Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/aJrwTYG3M2tXYXr5k67S4ji7iVE.roa
File:                     aJrwTYG3M2tXYXr5k67S4ji7iVE.roa (raw, json)
Hash identifier:          ecrnOJRsAKZ6IlcSjxSEAbClgKmQYeS/aWpiERx93yw=
Subject key identifier:   68:9A:F0:4D:81:B7:33:6B:57:61:7A:F9:93:AE:D2:E2:38:BB:89:51
Certificate issuer:       /CN=9ba94bc14937bb0b3632374355a446724104a981
Certificate serial:       01930B609E5205B9B5A3DA34F82D516CECE1
Authority key identifier: 9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/aJrwTYG3M2tXYXr5k67S4ji7iVE.roa
Signing time:             Fri 08 Nov 2024 10:45:01 +0000
ROA not before:           Fri 08 Nov 2024 10:45:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207957
IP address blocks:        91.196.32.0/24 maxlen: 24
                          91.196.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0b:60:9e:52:05:b9:b5:a3:da:34:f8:2d:51:6c:ec:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ba94bc14937bb0b3632374355a446724104a981
        Validity
            Not Before: Nov  8 10:45:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=689af04d81b7336b57617af993aed2e238bb8951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:64:41:7a:ad:a0:8f:9a:06:6e:ae:8c:86:27:
                    06:af:d7:83:b8:0c:96:54:8d:0d:17:95:0f:8a:33:
                    96:a5:e6:44:8d:05:4b:37:7f:56:3e:0c:eb:df:96:
                    1d:fa:67:45:de:04:cf:1b:d5:58:03:c5:fb:ae:58:
                    9b:13:0f:86:e2:0e:be:9a:1f:8a:32:51:21:f2:a1:
                    81:15:07:d2:11:e9:35:fd:b3:48:df:00:0d:0c:10:
                    66:36:36:12:5d:73:19:bf:90:33:d0:b5:e8:9f:1b:
                    fb:dd:26:b4:f4:45:5a:3f:bc:5c:49:7e:fa:45:53:
                    ca:3f:e6:cb:01:a3:37:6c:99:e9:2f:d3:8b:7a:e1:
                    72:04:89:e0:ec:42:f8:af:45:51:92:f7:56:d0:31:
                    4d:e3:18:0d:01:7d:35:64:c3:e0:75:b6:8c:be:df:
                    78:d8:07:5b:8d:4f:ab:38:b6:c1:4a:64:32:7d:a2:
                    3f:26:97:85:b2:d3:51:88:95:c7:ef:4d:55:e2:18:
                    8a:2d:d9:3a:81:42:9e:a3:f0:f3:07:2b:42:b9:8d:
                    b6:3a:52:b1:1a:7d:23:6f:8e:14:a3:bf:fc:69:ef:
                    c4:04:88:ae:d3:38:1e:e0:e2:11:cb:ed:ad:e6:90:
                    be:35:2b:b4:02:c7:83:2e:d6:cc:89:94:63:f0:e3:
                    f1:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:9A:F0:4D:81:B7:33:6B:57:61:7A:F9:93:AE:D2:E2:38:BB:89:51
            X509v3 Authority Key Identifier:
                keyid:9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/aJrwTYG3M2tXYXr5k67S4ji7iVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:f6:e0:c5:2b:c8:0b:0f:7d:7d:07:43:31:fb:0f:35:eb:e5:
         80:bf:f7:6f:ac:d0:8f:99:7b:13:11:1f:44:cd:e2:6a:f9:20:
         40:0d:01:e0:b8:9f:72:47:57:d0:05:34:69:40:b2:b6:73:af:
         fd:28:9d:df:2c:8f:47:5e:65:97:d8:fc:93:31:84:2f:26:c3:
         e1:b0:34:f8:24:57:04:d2:6b:fd:09:f8:67:cc:f4:52:19:a1:
         1b:43:41:50:01:35:97:3b:c6:e9:0e:9e:45:b8:e6:de:da:f3:
         fc:16:8a:90:5a:ee:74:df:1b:56:66:24:3b:64:dd:a9:06:cc:
         2f:b5:85:9b:84:ca:64:bb:dd:47:5a:ec:4e:54:73:f5:8d:b7:
         e7:29:de:2e:75:d0:53:b8:5b:15:ba:28:90:bd:84:c8:d8:79:
         f0:f0:b6:27:f3:c3:f8:74:65:22:27:98:af:c7:c9:81:f9:55:
         01:83:ab:f4:f4:75:5b:55:93:5e:a6:d8:a7:9d:0d:81:98:67:
         cd:04:1f:ba:87:58:24:66:3a:48:19:14:bf:ef:28:b5:0b:1b:
         dc:25:d9:2b:e7:f1:bb:d3:8c:76:d7:fd:c4:61:ca:ca:f8:34:
         d8:90:5e:9f:7c:03:bc:14:7d:95:dd:b5:6e:3a:4b:30:1a:e6:
         ea:10:01:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMLYJ5SBbm1o9o0+C1RbOzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYTk0YmMxNDkzN2JiMGIzNjMyMzc0MzU1YTQ0NjcyNDEw
NGE5ODEwHhcNMjQxMTA4MTA0NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODlhZjA0ZDgxYjczMzZiNTc2MTdhZjk5M2FlZDJlMjM4YmI4OTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GRBeq2gj5oGbq6MhicGr9eDuAyW
VI0NF5UPijOWpeZEjQVLN39WPgzr35Yd+mdF3gTPG9VYA8X7rlibEw+G4g6+mh+K
MlEh8qGBFQfSEek1/bNI3wANDBBmNjYSXXMZv5Az0LXonxv73Sa09EVaP7xcSX76
RVPKP+bLAaM3bJnpL9OLeuFyBIng7EL4r0VRkvdW0DFN4xgNAX01ZMPgdbaMvt94
2AdbjU+rOLbBSmQyfaI/JpeFstNRiJXH701V4hiKLdk6gUKeo/DzBytCuY22OlKx
Gn0jb44Uo7/8ae/EBIiu0zge4OIRy+2t5pC+NSu0AseDLtbMiZRj8OPx6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGia8E2BtzNrV2F6+ZOu0uI4u4lRMB8GA1UdIwQY
MBaAFJupS8FJN7sLNjI3Q1WkRnJBBKmBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTkt
ODM2YzMxMmFjOGMyLzEvYUpyd1RZRzNNMnRYWVhyNWs2N1M0amk3aVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTktODM2YzMxMmFjOGMy
LzEvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8QgMA0G
CSqGSIb3DQEBCwUAA4IBAQAT9uDFK8gLD319B0Mx+w816+WAv/dvrNCPmXsTER9E
zeJq+SBADQHguJ9yR1fQBTRpQLK2c6/9KJ3fLI9HXmWX2PyTMYQvJsPhsDT4JFcE
0mv9CfhnzPRSGaEbQ0FQATWXO8bpDp5FuObe2vP8FoqQWu503xtWZiQ7ZN2pBswv
tYWbhMpku91HWuxOVHP1jbfnKd4uddBTuFsVuiiQvYTI2Hnw8LYn88P4dGUiJ5iv
x8mB+VUBg6v09HVbVZNeptinnQ2BmGfNBB+6h1gkZjpIGRS/7yi1CxvcJdkr5/G7
04x21/3EYcrK+DTYkF6ffAO8FH2V3bVuOkswGubqEAG7
-----END CERTIFICATE-----