Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/d18b5a-40ef-4779-a0e5-aa581d378a7c/1/nRgeaR6qZrnsifY1L9bKLVEfLv4.roa
File:                     nRgeaR6qZrnsifY1L9bKLVEfLv4.roa (raw, json)
Hash identifier:          92vWcWX/hfxpibZ7Yyd9gxQEe4iMYA4U0anp7k/8nf4=
Subject key identifier:   9D:18:1E:69:1E:AA:66:B9:EC:89:F6:35:2F:D6:CA:2D:51:1F:2E:FE
Certificate issuer:       /CN=73b981cb6ee79d2df8c89d6a34c554bde3fcc75f
Certificate serial:       018CC6B8D5856390874A7295E5E998E459CD
Authority key identifier: 73:B9:81:CB:6E:E7:9D:2D:F8:C8:9D:6A:34:C5:54:BD:E3:FC:C7:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c7mBy27nnS34yJ1qNMVUveP8x18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/d18b5a-40ef-4779-a0e5-aa581d378a7c/1/nRgeaR6qZrnsifY1L9bKLVEfLv4.roa
Signing time:             Mon 01 Jan 2024 20:30:51 +0000
ROA not before:           Mon 01 Jan 2024 20:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        91.194.48.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/d18b5a-40ef-4779-a0e5-aa581d378a7c/1/c7mBy27nnS34yJ1qNMVUveP8x18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/d18b5a-40ef-4779-a0e5-aa581d378a7c/1/c7mBy27nnS34yJ1qNMVUveP8x18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c7mBy27nnS34yJ1qNMVUveP8x18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d5:85:63:90:87:4a:72:95:e5:e9:98:e4:59:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73b981cb6ee79d2df8c89d6a34c554bde3fcc75f
        Validity
            Not Before: Jan  1 20:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d181e691eaa66b9ec89f6352fd6ca2d511f2efe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:6c:47:56:3e:c8:0a:91:a7:32:2c:4f:94:50:
                    20:98:74:8d:22:91:e2:0f:50:a8:6e:31:ef:b5:36:
                    55:f0:57:77:d4:b9:01:11:f1:36:4a:f1:6e:c3:62:
                    f5:93:20:ee:da:73:f1:2a:ab:b4:7f:aa:0f:6c:63:
                    cd:4c:ad:6d:c3:11:d1:fb:6b:41:1a:10:ee:2e:f0:
                    4b:1b:47:8f:59:21:31:4f:e6:a4:3d:8e:1a:1a:90:
                    60:7f:59:7e:20:a3:fb:81:32:fb:ab:1c:38:a3:03:
                    84:52:c1:8b:69:13:a6:92:82:24:9d:02:92:c6:76:
                    79:6e:1a:14:65:fa:9f:9f:fd:e0:7f:ee:64:46:7d:
                    3b:f7:56:f2:95:d5:19:c9:7b:5d:6b:26:4d:17:8b:
                    e3:89:00:8d:6d:09:c1:ad:45:09:5e:6e:a9:83:56:
                    45:cc:53:b7:c4:2a:8c:78:f1:38:eb:c9:40:98:b4:
                    5a:ce:e4:66:4b:18:b0:40:eb:84:03:a5:2e:f1:c2:
                    f9:1f:38:05:d2:45:ba:fa:59:af:1a:49:f8:5c:f4:
                    0f:f6:17:9a:e7:ec:f6:47:4d:b9:33:6f:24:08:0d:
                    6a:2d:a8:6c:08:bb:94:ea:db:45:a8:eb:cf:d7:18:
                    64:f2:07:54:8f:35:99:7a:a7:58:f8:cb:3f:57:de:
                    5e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:18:1E:69:1E:AA:66:B9:EC:89:F6:35:2F:D6:CA:2D:51:1F:2E:FE
            X509v3 Authority Key Identifier:
