Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/lsZBBwbjHYLpw1P2KFOzZKOHtQU.roa
File:                     lsZBBwbjHYLpw1P2KFOzZKOHtQU.roa (raw, json)
Hash identifier:          qW5oDNpt5oAHpRBgXurXHzUR1VVUCW3I55KyRWhwCso=
Subject key identifier:   96:C6:41:07:06:E3:1D:82:E9:C3:53:F6:28:53:B3:64:A3:87:B5:05
Certificate issuer:       /CN=9e1533c4702c2ccb5a9e0e87ab27ad56b15f2c76
Certificate serial:       018CC8DEDF3FC8E8B1D3D3BDCDD6070EEF5A
Authority key identifier: 9E:15:33:C4:70:2C:2C:CB:5A:9E:0E:87:AB:27:AD:56:B1:5F:2C:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/lsZBBwbjHYLpw1P2KFOzZKOHtQU.roa
Signing time:             Tue 02 Jan 2024 06:31:38 +0000
ROA not before:           Tue 02 Jan 2024 06:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64445
IP address blocks:        91.193.55.0/24 maxlen: 24
                          2a12:e6c0::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:df:3f:c8:e8:b1:d3:d3:bd:cd:d6:07:0e:ef:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e1533c4702c2ccb5a9e0e87ab27ad56b15f2c76
        Validity
            Not Before: Jan  2 06:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96c6410706e31d82e9c353f62853b364a387b505
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9c:a3:31:06:c1:82:a8:7b:54:b3:8b:2d:06:
                    9b:50:94:9b:4e:28:67:a7:b0:ae:4d:82:66:bd:a5:
                    91:10:0f:41:b2:c7:f4:ec:cb:b8:73:7a:6d:41:a8:
                    5b:e4:a8:0a:46:d4:61:83:c6:da:a7:64:a2:fd:8e:
                    eb:5b:9a:94:01:59:c5:67:df:fe:64:80:0b:79:83:
                    cf:ce:be:52:c0:35:2d:bc:03:43:65:de:0b:47:0f:
                    43:97:e2:a6:55:34:10:42:4f:ad:2d:20:5c:40:f5:
                    e3:88:d1:c9:d8:e0:80:d8:9f:0d:ae:81:bf:e8:30:
                    6b:dd:53:6e:ba:d8:4c:3a:25:97:0a:64:9b:d4:55:
                    3c:92:cf:19:19:02:6e:0c:98:21:65:ef:b4:d9:15:
                    b5:b8:bd:10:00:a0:cf:51:a8:f5:41:41:ce:9a:2e:
                    52:11:2a:b2:bc:e3:fb:86:be:d4:bc:c3:33:42:f5:
                    1e:e3:5f:9e:f9:4e:e5:3d:fb:1e:91:61:07:cd:f5:
                    7c:8c:2a:41:93:11:7f:92:d6:f2:25:ad:2b:af:96:
                    12:e5:4d:32:0b:31:0c:2c:22:75:b2:d2:ce:cd:5f:
                    ab:aa:34:70:f6:3a:67:45:1d:cc:cc:16:0f:27:7e:
                    a6:c3:a4:f1:b4:c2:7e:69:79:db:47:e4:03:4e:5c:
                    16:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:C6:41:07:06:E3:1D:82:E9:C3:53:F6:28:53:B3:64:A3:87:B5:05
            X509v3 Authority Key Identifier:
                keyid:9E:15:33:C4:70:2C:2C:CB:5A:9E:0E:87:AB:27:AD:56:B1:5F:2C:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/lsZBBwbjHYLpw1P2KFOzZKOHtQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.55.0/24
