Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/8hqG6MuUTBaGeYn8b1MLG_aUsxo.roa
File:                     8hqG6MuUTBaGeYn8b1MLG_aUsxo.roa (raw, json)
Hash identifier:          mkLqxFlFQ5067gD+iL13nMSH8REqWJV32KZ51miZDoQ=
Subject key identifier:   F2:1A:86:E8:CB:94:4C:16:86:79:89:FC:6F:53:0B:1B:F6:94:B3:1A
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7B273BA6D6A4E2C35AE6E1339CED8
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/8hqG6MuUTBaGeYn8b1MLG_aUsxo.roa
Signing time:             Mon 01 Jan 2024 20:29:36 +0000
ROA not before:           Mon 01 Jan 2024 20:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49121
IP address blocks:        91.191.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 22:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b2:73:ba:6d:6a:4e:2c:35:ae:6e:13:39:ce:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f21a86e8cb944c16867989fc6f530b1bf694b31a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ee:6b:28:5b:85:c7:40:64:d0:6c:89:ab:33:
                    6b:de:8b:c4:28:cb:23:dd:98:14:2b:7c:63:a3:15:
                    4c:72:95:4c:1f:a8:a5:46:12:28:4a:19:04:91:41:
                    bb:92:5b:01:9a:11:b8:ad:d0:eb:92:60:c0:a3:6a:
                    cc:e5:50:3c:d7:ac:96:74:0e:6c:f8:b6:1b:a7:b7:
                    8e:84:81:5d:82:ee:80:a2:b3:4e:91:8c:42:f6:d3:
                    36:51:6d:41:76:06:0f:b6:f6:75:63:0c:5c:ef:3e:
                    8b:6c:1e:e8:64:d4:7a:c9:82:8b:79:f0:2a:0d:4a:
                    0e:41:1b:54:e4:92:49:ea:ad:6f:5b:ec:ef:ae:e3:
                    93:51:92:73:06:52:11:4e:8e:e2:17:8f:eb:12:e0:
                    e7:ac:80:94:5b:51:b7:57:23:a9:2d:0e:d7:bd:24:
                    e4:ec:c3:30:da:02:b8:1f:3f:64:1a:9f:49:d3:bf:
                    9b:eb:74:79:60:1f:4f:78:78:d1:69:43:be:a6:01:
                    4f:32:6a:55:fb:59:19:b5:56:32:82:85:6b:04:0a:
                    42:85:ee:6f:e8:1b:c4:02:9c:65:07:6d:cc:ac:5e:
                    2b:62:67:c8:ee:1d:4b:93:9b:f1:5c:74:e5:f6:c9:
                    21:f3:34:26:a5:7e:7c:d0:a0:bf:6a:8e:01:45:3a:
                    a8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:1A:86:E8:CB:94:4C:16:86:79:89:FC:6F:53:0B:1B:F6:94:B3:1A
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/8hqG6MuUTBaGeYn8b1MLG_aUsxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.191.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:63:d8:0a:f4:c4:39:d5:b1:75:a7:8d:4f:e9:63:77:e9:88:
         14:ec:09:3a:97:2c:48:0d:fe:b9:43:a3:27:fe:29:c7:12:70:
         08:7e:e5:de:e1:1c:d2:43:99:38:a2:3a:6d:ec:33:5c:0b:e6:
         6f:6a:ed:57:bd:d7:4b:e7:2d:02:c4:3d:36:30:9b:25:ad:53:
         3a:a0:94:fb:17:01:93:8e:7a:df:fd:56:b5:08:20:c1:71:66:
         53:c7:1e:9d:91:65:b6:8b:02:d5:82:75:76:a5:6c:fb:bf:45:
         ba:60:78:55:68:f4:3d:ad:43:15:ba:29:ee:57:77:f8:ba:20:
         58:44:78:97:82:ea:49:41:ea:16:8d:41:c4:53:82:e4:68:f9:
         fb:21:db:61:94:4e:44:ea:52:8b:d0:ec:e2:69:ed:08:9d:b8:
         f9:6b:35:e4:5b:94:05:6d:42:01:cf:d4:2d:9c:cf:05:4c:70:
         c7:a2:40:ba:71:15:84:95:58:89:a1:1a:33:5f:02:c1:99:44:
         3f:e4:4c:ca:75:2b:55:ff:d6:d2:13:de:8e:ae:5a:da:7c:a4:
         9c:19:23:a6:75:bc:25:0d:40:f9:46:ce:f6:32:e3:7a:9d:c0:
         61:81:6e:b4:5a:e6:39:c2:eb:52:f8:8b:2d:e3:ea:97:5d:36:
         76:38:15:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7Jzum1qTiw1rm4TOc7YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjFhODZlOGNiOTQ0YzE2ODY3OTg5ZmM2ZjUzMGIxYmY2OTRiMzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+5rKFuFx0Bk0GyJqzNr3ovEKMsj
3ZgUK3xjoxVMcpVMH6ilRhIoShkEkUG7klsBmhG4rdDrkmDAo2rM5VA816yWdA5s
+LYbp7eOhIFdgu6AorNOkYxC9tM2UW1BdgYPtvZ1Ywxc7z6LbB7oZNR6yYKLefAq
DUoOQRtU5JJJ6q1vW+zvruOTUZJzBlIRTo7iF4/rEuDnrICUW1G3VyOpLQ7XvSTk
7MMw2gK4Hz9kGp9J07+b63R5YB9PeHjRaUO+pgFPMmpV+1kZtVYygoVrBApChe5v
6BvEApxlB23MrF4rYmfI7h1Lk5vxXHTl9skh8zQmpX580KC/ao4BRTqocwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPIahujLlEwWhnmJ/G9TCxv2lLMaMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvOGhxRzZNdVVUQmFHZVluOGIxTUxHX2FVc3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7+5MA0G
CSqGSIb3DQEBCwUAA4IBAQBrY9gK9MQ51bF1p41P6WN36YgU7Ak6lyxIDf65Q6Mn
/inHEnAIfuXe4RzSQ5k4ojpt7DNcC+Zvau1XvddL5y0CxD02MJslrVM6oJT7FwGT
jnrf/Va1CCDBcWZTxx6dkWW2iwLVgnV2pWz7v0W6YHhVaPQ9rUMVuinuV3f4uiBY
RHiXgupJQeoWjUHEU4LkaPn7IdthlE5E6lKL0Oziae0Inbj5azXkW5QFbUIBz9Qt
nM8FTHDHokC6cRWElViJoRozXwLBmUQ/5EzKdStV/9bSE96OrlrafKScGSOmdbwl
DUD5Rs72MuN6ncBhgW60WuY5wutS+Ist4+qXXTZ2OBXY
-----END CERTIFICATE-----