                keyid:73:B9:81:CB:6E:E7:9D:2D:F8:C8:9D:6A:34:C5:54:BD:E3:FC:C7:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7mBy27nnS34yJ1qNMVUveP8x18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/d18b5a-40ef-4779-a0e5-aa581d378a7c/1/nRgeaR6qZrnsifY1L9bKLVEfLv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/d18b5a-40ef-4779-a0e5-aa581d378a7c/1/c7mBy27nnS34yJ1qNMVUveP8x18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:92:79:3e:e1:9c:ad:45:ad:a8:f2:c0:66:7c:8c:07:de:ad:
         36:ec:19:34:7b:d9:e5:c8:f1:6d:92:d1:74:8b:5b:44:a7:2b:
         95:15:5c:d0:c5:c3:2b:c0:c0:04:a7:86:af:35:f0:97:17:55:
         8a:05:fc:89:05:91:62:00:fb:30:3b:08:2e:ec:1b:6a:20:92:
         b5:59:16:7e:7d:5f:3d:20:96:8a:7e:58:8b:9e:5c:8a:39:fa:
         43:b6:12:4b:18:cc:31:9f:74:ff:0d:c1:c5:94:64:ec:a7:76:
         d5:b1:46:5b:7d:9c:0d:93:2b:6d:c6:23:11:1b:d1:7f:83:de:
         97:dd:18:94:e3:2f:8d:8d:85:46:f4:ac:fd:bb:95:a6:7c:65:
         70:67:5d:3d:92:92:02:34:19:ae:bb:f2:c4:80:a4:15:a0:01:
         39:15:20:13:b4:27:ba:ce:88:fb:4a:33:94:e5:a6:08:51:c5:
         7a:5b:f8:f8:a1:31:8e:95:f6:a2:c1:f9:d8:a0:c7:8e:fd:df:
         0e:24:48:3a:ec:d4:6c:aa:a4:2c:ba:64:a8:81:6d:1d:15:54:
         1b:89:5e:27:5b:0a:f5:1a:e4:b1:21:05:8f:83:74:a5:9d:3b:
         0e:66:a2:17:3f:cf:12:ce:b8:b3:45:0c:21:94:ed:9b:09:eb:
         7e:76:47:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuNWFY5CHSnKV5emY5FnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYjk4MWNiNmVlNzlkMmRmOGM4OWQ2YTM0YzU1NGJkZTNm
Y2M3NWYwHhcNMjQwMTAxMjAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDE4MWU2OTFlYWE2NmI5ZWM4OWY2MzUyZmQ2Y2EyZDUxMWYyZWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2xHVj7ICpGnMixPlFAgmHSNIpHi
D1CobjHvtTZV8Fd31LkBEfE2SvFuw2L1kyDu2nPxKqu0f6oPbGPNTK1twxHR+2tB
GhDuLvBLG0ePWSExT+akPY4aGpBgf1l+IKP7gTL7qxw4owOEUsGLaROmkoIknQKS
xnZ5bhoUZfqfn/3gf+5kRn0791byldUZyXtdayZNF4vjiQCNbQnBrUUJXm6pg1ZF
zFO3xCqMePE468lAmLRazuRmSxiwQOuEA6Uu8cL5HzgF0kW6+lmvGkn4XPQP9hea
5+z2R025M28kCA1qLahsCLuU6ttFqOvP1xhk8gdUjzWZeqdY+Ms/V95eOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0YHmkeqma57In2NS/Wyi1RHy7+MB8GA1UdIwQY
MBaAFHO5gctu550t+MidajTFVL3j/MdfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzdtQnkyN25uUzM0eUoxcU5NVlV2ZVA4eDE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9kMThiNWEtNDBlZi00Nzc5LWEwZTUt
YWE1ODFkMzc4YTdjLzEvblJnZWFSNnFacm5zaWZZMUw5YktMVkVmTHY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9kMThiNWEtNDBlZi00Nzc5LWEwZTUtYWE1ODFkMzc4YTdj
LzEvYzdtQnkyN25uUzM0eUoxcU5NVlV2ZVA4eDE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8IwMA0G
CSqGSIb3DQEBCwUAA4IBAQA0knk+4ZytRa2o8sBmfIwH3q027Bk0e9nlyPFtktF0
i1tEpyuVFVzQxcMrwMAEp4avNfCXF1WKBfyJBZFiAPswOwgu7BtqIJK1WRZ+fV89
IJaKfliLnlyKOfpDthJLGMwxn3T/DcHFlGTsp3bVsUZbfZwNkyttxiMRG9F/g96X
3RiU4y+NjYVG9Kz9u5WmfGVwZ109kpICNBmuu/LEgKQVoAE5FSATtCe6zoj7SjOU
5aYIUcV6W/j4oTGOlfaiwfnYoMeO/d8OJEg67NRsqqQsumSogW0dFVQbiV4nWwr1
GuSxIQWPg3SlnTsOZqIXP88SzrizRQwhlO2bCet+dkco
-----END CERTIFICATE-----