                IPv6:
                  2a12:e6c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:bd:b2:f1:18:b1:1d:22:69:a3:89:37:fe:94:fe:d8:dc:79:
         1d:6c:07:40:95:4c:f6:40:60:3e:35:2c:7e:e7:56:8b:40:db:
         ca:c4:8a:e7:c3:a6:f1:77:0d:5f:66:35:db:fb:34:59:6d:c2:
         6e:46:88:35:b6:8e:2b:82:e8:0b:eb:c2:51:03:db:92:f8:10:
         27:07:ac:e6:9c:1c:c9:c7:b0:79:2c:13:87:77:7b:d6:f1:51:
         b5:95:de:63:3a:ce:b6:0c:85:b3:f8:b4:1a:ba:09:af:46:0f:
         ca:74:18:e5:de:92:0d:9e:83:f5:2d:b4:1f:7a:f6:0c:d3:8a:
         32:c7:2b:b0:a0:1f:22:ff:bc:df:7e:a7:0e:0e:bf:1e:e5:31:
         8c:96:d7:23:d7:67:d1:59:cf:45:2e:fb:96:52:9c:f9:a7:00:
         9d:46:4f:0c:f6:c9:d9:42:c8:47:5e:f1:84:1e:05:51:6d:fa:
         23:fa:e7:ab:1e:78:db:7b:9b:e8:9a:dc:bc:8a:c4:f5:52:b6:
         03:c7:37:5b:f0:b6:75:1c:6d:55:c6:55:d0:5b:66:eb:70:cf:
         9b:80:eb:69:d4:5c:35:55:cc:47:f3:e4:f2:de:54:4b:21:86:
         53:f1:c0:ab:e7:db:ae:3a:a2:a4:40:bc:a9:a8:ab:62:f3:46:
         cd:51:32:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3t8/yOix09O9zdYHDu9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMTUzM2M0NzAyYzJjY2I1YTllMGU4N2FiMjdhZDU2YjE1
ZjJjNzYwHhcNMjQwMTAyMDYzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmM2NDEwNzA2ZTMxZDgyZTljMzUzZjYyODUzYjM2NGEzODdiNTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJyjMQbBgqh7VLOLLQabUJSbTihn
p7CuTYJmvaWREA9Bssf07Mu4c3ptQahb5KgKRtRhg8bap2Si/Y7rW5qUAVnFZ9/+
ZIALeYPPzr5SwDUtvANDZd4LRw9Dl+KmVTQQQk+tLSBcQPXjiNHJ2OCA2J8NroG/
6DBr3VNuuthMOiWXCmSb1FU8ks8ZGQJuDJghZe+02RW1uL0QAKDPUaj1QUHOmi5S
ESqyvOP7hr7UvMMzQvUe41+e+U7lPfsekWEHzfV8jCpBkxF/ktbyJa0rr5YS5U0y
CzEMLCJ1stLOzV+rqjRw9jpnRR3MzBYPJ36mw6TxtMJ+aXnbR+QDTlwWJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJbGQQcG4x2C6cNT9ihTs2Sjh7UFMB8GA1UdIwQY
MBaAFJ4VM8RwLCzLWp4Oh6snrVaxXyx2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmhVenhIQXNMTXRhbmc2SHF5ZXRWckZmTEhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8yNjg4YjYtZGE3MC00YWJkLThmNTkt
MWE4MzFiNTk5YzE4LzEvbHNaQkJ3YmpIWUxwdzFQMktGT3paS09IdFFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8yNjg4YjYtZGE3MC00YWJkLThmNTktMWE4MzFiNTk5YzE4
LzEvbmhVenhIQXNMTXRhbmc2SHF5ZXRWckZmTEhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8E3MA0E
AgACMAcDBQAqEubAMA0GCSqGSIb3DQEBCwUAA4IBAQAyvbLxGLEdImmjiTf+lP7Y
3HkdbAdAlUz2QGA+NSx+51aLQNvKxIrnw6bxdw1fZjXb+zRZbcJuRog1to4rgugL
68JRA9uS+BAnB6zmnBzJx7B5LBOHd3vW8VG1ld5jOs62DIWz+LQaugmvRg/KdBjl
3pINnoP1LbQfevYM04oyxyuwoB8i/7zffqcODr8e5TGMltcj12fRWc9FLvuWUpz5
pwCdRk8M9snZQshHXvGEHgVRbfoj+uerHnjbe5vomty8isT1UrYDxzdb8LZ1HG1V
xlXQW2brcM+bgOtp1Fw1VcxH8+Ty3lRLIYZT8cCr59uuOqKkQLypqKti80bNUTJ9
-----END CERTIFICATE-----