Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/954653-267e-4313-b906-fc0148119638/1/kSeVSN8DDAymLqVP2x9Uur5LKlY.roa
File:                     kSeVSN8DDAymLqVP2x9Uur5LKlY.roa (raw, json)
Hash identifier:          XVfHvMwYL9khzPmfMYQy8+hCwe2GBrJwjnYn1HjBAEM=
Subject key identifier:   91:27:95:48:DF:03:0C:0C:A6:2E:A5:4F:DB:1F:54:BA:BE:4B:2A:56
Certificate issuer:       /CN=0b80e7bcb42bccb8092ae28a41aed928eea4d635
Certificate serial:       018CC72741E6923975D59C23C1135558083B
Authority key identifier: 0B:80:E7:BC:B4:2B:CC:B8:09:2A:E2:8A:41:AE:D9:28:EE:A4:D6:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C4DnvLQrzLgJKuKKQa7ZKO6k1jU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/954653-267e-4313-b906-fc0148119638/1/kSeVSN8DDAymLqVP2x9Uur5LKlY.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51746
IP address blocks:        91.220.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/954653-267e-4313-b906-fc0148119638/1/C4DnvLQrzLgJKuKKQa7ZKO6k1jU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/954653-267e-4313-b906-fc0148119638/1/C4DnvLQrzLgJKuKKQa7ZKO6k1jU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C4DnvLQrzLgJKuKKQa7ZKO6k1jU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:41:e6:92:39:75:d5:9c:23:c1:13:55:58:08:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b80e7bcb42bccb8092ae28a41aed928eea4d635
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91279548df030c0ca62ea54fdb1f54babe4b2a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7e:38:13:92:cc:ad:f9:d2:01:4d:57:5d:e3:
                    eb:78:18:c0:3c:67:7b:37:39:8a:13:d2:4e:72:a2:
                    a3:8e:7a:76:82:f4:18:f1:60:d7:d1:85:6c:e4:5a:
                    76:24:5f:c8:4d:96:1d:5b:74:1e:3b:f9:60:c1:a8:
                    52:f7:72:0d:81:ff:70:0a:11:d4:fb:77:a5:7d:98:
                    5f:86:f7:16:1d:03:95:64:01:b6:61:64:d6:e2:1d:
                    9d:8e:93:08:b2:7a:c5:2b:2b:27:c8:3a:74:e2:8b:
                    04:61:c0:ab:be:74:1e:86:75:c3:68:e0:fd:26:19:
                    f1:a3:7d:b9:59:80:92:8e:ac:26:ff:1d:25:08:01:
                    8b:fa:9d:8e:24:1b:84:34:45:f5:84:e7:dc:93:5a:
                    99:12:a0:70:6a:80:48:90:3d:06:c5:bb:85:bf:62:
                    15:1a:96:41:98:86:5e:20:a6:20:48:e3:6f:8e:ce:
                    6a:1f:45:7d:aa:12:8e:f5:47:a3:b6:47:c1:17:72:
                    6c:3f:a6:67:21:70:29:f7:b3:8c:48:3c:af:ca:bf:
                    6b:b4:35:f7:be:da:bb:5a:9b:27:6a:3c:d8:5b:43:
                    44:d3:09:34:3a:b5:bc:90:32:84:2c:f8:4d:89:c5:
                    a3:47:25:2a:c7:3d:5c:fe:23:8c:b8:26:13:96:aa:
                    24:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:27:95:48:DF:03:0C:0C:A6:2E:A5:4F:DB:1F:54:BA:BE:4B:2A:56
            X509v3 Authority Key Identifier:
