Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/9e7d10-243f-47b5-afc4-356ee9776153/1/ojtEhLWZSLKT_Byz5qkH75KWLoU.roa
File:                     ojtEhLWZSLKT_Byz5qkH75KWLoU.roa (raw, json)
Hash identifier:          oOL6th1BnPFE6givKRdyHBEknEhBSlv98Nq0Tw3Wn80=
Subject key identifier:   A2:3B:44:84:B5:99:48:B2:93:FC:1C:B3:E6:A9:07:EF:92:96:2E:85
Certificate issuer:       /CN=bd1911343226229d203ea326a9d69d4fc346c575
Certificate serial:       018CC94D9E80A0A597FC704A02C51BF293C2
Authority key identifier: BD:19:11:34:32:26:22:9D:20:3E:A3:26:A9:D6:9D:4F:C3:46:C5:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRkRNDImIp0gPqMmqdadT8NGxXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/9e7d10-243f-47b5-afc4-356ee9776153/1/ojtEhLWZSLKT_Byz5qkH75KWLoU.roa
Signing time:             Tue 02 Jan 2024 08:32:36 +0000
ROA not before:           Tue 02 Jan 2024 08:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51184
IP address blocks:        91.216.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/9e7d10-243f-47b5-afc4-356ee9776153/1/vRkRNDImIp0gPqMmqdadT8NGxXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/9e7d10-243f-47b5-afc4-356ee9776153/1/vRkRNDImIp0gPqMmqdadT8NGxXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRkRNDImIp0gPqMmqdadT8NGxXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:9e:80:a0:a5:97:fc:70:4a:02:c5:1b:f2:93:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd1911343226229d203ea326a9d69d4fc346c575
        Validity
            Not Before: Jan  2 08:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a23b4484b59948b293fc1cb3e6a907ef92962e85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f0:81:ab:72:af:4f:70:e9:dc:d0:0f:8d:ac:
                    e1:6e:0a:9c:86:27:2e:8a:a3:0c:c7:18:1f:ed:2e:
                    bc:a3:e3:37:d8:c9:06:a6:b6:1a:64:48:9f:66:35:
                    79:db:7f:d5:78:dd:a7:a5:bd:e5:33:e7:8d:5d:5b:
                    62:29:6d:a0:3f:c3:68:77:1c:a1:c5:b9:5d:ad:ec:
                    1a:cb:f9:60:65:47:dc:93:0d:05:43:dc:ba:4c:0d:
                    a0:86:cd:10:c2:f1:63:4d:6a:66:0b:e8:66:a1:e0:
                    c3:e0:76:19:9e:33:40:49:6c:b6:19:0e:15:68:0a:
                    90:a0:89:e0:cc:79:78:b2:6f:3a:56:cf:1b:b5:20:
                    e5:5c:3d:d8:84:ca:0f:f1:68:3f:ac:31:d7:92:e1:
                    78:8b:f9:63:79:3d:c2:1c:62:4c:b4:5b:64:db:81:
                    3c:21:f6:d7:22:be:09:92:20:40:8d:b6:17:df:7f:
                    98:68:99:ad:06:e9:1a:12:12:4e:0c:33:b0:b2:cf:
                    c8:2d:db:dc:8b:1a:08:47:00:b8:a2:78:b3:6b:ce:
                    d4:ba:6a:72:47:58:e6:a4:65:f3:dd:82:68:2f:03:
                    40:fe:dd:78:77:ba:62:4b:bb:e1:f0:73:7b:48:ba:
                    f1:7a:3e:0e:6b:40:91:a7:7c:19:7b:b8:ee:9f:e3:
                    e7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:3B:44:84:B5:99:48:B2:93:FC:1C:B3:E6:A9:07:EF:92:96:2E:85
            X509v3 Authority Key Identifier:
