Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/597190-d6ef-457d-b46b-ee5c6aeca3e9/1/tREMf7QGdM-PQji27EWjh87JWTs.roa
File:                     tREMf7QGdM-PQji27EWjh87JWTs.roa (raw, json)
Hash identifier:          s5XimyknGqlx3y0B3fb8n7wxeFvpK0dSsHVAasJO12w=
Subject key identifier:   B5:11:0C:7F:B4:06:74:CF:8F:42:38:B6:EC:45:A3:87:CE:C9:59:3B
Certificate issuer:       /CN=8b9939348f4dbfdb101f4f7a37c79c04747d0d03
Certificate serial:       018CC802266E510FFC3B44C79CB642A8D577
Authority key identifier: 8B:99:39:34:8F:4D:BF:DB:10:1F:4F:7A:37:C7:9C:04:74:7D:0D:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5k5NI9Nv9sQH096N8ecBHR9DQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/597190-d6ef-457d-b46b-ee5c6aeca3e9/1/tREMf7QGdM-PQji27EWjh87JWTs.roa
Signing time:             Tue 02 Jan 2024 02:30:33 +0000
ROA not before:           Tue 02 Jan 2024 02:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204957
IP address blocks:        91.196.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/597190-d6ef-457d-b46b-ee5c6aeca3e9/1/i5k5NI9Nv9sQH096N8ecBHR9DQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/597190-d6ef-457d-b46b-ee5c6aeca3e9/1/i5k5NI9Nv9sQH096N8ecBHR9DQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5k5NI9Nv9sQH096N8ecBHR9DQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:26:6e:51:0f:fc:3b:44:c7:9c:b6:42:a8:d5:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b9939348f4dbfdb101f4f7a37c79c04747d0d03
        Validity
            Not Before: Jan  2 02:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5110c7fb40674cf8f4238b6ec45a387cec9593b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:29:01:46:25:49:f9:3e:e1:6b:ea:b5:d6:ab:
                    51:15:e6:5e:2c:5d:48:e9:b0:89:22:41:2f:3e:3b:
                    28:55:ca:44:4c:4a:b5:03:fe:15:3b:dd:85:96:29:
                    89:a9:6a:dc:ab:f5:32:f6:62:e1:83:4d:26:1c:45:
                    75:54:51:cb:89:62:da:6a:9f:f9:e4:3a:8d:e5:75:
                    da:84:03:b4:ac:b0:df:ee:ec:8a:26:91:07:ad:fa:
                    6f:b1:27:6e:58:76:c6:c7:2d:bc:dd:63:3a:da:aa:
                    50:c8:2a:fb:bb:41:6f:2b:90:3c:b7:99:6d:34:20:
                    2e:0b:f9:2c:40:e1:4e:a5:1f:35:e1:a2:53:af:3c:
                    3e:a7:67:be:bb:85:19:d4:eb:30:65:03:12:51:0a:
                    2f:76:70:65:1f:79:6b:df:21:42:39:2d:45:1c:58:
                    4a:c6:25:b4:25:b0:bf:29:14:87:e7:59:7a:1f:32:
                    7a:b6:2c:89:ce:84:16:d3:b9:fc:a1:54:bc:e8:91:
                    6d:e1:ce:23:7a:b4:75:26:d2:09:27:4d:8e:a7:ab:
                    d9:f5:2d:d1:87:e9:68:87:bd:a9:61:31:5f:6f:b3:
                    d0:ff:8f:6e:6a:93:50:2c:df:b1:2c:bd:e4:f6:12:
                    10:d8:30:ca:9a:3c:7a:20:fe:0e:8d:11:b4:6f:9b:
                    de:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:11:0C:7F:B4:06:74:CF:8F:42:38:B6:EC:45:A3:87:CE:C9:59:3B
