Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/wUNmbFk1v6u7xR5hCviVkBvUPgs.roa
File:                     wUNmbFk1v6u7xR5hCviVkBvUPgs.roa (raw, json)
Hash identifier:          Sh6tsWN215KDx7fXXwTV9jlvZ60RCPsCey5M9YPc/Qw=
Subject key identifier:   C1:43:66:6C:59:35:BF:AB:BB:C5:1E:61:0A:F8:95:90:1B:D4:3E:0B
Certificate issuer:       /CN=b6ed9b5cb4b64866c383dee4576bff3ff875242d
Certificate serial:       018CC3B6995E59E944C7E58E0C39624B279C
Authority key identifier: B6:ED:9B:5C:B4:B6:48:66:C3:83:DE:E4:57:6B:FF:3F:F8:75:24:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tu2bXLS2SGbDg97kV2v_P_h1JC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/wUNmbFk1v6u7xR5hCviVkBvUPgs.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41694
IP address blocks:        91.220.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/tu2bXLS2SGbDg97kV2v_P_h1JC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/tu2bXLS2SGbDg97kV2v_P_h1JC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tu2bXLS2SGbDg97kV2v_P_h1JC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:99:5e:59:e9:44:c7:e5:8e:0c:39:62:4b:27:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6ed9b5cb4b64866c383dee4576bff3ff875242d
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c143666c5935bfabbbc51e610af895901bd43e0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:86:f9:46:55:35:35:d6:60:d4:8e:fc:5b:59:
                    6c:75:01:c8:b1:fa:7d:44:6e:00:09:70:f2:58:ac:
                    0f:f5:b8:72:76:6a:92:f9:45:5b:42:c6:5d:5d:08:
                    81:cc:24:8c:cd:c4:32:b4:2e:31:60:01:f6:04:86:
                    a9:55:65:02:6f:6f:bd:e0:90:52:d1:12:03:fe:01:
                    3b:e4:ab:6b:fd:b0:6e:7e:2f:58:5d:13:63:e5:07:
                    c4:0a:02:c2:91:4b:0b:9c:60:56:51:4f:23:18:ca:
                    54:15:e1:03:30:44:13:84:62:e0:8d:06:28:6c:e2:
                    c6:be:a5:e7:53:94:8c:d4:a3:f2:92:b5:9f:ac:3a:
                    bf:2c:ef:84:59:7f:fd:0e:7e:18:3c:aa:f9:1b:c4:
                    cf:c0:1c:44:6b:ef:69:0c:dd:97:11:33:c5:22:a9:
                    c6:32:6e:6e:bf:60:db:46:2c:fb:77:f7:75:34:b8:
                    a1:0c:e7:df:bd:54:82:f0:00:2b:1f:1d:2e:56:79:
                    cb:fd:91:a6:42:1e:32:35:7b:3e:75:f7:fd:ab:44:
                    70:8d:99:83:91:9d:19:ee:43:23:b4:2b:6f:e7:b7:
                    97:00:f1:f0:7f:ec:c3:9b:94:0c:21:db:af:36:37:
                    79:b9:92:3d:d3:97:78:18:c5:69:d2:27:f5:2b:fd:
                    85:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:43:66:6C:59:35:BF:AB:BB:C5:1E:61:0A:F8:95:90:1B:D4:3E:0B
            X509v3 Authority Key Identifier:
                keyid:B6:ED:9B:5C:B4:B6:48:66:C3:83:DE:E4:57:6B:FF:3F:F8:75:24:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tu2bXLS2SGbDg97kV2v_P_h1JC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/wUNmbFk1v6u7xR5hCviVkBvUPgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/tu2bXLS2SGbDg97kV2v_P_h1JC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:e9:10:e8:dd:9b:fb:dc:bb:60:a5:7a:de:50:86:b5:7a:91:
         e4:9c:ba:3d:0b:e8:28:2b:68:67:b9:d6:01:a6:50:91:b4:fc:
         9b:c4:f5:36:1c:2e:82:57:ed:54:17:4d:e7:eb:75:b8:7c:65:
         bb:0f:3a:7a:0e:06:ba:f4:50:63:21:63:2d:69:74:95:bd:02:
         6f:05:09:5e:63:a9:ac:bd:cd:36:cb:45:66:a0:7d:a2:6d:18:
         7d:2b:97:c0:d3:12:e7:52:82:ed:ab:50:35:61:2e:94:59:73:
         20:ee:de:a8:48:52:1c:a8:2f:f1:55:e8:e6:76:3f:19:4e:e8:
         aa:10:c8:64:82:69:5b:63:ee:87:8f:21:8e:75:ea:a5:4c:d8:
         1a:86:c6:4f:ac:fc:b2:6d:96:41:62:91:9a:e1:52:ca:7f:50:
         18:ce:64:26:51:1c:ee:3a:84:ec:f4:38:3c:17:de:7e:94:cf:
         31:f7:8f:37:ba:b6:45:8a:71:3c:5b:07:38:b6:92:72:3f:33:
         e4:22:34:5a:59:4a:c2:ac:02:76:e8:8c:d8:f6:35:9c:a4:e3:
         4b:8e:a0:30:ca:6b:63:ee:d0:a7:4c:da:ba:77:29:d7:78:28:
         aa:e6:70:42:05:1d:d4:b8:8e:7d:75:91:8d:2c:b9:bd:f0:f3:
         b1:5f:a4:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpleWelEx+WODDliSyecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZWQ5YjVjYjRiNjQ4NjZjMzgzZGVlNDU3NmJmZjNmZjg3
NTI0MmQwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTQzNjY2YzU5MzViZmFiYmJjNTFlNjEwYWY4OTU5MDFiZDQzZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4b5RlU1NdZg1I78W1lsdQHIsfp9
RG4ACXDyWKwP9bhydmqS+UVbQsZdXQiBzCSMzcQytC4xYAH2BIapVWUCb2+94JBS
0RID/gE75Ktr/bBufi9YXRNj5QfECgLCkUsLnGBWUU8jGMpUFeEDMEQThGLgjQYo
bOLGvqXnU5SM1KPykrWfrDq/LO+EWX/9Dn4YPKr5G8TPwBxEa+9pDN2XETPFIqnG
Mm5uv2DbRiz7d/d1NLihDOffvVSC8AArHx0uVnnL/ZGmQh4yNXs+dff9q0RwjZmD
kZ0Z7kMjtCtv57eXAPHwf+zDm5QMIduvNjd5uZI905d4GMVp0if1K/2FOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFDZmxZNb+ru8UeYQr4lZAb1D4LMB8GA1UdIwQY
MBaAFLbtm1y0tkhmw4Pe5Fdr/z/4dSQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHUyYlhMUzJTR2JEZzk3a1Yydl9QX2gxSkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xNzFjZWEtM2Q3OC00NTEzLWFkNDkt
NWE5MDVhZjUwN2MzLzEvd1VObWJGazF2NnU3eFI1aEN2aVZrQnZVUGdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xNzFjZWEtM2Q3OC00NTEzLWFkNDktNWE5MDVhZjUwN2Mz
LzEvdHUyYlhMUzJTR2JEZzk3a1Yydl9QX2gxSkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ysMA0G
CSqGSIb3DQEBCwUAA4IBAQCW6RDo3Zv73LtgpXreUIa1epHknLo9C+goK2hnudYB
plCRtPybxPU2HC6CV+1UF03n63W4fGW7Dzp6Dga69FBjIWMtaXSVvQJvBQleY6ms
vc02y0VmoH2ibRh9K5fA0xLnUoLtq1A1YS6UWXMg7t6oSFIcqC/xVejmdj8ZTuiq
EMhkgmlbY+6HjyGOdeqlTNgahsZPrPyybZZBYpGa4VLKf1AYzmQmURzuOoTs9Dg8
F95+lM8x9483urZFinE8Wwc4tpJyPzPkIjRaWUrCrAJ26IzY9jWcpONLjqAwymtj
7tCnTNq6dynXeCiq5nBCBR3UuI59dZGNLLm98POxX6Sj
-----END CERTIFICATE-----