Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/f0f5ff-a820-4dba-8ee1-cda57426de22/1/NAcaDz0vy4rMXI8YltGH341f-i8.roa
File:                     NAcaDz0vy4rMXI8YltGH341f-i8.roa (raw, json)
Hash identifier:          vOzF8ku+YoJQtEa9SmG9PyQHs6Mv9Qh+WVqwM3VjhSg=
Subject key identifier:   34:07:1A:0F:3D:2F:CB:8A:CC:5C:8F:18:96:D1:87:DF:8D:5F:FA:2F
Certificate issuer:       /CN=480423aa17d04f56c690040345d6762bbfd1f88b
Certificate serial:       018CC64B0BA5F8B9D703FB134A39CB2B817C
Authority key identifier: 48:04:23:AA:17:D0:4F:56:C6:90:04:03:45:D6:76:2B:BF:D1:F8:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAQjqhfQT1bGkAQDRdZ2K7_R-Is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/f0f5ff-a820-4dba-8ee1-cda57426de22/1/NAcaDz0vy4rMXI8YltGH341f-i8.roa
Signing time:             Mon 01 Jan 2024 18:30:56 +0000
ROA not before:           Mon 01 Jan 2024 18:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48593
IP address blocks:        91.209.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/f0f5ff-a820-4dba-8ee1-cda57426de22/1/SAQjqhfQT1bGkAQDRdZ2K7_R-Is.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/f0f5ff-a820-4dba-8ee1-cda57426de22/1/SAQjqhfQT1bGkAQDRdZ2K7_R-Is.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAQjqhfQT1bGkAQDRdZ2K7_R-Is.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:0b:a5:f8:b9:d7:03:fb:13:4a:39:cb:2b:81:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=480423aa17d04f56c690040345d6762bbfd1f88b
        Validity
            Not Before: Jan  1 18:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34071a0f3d2fcb8acc5c8f1896d187df8d5ffa2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:66:b8:3f:d8:a2:c0:b5:28:28:1e:b0:cf:14:
                    41:c9:f1:a7:5b:98:80:d0:3a:78:3c:eb:63:00:d8:
                    9b:1c:ce:f5:9d:ba:bd:d7:12:ba:d1:97:ea:12:ee:
                    3b:17:87:2f:06:a8:1d:f5:24:ea:61:8e:7b:43:fd:
                    e2:8d:e1:bf:aa:81:30:04:d2:9f:ee:e5:cd:72:97:
                    ac:7f:8f:01:42:2c:cc:3f:30:99:fe:97:5a:53:ee:
                    f6:8e:1f:3d:bf:ea:99:35:c1:41:b8:b5:8f:b3:b3:
                    13:89:0c:56:dc:70:7f:44:7d:7f:34:4d:1b:f8:0d:
                    ee:06:e4:9f:c5:b7:0a:3e:44:0f:9b:ab:aa:ad:be:
                    11:84:f1:a7:27:5a:6f:88:1f:92:09:16:ac:a9:25:
                    50:f5:48:f2:ab:d8:3d:f9:6c:f4:0d:16:6f:c5:26:
                    69:05:88:13:10:76:92:d2:4e:dd:36:89:cd:da:1e:
                    46:cf:42:0c:b4:b2:22:25:0d:ef:f5:92:51:3a:ad:
                    56:9a:67:2a:9e:7c:3c:e5:02:0b:44:ae:44:c4:ec:
                    9c:ba:17:0d:0b:d8:3f:99:d3:81:db:69:ce:14:28:
                    d3:ca:d2:e4:c9:f5:3a:ec:57:9a:fe:1f:69:12:a8:
                    3a:fb:89:ad:56:a1:f8:25:e0:ec:a2:de:d7:ee:fe:
                    ac:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:07:1A:0F:3D:2F:CB:8A:CC:5C:8F:18:96:D1:87:DF:8D:5F:FA:2F
            X509v3 Authority Key Identifier:
