Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/a2ce64-33af-45fe-90eb-89d2611a95db/1/9S-RmcUjSEJdeX-arq9R1M4Eqs0.roa
File:                     9S-RmcUjSEJdeX-arq9R1M4Eqs0.roa (raw, json)
Hash identifier:          bMj7HCcav5zZeIEbfKV8Khn3XvfjKI0s3SRyPkFvpIg=
Subject key identifier:   F5:2F:91:99:C5:23:48:42:5D:79:7F:9A:AE:AF:51:D4:CE:04:AA:CD
Certificate issuer:       /CN=28c2202a443537fb8fb280567a17485f1230c411
Certificate serial:       018CC2DB12BF37E52B367C8F184D0F4669DB
Authority key identifier: 28:C2:20:2A:44:35:37:FB:8F:B2:80:56:7A:17:48:5F:12:30:C4:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KMIgKkQ1N_uPsoBWehdIXxIwxBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/a2ce64-33af-45fe-90eb-89d2611a95db/1/9S-RmcUjSEJdeX-arq9R1M4Eqs0.roa
Signing time:             Mon 01 Jan 2024 02:29:46 +0000
ROA not before:           Mon 01 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51926
IP address blocks:        91.220.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/a2ce64-33af-45fe-90eb-89d2611a95db/1/KMIgKkQ1N_uPsoBWehdIXxIwxBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/a2ce64-33af-45fe-90eb-89d2611a95db/1/KMIgKkQ1N_uPsoBWehdIXxIwxBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KMIgKkQ1N_uPsoBWehdIXxIwxBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:12:bf:37:e5:2b:36:7c:8f:18:4d:0f:46:69:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28c2202a443537fb8fb280567a17485f1230c411
        Validity
            Not Before: Jan  1 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f52f9199c52348425d797f9aaeaf51d4ce04aacd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c6:0c:8f:5a:50:db:7b:bd:ca:4d:c1:6e:47:
                    d7:bb:70:44:c3:d1:a0:96:c1:9b:b3:f6:01:6d:ba:
                    c0:0c:4a:4d:40:c5:ad:32:ab:20:33:27:00:26:66:
                    db:d3:bb:bd:1a:e6:3d:a1:f8:f5:0e:a9:6c:fa:ca:
                    4b:4e:05:c0:85:46:6e:e8:ce:6a:ed:21:21:b3:30:
                    cb:a2:de:00:13:e3:85:19:73:12:f2:c9:be:35:a6:
                    e4:cc:2d:04:26:79:15:82:a9:94:ae:4a:1e:47:56:
                    4c:ec:3e:71:70:1c:03:bb:c3:6d:f2:69:a9:a9:80:
                    ac:f0:7f:1b:8c:c4:f8:b6:db:4f:63:05:02:41:a2:
                    09:47:16:e9:a4:ac:ed:e6:80:9f:ea:61:40:95:1d:
                    cf:d0:bd:7b:45:fa:03:96:b7:10:39:2e:5a:e2:de:
                    a8:65:21:9b:e9:a5:e0:0f:1c:6c:89:ae:90:f5:2b:
                    49:a7:c8:b8:34:2e:48:1f:a5:1a:de:da:47:0c:17:
                    ec:0e:5e:d6:3b:a9:8c:01:8c:41:83:77:4b:87:be:
                    6b:0c:4c:eb:8c:ef:cb:dd:76:54:3b:24:d9:33:6a:
                    d5:a7:8e:fe:97:10:b0:23:96:3b:38:26:c9:9b:19:
                    2c:d8:9c:7b:38:fd:b5:1e:f4:fa:04:b0:96:24:70:
                    c4:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2F:91:99:C5:23:48:42:5D:79:7F:9A:AE:AF:51:D4:CE:04:AA:CD
            X509v3 Authority Key Identifier:
