Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/cNgiZM2H5Cgl-Jiu4wfcycgt_1w.roa
File:                     cNgiZM2H5Cgl-Jiu4wfcycgt_1w.roa (raw, json)
Hash identifier:          c9g7N6SRffLSOypXRFWno44C8IsxXr95VTYyJwQWRXE=
Subject key identifier:   70:D8:22:64:CD:87:E4:28:25:F8:98:AE:E3:07:DC:C9:C8:2D:FF:5C
Certificate issuer:       /CN=7d0213e3e7ebe6170a3600a8e3ae64ed962c0e36
Certificate serial:       018CC492450FD5CDAC1D76DD546064B9F88F
Authority key identifier: 7D:02:13:E3:E7:EB:E6:17:0A:36:00:A8:E3:AE:64:ED:96:2C:0E:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQIT4-fr5hcKNgCo465k7ZYsDjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/cNgiZM2H5Cgl-Jiu4wfcycgt_1w.roa
Signing time:             Mon 01 Jan 2024 10:29:29 +0000
ROA not before:           Mon 01 Jan 2024 10:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50719
IP address blocks:        195.191.252.0/23 maxlen: 23
                          5.206.200.0/21 maxlen: 21
                          91.227.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/fQIT4-fr5hcKNgCo465k7ZYsDjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/fQIT4-fr5hcKNgCo465k7ZYsDjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQIT4-fr5hcKNgCo465k7ZYsDjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:45:0f:d5:cd:ac:1d:76:dd:54:60:64:b9:f8:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d0213e3e7ebe6170a3600a8e3ae64ed962c0e36
        Validity
            Not Before: Jan  1 10:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70d82264cd87e42825f898aee307dcc9c82dff5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e4:ff:5b:c1:40:2f:a1:e6:dc:24:b3:26:7d:
                    6d:ea:b6:40:4e:e7:75:e2:c1:52:85:4e:4e:47:57:
                    f6:fd:81:f7:72:36:1d:f1:9a:86:56:52:33:6e:b6:
                    4f:dc:a0:05:33:31:ea:3d:7f:f5:0b:20:d7:ee:fc:
                    8e:cc:17:08:d8:1e:01:95:0e:55:1d:4e:6a:a5:78:
                    f9:dc:8f:15:f2:d5:b1:8e:cc:78:cc:35:14:30:75:
                    66:1a:e4:79:2f:1d:35:38:e9:d9:34:b4:bf:76:70:
                    0b:c2:50:f0:08:dd:de:b8:ea:c9:37:5f:43:63:4a:
                    57:ce:e6:77:89:1e:2a:0e:71:a3:6d:d6:67:1d:e2:
                    b3:93:6c:f2:bc:f4:83:21:16:ae:61:75:bc:ad:6c:
                    0a:22:cd:8b:c3:34:91:df:6e:99:8d:4f:2b:95:24:
                    c1:21:a6:90:f1:b2:31:b6:0a:0a:5c:94:c4:f5:97:
                    2a:fa:a7:18:aa:c4:dc:5d:5b:25:bb:75:d3:9f:1f:
                    ce:56:a7:0f:a0:ed:0a:ba:81:0c:ba:66:37:04:26:
                    d9:40:fe:b6:ad:ec:5e:f9:16:ab:5e:e5:2c:0e:99:
                    0c:32:a9:a9:b5:87:1d:b5:49:35:86:d8:0b:d8:46:
                    9b:ca:ab:00:1c:17:c0:57:67:48:8a:52:04:c1:9d:
                    12:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:D8:22:64:CD:87:E4:28:25:F8:98:AE:E3:07:DC:C9:C8:2D:FF:5C
            X509v3 Authority Key Identifier:
                keyid:7D:02:13:E3:E7:EB:E6:17:0A:36:00:A8:E3:AE:64:ED:96:2C:0E:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQIT4-fr5hcKNgCo465k7ZYsDjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/cNgiZM2H5Cgl-Jiu4wfcycgt_1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/fQIT4-fr5hcKNgCo465k7ZYsDjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.206.200.0/21
                  91.227.231.0/24
                  195.191.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:3d:45:68:01:fb:ff:84:ce:c8:11:72:69:b0:91:12:c5:dc:
         62:a8:0f:f8:5a:2f:85:b2:1b:cc:64:86:96:9c:46:17:81:d2:
         8d:92:9d:cf:30:76:df:74:36:c5:93:6b:87:b4:6d:4e:0f:f5:
         92:59:3c:93:fb:a4:e9:2c:8f:fc:3f:b3:64:a2:3f:13:e0:56:
         97:87:e2:1f:b9:46:e7:2f:43:a8:25:da:74:68:11:e9:59:54:
         bc:4c:74:7a:30:96:83:42:a4:3b:1c:77:db:2e:03:0b:fe:42:
         09:3c:5f:3b:12:22:1e:0d:52:ad:91:3f:2c:e7:5f:01:27:53:
         16:23:45:b4:e6:fa:70:2c:0d:63:83:77:53:fa:35:f2:b1:8c:
         01:21:25:13:8c:d7:09:9a:ac:ab:b1:93:a8:ef:c3:d7:46:18:
         bd:6d:f7:db:9b:16:7c:d2:10:7d:66:07:2d:0f:1d:15:7a:e4:
         eb:ec:b7:b2:bf:ec:34:9d:72:cc:5c:df:c6:b1:5e:ba:5d:60:
         46:69:70:db:7f:a3:08:8a:94:d1:e3:42:ce:c6:f7:b9:cc:97:
         96:d3:26:b4:78:6f:a6:82:70:45:5d:d6:f1:e2:c3:4d:08:68:
         d7:df:bc:65:60:7a:05:58:0c:5f:d9:3a:07:77:f0:2a:1a:56:
         d0:b0:22:87
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEkkUP1c2sHXbdVGBkufiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDIxM2UzZTdlYmU2MTcwYTM2MDBhOGUzYWU2NGVkOTYy
YzBlMzYwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGQ4MjI2NGNkODdlNDI4MjVmODk4YWVlMzA3ZGNjOWM4MmRmZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOT/W8FAL6Hm3CSzJn1t6rZATud1
4sFShU5OR1f2/YH3cjYd8ZqGVlIzbrZP3KAFMzHqPX/1CyDX7vyOzBcI2B4BlQ5V
HU5qpXj53I8V8tWxjsx4zDUUMHVmGuR5Lx01OOnZNLS/dnALwlDwCN3euOrJN19D
Y0pXzuZ3iR4qDnGjbdZnHeKzk2zyvPSDIRauYXW8rWwKIs2LwzSR326ZjU8rlSTB
IaaQ8bIxtgoKXJTE9Zcq+qcYqsTcXVslu3XTnx/OVqcPoO0KuoEMumY3BCbZQP62
rexe+RarXuUsDpkMMqmptYcdtUk1htgL2EabyqsAHBfAV2dIilIEwZ0SjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHDYImTNh+QoJfiYruMH3MnILf9cMB8GA1UdIwQY
MBaAFH0CE+Pn6+YXCjYAqOOuZO2WLA42MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFJVDQtZnI1aGNLTmdDbzQ2NWs3WllzRGpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy84MjFkYzItNjc2Ni00OTg4LWI3Nzct
MDM1MzIxNDBlZjUyLzEvY05naVpNMkg1Q2dsLUppdTR3ZmN5Y2d0XzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy84MjFkYzItNjc2Ni00OTg4LWI3NzctMDM1MzIxNDBlZjUy
LzEvZlFJVDQtZnI1aGNLTmdDbzQ2NWs3WllzRGpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBc7IAwQA
W+PnAwQBw7/8MA0GCSqGSIb3DQEBCwUAA4IBAQCqPUVoAfv/hM7IEXJpsJESxdxi
qA/4Wi+FshvMZIaWnEYXgdKNkp3PMHbfdDbFk2uHtG1OD/WSWTyT+6TpLI/8P7Nk
oj8T4FaXh+IfuUbnL0OoJdp0aBHpWVS8THR6MJaDQqQ7HHfbLgML/kIJPF87EiIe
DVKtkT8s518BJ1MWI0W05vpwLA1jg3dT+jXysYwBISUTjNcJmqyrsZOo78PXRhi9
bffbmxZ80hB9ZgctDx0VeuTr7Leyv+w0nXLMXN/GsV66XWBGaXDbf6MIipTR40LO
xve5zJeW0ya0eG+mgnBFXdbx4sNNCGjX37xlYHoFWAxf2ToHd/AqGlbQsCKH
-----END CERTIFICATE-----