Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/hgHc5Lunw0slnl4V7X_mtGmHUDY.roa
File:                     hgHc5Lunw0slnl4V7X_mtGmHUDY.roa (raw, json)
Hash identifier:          k3QgZrIOjI9WHj0+oDueiilnnwl9ZPva84o55mrRLGg=
Subject key identifier:   86:01:DC:E4:BB:A7:C3:4B:25:9E:5E:15:ED:7F:E6:B4:69:87:50:36
Certificate issuer:       /CN=1aae75a26ccf8621222816a471ccb7c0d5e716e2
Certificate serial:       0191A262B143B15A12E43937F228C0C2F868
Authority key identifier: 1A:AE:75:A2:6C:CF:86:21:22:28:16:A4:71:CC:B7:C0:D5:E7:16:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gq51omzPhiEiKBakccy3wNXnFuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/hgHc5Lunw0slnl4V7X_mtGmHUDY.roa
Signing time:             Fri 30 Aug 2024 08:24:22 +0000
ROA not before:           Fri 30 Aug 2024 08:24:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53991
IP address blocks:        91.198.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/Gq51omzPhiEiKBakccy3wNXnFuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/Gq51omzPhiEiKBakccy3wNXnFuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gq51omzPhiEiKBakccy3wNXnFuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a2:62:b1:43:b1:5a:12:e4:39:37:f2:28:c0:c2:f8:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aae75a26ccf8621222816a471ccb7c0d5e716e2
        Validity
            Not Before: Aug 30 08:24:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8601dce4bba7c34b259e5e15ed7fe6b469875036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:69:7b:31:c5:08:e5:6f:dc:03:fd:57:fe:21:
                    b4:b3:af:bb:c3:e3:9f:e8:a8:26:81:b9:21:db:6a:
                    f4:1a:ba:f5:71:26:3f:3c:e7:34:da:14:f0:15:38:
                    de:80:ae:fe:da:68:8c:94:64:50:93:be:68:9e:ce:
                    ac:cf:53:9e:b8:b2:78:d0:78:a0:47:0f:57:8a:f8:
                    31:c6:76:bc:12:62:79:27:87:8a:bf:ad:41:53:e6:
                    99:cc:f3:80:62:73:5d:1b:2c:60:a3:3f:c8:af:24:
                    96:1d:db:4f:a5:5f:b9:ab:45:8f:c7:73:03:3a:82:
                    9e:e0:86:35:ae:ea:de:9f:e7:c0:e0:1d:fb:9f:13:
                    b7:03:5d:19:4b:97:0f:22:18:6b:bb:48:d0:9d:0d:
                    73:71:ce:14:ee:cc:0a:1f:4f:ac:7e:43:b6:c4:45:
                    84:36:8c:79:19:c2:6e:d9:f5:bc:9f:59:18:90:80:
                    1e:18:48:bc:65:69:01:f5:3c:7d:f3:d6:77:ea:b8:
                    8f:96:26:73:79:b7:17:24:f7:2b:05:05:b2:c1:9e:
                    1d:07:de:5d:7c:dd:2a:eb:f3:75:20:0c:60:7f:d5:
                    5c:bd:7d:75:83:59:07:b2:ec:8a:c3:ea:b2:f4:d6:
                    bf:7b:cf:76:03:a4:c6:bb:d3:cb:e6:11:e6:af:6f:
                    ce:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:01:DC:E4:BB:A7:C3:4B:25:9E:5E:15:ED:7F:E6:B4:69:87:50:36
            X509v3 Authority Key Identifier:
