Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/M6WV1W01wejJgLdTMPSnkr93C0Y.roa
File:                     M6WV1W01wejJgLdTMPSnkr93C0Y.roa (raw, json)
Hash identifier:          Mabxk0eQyQvnNeE48KFOnhMrPPtl0WrC9usJu1Im+h0=
Subject key identifier:   33:A5:95:D5:6D:35:C1:E8:C9:80:B7:53:30:F4:A7:92:BF:77:0B:46
Certificate issuer:       /CN=6161470d39be4ba2dd5df8fa47b16396278e670a
Certificate serial:       018CC3493F29091B056F06EB96A3850F6480
Authority key identifier: 61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/M6WV1W01wejJgLdTMPSnkr93C0Y.roa
Signing time:             Mon 01 Jan 2024 04:30:06 +0000
ROA not before:           Mon 01 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199524
IP address blocks:        91.188.251.0/24 maxlen: 24
                          91.202.245.0/24 maxlen: 24
                          91.202.246.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3f:29:09:1b:05:6f:06:eb:96:a3:85:0f:64:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6161470d39be4ba2dd5df8fa47b16396278e670a
        Validity
            Not Before: Jan  1 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33a595d56d35c1e8c980b75330f4a792bf770b46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ca:31:68:e1:85:28:74:97:8e:42:22:65:a2:
                    bc:6d:8a:ca:10:c2:ff:03:c9:1d:70:b3:e7:91:c2:
                    47:1a:ab:71:d8:3f:06:8b:e8:24:7f:07:67:dc:90:
                    97:58:1c:22:bc:80:c6:45:92:14:4c:27:b2:02:27:
                    9b:f8:4f:98:0b:e9:47:91:3c:24:28:12:2c:90:db:
                    72:e5:6b:aa:d1:a3:b0:f6:63:09:bb:66:fc:b5:35:
                    79:a6:20:fb:9c:01:e7:54:82:d9:49:e4:fa:77:e0:
                    db:b6:05:a9:07:02:45:af:83:c5:3e:2e:3f:a1:a5:
                    1c:55:da:d1:71:9f:43:dc:00:e6:35:7c:43:05:57:
                    c3:de:1a:37:2c:a1:7d:b8:1b:cb:86:06:5c:a6:ba:
                    61:ba:c4:41:13:fc:e3:5d:61:4e:f5:d7:fe:f3:1a:
                    89:6a:c8:e1:c6:a1:be:a6:64:d9:56:9f:4e:e0:4e:
                    ed:0c:23:29:66:85:09:c8:04:8a:bf:db:3f:63:f8:
                    de:45:eb:6d:80:72:75:87:20:08:dc:f7:10:ed:7e:
                    ff:c4:79:1b:a8:83:39:ed:87:a3:24:ad:ba:42:25:
                    c1:1b:d6:19:31:39:1f:a7:24:60:df:71:c2:38:f2:
                    46:05:d2:ab:8a:85:8f:99:d5:91:ec:95:1e:fb:e1:
                    9c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:A5:95:D5:6D:35:C1:E8:C9:80:B7:53:30:F4:A7:92:BF:77:0B:46
            X509v3 Authority Key Identifier:
                keyid:61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/M6WV1W01wejJgLdTMPSnkr93C0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.251.0/24
                  91.202.245.0-91.202.247.255

    Signature Algorithm: sha256WithRSAEncryption
         c9:4d:26:2b:55:8b:18:9a:1e:cf:dc:ed:f0:22:9d:06:d4:10:
         ef:d4:8b:87:c3:66:fa:36:cb:8d:87:10:7e:e8:ac:10:98:1c:
         fd:3d:45:dd:5b:e5:e9:ed:6c:23:11:7f:59:e6:43:5f:5e:63:
         c3:d6:5b:64:77:e9:9b:98:06:03:98:7f:87:83:9b:94:7e:34:
         2a:7f:8c:07:83:a8:9d:9b:8d:01:31:56:ca:4a:71:f6:c8:8b:
         70:15:de:a8:32:3a:71:07:c3:56:83:f9:a3:29:e0:15:b3:60:
         59:14:d1:2a:ca:19:8e:d9:92:4d:56:e5:de:73:85:4f:68:cc:
         38:76:07:08:4f:18:84:1a:cb:0b:d9:cb:ba:bc:91:8b:4b:16:
         5e:62:a6:00:4f:b2:a4:ba:15:ca:8b:4e:39:ee:50:19:b3:8b:
         b0:35:a4:12:8e:0c:8c:c6:4c:43:f1:26:d1:f9:b5:1f:3a:72:
         93:c3:d7:37:63:4e:b5:00:a9:61:11:79:73:1a:a0:3e:ac:00:
         70:ca:96:2b:14:35:59:a7:06:b9:74:a1:d6:e6:8a:5c:e7:e2:
         1f:83:85:c2:e5:b3:e9:70:e2:d5:1e:bf:cf:d3:01:bc:27:e2:
         38:07:4c:12:e7:0c:15:90:71:77:74:70:db:72:7e:5b:3b:59:
         0c:86:79:53
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDST8pCRsFbwbrlqOFD2SAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNjE0NzBkMzliZTRiYTJkZDVkZjhmYTQ3YjE2Mzk2Mjc4
ZTY3MGEwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2E1OTVkNTZkMzVjMWU4Yzk4MGI3NTMzMGY0YTc5MmJmNzcwYjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8oxaOGFKHSXjkIiZaK8bYrKEML/
A8kdcLPnkcJHGqtx2D8Gi+gkfwdn3JCXWBwivIDGRZIUTCeyAieb+E+YC+lHkTwk
KBIskNty5Wuq0aOw9mMJu2b8tTV5piD7nAHnVILZSeT6d+DbtgWpBwJFr4PFPi4/
oaUcVdrRcZ9D3ADmNXxDBVfD3ho3LKF9uBvLhgZcprphusRBE/zjXWFO9df+8xqJ
asjhxqG+pmTZVp9O4E7tDCMpZoUJyASKv9s/Y/jeRettgHJ1hyAI3PcQ7X7/xHkb
qIM57YejJK26QiXBG9YZMTkfpyRg33HCOPJGBdKrioWPmdWR7JUe++GcYQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDOlldVtNcHoyYC3UzD0p5K/dwtGMB8GA1UdIwQY
MBaAFGFhRw05vkui3V34+kexY5YnjmcKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTkt
YzI0MGJmYzljYmMxLzEvTTZXVjFXMDF3ZWpKZ0xkVE1QU25rcjkzQzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTktYzI0MGJmYzljYmMx
LzEvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAW7z7MAwD
BABbyvUDBANbyvAwDQYJKoZIhvcNAQELBQADggEBAMlNJitVixiaHs/c7fAinQbU
EO/Ui4fDZvo2y42HEH7orBCYHP09Rd1b5entbCMRf1nmQ19eY8PWW2R36ZuYBgOY
f4eDm5R+NCp/jAeDqJ2bjQExVspKcfbIi3AV3qgyOnEHw1aD+aMp4BWzYFkU0SrK
GY7Zkk1W5d5zhU9ozDh2BwhPGIQaywvZy7q8kYtLFl5ipgBPsqS6FcqLTjnuUBmz
i7A1pBKODIzGTEPxJtH5tR86cpPD1zdjTrUAqWEReXMaoD6sAHDKlisUNVmnBrl0
odbmilzn4h+DhcLls+lw4tUev8/TAbwn4jgHTBLnDBWQcXd0cNtyfls7WQyGeVM=
-----END CERTIFICATE-----