Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/NK5XYulYIF_uvBbv-1kwMPHF4to.roa
File:                     NK5XYulYIF_uvBbv-1kwMPHF4to.roa (raw, json)
Hash identifier:          1Dts8iOaCUK0ZBtTxVRhYBGLzi5YTVGzP+CSz/M6bUY=
Subject key identifier:   34:AE:57:62:E9:58:20:5F:EE:BC:16:EF:FB:59:30:30:F1:C5:E2:DA
Certificate issuer:       /CN=0011400d548fa21af819a0c6e23e77a6012eb5e9
Certificate serial:       018CC64AD82E55E23F2A9159E4E00527C3E2
Authority key identifier: 00:11:40:0D:54:8F:A2:1A:F8:19:A0:C6:E2:3E:77:A6:01:2E:B5:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ABFADVSPohr4GaDG4j53pgEutek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/NK5XYulYIF_uvBbv-1kwMPHF4to.roa
Signing time:             Mon 01 Jan 2024 18:30:42 +0000
ROA not before:           Mon 01 Jan 2024 18:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6798
IP address blocks:        91.199.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/ABFADVSPohr4GaDG4j53pgEutek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/ABFADVSPohr4GaDG4j53pgEutek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ABFADVSPohr4GaDG4j53pgEutek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d8:2e:55:e2:3f:2a:91:59:e4:e0:05:27:c3:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0011400d548fa21af819a0c6e23e77a6012eb5e9
        Validity
            Not Before: Jan  1 18:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34ae5762e958205feebc16effb593030f1c5e2da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e9:23:8f:2b:10:ca:0b:d4:bd:d6:42:95:29:
                    95:31:ef:19:ba:71:8a:13:36:ff:f6:47:93:05:f7:
                    08:b7:62:f1:25:49:88:ad:fb:37:99:08:da:d6:c8:
                    fd:e3:2c:5f:ce:c1:7e:46:9e:55:3b:96:84:e8:da:
                    13:60:17:c1:60:85:8a:14:d5:aa:b4:7b:f7:49:dd:
                    32:6f:c9:81:70:4d:8c:3a:06:ac:d3:bb:eb:b6:90:
                    f6:eb:f8:5d:db:fc:38:85:1f:82:80:64:b6:cc:d2:
                    fc:aa:c7:28:36:88:0a:18:9d:f2:d1:df:32:25:5d:
                    13:9c:3b:73:f0:2e:a3:ce:58:82:cd:be:5b:30:1b:
                    7a:29:21:68:74:8d:e1:11:d7:30:0f:6c:f2:b5:b7:
                    c7:7b:d4:d3:17:4c:3d:bb:bc:a1:22:91:56:76:2a:
                    06:50:2c:a7:4b:d5:30:dd:d5:0e:5d:d8:44:bf:25:
                    bb:45:ab:3c:cc:12:2f:da:81:52:34:ec:23:03:c1:
                    de:f8:76:1a:e3:37:ce:77:9e:fe:04:04:9c:b0:02:
                    2b:af:c8:05:e3:3c:91:40:d1:92:bf:5e:e2:de:d6:
                    0a:eb:0b:7b:b0:72:83:bf:bc:6e:94:c0:7b:2e:9c:
                    64:41:88:35:81:df:82:c4:2b:4c:29:35:0e:42:f2:
                    53:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:AE:57:62:E9:58:20:5F:EE:BC:16:EF:FB:59:30:30:F1:C5:E2:DA
            X509v3 Authority Key Identifier:
