Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/a831mzKTbrUDVc6k3yLU5p320ts.roa
File:                     a831mzKTbrUDVc6k3yLU5p320ts.roa (raw, json)
Hash identifier:          v0+IArnAj9eecB60Ihm+gklVFG6XgY2uDjRaCr5+pck=
Subject key identifier:   6B:CD:F5:9B:32:93:6E:B5:03:55:CE:A4:DF:22:D4:E6:9D:F6:D2:DB
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018CC94E346B06314D541110A30794828B3B
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/a831mzKTbrUDVc6k3yLU5p320ts.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41334
IP address blocks:        91.88.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:34:6b:06:31:4d:54:11:10:a3:07:94:82:8b:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bcdf59b32936eb50355cea4df22d4e69df6d2db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:71:c9:3f:3b:6b:56:dc:2c:de:ce:18:64:bb:
                    8e:02:bc:1d:04:ae:93:76:75:dc:d0:f3:ac:69:de:
                    d5:dc:2a:bf:2a:53:47:bb:98:d3:94:28:90:29:0f:
                    77:92:f8:46:46:bc:bb:24:b4:76:bc:77:bd:49:fc:
                    71:b7:4b:8e:db:ba:fd:db:38:b3:78:c9:4d:79:24:
                    3c:4d:22:37:f4:fa:39:d5:b6:46:a5:4d:c1:45:8a:
                    86:ed:65:13:50:41:0c:ce:a8:7d:ac:08:ec:97:f5:
                    a3:df:3a:e8:51:1b:0c:66:f2:4f:6c:bc:c1:51:da:
                    e4:5c:95:e6:f6:20:79:28:1a:f9:95:56:b0:59:83:
                    10:82:fa:f9:9b:30:ba:48:e1:ce:a1:76:e9:06:87:
                    04:1e:ac:6a:69:d8:b3:c6:3f:df:78:bc:05:aa:36:
                    6f:a4:c4:c5:01:e4:e0:32:ca:05:df:56:83:85:73:
                    1a:e0:a8:60:65:86:40:d9:76:67:9d:2f:f3:06:fd:
                    be:44:87:3d:0a:92:88:a5:90:f8:82:11:f9:48:80:
                    59:2c:0f:1e:48:68:bf:e4:df:c9:f2:2c:e3:ae:82:
                    90:61:b8:b0:0f:48:78:e2:ed:aa:bc:7d:ac:f9:38:
                    d9:12:cc:5d:5e:06:d8:25:20:29:c9:fe:e1:af:82:
                    ee:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:CD:F5:9B:32:93:6E:B5:03:55:CE:A4:DF:22:D4:E6:9D:F6:D2:DB
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/a831mzKTbrUDVc6k3yLU5p320ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.88.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         17:1c:c5:57:73:61:90:48:e7:1c:77:4d:29:25:61:30:fd:17:
         87:ee:3f:15:a6:16:a0:ad:8d:0a:38:81:b1:16:cd:60:db:88:
         bb:2b:32:3c:bd:f2:95:6e:af:eb:b5:94:cb:7e:fc:9d:00:5d:
         a3:29:ec:b1:a6:cd:a7:1d:fc:24:c0:32:26:c6:82:bb:34:40:
         af:a3:04:43:55:64:cc:db:39:d3:2c:b1:3b:fa:06:e7:63:b0:
         24:1a:0b:39:f8:e4:f0:5d:40:6e:49:38:2e:52:12:b6:1a:47:
         a3:14:24:24:f4:77:f4:7e:41:62:49:c7:0b:43:ef:ea:49:45:
         21:1c:52:23:82:51:af:ab:23:92:4e:e9:51:69:68:8c:d0:36:
         ae:7d:d1:19:e8:09:2a:29:dc:0a:9a:a2:4f:99:e1:29:08:bf:
         16:92:5b:29:f0:b6:b5:df:51:2b:67:26:fe:2c:df:de:03:3f:
         eb:55:a4:38:36:1c:35:12:25:f9:16:9c:86:e0:c7:b5:e0:44:
         f2:b6:61:2f:20:cf:8c:3a:50:3f:6c:4d:2a:9b:f6:ec:3b:67:
         e7:1c:bf:16:97:1c:c7:91:87:0b:6f:53:bb:3e:53:7d:eb:7a:
         39:aa:10:c6:20:e7:f1:ea:27:95:02:e0:6c:fc:bb:00:69:e6:
         e9:48:82:71
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzJTjRrBjFNVBEQoweUgos7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmNkZjU5YjMyOTM2ZWI1MDM1NWNlYTRkZjIyZDRlNjlkZjZkMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonHJPztrVtws3s4YZLuOArwdBK6T
dnXc0POsad7V3Cq/KlNHu5jTlCiQKQ93kvhGRry7JLR2vHe9Sfxxt0uO27r92ziz
eMlNeSQ8TSI39Po51bZGpU3BRYqG7WUTUEEMzqh9rAjsl/Wj3zroURsMZvJPbLzB
UdrkXJXm9iB5KBr5lVawWYMQgvr5mzC6SOHOoXbpBocEHqxqadizxj/feLwFqjZv
pMTFAeTgMsoF31aDhXMa4KhgZYZA2XZnnS/zBv2+RIc9CpKIpZD4ghH5SIBZLA8e
SGi/5N/J8izjroKQYbiwD0h44u2qvH2s+TjZEsxdXgbYJSApyf7hr4LuXQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGvN9Zsyk261A1XOpN8i1Oad9tLbMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvYTgzMW16S1RiclVEVmM2azN5TFU1cDMyMHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAW1gwDQYJ
KoZIhvcNAQELBQADggEBABccxVdzYZBI5xx3TSklYTD9F4fuPxWmFqCtjQo4gbEW
zWDbiLsrMjy98pVur+u1lMt+/J0AXaMp7LGmzacd/CTAMibGgrs0QK+jBENVZMzb
OdMssTv6BudjsCQaCzn45PBdQG5JOC5SErYaR6MUJCT0d/R+QWJJxwtD7+pJRSEc
UiOCUa+rI5JO6VFpaIzQNq590RnoCSop3Aqaok+Z4SkIvxaSWynwtrXfUStnJv4s
394DP+tVpDg2HDUSJfkWnIbgx7XgRPK2YS8gz4w6UD9sTSqb9uw7Z+ccvxaXHMeR
hwtvU7s+U33rejmqEMYg5/HqJ5UC4Gz8uwBp5ulIgnE=
-----END CERTIFICATE-----