                keyid:48:04:23:AA:17:D0:4F:56:C6:90:04:03:45:D6:76:2B:BF:D1:F8:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAQjqhfQT1bGkAQDRdZ2K7_R-Is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/f0f5ff-a820-4dba-8ee1-cda57426de22/1/NAcaDz0vy4rMXI8YltGH341f-i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/f0f5ff-a820-4dba-8ee1-cda57426de22/1/SAQjqhfQT1bGkAQDRdZ2K7_R-Is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:f5:4c:0c:16:58:fb:a2:58:a1:75:8f:d3:de:f3:f5:f8:b5:
         38:f1:2d:06:f4:d1:d0:b1:77:03:3c:5c:1c:83:b3:3f:9e:5b:
         ba:30:14:59:38:f0:e0:9a:26:83:42:14:4b:2a:2b:70:bf:29:
         b9:86:9b:f0:3f:68:71:1c:08:4b:ad:57:08:7f:ff:8b:b6:80:
         92:45:80:36:a6:5a:14:8d:43:f0:8d:3c:dd:f8:98:54:7b:15:
         9d:a8:e2:5b:02:c1:dd:7b:74:fd:07:ad:7d:6e:e8:46:74:b9:
         ec:1f:3d:00:85:9f:1a:a1:86:6e:91:98:07:83:58:77:32:d3:
         d7:8f:0a:97:89:9c:7d:04:21:e3:ea:94:ce:33:3c:8d:ca:30:
         a2:d7:cc:ad:51:ff:9d:d4:4d:f9:05:e4:2c:45:1a:82:07:e0:
         49:39:8d:77:1b:ab:10:97:60:7d:fa:2f:e4:bb:c8:9e:fb:a8:
         c6:f8:a1:3d:7c:7b:26:32:2d:34:11:b6:29:6c:20:97:bf:15:
         2d:52:42:ad:80:20:b9:8a:83:8b:57:99:36:52:27:25:47:e4:
         73:68:55:69:55:2a:3e:3f:ab:3a:56:d1:0d:50:1d:08:21:0d:
         0d:7a:f7:a1:5c:67:77:11:37:85:1c:7d:2d:90:0c:d7:23:fc:
         78:72:a9:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwul+LnXA/sTSjnLK4F8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDQyM2FhMTdkMDRmNTZjNjkwMDQwMzQ1ZDY3NjJiYmZk
MWY4OGIwHhcNMjQwMTAxMTgzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDA3MWEwZjNkMmZjYjhhY2M1YzhmMTg5NmQxODdkZjhkNWZmYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWa4P9iiwLUoKB6wzxRByfGnW5iA
0Dp4POtjANibHM71nbq91xK60ZfqEu47F4cvBqgd9STqYY57Q/3ijeG/qoEwBNKf
7uXNcpesf48BQizMPzCZ/pdaU+72jh89v+qZNcFBuLWPs7MTiQxW3HB/RH1/NE0b
+A3uBuSfxbcKPkQPm6uqrb4RhPGnJ1pviB+SCRasqSVQ9Ujyq9g9+Wz0DRZvxSZp
BYgTEHaS0k7dNonN2h5Gz0IMtLIiJQ3v9ZJROq1Wmmcqnnw85QILRK5ExOycuhcN
C9g/mdOB22nOFCjTytLkyfU67Fea/h9pEqg6+4mtVqH4JeDsot7X7v6sjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQHGg89L8uKzFyPGJbRh9+NX/ovMB8GA1UdIwQY
MBaAFEgEI6oX0E9WxpAEA0XWdiu/0fiLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FRanFoZlFUMWJHa0FRRFJkWjJLN19SLUlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9mMGY1ZmYtYTgyMC00ZGJhLThlZTEt
Y2RhNTc0MjZkZTIyLzEvTkFjYUR6MHZ5NHJNWEk4WWx0R0gzNDFmLWk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9mMGY1ZmYtYTgyMC00ZGJhLThlZTEtY2RhNTc0MjZkZTIy
LzEvU0FRanFoZlFUMWJHa0FRRFJkWjJLN19SLUlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9HDMA0G
CSqGSIb3DQEBCwUAA4IBAQBl9UwMFlj7olihdY/T3vP1+LU48S0G9NHQsXcDPFwc
g7M/nlu6MBRZOPDgmiaDQhRLKitwvym5hpvwP2hxHAhLrVcIf/+LtoCSRYA2ploU
jUPwjTzd+JhUexWdqOJbAsHde3T9B619buhGdLnsHz0AhZ8aoYZukZgHg1h3MtPX
jwqXiZx9BCHj6pTOMzyNyjCi18ytUf+d1E35BeQsRRqCB+BJOY13G6sQl2B9+i/k
u8ie+6jG+KE9fHsmMi00EbYpbCCXvxUtUkKtgCC5ioOLV5k2UiclR+RzaFVpVSo+
P6s6VtENUB0IIQ0NevehXGd3ETeFHH0tkAzXI/x4cqnb
-----END CERTIFICATE-----