Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/579479-7d4d-49c4-83c3-207e9b70c385/1/M6e7K950_k_iGtU7n78oPS42P9s.roa
File:                     M6e7K950_k_iGtU7n78oPS42P9s.roa (raw, json)
Hash identifier:          0QQstbMgZ2SlYYroQ7gISeplIyCONm6168shRCkNgAc=
Subject key identifier:   33:A7:BB:2B:DE:74:FE:4F:E2:1A:D5:3B:9F:BF:28:3D:2E:36:3F:DB
Certificate issuer:       /CN=9c1626d5fd54a17a25942f6fd95c83c0e08817bb
Certificate serial:       018CC2DB000062214206CCF23486507D541D
Authority key identifier: 9C:16:26:D5:FD:54:A1:7A:25:94:2F:6F:D9:5C:83:C0:E0:88:17:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nBYm1f1UoXollC9v2VyDwOCIF7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/579479-7d4d-49c4-83c3-207e9b70c385/1/M6e7K950_k_iGtU7n78oPS42P9s.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56432
IP address blocks:        91.223.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/579479-7d4d-49c4-83c3-207e9b70c385/1/nBYm1f1UoXollC9v2VyDwOCIF7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/579479-7d4d-49c4-83c3-207e9b70c385/1/nBYm1f1UoXollC9v2VyDwOCIF7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nBYm1f1UoXollC9v2VyDwOCIF7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:00:00:62:21:42:06:cc:f2:34:86:50:7d:54:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c1626d5fd54a17a25942f6fd95c83c0e08817bb
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33a7bb2bde74fe4fe21ad53b9fbf283d2e363fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:43:d5:d4:5a:b2:32:35:c4:12:5c:a5:df:ac:
                    cc:3f:7c:99:6a:fe:d4:e1:4c:45:63:c3:ec:a2:c8:
                    ec:91:26:de:5f:cb:71:a3:52:8e:38:15:53:b8:f0:
                    b3:71:03:9a:76:4a:ea:a8:c5:70:a1:d9:75:7b:cb:
                    8d:fb:16:c7:c7:4c:18:30:80:e2:da:28:30:f8:1e:
                    96:4e:b5:27:30:53:ec:ff:0b:64:a3:b7:a9:89:da:
                    36:66:ca:bb:78:53:98:83:a8:62:fe:57:64:d4:15:
                    64:77:e3:f7:01:61:07:ac:13:0c:b4:26:ec:45:8a:
                    af:14:96:30:8b:d5:1f:27:c2:d5:e6:f5:a0:e1:fc:
                    29:93:59:cb:49:e5:49:71:03:ba:3e:80:60:e4:52:
                    4e:03:d4:3c:11:1b:17:05:d9:1a:f6:ba:49:58:ed:
                    d5:78:1f:0e:50:e5:e9:d0:c2:e4:26:d8:f5:18:8a:
                    58:f5:a5:65:55:0d:84:4a:a8:96:fe:6d:28:b4:5e:
                    7f:f6:d9:04:ec:59:4e:4e:d5:19:c6:ed:3c:af:b2:
                    02:04:cc:95:52:d7:44:a0:c1:cf:ae:4b:e2:2b:7e:
                    d3:ce:fd:76:3e:88:00:0f:f5:37:65:03:f1:9d:ec:
                    5f:11:68:b3:26:32:a4:91:88:ba:39:bc:15:81:52:
                    8f:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:A7:BB:2B:DE:74:FE:4F:E2:1A:D5:3B:9F:BF:28:3D:2E:36:3F:DB
            X509v3 Authority Key Identifier:
