Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/o_mN0kLoqn4SMa9TwLMg6UV5aqI.roa
File:                     o_mN0kLoqn4SMa9TwLMg6UV5aqI.roa (raw, json)
Hash identifier:          dFyNi4A4ruLi4IqW/0Qk4w+NHE0kf64x188lMkRt9tQ=
Subject key identifier:   A3:F9:8D:D2:42:E8:AA:7E:12:31:AF:53:C0:B3:20:E9:45:79:6A:A2
Certificate issuer:       /CN=0e51516767d9a8508c6e14d58deeffbfab8080dd
Certificate serial:       018CC64B0A65E22EC542AAACD2924F1F54AA
Authority key identifier: 0E:51:51:67:67:D9:A8:50:8C:6E:14:D5:8D:EE:FF:BF:AB:80:80:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DlFRZ2fZqFCMbhTVje7_v6uAgN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/o_mN0kLoqn4SMa9TwLMg6UV5aqI.roa
Signing time:             Mon 01 Jan 2024 18:30:55 +0000
ROA not before:           Mon 01 Jan 2024 18:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61999
IP address blocks:        91.224.123.0/24 maxlen: 24
                          91.224.122.0/24 maxlen: 24
                          91.224.122.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/DlFRZ2fZqFCMbhTVje7_v6uAgN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/DlFRZ2fZqFCMbhTVje7_v6uAgN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DlFRZ2fZqFCMbhTVje7_v6uAgN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:0a:65:e2:2e:c5:42:aa:ac:d2:92:4f:1f:54:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e51516767d9a8508c6e14d58deeffbfab8080dd
        Validity
            Not Before: Jan  1 18:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3f98dd242e8aa7e1231af53c0b320e945796aa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:cc:d9:ef:c1:33:98:da:24:35:b9:eb:1f:cd:
                    ab:a7:d6:59:4b:30:4d:1f:57:10:62:83:a8:b6:66:
                    05:68:30:77:85:c6:e5:9c:59:ec:3d:d0:98:a0:02:
                    13:7a:9e:36:57:4f:95:3c:e9:e7:4c:51:34:bd:6d:
                    be:a1:24:77:8f:0f:b1:7c:37:d2:63:7e:d7:18:5b:
                    8f:03:a7:6c:8f:5c:9f:05:8c:91:65:99:82:ee:75:
                    83:d8:b3:6b:ea:db:93:26:42:b4:26:b8:34:1c:12:
                    f4:82:f6:39:e7:a1:ef:80:e9:d8:51:de:fa:c9:45:
                    bc:8a:3f:ef:39:29:d0:bc:3c:a0:df:97:c2:a7:25:
                    2b:0e:94:4c:46:37:8a:97:e5:9b:63:c0:c8:d0:94:
                    91:56:61:cd:69:fb:ea:63:b0:1b:2e:86:64:26:ac:
                    3e:d4:f6:2b:d2:35:de:72:37:48:46:54:d0:68:69:
                    78:97:66:51:5d:06:f6:df:9a:a6:f9:84:47:3a:26:
                    fc:01:a3:de:6f:5e:33:e7:fc:a8:93:f6:fa:72:ac:
                    94:00:ef:7a:ec:63:80:8d:72:63:dc:3c:e0:ae:bf:
                    b0:73:71:b7:cb:dd:89:33:bf:d9:63:c1:65:96:b4:
                    34:29:ea:4e:3f:a9:2e:04:42:d9:34:42:17:f6:5c:
                    20:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:F9:8D:D2:42:E8:AA:7E:12:31:AF:53:C0:B3:20:E9:45:79:6A:A2
            X509v3 Authority Key Identifier:
                keyid:0E:51:51:67:67:D9:A8:50:8C:6E:14:D5:8D:EE:FF:BF:AB:80:80:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DlFRZ2fZqFCMbhTVje7_v6uAgN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/o_mN0kLoqn4SMa9TwLMg6UV5aqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/DlFRZ2fZqFCMbhTVje7_v6uAgN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d2:08:80:2f:05:1a:8b:40:45:8e:0d:8f:eb:d5:2b:d1:de:2b:
         c9:87:84:2b:ea:f0:ec:3a:c2:2c:15:4c:4f:b9:6f:8d:89:3c:
         4a:5c:46:ba:f6:dc:ab:54:bb:ef:f7:1e:06:3c:33:6e:79:87:
         b4:dc:79:de:cd:a7:33:ba:33:b0:a5:92:a1:5e:c1:7a:b2:f4:
         ef:35:a5:4f:f6:28:17:1c:09:9b:10:8a:7e:33:f9:21:66:dd:
         1c:6b:04:4f:ad:16:66:73:28:86:fe:1e:35:c9:30:4f:73:e2:
         58:08:7a:18:3a:8f:33:48:5b:9f:1d:4f:aa:f4:4b:68:9a:01:
         d2:9f:39:ae:58:43:6e:d0:4e:e1:e3:ca:e9:8a:13:73:aa:86:
         c3:29:3b:46:cb:e1:ab:fc:4b:bb:ef:02:83:f0:d4:db:0f:97:
         fa:51:50:cd:fd:53:8b:78:bb:30:29:d1:6e:ba:32:61:15:4a:
         da:8b:e4:c4:e1:f4:59:c1:94:46:b2:86:59:8a:20:70:43:67:
         5c:a7:6a:1e:83:1f:48:fa:e2:b5:4a:96:15:5a:a2:50:06:d2:
         1d:96:a6:19:a4:e5:fa:ee:06:2e:2a:64:7f:19:d9:0e:ec:d0:
         3f:8b:1e:df:f1:3c:56:9c:d5:94:28:ce:0b:ad:3d:73:40:28:
         75:be:f3:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwpl4i7FQqqs0pJPH1SqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNTE1MTY3NjdkOWE4NTA4YzZlMTRkNThkZWVmZmJmYWI4
MDgwZGQwHhcNMjQwMTAxMTgzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Y5OGRkMjQyZThhYTdlMTIzMWFmNTNjMGIzMjBlOTQ1Nzk2YWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgczZ78EzmNokNbnrH82rp9ZZSzBN
H1cQYoOotmYFaDB3hcblnFnsPdCYoAITep42V0+VPOnnTFE0vW2+oSR3jw+xfDfS
Y37XGFuPA6dsj1yfBYyRZZmC7nWD2LNr6tuTJkK0Jrg0HBL0gvY556HvgOnYUd76
yUW8ij/vOSnQvDyg35fCpyUrDpRMRjeKl+WbY8DI0JSRVmHNafvqY7AbLoZkJqw+
1PYr0jXecjdIRlTQaGl4l2ZRXQb235qm+YRHOib8AaPeb14z5/yok/b6cqyUAO96
7GOAjXJj3Dzgrr+wc3G3y92JM7/ZY8FllrQ0KepOP6kuBELZNEIX9lwgYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKP5jdJC6Kp+EjGvU8CzIOlFeWqiMB8GA1UdIwQY
MBaAFA5RUWdn2ahQjG4U1Y3u/7+rgIDdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGxGUloyZlpxRkNNYmhUVmplN192NnVBZ04wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80NjQxZjYtODdjMC00ZDE3LWE1OGEt
NjE2MzU2NGQ5NzA0LzEvb19tTjBrTG9xbjRTTWE5VHdMTWc2VVY1YXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80NjQxZjYtODdjMC00ZDE3LWE1OGEtNjE2MzU2NGQ5NzA0
LzEvRGxGUloyZlpxRkNNYmhUVmplN192NnVBZ04wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+B6MA0G
CSqGSIb3DQEBCwUAA4IBAQDSCIAvBRqLQEWODY/r1SvR3ivJh4Qr6vDsOsIsFUxP
uW+NiTxKXEa69tyrVLvv9x4GPDNueYe03HnezaczujOwpZKhXsF6svTvNaVP9igX
HAmbEIp+M/khZt0cawRPrRZmcyiG/h41yTBPc+JYCHoYOo8zSFufHU+q9EtomgHS
nzmuWENu0E7h48rpihNzqobDKTtGy+Gr/Eu77wKD8NTbD5f6UVDN/VOLeLswKdFu
ujJhFUrai+TE4fRZwZRGsoZZiiBwQ2dcp2oegx9I+uK1SpYVWqJQBtIdlqYZpOX6
7gYuKmR/GdkO7NA/ix7f8TxWnNWUKM4LrT1zQCh1vvNd
-----END CERTIFICATE-----