Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/nUmuqQtCmwZJovIT6p8aelgI-S0.roa
File:                     nUmuqQtCmwZJovIT6p8aelgI-S0.roa (raw, json)
Hash identifier:          oREHW4GSEh6DMeYwrQihMuc4QtcFuWqaZQDWYDWgOls=
Subject key identifier:   9D:49:AE:A9:0B:42:9B:06:49:A2:F2:13:EA:9F:1A:7A:58:08:F9:2D
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018CC50030DE7AD546D9229FD191D8712111
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/nUmuqQtCmwZJovIT6p8aelgI-S0.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        91.213.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 17:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:30:de:7a:d5:46:d9:22:9f:d1:91:d8:71:21:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d49aea90b429b0649a2f213ea9f1a7a5808f92d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f0:ef:98:00:c1:39:57:ef:6f:a3:a0:9d:0c:
                    fc:78:2a:d1:9c:1f:6a:62:3f:fd:de:7b:b5:e7:fa:
                    8a:4f:1d:64:79:8e:56:4a:b2:aa:4f:2b:4b:ea:e4:
                    e0:fc:d6:65:47:c6:8d:db:c5:7a:13:b8:87:24:bb:
                    9f:1e:ea:c7:f8:87:75:60:39:9f:d6:9b:31:54:ad:
                    69:56:5b:34:2d:80:65:bf:c5:b6:7f:1c:0f:60:3a:
                    ce:20:06:6f:fd:16:d1:ff:e3:b6:a3:da:80:f8:75:
                    cc:d2:f7:54:00:7d:63:d1:44:3c:a5:d7:c1:0c:b6:
                    89:ad:bd:69:ef:49:58:21:8a:1c:07:bb:80:71:cd:
                    ea:2f:7d:1f:bb:90:98:94:80:bd:cc:93:42:66:3b:
                    2a:3a:d8:49:d2:45:69:10:26:5d:74:f6:41:34:77:
                    ea:5f:42:98:53:1a:d2:38:a6:d9:03:11:38:b7:e6:
                    3d:04:9a:18:6d:c4:c5:5f:f8:14:e9:27:35:22:7b:
                    34:ed:06:be:59:c8:0e:be:7a:b9:ed:ec:32:cd:ae:
                    a3:9e:8f:aa:9d:1f:dd:99:bc:91:21:44:8b:8c:59:
                    b2:5a:d4:d5:c2:ae:07:b1:63:87:a9:62:6d:a5:e6:
                    5d:2a:f6:44:66:e7:f0:bb:d4:f4:ba:3e:f5:d9:1c:
                    a3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:49:AE:A9:0B:42:9B:06:49:A2:F2:13:EA:9F:1A:7A:58:08:F9:2D
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/nUmuqQtCmwZJovIT6p8aelgI-S0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:41:24:4b:1f:35:23:07:72:f4:67:0b:b9:cf:07:a9:4b:64:
         f2:11:58:c4:d8:05:63:7f:91:b4:41:15:e4:4e:21:40:56:31:
         6c:fb:42:51:91:27:31:d6:f7:1a:60:a3:83:a7:8c:63:6f:e8:
         4b:8f:1d:a1:55:41:d8:e6:b2:e5:e5:66:74:a2:7c:6e:72:d0:
         3b:0c:cc:fa:20:5c:4e:18:a6:ea:a2:31:a7:cf:a9:f7:f0:aa:
         7b:e9:98:34:30:3b:ae:3b:75:3e:76:8b:72:8e:c3:65:46:c2:
         bc:3e:f6:94:ef:b2:98:81:de:76:b4:2b:0b:b9:b9:e5:52:70:
         19:55:fd:60:84:51:00:5c:b4:8d:6e:7b:1f:2e:2b:e2:1d:9a:
         7b:35:c2:84:63:e3:9b:e0:c0:c7:3d:e1:e3:87:48:2f:93:3a:
         88:54:dc:b1:53:df:92:21:84:9a:21:9b:24:d7:12:6a:40:f9:
         6b:20:5c:b0:23:d3:91:8a:6b:4d:37:f2:e4:a0:04:9c:b8:24:
         4f:ef:ae:bd:e4:d7:d0:70:bb:c4:aa:c3:5c:16:d7:03:52:6b:
         a3:5a:dc:51:86:e5:34:02:a4:c8:57:99:26:92:e9:3e:fb:24:
         a1:f5:e1:9c:8b:c6:3b:22:51:ec:29:34:86:8e:b8:f0:a2:e0:
         85:c9:d1:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADDeetVG2SKf0ZHYcSERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDQ5YWVhOTBiNDI5YjA2NDlhMmYyMTNlYTlmMWE3YTU4MDhmOTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPDvmADBOVfvb6OgnQz8eCrRnB9q
Yj/93nu15/qKTx1keY5WSrKqTytL6uTg/NZlR8aN28V6E7iHJLufHurH+Id1YDmf
1psxVK1pVls0LYBlv8W2fxwPYDrOIAZv/RbR/+O2o9qA+HXM0vdUAH1j0UQ8pdfB
DLaJrb1p70lYIYocB7uAcc3qL30fu5CYlIC9zJNCZjsqOthJ0kVpECZddPZBNHfq
X0KYUxrSOKbZAxE4t+Y9BJoYbcTFX/gU6Sc1Ins07Qa+WcgOvnq57ewyza6jno+q
nR/dmbyRIUSLjFmyWtTVwq4HsWOHqWJtpeZdKvZEZufwu9T0uj712RyjnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1JrqkLQpsGSaLyE+qfGnpYCPktMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvblVtdXFRdENtd1pKb3ZJVDZwOGFlbGdJLVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WuMA0G
CSqGSIb3DQEBCwUAA4IBAQBUQSRLHzUjB3L0Zwu5zwepS2TyEVjE2AVjf5G0QRXk
TiFAVjFs+0JRkScx1vcaYKODp4xjb+hLjx2hVUHY5rLl5WZ0onxuctA7DMz6IFxO
GKbqojGnz6n38Kp76Zg0MDuuO3U+dotyjsNlRsK8PvaU77KYgd52tCsLubnlUnAZ
Vf1ghFEAXLSNbnsfLiviHZp7NcKEY+Ob4MDHPeHjh0gvkzqIVNyxU9+SIYSaIZsk
1xJqQPlrIFywI9ORimtNN/LkoAScuCRP76695NfQcLvEqsNcFtcDUmujWtxRhuU0
AqTIV5kmkuk++ySh9eGci8Y7IlHsKTSGjrjwouCFydFc
-----END CERTIFICATE-----