Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/xv778_GlYWrAdM69KSAIyeDu4-g.roa
File:                     xv778_GlYWrAdM69KSAIyeDu4-g.roa (raw, json)
Hash identifier:          +c9EuVidLFoJa0eWqvXPHtB9a4uKt4XJ5ndnaB9AzLk=
Subject key identifier:   C6:FE:FB:F3:F1:A5:61:6A:C0:74:CE:BD:29:20:08:C9:E0:EE:E3:E8
Certificate issuer:       /CN=d5ee40f4589d6a11b24f7bbcc29ab9f9ae689719
Certificate serial:       018CC9BC347455FEFCD175780875D2903191
Authority key identifier: D5:EE:40:F4:58:9D:6A:11:B2:4F:7B:BC:C2:9A:B9:F9:AE:68:97:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1e5A9FidahGyT3u8wpq5-a5olxk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/xv778_GlYWrAdM69KSAIyeDu4-g.roa
Signing time:             Tue 02 Jan 2024 10:33:23 +0000
ROA not before:           Tue 02 Jan 2024 10:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49321
IP address blocks:        91.196.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/1e5A9FidahGyT3u8wpq5-a5olxk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/1e5A9FidahGyT3u8wpq5-a5olxk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1e5A9FidahGyT3u8wpq5-a5olxk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 16:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:34:74:55:fe:fc:d1:75:78:08:75:d2:90:31:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5ee40f4589d6a11b24f7bbcc29ab9f9ae689719
        Validity
            Not Before: Jan  2 10:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6fefbf3f1a5616ac074cebd292008c9e0eee3e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bb:12:5d:83:de:23:73:be:fc:2e:ec:fd:37:
                    48:ab:b7:8a:8c:bc:23:f4:11:be:89:37:a4:41:68:
                    c0:ce:f9:97:2e:bf:0d:a4:27:b0:00:4f:41:17:86:
                    a0:ca:a5:4f:27:2c:72:e3:9e:eb:5c:0d:61:f2:b9:
                    83:8b:8d:23:a9:9e:07:3f:12:37:fb:33:f5:3f:75:
                    86:c0:40:ad:8d:6b:c9:1e:9f:ae:b7:3b:22:90:1f:
                    00:1a:90:03:ac:63:76:cd:05:d2:42:9d:c4:40:3e:
                    2a:e8:af:e1:f3:48:75:5c:88:b6:04:33:ea:30:f3:
                    2b:d8:0a:be:ba:05:42:74:15:c5:69:f6:81:52:93:
                    29:64:13:8f:fd:7a:16:cf:09:ba:58:93:fe:b0:c9:
                    0d:bd:87:c6:fb:a6:e4:bc:e2:c2:f6:15:ea:70:12:
                    14:95:58:22:e9:8f:5d:4e:eb:32:3f:7e:85:ba:b5:
                    da:16:04:e7:8c:e2:f0:18:4f:34:a1:e5:9b:94:6a:
                    2b:cc:c1:70:48:f3:c6:2b:17:44:46:fd:b2:63:42:
                    7b:57:23:7a:22:78:45:f3:89:31:80:14:97:53:14:
                    37:38:4e:02:40:65:4c:77:8a:c1:0f:92:a8:3d:84:
                    6b:5e:13:1c:37:fa:49:31:93:9d:62:e7:9e:d0:11:
                    d9:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:FE:FB:F3:F1:A5:61:6A:C0:74:CE:BD:29:20:08:C9:E0:EE:E3:E8
            X509v3 Authority Key Identifier:
