Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/mMxgEx06yOrcKaRVLqMjAgZO_N8.roa
File:                     mMxgEx06yOrcKaRVLqMjAgZO_N8.roa (raw, json)
Hash identifier:          ZwC896KMWAcgzUTINYjNxPt0ZDq9qC7/1gyO+J1ujyk=
Subject key identifier:   98:CC:60:13:1D:3A:C8:EA:DC:29:A4:55:2E:A3:23:02:06:4E:FC:DF
Certificate issuer:       /CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
Certificate serial:       018CC26D36372A3D57D4B56041BF03D67240
Authority key identifier: B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/mMxgEx06yOrcKaRVLqMjAgZO_N8.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197265
IP address blocks:        91.217.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:36:37:2a:3d:57:d4:b5:60:41:bf:03:d6:72:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98cc60131d3ac8eadc29a4552ea32302064efcdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4f:1e:e2:be:19:c3:2d:e9:92:d9:2b:d9:a5:
                    be:90:4e:4f:e6:35:27:3a:68:94:14:db:ca:1c:95:
                    aa:99:41:ae:59:f1:76:b6:90:93:4d:df:7d:db:b3:
                    43:4b:42:c7:85:32:4e:2e:1e:a0:e6:64:56:74:c2:
                    55:03:7a:01:8e:03:eb:cf:74:d9:d6:c7:47:11:dd:
                    11:8e:f7:9e:c5:93:ea:fc:98:29:12:17:99:21:d9:
                    43:80:74:4e:8c:5a:56:3b:30:28:45:82:b1:20:53:
                    ac:e9:99:51:0f:6e:ac:01:43:c9:bb:bd:fe:72:8c:
                    51:50:9c:45:46:fe:6a:a5:7d:49:88:98:22:74:00:
                    32:8e:90:1b:21:8a:4e:ac:ef:2f:32:47:5e:12:90:
                    0d:10:6e:12:5b:a4:3a:69:b9:10:7d:09:f2:57:c8:
                    3d:fa:05:4c:a3:db:db:e0:c9:d7:bc:33:1b:01:c2:
                    b7:00:e4:bd:65:ca:2f:7e:e7:55:42:a0:96:13:7c:
                    e1:f0:5a:11:7f:15:75:05:29:d1:04:b0:7c:ca:e4:
                    ac:f5:de:ab:ff:40:f2:13:16:97:8b:ef:4a:d9:fc:
                    35:0d:4a:88:3d:ea:ae:09:d9:c6:b0:89:1e:9f:64:
                    64:5e:49:2f:27:ab:6b:c2:c9:2a:a1:9a:1c:7d:e5:
                    36:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:CC:60:13:1D:3A:C8:EA:DC:29:A4:55:2E:A3:23:02:06:4E:FC:DF
            X509v3 Authority Key Identifier:
                keyid:B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/mMxgEx06yOrcKaRVLqMjAgZO_N8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:54:5b:8e:4b:fa:39:08:55:17:3f:0f:79:5e:cb:35:31:5c:
         77:e5:5e:6f:02:c3:37:d5:d2:c5:6f:14:00:cd:f2:d1:d6:6e:
         91:50:9f:8a:c2:d1:0d:c4:d3:df:3c:4f:5a:bd:48:79:3b:6a:
         ec:94:22:0a:4a:4c:cf:b6:80:1f:ce:49:80:fd:d4:9c:26:3d:
         db:f4:c9:c6:e7:73:cf:96:1c:f2:28:e0:b2:d3:1c:78:3f:19:
         a5:a3:21:d7:06:9f:b8:e6:f5:d8:11:74:56:ab:83:d3:32:04:
         76:69:e7:4e:5f:b6:05:ed:aa:d3:98:37:8f:e7:ea:0b:39:73:
         5d:8c:01:1b:48:0f:92:97:66:23:fe:8e:b6:b5:67:f8:52:87:
         e2:7a:5d:c0:31:5b:35:b5:33:3a:ea:3a:42:f4:55:fa:fa:6e:
         9d:9c:87:5f:ce:a0:61:51:50:58:b5:4f:7d:74:a0:76:a3:c8:
         ff:b7:2f:35:5a:f0:05:2c:87:01:fc:e9:f3:f5:db:74:c9:01:
         49:cb:7a:5b:0b:9d:92:8a:33:7d:e6:59:87:4c:84:92:2a:21:
         ad:e6:4b:33:8c:40:0b:2a:7a:40:be:e5:78:af:f3:cf:00:27:
         c1:cc:00:3e:cb:d3:b9:c5:29:e8:e0:d2:97:8e:40:e3:13:99:
         0b:e7:fe:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTY3Kj1X1LVgQb8D1nJAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZDdlZDE0YjhkNTFhMjBiYWVjN2I2NjBmMDhhODBjZGNm
ODE3YmYwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGNjNjAxMzFkM2FjOGVhZGMyOWE0NTUyZWEzMjMwMjA2NGVmY2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU8e4r4Zwy3pktkr2aW+kE5P5jUn
OmiUFNvKHJWqmUGuWfF2tpCTTd9927NDS0LHhTJOLh6g5mRWdMJVA3oBjgPrz3TZ
1sdHEd0RjveexZPq/JgpEheZIdlDgHROjFpWOzAoRYKxIFOs6ZlRD26sAUPJu73+
coxRUJxFRv5qpX1JiJgidAAyjpAbIYpOrO8vMkdeEpANEG4SW6Q6abkQfQnyV8g9
+gVMo9vb4MnXvDMbAcK3AOS9ZcovfudVQqCWE3zh8FoRfxV1BSnRBLB8yuSs9d6r
/0DyExaXi+9K2fw1DUqIPequCdnGsIken2RkXkkvJ6trwskqoZocfeU2OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjMYBMdOsjq3CmkVS6jIwIGTvzfMB8GA1UdIwQY
MBaAFLTX7RS41Roguux7Zg8IqAzc+Be/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2Mt
N2QwNDIzYmRhNzRjLzEvbU14Z0V4MDZ5T3JjS2FSVkxxTWpBZ1pPX044LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2MtN2QwNDIzYmRhNzRj
LzEvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nMMA0G
CSqGSIb3DQEBCwUAA4IBAQB8VFuOS/o5CFUXPw95Xss1MVx35V5vAsM31dLFbxQA
zfLR1m6RUJ+KwtENxNPfPE9avUh5O2rslCIKSkzPtoAfzkmA/dScJj3b9MnG53PP
lhzyKOCy0xx4PxmloyHXBp+45vXYEXRWq4PTMgR2aedOX7YF7arTmDeP5+oLOXNd
jAEbSA+Sl2Yj/o62tWf4Uofiel3AMVs1tTM66jpC9FX6+m6dnIdfzqBhUVBYtU99
dKB2o8j/ty81WvAFLIcB/Onz9dt0yQFJy3pbC52SijN95lmHTISSKiGt5kszjEAL
KnpAvuV4r/PPACfBzAA+y9O5xSno4NKXjkDjE5kL5/4v
-----END CERTIFICATE-----