Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/4b1d56-d25f-4f64-8a0c-05bff31c53fe/1/bK-a4vPt7WHGjItPv5otIKH2a8U.roa
File:                     bK-a4vPt7WHGjItPv5otIKH2a8U.roa (raw, json)
Hash identifier:          xRelJlbKXbkkN/YSUKd5r/c/hEBDFk5kkDAtx39qii0=
Subject key identifier:   6C:AF:9A:E2:F3:ED:ED:61:C6:8C:8B:4F:BF:9A:2D:20:A1:F6:6B:C5
Certificate issuer:       /CN=aa31c98e3cab821c84ddeff2069e02259bd6e61c
Certificate serial:       018CC5DC4B183152AB8D5000BF312A3E8F2B
Authority key identifier: AA:31:C9:8E:3C:AB:82:1C:84:DD:EF:F2:06:9E:02:25:9B:D6:E6:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qjHJjjyrghyE3e_yBp4CJZvW5hw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/4b1d56-d25f-4f64-8a0c-05bff31c53fe/1/bK-a4vPt7WHGjItPv5otIKH2a8U.roa
Signing time:             Mon 01 Jan 2024 16:29:57 +0000
ROA not before:           Mon 01 Jan 2024 16:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        91.195.80.0/24 maxlen: 24
                          91.195.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/4b1d56-d25f-4f64-8a0c-05bff31c53fe/1/qjHJjjyrghyE3e_yBp4CJZvW5hw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/4b1d56-d25f-4f64-8a0c-05bff31c53fe/1/qjHJjjyrghyE3e_yBp4CJZvW5hw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qjHJjjyrghyE3e_yBp4CJZvW5hw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4b:18:31:52:ab:8d:50:00:bf:31:2a:3e:8f:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa31c98e3cab821c84ddeff2069e02259bd6e61c
        Validity
            Not Before: Jan  1 16:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6caf9ae2f3eded61c68c8b4fbf9a2d20a1f66bc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a7:a1:cd:34:af:7f:16:a6:a9:b8:f8:b9:ea:
                    85:06:68:4b:97:a1:6c:89:7c:82:eb:9c:87:d0:75:
                    1d:68:40:74:81:b1:53:a8:75:05:07:f5:e3:0f:f9:
                    cb:61:7c:d2:3a:3a:20:72:89:cb:3f:a1:7f:c9:1d:
                    5e:0f:3e:2e:1c:c6:61:d6:6a:cb:f9:d6:34:3e:64:
                    27:b9:9f:7c:3c:b8:3f:74:3f:80:9a:00:98:a4:f6:
                    45:4c:ae:5d:14:87:fa:c3:8d:a8:67:ff:20:ff:ab:
                    db:fd:53:3a:eb:80:0e:20:20:77:33:84:17:34:fb:
                    cc:0a:c1:43:36:e0:c5:16:ef:50:69:7a:6b:8f:2f:
                    8d:06:a9:01:cc:76:fc:b1:f0:1b:72:02:9e:b0:c6:
                    d1:eb:93:d1:a2:f3:4c:d3:24:38:02:c8:36:09:7a:
                    bd:53:83:33:ed:2b:ac:87:2d:5f:ac:b5:4e:01:df:
                    03:74:5c:e6:39:7e:7a:2d:4e:f6:8c:7b:63:99:ba:
                    06:99:20:51:97:ed:cd:c9:ff:ea:f3:14:99:f0:d6:
                    38:65:db:5c:0d:ab:5e:3c:68:69:72:0b:f8:fd:88:
                    03:6e:e9:ea:43:a9:7e:3b:39:bc:1b:4c:bc:d7:c2:
                    9b:b8:c5:dd:b5:54:42:26:7e:49:20:8e:64:a2:6a:
                    33:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:AF:9A:E2:F3:ED:ED:61:C6:8C:8B:4F:BF:9A:2D:20:A1:F6:6B:C5
            X509v3 Authority Key Identifier:
                keyid:AA:31:C9:8E:3C:AB:82:1C:84:DD:EF:F2:06:9E:02:25:9B:D6:E6:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qjHJjjyrghyE3e_yBp4CJZvW5hw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/4b1d56-d25f-4f64-8a0c-05bff31c53fe/1/bK-a4vPt7WHGjItPv5otIKH2a8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/4b1d56-d25f-4f64-8a0c-05bff31c53fe/1/qjHJjjyrghyE3e_yBp4CJZvW5hw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:73:94:64:db:99:16:be:08:08:9f:27:db:78:b5:c8:2d:9d:
         87:ab:b0:da:59:76:4e:14:0e:5d:4e:f6:03:d9:28:a5:ee:90:
         b7:53:21:1c:3b:76:67:18:82:2c:f4:d6:d1:29:b6:b5:65:df:
         4a:9f:0e:07:bc:9d:ff:73:a8:1f:30:94:0b:17:d0:4d:1b:11:
         e7:60:52:99:de:f8:ea:a2:ca:03:46:78:95:b1:83:f3:30:f6:
         5e:e7:49:01:0e:df:6d:57:09:17:b7:a1:c3:a5:ad:ea:0b:a9:
         d5:1a:4f:a3:3b:fa:8e:a8:ba:bd:b6:ab:ad:f3:56:e0:93:aa:
         ca:cd:86:db:4b:e3:68:cb:56:c2:87:f0:d4:b9:c0:40:de:1f:
         40:db:1b:25:29:12:41:f4:d0:7a:24:15:f0:36:ad:0c:38:5f:
         2b:a0:93:68:e3:08:2f:b1:ee:b1:83:82:f6:73:8e:3a:23:6e:
         4e:c0:be:c6:7f:9b:54:21:ab:ee:39:9e:c1:1b:34:0f:be:94:
         8d:57:92:ba:1d:98:77:39:b9:27:1d:80:5d:d2:1c:49:31:f7:
         e8:65:0b:dc:b8:9f:fe:ae:be:6f:15:43:38:25:e6:a6:67:10:
         82:8b:e0:46:0d:68:65:2d:90:39:10:49:31:6b:86:f4:8a:1a:
         9e:72:30:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3EsYMVKrjVAAvzEqPo8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMzFjOThlM2NhYjgyMWM4NGRkZWZmMjA2OWUwMjI1OWJk
NmU2MWMwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2FmOWFlMmYzZWRlZDYxYzY4YzhiNGZiZjlhMmQyMGExZjY2YmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaehzTSvfxamqbj4ueqFBmhLl6Fs
iXyC65yH0HUdaEB0gbFTqHUFB/XjD/nLYXzSOjogconLP6F/yR1eDz4uHMZh1mrL
+dY0PmQnuZ98PLg/dD+AmgCYpPZFTK5dFIf6w42oZ/8g/6vb/VM664AOICB3M4QX
NPvMCsFDNuDFFu9QaXprjy+NBqkBzHb8sfAbcgKesMbR65PRovNM0yQ4Asg2CXq9
U4Mz7Sushy1frLVOAd8DdFzmOX56LU72jHtjmboGmSBRl+3Nyf/q8xSZ8NY4Zdtc
DatePGhpcgv4/YgDbunqQ6l+Ozm8G0y818KbuMXdtVRCJn5JII5komoz3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGyvmuLz7e1hxoyLT7+aLSCh9mvFMB8GA1UdIwQY
MBaAFKoxyY48q4IchN3v8gaeAiWb1uYcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWpISmpqeXJnaHlFM2VfeUJwNENKWnZXNWh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80YjFkNTYtZDI1Zi00ZjY0LThhMGMt
MDViZmYzMWM1M2ZlLzEvYkstYTR2UHQ3V0hHakl0UHY1b3RJS0gyYThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80YjFkNTYtZDI1Zi00ZjY0LThhMGMtMDViZmYzMWM1M2Zl
LzEvcWpISmpqeXJnaHlFM2VfeUJwNENKWnZXNWh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8NQMA0G
CSqGSIb3DQEBCwUAA4IBAQCSc5Rk25kWvggInyfbeLXILZ2Hq7DaWXZOFA5dTvYD
2Sil7pC3UyEcO3ZnGIIs9NbRKba1Zd9Knw4HvJ3/c6gfMJQLF9BNGxHnYFKZ3vjq
osoDRniVsYPzMPZe50kBDt9tVwkXt6HDpa3qC6nVGk+jO/qOqLq9tqut81bgk6rK
zYbbS+Noy1bCh/DUucBA3h9A2xslKRJB9NB6JBXwNq0MOF8roJNo4wgvse6xg4L2
c446I25OwL7Gf5tUIavuOZ7BGzQPvpSNV5K6HZh3ObknHYBd0hxJMffoZQvcuJ/+
rr5vFUM4JeamZxCCi+BGDWhlLZA5EEkxa4b0ihqecjDW
-----END CERTIFICATE-----