                keyid:BD:19:11:34:32:26:22:9D:20:3E:A3:26:A9:D6:9D:4F:C3:46:C5:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRkRNDImIp0gPqMmqdadT8NGxXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/9e7d10-243f-47b5-afc4-356ee9776153/1/ojtEhLWZSLKT_Byz5qkH75KWLoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/9e7d10-243f-47b5-afc4-356ee9776153/1/vRkRNDImIp0gPqMmqdadT8NGxXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:00:e8:79:41:7a:33:8f:39:a8:fe:7a:50:32:09:28:5b:ac:
         66:ef:2f:4f:56:e4:50:2b:4d:ce:bd:cd:a3:66:07:c5:d3:0a:
         f5:75:e9:2e:56:60:6e:14:6f:28:98:f7:76:c4:7d:e6:2f:9e:
         fd:e0:c0:7a:42:4e:55:e2:bb:c1:25:ef:d8:29:e4:ac:ba:dd:
         67:8d:5f:de:52:39:41:ad:81:62:3b:ad:19:c6:b6:d5:b9:2c:
         87:08:59:4b:02:49:f3:23:fd:a1:14:2d:37:87:c6:2d:3c:61:
         8d:b1:cb:d8:02:39:ed:2e:33:df:c6:62:18:bb:6e:55:74:e9:
         96:5f:02:77:cf:c6:c3:ef:d5:54:2a:dd:d1:38:68:50:50:ba:
         3e:55:b8:3c:6b:98:8d:2e:12:34:c5:60:e2:4e:05:59:17:5b:
         03:ad:33:f0:84:0d:05:dc:88:88:50:22:6d:aa:c2:b3:8e:3e:
         52:eb:e2:4a:41:4c:bf:ae:33:6f:72:66:79:b8:d3:6a:ad:b2:
         75:5e:50:68:33:74:e5:54:69:63:a1:8a:98:ad:52:4e:63:f3:
         db:41:dd:93:0a:ee:de:a0:74:ce:cf:26:1e:95:fb:8f:f5:99:
         09:67:c9:db:27:8b:6b:51:ac:0c:69:b6:d7:d0:6e:0b:01:72:
         69:53:06:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTZ6AoKWX/HBKAsUb8pPCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTkxMTM0MzIyNjIyOWQyMDNlYTMyNmE5ZDY5ZDRmYzM0
NmM1NzUwHhcNMjQwMTAyMDgzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjNiNDQ4NGI1OTk0OGIyOTNmYzFjYjNlNmE5MDdlZjkyOTYyZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/CBq3KvT3Dp3NAPjazhbgqchicu
iqMMxxgf7S68o+M32MkGprYaZEifZjV523/VeN2npb3lM+eNXVtiKW2gP8Nodxyh
xbldreway/lgZUfckw0FQ9y6TA2ghs0QwvFjTWpmC+hmoeDD4HYZnjNASWy2GQ4V
aAqQoIngzHl4sm86Vs8btSDlXD3YhMoP8Wg/rDHXkuF4i/ljeT3CHGJMtFtk24E8
IfbXIr4JkiBAjbYX33+YaJmtBukaEhJODDOwss/ILdvcixoIRwC4oniza87Uumpy
R1jmpGXz3YJoLwNA/t14d7piS7vh8HN7SLrxej4Oa0CRp3wZe7jun+PnpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKI7RIS1mUiyk/wcs+apB++Sli6FMB8GA1UdIwQY
MBaAFL0ZETQyJiKdID6jJqnWnU/DRsV1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJrUk5ESW1JcDBnUHFNbXFkYWRUOE5HeFhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85ZTdkMTAtMjQzZi00N2I1LWFmYzQt
MzU2ZWU5Nzc2MTUzLzEvb2p0RWhMV1pTTEtUX0J5ejVxa0g3NUtXTG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85ZTdkMTAtMjQzZi00N2I1LWFmYzQtMzU2ZWU5Nzc2MTUz
LzEvdlJrUk5ESW1JcDBnUHFNbXFkYWRUOE5HeFhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9gIMA0G
CSqGSIb3DQEBCwUAA4IBAQCaAOh5QXozjzmo/npQMgkoW6xm7y9PVuRQK03Ovc2j
ZgfF0wr1dekuVmBuFG8omPd2xH3mL5794MB6Qk5V4rvBJe/YKeSsut1njV/eUjlB
rYFiO60ZxrbVuSyHCFlLAknzI/2hFC03h8YtPGGNscvYAjntLjPfxmIYu25VdOmW
XwJ3z8bD79VUKt3ROGhQULo+Vbg8a5iNLhI0xWDiTgVZF1sDrTPwhA0F3IiIUCJt
qsKzjj5S6+JKQUy/rjNvcmZ5uNNqrbJ1XlBoM3TlVGljoYqYrVJOY/PbQd2TCu7e
oHTOzyYelfuP9ZkJZ8nbJ4trUawMabbX0G4LAXJpUwZ0
-----END CERTIFICATE-----