                keyid:D5:EE:40:F4:58:9D:6A:11:B2:4F:7B:BC:C2:9A:B9:F9:AE:68:97:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e5A9FidahGyT3u8wpq5-a5olxk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/xv778_GlYWrAdM69KSAIyeDu4-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/1e5A9FidahGyT3u8wpq5-a5olxk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:f5:56:f5:ec:7f:af:50:1d:3e:b2:92:31:a0:d6:76:50:f0:
         60:fd:9a:39:13:40:96:4d:1c:7d:8f:d3:3d:ba:79:99:60:fd:
         81:7f:05:b8:ee:da:e3:98:ea:20:02:6e:8b:c9:11:18:8a:a6:
         b4:99:6e:e4:cc:fc:7a:8b:6d:2c:d5:71:c5:82:86:2b:b9:39:
         31:e4:0d:d2:5a:e1:74:ab:ad:6c:bb:08:fb:fa:3e:91:f6:b4:
         99:aa:0b:31:4a:ea:78:e1:77:d1:ed:3d:aa:6e:de:68:39:fd:
         48:f4:94:df:26:94:df:26:42:fe:99:ee:80:10:2a:18:c5:2a:
         50:8a:f6:11:81:14:04:44:6b:29:c1:03:9b:11:8c:42:f9:30:
         2d:c1:d3:64:70:12:34:a9:fb:28:c6:78:06:b2:ec:ae:96:c6:
         22:0e:35:48:65:4a:5c:08:ba:00:3f:5f:dd:ae:c0:66:cb:78:
         4f:57:bc:ac:cb:55:10:7c:8a:fc:9b:c2:69:43:62:db:82:3f:
         c8:8e:34:62:65:c9:ef:7a:73:dd:d4:63:43:c8:a5:10:97:9d:
         72:30:30:8c:8f:03:6d:e9:82:24:68:46:56:80:59:8e:32:db:
         c0:c4:a0:81:b8:ad:d1:76:2a:eb:58:0e:c5:91:48:9f:1e:fb:
         3f:88:72:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvDR0Vf780XV4CHXSkDGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZWU0MGY0NTg5ZDZhMTFiMjRmN2JiY2MyOWFiOWY5YWU2
ODk3MTkwHhcNMjQwMTAyMTAzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmZlZmJmM2YxYTU2MTZhYzA3NGNlYmQyOTIwMDhjOWUwZWVlM2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLsSXYPeI3O+/C7s/TdIq7eKjLwj
9BG+iTekQWjAzvmXLr8NpCewAE9BF4agyqVPJyxy457rXA1h8rmDi40jqZ4HPxI3
+zP1P3WGwECtjWvJHp+utzsikB8AGpADrGN2zQXSQp3EQD4q6K/h80h1XIi2BDPq
MPMr2Aq+ugVCdBXFafaBUpMpZBOP/XoWzwm6WJP+sMkNvYfG+6bkvOLC9hXqcBIU
lVgi6Y9dTusyP36FurXaFgTnjOLwGE80oeWblGorzMFwSPPGKxdERv2yY0J7VyN6
InhF84kxgBSXUxQ3OE4CQGVMd4rBD5KoPYRrXhMcN/pJMZOdYuee0BHZcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMb++/PxpWFqwHTOvSkgCMng7uPoMB8GA1UdIwQY
MBaAFNXuQPRYnWoRsk97vMKaufmuaJcZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWU1QTlGaWRhaEd5VDN1OHdwcTUtYTVvbHhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy84YzEzMDYtNzgwNS00MTdkLWJlNjMt
OWVhMmE2ZmI2YTgxLzEveHY3NzhfR2xZV3JBZE02OUtTQUl5ZUR1NC1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy84YzEzMDYtNzgwNS00MTdkLWJlNjMtOWVhMmE2ZmI2YTgx
LzEvMWU1QTlGaWRhaEd5VDN1OHdwcTUtYTVvbHhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8SbMA0G
CSqGSIb3DQEBCwUAA4IBAQB09Vb17H+vUB0+spIxoNZ2UPBg/Zo5E0CWTRx9j9M9
unmZYP2BfwW47trjmOogAm6LyREYiqa0mW7kzPx6i20s1XHFgoYruTkx5A3SWuF0
q61suwj7+j6R9rSZqgsxSup44XfR7T2qbt5oOf1I9JTfJpTfJkL+me6AECoYxSpQ
ivYRgRQERGspwQObEYxC+TAtwdNkcBI0qfsoxngGsuyulsYiDjVIZUpcCLoAP1/d
rsBmy3hPV7ysy1UQfIr8m8JpQ2Lbgj/IjjRiZcnvenPd1GNDyKUQl51yMDCMjwNt
6YIkaEZWgFmOMtvAxKCBuK3RdirrWA7FkUifHvs/iHID
-----END CERTIFICATE-----