                keyid:00:11:40:0D:54:8F:A2:1A:F8:19:A0:C6:E2:3E:77:A6:01:2E:B5:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ABFADVSPohr4GaDG4j53pgEutek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/NK5XYulYIF_uvBbv-1kwMPHF4to.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/ABFADVSPohr4GaDG4j53pgEutek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:52:5a:e6:00:4c:9d:2e:0b:91:24:c3:88:10:f8:16:96:10:
         15:31:1f:74:2b:a6:eb:3e:56:61:af:23:70:5f:6d:0b:dc:34:
         27:c0:39:41:c0:58:7b:4b:ac:ea:d5:49:1e:d2:f0:5a:f4:9e:
         30:b7:df:9d:f6:54:b8:64:11:bb:75:9c:86:4a:4b:34:52:2e:
         e9:6a:5c:2c:11:d5:17:11:7d:4f:fe:cc:03:1b:51:28:47:cb:
         d5:dd:89:0d:e3:5f:07:7d:3b:19:aa:1b:bc:29:4e:21:80:75:
         14:e7:17:e6:ea:e3:59:fa:7e:49:67:92:40:a0:6e:10:62:d3:
         9f:f2:20:07:f3:6c:91:9a:12:68:c9:aa:8e:77:65:60:3b:7e:
         6b:5e:12:32:50:7f:1c:68:10:44:f6:0b:d9:c1:00:e2:f7:ed:
         b3:15:1a:e3:04:2d:9a:f3:c9:c5:b3:5f:49:b7:1e:6f:0e:9f:
         bd:6d:46:1e:08:6c:db:20:00:97:ad:87:4c:d1:ef:d7:14:3f:
         a4:6e:bd:46:f1:97:89:0a:3e:22:8a:a9:61:52:f9:ca:75:5c:
         e9:1f:b4:c5:9c:cf:af:39:f3:9c:28:15:78:85:3b:a9:19:a3:
         f5:92:73:48:40:ac:12:ac:ac:74:e5:f2:8c:59:99:c6:1b:83:
         81:17:d9:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStguVeI/KpFZ5OAFJ8PiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMTE0MDBkNTQ4ZmEyMWFmODE5YTBjNmUyM2U3N2E2MDEy
ZWI1ZTkwHhcNMjQwMTAxMTgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGFlNTc2MmU5NTgyMDVmZWViYzE2ZWZmYjU5MzAzMGYxYzVlMmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmekjjysQygvUvdZClSmVMe8ZunGK
Ezb/9keTBfcIt2LxJUmIrfs3mQja1sj94yxfzsF+Rp5VO5aE6NoTYBfBYIWKFNWq
tHv3Sd0yb8mBcE2MOgas07vrtpD26/hd2/w4hR+CgGS2zNL8qscoNogKGJ3y0d8y
JV0TnDtz8C6jzliCzb5bMBt6KSFodI3hEdcwD2zytbfHe9TTF0w9u7yhIpFWdioG
UCynS9Uw3dUOXdhEvyW7Ras8zBIv2oFSNOwjA8He+HYa4zfOd57+BAScsAIrr8gF
4zyRQNGSv17i3tYK6wt7sHKDv7xulMB7LpxkQYg1gd+CxCtMKTUOQvJTGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSuV2LpWCBf7rwW7/tZMDDxxeLaMB8GA1UdIwQY
MBaAFAARQA1Uj6Ia+BmgxuI+d6YBLrXpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUJGQURWU1BvaHI0R2FERzRqNTNwZ0V1dGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81MmRhYWItNjgyOS00NWZhLTk2N2Ut
MDFmNDYwNmM2NWVjLzEvTks1WFl1bFlJRl91dkJidi0xa3dNUEhGNHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81MmRhYWItNjgyOS00NWZhLTk2N2UtMDFmNDYwNmM2NWVj
LzEvQUJGQURWU1BvaHI0R2FERzRqNTNwZ0V1dGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8dGMA0G
CSqGSIb3DQEBCwUAA4IBAQATUlrmAEydLguRJMOIEPgWlhAVMR90K6brPlZhryNw
X20L3DQnwDlBwFh7S6zq1Uke0vBa9J4wt9+d9lS4ZBG7dZyGSks0Ui7palwsEdUX
EX1P/swDG1EoR8vV3YkN418HfTsZqhu8KU4hgHUU5xfm6uNZ+n5JZ5JAoG4QYtOf
8iAH82yRmhJoyaqOd2VgO35rXhIyUH8caBBE9gvZwQDi9+2zFRrjBC2a88nFs19J
tx5vDp+9bUYeCGzbIACXrYdM0e/XFD+kbr1G8ZeJCj4iiqlhUvnKdVzpH7TFnM+v
OfOcKBV4hTupGaP1knNIQKwSrKx05fKMWZnGG4OBF9lb
-----END CERTIFICATE-----