                keyid:0B:80:E7:BC:B4:2B:CC:B8:09:2A:E2:8A:41:AE:D9:28:EE:A4:D6:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C4DnvLQrzLgJKuKKQa7ZKO6k1jU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/954653-267e-4313-b906-fc0148119638/1/kSeVSN8DDAymLqVP2x9Uur5LKlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/954653-267e-4313-b906-fc0148119638/1/C4DnvLQrzLgJKuKKQa7ZKO6k1jU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:6f:36:20:83:c1:af:3a:c0:61:9d:c1:d0:00:74:34:5b:a3:
         5e:c1:10:de:6a:b1:17:49:19:d2:73:3f:0a:3f:a0:d7:90:3f:
         de:1b:52:20:e7:27:05:9a:f0:e5:e9:f8:94:65:ec:11:cc:41:
         4c:56:13:03:ba:fc:d8:cf:fe:0f:5a:c2:09:45:cf:e4:21:4c:
         34:eb:c5:76:93:e2:b0:ab:4e:7c:f5:9a:b7:95:ef:b7:b6:2d:
         41:d5:d6:3d:ce:93:20:eb:a7:0e:fb:7b:bc:2e:a3:74:44:93:
         86:7b:f2:38:1d:c9:a5:88:97:7c:f9:2c:e5:0a:9e:35:57:21:
         99:40:40:c6:bb:d5:9a:8d:d5:a4:70:d8:97:8e:ec:84:34:27:
         19:8b:83:bd:b7:5f:10:6b:cf:c6:9f:3a:45:51:8c:48:af:15:
         a0:a9:83:cd:8d:f3:c3:f9:52:ec:09:eb:c3:d8:37:2d:ab:08:
         6c:77:f3:06:20:d0:4b:03:0b:11:0c:ff:a1:db:79:0e:58:87:
         d1:23:6c:95:eb:f7:1d:59:2f:04:09:35:fa:79:a6:d1:4d:df:
         4c:62:51:e2:1c:9e:60:08:b2:3a:26:22:8d:4a:12:78:56:cb:
         ab:ca:9d:cf:79:04:d7:70:04:67:1f:bf:3e:87:88:99:83:1c:
         d9:0e:44:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0Hmkjl11ZwjwRNVWAg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiODBlN2JjYjQyYmNjYjgwOTJhZTI4YTQxYWVkOTI4ZWVh
NGQ2MzUwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTI3OTU0OGRmMDMwYzBjYTYyZWE1NGZkYjFmNTRiYWJlNGIyYTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1n44E5LMrfnSAU1XXePreBjAPGd7
NzmKE9JOcqKjjnp2gvQY8WDX0YVs5Fp2JF/ITZYdW3QeO/lgwahS93INgf9wChHU
+3elfZhfhvcWHQOVZAG2YWTW4h2djpMIsnrFKysnyDp04osEYcCrvnQehnXDaOD9
Jhnxo325WYCSjqwm/x0lCAGL+p2OJBuENEX1hOfck1qZEqBwaoBIkD0GxbuFv2IV
GpZBmIZeIKYgSONvjs5qH0V9qhKO9UejtkfBF3JsP6ZnIXAp97OMSDyvyr9rtDX3
vtq7WpsnajzYW0NE0wk0OrW8kDKELPhNicWjRyUqxz1c/iOMuCYTlqok+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEnlUjfAwwMpi6lT9sfVLq+SypWMB8GA1UdIwQY
MBaAFAuA57y0K8y4CSriikGu2SjupNY1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzREbnZMUXJ6TGdKS3VLS1FhN1pLTzZrMWpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My85NTQ2NTMtMjY3ZS00MzEzLWI5MDYt
ZmMwMTQ4MTE5NjM4LzEva1NlVlNOOEREQXltTHFWUDJ4OVV1cjVMS2xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My85NTQ2NTMtMjY3ZS00MzEzLWI5MDYtZmMwMTQ4MTE5NjM4
LzEvQzREbnZMUXJ6TGdKS3VLS1FhN1pLTzZrMWpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xWMA0G
CSqGSIb3DQEBCwUAA4IBAQBWbzYgg8GvOsBhncHQAHQ0W6NewRDearEXSRnScz8K
P6DXkD/eG1Ig5ycFmvDl6fiUZewRzEFMVhMDuvzYz/4PWsIJRc/kIUw068V2k+Kw
q0589Zq3le+3ti1B1dY9zpMg66cO+3u8LqN0RJOGe/I4HcmliJd8+SzlCp41VyGZ
QEDGu9WajdWkcNiXjuyENCcZi4O9t18Qa8/GnzpFUYxIrxWgqYPNjfPD+VLsCevD
2Dctqwhsd/MGINBLAwsRDP+h23kOWIfRI2yV6/cdWS8ECTX6eabRTd9MYlHiHJ5g
CLI6JiKNShJ4Vsuryp3PeQTXcARnH78+h4iZgxzZDkQD
-----END CERTIFICATE-----