                keyid:1A:AE:75:A2:6C:CF:86:21:22:28:16:A4:71:CC:B7:C0:D5:E7:16:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gq51omzPhiEiKBakccy3wNXnFuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/hgHc5Lunw0slnl4V7X_mtGmHUDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/Gq51omzPhiEiKBakccy3wNXnFuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:02:ad:25:b5:a6:3f:fa:c4:92:2a:d2:59:59:25:bf:b6:7a:
         af:9f:31:11:8b:ac:ef:c5:d6:88:c4:4c:ed:35:7c:f8:2b:53:
         be:62:90:2d:c5:53:38:13:02:a7:0d:eb:9b:40:ce:3d:4c:07:
         6f:85:8a:60:66:7a:aa:09:5a:23:bc:93:d9:be:9a:ee:c9:78:
         0b:7e:88:a6:76:cb:8d:2a:06:3d:18:77:ed:e9:d3:6d:5a:0e:
         2a:a5:d5:aa:b1:9a:06:f2:bf:3e:d8:a6:db:12:b4:db:de:89:
         70:92:37:f2:fb:cb:c5:c4:0d:e6:e2:7c:81:3a:68:94:f5:7d:
         37:ae:67:33:ff:5e:ec:0b:a8:87:59:5e:b4:96:a7:e0:35:9c:
         57:30:c1:48:ab:35:22:70:98:29:d2:fa:54:83:4a:9c:0c:1c:
         39:06:bb:ba:78:46:62:ee:fd:b6:7e:3e:90:4d:63:7f:06:c3:
         45:df:f7:9e:f3:d3:b7:af:1d:3f:5d:01:81:bb:ab:bf:b7:96:
         6e:2e:e3:54:b4:cc:39:cb:4e:5a:37:06:73:6e:1f:7e:97:34:
         41:da:61:c1:16:ce:d5:f6:f4:ee:1d:7b:db:f1:68:f3:ea:b6:
         91:b9:fa:e5:a5:f0:0c:93:b8:3c:47:df:ee:01:17:68:f9:23:
         70:65:2d:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGiYrFDsVoS5Dk38ijAwvhoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhYWU3NWEyNmNjZjg2MjEyMjI4MTZhNDcxY2NiN2MwZDVl
NzE2ZTIwHhcNMjQwODMwMDgyNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjAxZGNlNGJiYTdjMzRiMjU5ZTVlMTVlZDdmZTZiNDY5ODc1MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGl7McUI5W/cA/1X/iG0s6+7w+Of
6Kgmgbkh22r0Grr1cSY/POc02hTwFTjegK7+2miMlGRQk75ons6sz1OeuLJ40Hig
Rw9Xivgxxna8EmJ5J4eKv61BU+aZzPOAYnNdGyxgoz/IrySWHdtPpV+5q0WPx3MD
OoKe4IY1ruren+fA4B37nxO3A10ZS5cPIhhru0jQnQ1zcc4U7swKH0+sfkO2xEWE
Nox5GcJu2fW8n1kYkIAeGEi8ZWkB9Tx989Z36riPliZzebcXJPcrBQWywZ4dB95d
fN0q6/N1IAxgf9VcvX11g1kHsuyKw+qy9Na/e892A6TGu9PL5hHmr2/OfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYB3OS7p8NLJZ5eFe1/5rRph1A2MB8GA1UdIwQY
MBaAFBqudaJsz4YhIigWpHHMt8DV5xbiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3E1MW9telBoaUVpS0Jha2NjeTN3TlhuRnVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy84ZTcwNTQtZmQ1MC00ZjkxLTljYzct
MjY0ZjBjYzVmZjgwLzEvaGdIYzVMdW53MHNsbmw0VjdYX210R21IVURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy84ZTcwNTQtZmQ1MC00ZjkxLTljYzctMjY0ZjBjYzVmZjgw
LzEvR3E1MW9telBoaUVpS0Jha2NjeTN3TlhuRnVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8YzMA0G
CSqGSIb3DQEBCwUAA4IBAQBmAq0ltaY/+sSSKtJZWSW/tnqvnzERi6zvxdaIxEzt
NXz4K1O+YpAtxVM4EwKnDeubQM49TAdvhYpgZnqqCVojvJPZvpruyXgLfoimdsuN
KgY9GHft6dNtWg4qpdWqsZoG8r8+2KbbErTb3olwkjfy+8vFxA3m4nyBOmiU9X03
rmcz/17sC6iHWV60lqfgNZxXMMFIqzUicJgp0vpUg0qcDBw5Bru6eEZi7v22fj6Q
TWN/BsNF3/ee89O3rx0/XQGBu6u/t5ZuLuNUtMw5y05aNwZzbh9+lzRB2mHBFs7V
9vTuHXvb8Wjz6raRufrlpfAMk7g8R9/uARdo+SNwZS2x
-----END CERTIFICATE-----