                keyid:28:C2:20:2A:44:35:37:FB:8F:B2:80:56:7A:17:48:5F:12:30:C4:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KMIgKkQ1N_uPsoBWehdIXxIwxBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/a2ce64-33af-45fe-90eb-89d2611a95db/1/9S-RmcUjSEJdeX-arq9R1M4Eqs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/a2ce64-33af-45fe-90eb-89d2611a95db/1/KMIgKkQ1N_uPsoBWehdIXxIwxBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:1e:bd:e8:ff:7c:00:91:2d:6b:80:01:81:9a:cf:6d:e7:e2:
         a7:9a:c8:a2:b5:c0:94:9e:bb:41:dd:a1:5f:ca:28:e1:21:c6:
         f6:93:b2:f9:2e:5f:d7:03:4a:cc:37:1c:6e:40:d1:d0:80:30:
         f8:3e:f0:11:42:74:17:f0:f0:72:5d:96:8f:b3:88:31:cd:df:
         45:2e:d0:be:6f:2e:da:f9:c8:07:3a:e9:3f:bb:be:0e:b4:a9:
         e4:4f:58:4c:a0:c9:a7:bd:23:8a:89:26:38:a7:c6:9c:c9:e0:
         21:36:45:62:3e:fc:6c:f5:43:4d:fd:83:87:02:0f:34:81:98:
         93:e2:5a:9c:96:53:03:1f:86:af:da:14:58:0d:70:67:7c:20:
         5f:b8:0d:57:a8:7b:b2:6c:d1:84:82:85:bf:c8:e4:12:15:48:
         19:59:77:46:76:fb:26:27:f2:ae:2e:a6:74:84:11:fa:26:21:
         54:bf:e2:a8:da:19:96:af:85:f4:aa:14:02:97:59:3d:2a:8c:
         17:c0:c2:17:14:03:b8:d3:4f:c4:eb:74:17:3c:1d:01:02:fa:
         ec:77:59:b7:e0:f2:9b:84:19:6f:51:e9:ee:f7:e1:75:b4:4c:
         98:01:c0:fc:ef:df:b2:de:cb:c4:48:64:25:49:c7:45:30:40:
         d7:51:57:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xK/N+UrNnyPGE0PRmnbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YzIyMDJhNDQzNTM3ZmI4ZmIyODA1NjdhMTc0ODVmMTIz
MGM0MTEwHhcNMjQwMTAxMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTJmOTE5OWM1MjM0ODQyNWQ3OTdmOWFhZWFmNTFkNGNlMDRhYWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsYMj1pQ23u9yk3BbkfXu3BEw9Gg
lsGbs/YBbbrADEpNQMWtMqsgMycAJmbb07u9GuY9ofj1Dqls+spLTgXAhUZu6M5q
7SEhszDLot4AE+OFGXMS8sm+NabkzC0EJnkVgqmUrkoeR1ZM7D5xcBwDu8Nt8mmp
qYCs8H8bjMT4tttPYwUCQaIJRxbppKzt5oCf6mFAlR3P0L17RfoDlrcQOS5a4t6o
ZSGb6aXgDxxsia6Q9StJp8i4NC5IH6Ua3tpHDBfsDl7WO6mMAYxBg3dLh75rDEzr
jO/L3XZUOyTZM2rVp47+lxCwI5Y7OCbJmxks2Jx7OP21HvT6BLCWJHDEcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUvkZnFI0hCXXl/mq6vUdTOBKrNMB8GA1UdIwQY
MBaAFCjCICpENTf7j7KAVnoXSF8SMMQRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS01JZ0trUTFOX3VQc29CV2VoZElYeEl3eEJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9hMmNlNjQtMzNhZi00NWZlLTkwZWIt
ODlkMjYxMWE5NWRiLzEvOVMtUm1jVWpTRUpkZVgtYXJxOVIxTTRFcXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9hMmNlNjQtMzNhZi00NWZlLTkwZWItODlkMjYxMWE5NWRi
LzEvS01JZ0trUTFOX3VQc29CV2VoZElYeEl3eEJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ygMA0G
CSqGSIb3DQEBCwUAA4IBAQBWHr3o/3wAkS1rgAGBms9t5+KnmsiitcCUnrtB3aFf
yijhIcb2k7L5Ll/XA0rMNxxuQNHQgDD4PvARQnQX8PByXZaPs4gxzd9FLtC+by7a
+cgHOuk/u74OtKnkT1hMoMmnvSOKiSY4p8acyeAhNkViPvxs9UNN/YOHAg80gZiT
4lqcllMDH4av2hRYDXBnfCBfuA1XqHuybNGEgoW/yOQSFUgZWXdGdvsmJ/KuLqZ0
hBH6JiFUv+Ko2hmWr4X0qhQCl1k9KowXwMIXFAO400/E63QXPB0BAvrsd1m34PKb
hBlvUenu9+F1tEyYAcD879+y3svESGQlScdFMEDXUVcm
-----END CERTIFICATE-----