b5:dd:e8:
         62:25:51:60:06:56:ec:ba:ab:bc:22:db:95:1e:2e:d4:cd:9a:
         1e:4a:6a:2e:59:90:13:8a:74:0c:40:be:6c:49:26:5f:78:15:
         dd:f0:0a:b7:eb:01:08:f7:fe:b7:fc:2b:54:00:25:a2:37:a1:
         9c:a9:1a:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAIWI5UZUigy5FFLTM7LJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4OThkYjhjYjg2MWJiYmRkMWZiNzU2MmRlZjRkNzdkODY0
MmMzMjQwHhcNMjQwMTAxMTIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjRhYzA5ODU5ZmViNDFkODNlZmU5YWUxZjE4NDlkMTU5ODY1YzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZvSJXrAcnewo6nR2GyxBOKbTvi0
DVidDAN8mYDhghsOVuD89avgcFMsY1u2ph4lOXAekHpzyoHVqEw/Vu5P5+xL3QmX
bi3wAmVQLPliOL9iPn8RU6qpSvSi2p+PyMFIV6n2l9sYvfh3ZIrJaZ1sNSMOpb30
OXHnxVPBmD6I9IJoxoV8HwE9fr8irwHdf8E4Djn+GzRvb3zE9i6ptFmbr6BcrWIF
DF3hhH5CHJtw0GcVB+ehgukOKV2VgDOaSdM0PPmVcfdS1xEEXM4RCWITWpFHuBdE
9i/V0hH7lgLmYOBM9Jv7OOtlTvSaPQg0CmLxzekm7sj3UpwA4nhroRvs9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZKwJhZ/rQdg+/prh8YSdFZhlxcMB8GA1UdIwQY
MBaAFIiY24y4Ybu90ft1Yt70132GQsMkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUpqYmpMaGh1NzNSLTNWaTN2VFhmWVpDd3lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS85YTZjZjUtMTM0Mi00YzNiLTg3YWYt
MTYwYzI0YzY2NjMwLzEvTmtyQW1Gbi10QjJENy1tdUh4aEowVm1HWEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS85YTZjZjUtMTM0Mi00YzNiLTg3YWYtMTYwYzI0YzY2NjMw
LzEvaUpqYmpMaGh1NzNSLTNWaTN2VFhmWVpDd3lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8dcMA0G
CSqGSIb3DQEBCwUAA4IBAQArZcQ5W62x4ZPuXneFkpzO4r5ksDS/P0yUxZABGNch
Z6SOlsNGit2NAMnuy7MY/lsdWKiKySxrqZNLrUtIry9Psgk9pa5cMtOvjHN3oP+i
v44k/ZmL6NAs4cQQqRQjNbiYMgKCOy54PGZueG5rksr0OdjlPVKJArehnMStsNGR
gerVn6cVnO0qH13fkutyLsNO3So8xIZevujvGyjqDzg9L8q/QoNjx48Ir3tkoGZg
dT0JC1ZqSfmx6QFGWU3HesB3ING13ehiJVFgBlbsuqu8ItuVHi7UzZoeSmouWZAT
inQMQL5sSSZfeBXd8Aq36wEI9/63/CtUACWiN6GcqRpu
-----END CERTIFICATE-----