                keyid:9C:16:26:D5:FD:54:A1:7A:25:94:2F:6F:D9:5C:83:C0:E0:88:17:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBYm1f1UoXollC9v2VyDwOCIF7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/579479-7d4d-49c4-83c3-207e9b70c385/1/M6e7K950_k_iGtU7n78oPS42P9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/579479-7d4d-49c4-83c3-207e9b70c385/1/nBYm1f1UoXollC9v2VyDwOCIF7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:82:98:a6:27:43:a2:c0:81:c3:fd:52:7e:0d:a8:12:37:1b:
         c2:5a:70:74:60:8c:e1:78:11:bc:51:0a:85:fc:b0:42:11:52:
         af:10:a4:b4:0f:d9:af:0b:3c:05:3b:12:6c:47:25:d9:93:8d:
         cf:37:d2:39:31:8f:61:ab:31:9d:fa:ba:3b:1e:9c:c7:64:2b:
         68:71:a2:e2:56:c8:c8:63:b6:d5:81:1b:0c:ab:ed:e8:bf:58:
         94:47:d4:f5:4d:e3:ec:57:aa:fb:94:6b:99:48:5e:92:b4:ae:
         1a:b9:dd:a6:54:7a:a8:9c:bd:d2:41:ea:1d:64:00:bd:63:e2:
         24:d5:6c:87:f2:c9:4b:79:81:5e:ec:e4:fd:2d:01:98:7f:2a:
         40:61:c1:40:c1:80:3f:40:fc:34:48:6c:b5:cb:81:1a:95:21:
         fe:11:80:cc:3e:9f:20:21:5a:df:22:ec:f4:3f:ae:56:fe:b2:
         f5:3c:f2:6d:3b:89:bf:f3:b9:9e:39:43:3d:26:a7:4f:c8:1b:
         a4:f2:7c:6a:75:fb:8e:d0:7b:df:bf:06:3d:a8:3d:ad:5e:2a:
         42:87:9e:7b:12:55:e4:1a:df:8a:24:09:15:38:39:e7:8d:ac:
         27:b8:3b:ea:c3:2f:56:2d:54:d8:60:1c:19:be:8f:c7:10:28:
         8a:4a:99:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wAAYiFCBszyNIZQfVQdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMTYyNmQ1ZmQ1NGExN2EyNTk0MmY2ZmQ5NWM4M2MwZTA4
ODE3YmIwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2E3YmIyYmRlNzRmZTRmZTIxYWQ1M2I5ZmJmMjgzZDJlMzYzZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEPV1FqyMjXEElyl36zMP3yZav7U
4UxFY8PsosjskSbeX8txo1KOOBVTuPCzcQOadkrqqMVwodl1e8uN+xbHx0wYMIDi
2igw+B6WTrUnMFPs/wtko7epido2Zsq7eFOYg6hi/ldk1BVkd+P3AWEHrBMMtCbs
RYqvFJYwi9UfJ8LV5vWg4fwpk1nLSeVJcQO6PoBg5FJOA9Q8ERsXBdka9rpJWO3V
eB8OUOXp0MLkJtj1GIpY9aVlVQ2ESqiW/m0otF5/9tkE7FlOTtUZxu08r7ICBMyV
UtdEoMHPrkviK37Tzv12PogAD/U3ZQPxnexfEWizJjKkkYi6ObwVgVKPIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOnuyvedP5P4hrVO5+/KD0uNj/bMB8GA1UdIwQY
MBaAFJwWJtX9VKF6JZQvb9lcg8DgiBe7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkJZbTFmMVVvWG9sbEM5djJWeUR3T0NJRjdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81Nzk0NzktN2Q0ZC00OWM0LTgzYzMt
MjA3ZTliNzBjMzg1LzEvTTZlN0s5NTBfa19pR3RVN243OG9QUzQyUDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81Nzk0NzktN2Q0ZC00OWM0LTgzYzMtMjA3ZTliNzBjMzg1
LzEvbkJZbTFmMVVvWG9sbEM5djJWeUR3T0NJRjdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+UMA0G
CSqGSIb3DQEBCwUAA4IBAQBFgpimJ0OiwIHD/VJ+DagSNxvCWnB0YIzheBG8UQqF
/LBCEVKvEKS0D9mvCzwFOxJsRyXZk43PN9I5MY9hqzGd+ro7HpzHZCtocaLiVsjI
Y7bVgRsMq+3ov1iUR9T1TePsV6r7lGuZSF6StK4aud2mVHqonL3SQeodZAC9Y+Ik
1WyH8slLeYFe7OT9LQGYfypAYcFAwYA/QPw0SGy1y4EalSH+EYDMPp8gIVrfIuz0
P65W/rL1PPJtO4m/87meOUM9JqdPyBuk8nxqdfuO0HvfvwY9qD2tXipCh557ElXk
Gt+KJAkVODnnjawnuDvqwy9WLVTYYBwZvo/HECiKSpkv
-----END CERTIFICATE-----