Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/NhmmbS5mMOyhowg08CHuI0d0u-o.roa
File:                     NhmmbS5mMOyhowg08CHuI0d0u-o.roa (raw, json)
Hash identifier:          l1BWwK8gX0iLCvKZdunwD5dX1YeycpzS0i126ZqMf+Q=
Subject key identifier:   36:19:A6:6D:2E:66:30:EC:A1:A3:08:34:F0:21:EE:23:47:74:BB:EA
Certificate issuer:       /CN=326f51ca23982103ffe34f9890d0b74e8fa781af
Certificate serial:       018CC500C61EA65842B290A38CC0CD7E83B6
Authority key identifier: 32:6F:51:CA:23:98:21:03:FF:E3:4F:98:90:D0:B7:4E:8F:A7:81:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mm9RyiOYIQP_40-YkNC3To-nga8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/NhmmbS5mMOyhowg08CHuI0d0u-o.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57689
IP address blocks:        91.213.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/Mm9RyiOYIQP_40-YkNC3To-nga8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/Mm9RyiOYIQP_40-YkNC3To-nga8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mm9RyiOYIQP_40-YkNC3To-nga8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c6:1e:a6:58:42:b2:90:a3:8c:c0:cd:7e:83:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=326f51ca23982103ffe34f9890d0b74e8fa781af
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3619a66d2e6630eca1a30834f021ee234774bbea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:70:8b:8a:37:d3:f3:db:f8:b6:ae:ef:e2:bf:
                    cb:22:af:27:94:ed:75:3e:b8:aa:98:ad:f3:4f:47:
                    30:a4:58:0b:fc:dd:99:d5:0d:85:50:1f:a4:32:27:
                    1d:c9:95:ab:9b:e6:08:1e:a4:65:cd:c7:11:c2:37:
                    f2:4c:d9:7d:03:c6:67:0a:fd:9c:89:13:81:02:5f:
                    85:4c:7d:b3:56:27:24:76:e6:18:c2:b5:50:6e:da:
                    dc:6a:4d:45:cc:50:77:55:73:b8:65:63:fb:8c:bb:
                    e3:7f:f1:b0:6d:b7:a8:54:63:9c:9a:11:28:6a:d5:
                    90:51:99:6c:86:a3:a3:83:32:25:3c:1e:17:d6:ad:
                    d7:00:73:f0:ad:e6:45:77:2b:19:94:74:52:27:00:
                    24:ad:11:fd:24:04:ec:d6:9a:81:55:ed:a1:f7:f9:
                    77:b3:5c:7a:a8:57:50:17:9d:a7:5b:b1:00:91:79:
                    15:58:d6:0d:3d:b7:b5:db:8a:c9:d8:2a:60:34:c7:
                    4f:6b:51:7a:7f:b4:0f:f8:9e:cb:d4:34:40:c6:f2:
                    dd:69:18:65:96:f4:10:d3:c8:51:6e:e5:d0:a4:76:
                    4b:90:77:23:9d:77:88:62:f6:31:4d:a9:a8:c7:27:
                    d7:bc:1e:d1:36:97:9b:89:6f:7b:d3:96:ce:15:8e:
                    31:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:19:A6:6D:2E:66:30:EC:A1:A3:08:34:F0:21:EE:23:47:74:BB:EA
            X509v3 Authority Key Identifier:
