Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/xnVTzzBF7lu7SYil2Nb7oZbD2R8.roa
File:                     xnVTzzBF7lu7SYil2Nb7oZbD2R8.roa (raw, json)
Hash identifier:          BqpOoAjqooVbYLbh33nBgspbfQN3ZLt5cJhi0n1waQk=
Subject key identifier:   C6:75:53:CF:30:45:EE:5B:BB:49:88:A5:D8:D6:FB:A1:96:C3:D9:1F
Certificate issuer:       /CN=cec3b347a216bc437b0bd4cf0bc8cda65e8c2d3b
Certificate serial:       018CC8DE7979D88F2022ABAD3E925D2F31F9
Authority key identifier: CE:C3:B3:47:A2:16:BC:43:7B:0B:D4:CF:0B:C8:CD:A6:5E:8C:2D:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/xnVTzzBF7lu7SYil2Nb7oZbD2R8.roa
Signing time:             Tue 02 Jan 2024 06:31:12 +0000
ROA not before:           Tue 02 Jan 2024 06:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.102.185.0/24 maxlen: 24
                          91.102.184.0/24 maxlen: 24
                          91.102.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:79:79:d8:8f:20:22:ab:ad:3e:92:5d:2f:31:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec3b347a216bc437b0bd4cf0bc8cda65e8c2d3b
        Validity
            Not Before: Jan  2 06:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c67553cf3045ee5bbb4988a5d8d6fba196c3d91f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cb:e6:01:75:24:b6:1c:19:8d:1b:fb:24:5f:
                    f7:f7:12:92:d2:fc:0e:9c:a8:c0:78:e9:f8:58:81:
                    b8:57:47:f5:db:6b:30:d0:8c:9f:45:b9:e4:62:2b:
                    50:28:b0:78:51:8e:d2:04:ae:f1:33:ef:0a:7d:67:
                    d2:a2:2c:47:99:a3:0d:9c:76:bc:fe:11:67:f4:73:
                    fe:fa:14:b4:c1:11:d9:1b:8a:2c:1c:1a:df:71:0a:
                    d6:09:59:c2:cb:4a:76:a4:e7:b1:df:de:f4:d7:09:
                    60:cb:78:29:bb:f3:07:f7:37:1b:a9:43:3f:24:ad:
                    66:2f:ab:e8:15:20:50:cf:79:f0:18:41:7d:f3:78:
                    29:1e:23:ff:c7:d5:a2:68:a9:4c:1f:91:1a:f4:ad:
                    2a:95:5a:da:4f:43:56:20:31:5f:17:53:08:e7:0a:
                    72:80:6f:90:af:97:86:92:a8:54:65:d6:90:44:35:
                    aa:99:c6:7c:55:9f:17:0b:38:28:d7:a2:f4:c3:15:
                    2f:43:5c:a3:c5:2a:8c:31:aa:a2:22:61:75:f3:16:
                    ac:de:3f:3e:aa:e5:7c:f0:7c:0c:14:90:bc:47:1b:
                    77:87:df:49:cc:17:5d:12:64:db:c3:8e:cf:dd:19:
                    23:6b:d9:e5:4e:09:73:1b:cc:6c:55:2e:b0:b1:87:
                    73:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:75:53:CF:30:45:EE:5B:BB:49:88:A5:D8:D6:FB:A1:96:C3:D9:1F
            X509v3 Authority Key Identifier:
                keyid:CE:C3:B3:47:A2:16:BC:43:7B:0B:D4:CF:0B:C8:CD:A6:5E:8C:2D:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/xnVTzzBF7lu7SYil2Nb7oZbD2R8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.184.0-91.102.186.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:1f:c7:45:30:c6:0d:f1:2a:1c:ef:67:c1:50:6a:86:97:e2:
         6c:6d:e9:5c:4f:8d:2f:ff:1f:89:6f:81:f3:5c:b9:24:19:c8:
         77:45:c4:e8:55:fc:76:5f:e6:4d:d2:f5:dd:56:c5:40:a1:9e:
         55:fe:bc:53:90:0c:f7:4a:fa:04:d1:03:d1:75:d5:21:58:05:
         2b:93:16:be:d7:a6:70:7d:7a:0d:03:8a:14:59:4e:ba:06:48:
         be:fb:5d:47:ba:ca:28:e3:b6:93:e9:dc:d1:b1:4e:54:92:57:
         54:b7:1b:9d:99:b1:98:8c:27:65:90:49:eb:14:46:73:9b:7a:
         52:6f:fe:ec:36:5c:17:b7:88:91:3a:22:96:42:e7:ff:fb:6e:
         a8:1e:32:20:bc:c6:dd:06:5b:fc:d1:e2:1a:5d:7e:48:80:09:
         8e:03:d0:d9:9c:ba:6e:ec:1d:76:08:8e:48:bc:a3:6b:a9:d9:
         03:cd:9a:95:23:6e:5b:e9:73:46:10:b5:f7:0c:00:35:d8:9f:
         50:ed:9f:47:00:02:bf:6c:65:9a:be:6c:c0:11:b6:cf:9c:62:
         39:02:9f:72:a1:83:fd:24:80:5a:2d:d2:47:58:ae:87:0b:8e:
         45:8c:7b:9f:a3:4e:23:38:3a:d8:aa:c2:00:08:72:e3:00:ed:
         68:7e:eb:de
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzI3nl52I8gIqutPpJdLzH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzNiMzQ3YTIxNmJjNDM3YjBiZDRjZjBiYzhjZGE2NWU4
YzJkM2IwHhcNMjQwMTAyMDYzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjc1NTNjZjMwNDVlZTViYmI0OTg4YTVkOGQ2ZmJhMTk2YzNkOTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMvmAXUkthwZjRv7JF/39xKS0vwO
nKjAeOn4WIG4V0f122sw0IyfRbnkYitQKLB4UY7SBK7xM+8KfWfSoixHmaMNnHa8
/hFn9HP++hS0wRHZG4osHBrfcQrWCVnCy0p2pOex39701wlgy3gpu/MH9zcbqUM/
JK1mL6voFSBQz3nwGEF983gpHiP/x9WiaKlMH5Ea9K0qlVraT0NWIDFfF1MI5wpy
gG+Qr5eGkqhUZdaQRDWqmcZ8VZ8XCzgo16L0wxUvQ1yjxSqMMaqiImF18xas3j8+
quV88HwMFJC8Rxt3h99JzBddEmTbw47P3Rkja9nlTglzG8xsVS6wsYdztQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMZ1U88wRe5bu0mIpdjW+6GWw9kfMB8GA1UdIwQY
MBaAFM7Ds0eiFrxDewvUzwvIzaZejC07MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNPelI2SVd2RU43QzlUUEM4ak5wbDZNTFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny83YTY4M2ItZmE3OC00MTEyLWI2YjYt
MTU1ZmIzZmUyODdlLzEveG5WVHp6QkY3bHU3U1lpbDJOYjdvWmJEMlI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny83YTY4M2ItZmE3OC00MTEyLWI2YjYtMTU1ZmIzZmUyODdl
LzEvenNPelI2SVd2RU43QzlUUEM4ak5wbDZNTFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBANbZrgD
BABbZrowDQYJKoZIhvcNAQELBQADggEBAH8fx0Uwxg3xKhzvZ8FQaoaX4mxt6VxP
jS//H4lvgfNcuSQZyHdFxOhV/HZf5k3S9d1WxUChnlX+vFOQDPdK+gTRA9F11SFY
BSuTFr7XpnB9eg0DihRZTroGSL77XUe6yijjtpPp3NGxTlSSV1S3G52ZsZiMJ2WQ
SesURnObelJv/uw2XBe3iJE6IpZC5//7bqgeMiC8xt0GW/zR4hpdfkiACY4D0Nmc
um7sHXYIjki8o2up2QPNmpUjblvpc0YQtfcMADXYn1Dtn0cAAr9sZZq+bMARts+c
YjkCn3Khg/0kgFot0kdYrocLjkWMe5+jTiM4OtiqwgAIcuMA7Wh+694=
-----END CERTIFICATE-----