Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/sNb2DnkLfIkOejZFYEtp5Hg7ocM.roa
File:                     sNb2DnkLfIkOejZFYEtp5Hg7ocM.roa (raw, json)
Hash identifier:          Jv0W3rCNR0ukFAjKiJnp0UIUqEaTXUjC//XmAgJXv3w=
Subject key identifier:   B0:D6:F6:0E:79:0B:7C:89:0E:7A:36:45:60:4B:69:E4:78:3B:A1:C3
Certificate issuer:       /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial:       018CC49341D1459DF2C065076E6090B32F7D
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/sNb2DnkLfIkOejZFYEtp5Hg7ocM.roa
Signing time:             Mon 01 Jan 2024 10:30:34 +0000
ROA not before:           Mon 01 Jan 2024 10:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212563
IP address blocks:        91.132.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:41:d1:45:9d:f2:c0:65:07:6e:60:90:b3:2f:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
        Validity
            Not Before: Jan  1 10:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0d6f60e790b7c890e7a3645604b69e4783ba1c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:76:6d:cd:ae:95:5a:9d:31:16:fb:2e:7b:e4:
                    79:17:db:68:bf:b9:3a:d9:73:20:9e:ae:08:80:99:
                    95:50:2a:8d:b9:c8:57:1c:74:8c:37:97:ee:ed:cf:
                    9c:eb:a7:84:a3:17:6c:e9:4c:75:78:6b:f9:91:47:
                    5e:25:8c:d7:89:30:ff:11:15:5c:19:b7:10:08:8a:
                    0c:f9:00:0a:24:2d:71:47:d2:6b:91:55:fc:26:29:
                    e5:7c:fb:c2:ee:e6:3f:38:65:1d:99:88:80:ee:22:
                    8f:bb:7d:db:81:c4:82:6a:a4:d7:e3:2a:a9:e4:19:
                    1d:0d:dc:7b:12:16:f3:e1:ae:e2:0e:7d:34:e1:ea:
                    73:3f:16:cd:06:d5:a9:2a:1e:93:67:76:67:35:b3:
                    98:b1:b3:c1:9b:f2:bb:1a:02:cf:20:8f:c4:ed:51:
                    a6:ad:c6:69:64:00:b6:09:54:c4:c4:5d:e6:c9:97:
                    a4:d1:47:50:cf:a3:26:86:06:5f:96:b0:40:c7:1e:
                    b8:e0:06:8e:b6:8d:4a:db:15:18:c0:46:8d:ec:ce:
                    9a:5f:65:a2:26:56:6a:91:c5:2b:d9:58:eb:5c:b5:
                    92:26:aa:d5:59:26:77:e8:3c:73:e4:50:70:d5:ab:
                    a7:e6:df:6e:99:3c:46:4e:cc:75:c8:a7:93:66:85:
                    30:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:D6:F6:0E:79:0B:7C:89:0E:7A:36:45:60:4B:69:E4:78:3B:A1:C3
            X509v3 Authority Key Identifier:
                keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/sNb2DnkLfIkOejZFYEtp5Hg7ocM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:15:d4:ee:bc:58:c9:76:f4:fa:22:c9:74:14:fb:85:83:32:
         e0:e9:97:84:b6:92:ed:fb:1f:16:4b:25:9f:74:ef:3a:37:f0:
         34:ae:14:cf:51:a9:3e:0d:45:f0:b5:08:0c:37:11:48:65:80:
         55:3c:30:07:84:b5:2e:86:f2:b9:bf:85:6e:3a:eb:56:99:81:
         7e:08:1d:3b:0a:67:14:16:4a:82:68:c8:ec:cf:91:85:5f:c1:
         5e:33:4e:ee:0c:97:e1:aa:73:fd:41:37:03:8a:13:4c:cb:03:
         cb:31:63:62:f0:d7:71:05:e2:90:39:eb:c0:81:5d:fc:bf:9a:
         16:75:ea:81:25:29:84:bd:2f:b2:c0:f6:ac:33:24:58:26:c3:
         0a:96:3a:08:8c:13:50:fa:ff:85:0f:09:b2:ef:5d:bc:dd:bb:
         9c:b0:a9:ae:24:71:f4:5d:e0:d2:c7:82:45:cb:d3:35:67:7a:
         93:0e:cd:85:b6:48:5e:14:6f:ec:dc:8c:1b:6d:24:73:73:9d:
         07:f9:2a:8c:df:cd:f1:e9:84:bb:4d:33:54:8a:22:90:6c:fa:
         88:7a:45:95:b9:02:6b:47:3b:4a:83:df:00:24:da:ea:9c:60:
         76:7a:d2:08:38:6a:3e:60:cb:29:ea:07:f1:4d:19:f6:f6:cd:
         c5:a6:e2:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0HRRZ3ywGUHbmCQsy99MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjQwMTAxMTAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGQ2ZjYwZTc5MGI3Yzg5MGU3YTM2NDU2MDRiNjllNDc4M2JhMWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXZtza6VWp0xFvsue+R5F9tov7k6
2XMgnq4IgJmVUCqNuchXHHSMN5fu7c+c66eEoxds6Ux1eGv5kUdeJYzXiTD/ERVc
GbcQCIoM+QAKJC1xR9JrkVX8JinlfPvC7uY/OGUdmYiA7iKPu33bgcSCaqTX4yqp
5BkdDdx7Ehbz4a7iDn004epzPxbNBtWpKh6TZ3ZnNbOYsbPBm/K7GgLPII/E7VGm
rcZpZAC2CVTExF3myZek0UdQz6MmhgZflrBAxx644AaOto1K2xUYwEaN7M6aX2Wi
JlZqkcUr2VjrXLWSJqrVWSZ36Dxz5FBw1aun5t9umTxGTsx1yKeTZoUw4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDW9g55C3yJDno2RWBLaeR4O6HDMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvc05iMkRua0xmSWtPZWpaRllFdHA1SGc3b2NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAtMjRmZGRjNmQxNDdi
LzEvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4RJMA0G
CSqGSIb3DQEBCwUAA4IBAQBMFdTuvFjJdvT6Isl0FPuFgzLg6ZeEtpLt+x8WSyWf
dO86N/A0rhTPUak+DUXwtQgMNxFIZYBVPDAHhLUuhvK5v4VuOutWmYF+CB07CmcU
FkqCaMjsz5GFX8FeM07uDJfhqnP9QTcDihNMywPLMWNi8NdxBeKQOevAgV38v5oW
deqBJSmEvS+ywPasMyRYJsMKljoIjBNQ+v+FDwmy71283bucsKmuJHH0XeDSx4JF
y9M1Z3qTDs2FtkheFG/s3IwbbSRzc50H+SqM383x6YS7TTNUiiKQbPqIekWVuQJr
RztKg98AJNrqnGB2etIIOGo+YMsp6gfxTRn29s3FpuKR
-----END CERTIFICATE-----