                keyid:32:6F:51:CA:23:98:21:03:FF:E3:4F:98:90:D0:B7:4E:8F:A7:81:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mm9RyiOYIQP_40-YkNC3To-nga8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/NhmmbS5mMOyhowg08CHuI0d0u-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/Mm9RyiOYIQP_40-YkNC3To-nga8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:3c:4f:cc:04:ca:95:51:a8:48:d4:0b:ee:29:76:d5:99:02:
         c2:3f:52:d7:6c:21:0b:e4:a1:1b:41:8e:de:50:f1:a5:4c:a0:
         ca:84:0d:56:45:3b:d4:59:0d:07:eb:f4:3e:8d:80:ab:60:55:
         d5:2f:41:3e:f0:e8:44:53:f4:a3:d2:4a:d3:79:6b:07:91:76:
         34:81:68:02:5f:ef:c4:a9:8f:19:38:9b:4d:64:fc:f9:58:fd:
         0f:a7:d4:a6:9e:6e:4b:41:71:4e:5e:79:2b:eb:aa:47:1a:3a:
         a6:ef:bf:19:d5:00:f3:ae:8c:d5:30:89:a6:ec:e0:61:48:ae:
         8b:48:29:cb:5b:9f:4b:97:5c:d1:7f:aa:3b:c0:44:77:19:e0:
         46:da:88:ee:59:bc:85:f9:5e:fa:9e:b8:6d:28:75:c0:f1:28:
         3b:dc:94:70:77:71:8c:3e:b7:4f:0c:31:c7:72:d1:63:54:9f:
         54:12:6d:f1:fe:13:d5:31:00:65:ff:4f:e6:b8:53:ff:74:63:
         c4:a4:eb:84:5b:dd:44:97:ec:0f:cd:db:cc:47:37:70:dd:ac:
         1a:a9:a9:2d:f1:65:36:e9:90:1c:22:d7:91:89:7b:e6:1c:69:
         4a:d2:16:7a:00:79:e8:35:a3:0e:98:29:b0:bc:64:5f:b8:10:
         00:32:4a:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMYeplhCspCjjMDNfoO2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNmY1MWNhMjM5ODIxMDNmZmUzNGY5ODkwZDBiNzRlOGZh
NzgxYWYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjE5YTY2ZDJlNjYzMGVjYTFhMzA4MzRmMDIxZWUyMzQ3NzRiYmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXCLijfT89v4tq7v4r/LIq8nlO11
PriqmK3zT0cwpFgL/N2Z1Q2FUB+kMicdyZWrm+YIHqRlzccRwjfyTNl9A8ZnCv2c
iROBAl+FTH2zVickduYYwrVQbtrcak1FzFB3VXO4ZWP7jLvjf/GwbbeoVGOcmhEo
atWQUZlshqOjgzIlPB4X1q3XAHPwreZFdysZlHRSJwAkrRH9JATs1pqBVe2h9/l3
s1x6qFdQF52nW7EAkXkVWNYNPbe124rJ2CpgNMdPa1F6f7QP+J7L1DRAxvLdaRhl
lvQQ08hRbuXQpHZLkHcjnXeIYvYxTamoxyfXvB7RNpebiW9705bOFY4xkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYZpm0uZjDsoaMINPAh7iNHdLvqMB8GA1UdIwQY
MBaAFDJvUcojmCED/+NPmJDQt06Pp4GvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW05UnlpT1lJUVBfNDAtWWtOQzNUby1uZ2E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS80MGE5YjUtZTg5OS00YThhLWFjNGYt
OTY2ZmE5NmJlZmYyLzEvTmhtbWJTNW1NT3lob3dnMDhDSHVJMGQwdS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS80MGE5YjUtZTg5OS00YThhLWFjNGYtOTY2ZmE5NmJlZmYy
LzEvTW05UnlpT1lJUVBfNDAtWWtOQzNUby1uZ2E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9USMA0G
CSqGSIb3DQEBCwUAA4IBAQBQPE/MBMqVUahI1AvuKXbVmQLCP1LXbCEL5KEbQY7e
UPGlTKDKhA1WRTvUWQ0H6/Q+jYCrYFXVL0E+8OhEU/Sj0krTeWsHkXY0gWgCX+/E
qY8ZOJtNZPz5WP0Pp9Smnm5LQXFOXnkr66pHGjqm778Z1QDzrozVMImm7OBhSK6L
SCnLW59Ll1zRf6o7wER3GeBG2ojuWbyF+V76nrhtKHXA8Sg73JRwd3GMPrdPDDHH
ctFjVJ9UEm3x/hPVMQBl/0/muFP/dGPEpOuEW91El+wPzdvMRzdw3awaqakt8WU2
6ZAcIteRiXvmHGlK0hZ6AHnoNaMOmCmwvGRfuBAAMkpi
-----END CERTIFICATE-----