            X509v3 Authority Key Identifier:
                keyid:8B:99:39:34:8F:4D:BF:DB:10:1F:4F:7A:37:C7:9C:04:74:7D:0D:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5k5NI9Nv9sQH096N8ecBHR9DQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/597190-d6ef-457d-b46b-ee5c6aeca3e9/1/tREMf7QGdM-PQji27EWjh87JWTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/597190-d6ef-457d-b46b-ee5c6aeca3e9/1/i5k5NI9Nv9sQH096N8ecBHR9DQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:95:44:62:fc:1b:5c:c0:12:b5:4f:60:88:34:95:7e:a7:51:
         71:42:12:41:bb:c9:e8:c6:73:5b:3c:ba:f3:c4:3c:88:03:f3:
         37:26:dd:91:f3:d8:3a:90:ec:79:d7:bf:8e:75:f0:97:44:32:
         40:81:84:08:e8:b5:5c:df:32:b6:e6:9a:a0:f8:7a:0f:f8:e2:
         8e:0f:8f:89:74:68:ff:f5:c0:ec:7c:31:a3:c5:8f:01:86:e7:
         ca:7b:4a:1c:67:3d:ea:1e:b6:1e:77:42:7d:da:f3:5e:16:03:
         d6:8c:7f:db:1e:25:2b:67:8d:d0:96:21:0d:18:a9:9a:e3:58:
         9f:1b:7c:3a:fe:a7:1c:63:ea:e1:02:48:e9:05:04:8c:86:70:
         22:c3:88:cb:48:1a:76:8f:ac:1c:bf:08:92:d4:bf:7e:8c:8d:
         72:9b:cd:f8:a4:8a:12:1c:95:bc:5e:c3:c0:b2:45:b7:5a:98:
         b4:18:04:12:c6:0f:cb:d5:bb:6b:98:bb:9a:d9:bb:0f:73:6b:
         ee:24:b5:95:d2:ef:3f:bd:14:95:73:cd:92:02:4c:d9:bf:65:
         6d:1d:53:34:76:80:0b:42:a5:5c:e0:5b:03:ea:64:ba:7d:d7:
         39:27:51:62:c6:78:03:ba:5f:fd:05:0c:90:8e:2f:e0:cb:13:
         84:d3:03:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAiZuUQ/8O0THnLZCqNV3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOTkzOTM0OGY0ZGJmZGIxMDFmNGY3YTM3Yzc5YzA0NzQ3
ZDBkMDMwHhcNMjQwMTAyMDIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTExMGM3ZmI0MDY3NGNmOGY0MjM4YjZlYzQ1YTM4N2NlYzk1OTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkykBRiVJ+T7ha+q11qtRFeZeLF1I
6bCJIkEvPjsoVcpETEq1A/4VO92FlimJqWrcq/Uy9mLhg00mHEV1VFHLiWLaap/5
5DqN5XXahAO0rLDf7uyKJpEHrfpvsSduWHbGxy283WM62qpQyCr7u0FvK5A8t5lt
NCAuC/ksQOFOpR814aJTrzw+p2e+u4UZ1OswZQMSUQovdnBlH3lr3yFCOS1FHFhK
xiW0JbC/KRSH51l6HzJ6tiyJzoQW07n8oVS86JFt4c4jerR1JtIJJ02Op6vZ9S3R
h+loh72pYTFfb7PQ/49uapNQLN+xLL3k9hIQ2DDKmjx6IP4OjRG0b5veOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLURDH+0BnTPj0I4tuxFo4fOyVk7MB8GA1UdIwQY
MBaAFIuZOTSPTb/bEB9PejfHnAR0fQ0DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTVrNU5JOU52OXNRSDA5Nk44ZWNCSFI5RFFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC81OTcxOTAtZDZlZi00NTdkLWI0NmIt
ZWU1YzZhZWNhM2U5LzEvdFJFTWY3UUdkTS1QUWppMjdFV2poODdKV1RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC81OTcxOTAtZDZlZi00NTdkLWI0NmItZWU1YzZhZWNhM2U5
LzEvaTVrNU5JOU52OXNRSDA5Nk44ZWNCSFI5RFFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8QHMA0G
CSqGSIb3DQEBCwUAA4IBAQDClURi/BtcwBK1T2CINJV+p1FxQhJBu8noxnNbPLrz
xDyIA/M3Jt2R89g6kOx517+OdfCXRDJAgYQI6LVc3zK25pqg+HoP+OKOD4+JdGj/
9cDsfDGjxY8BhufKe0ocZz3qHrYed0J92vNeFgPWjH/bHiUrZ43QliENGKma41if
G3w6/qccY+rhAkjpBQSMhnAiw4jLSBp2j6wcvwiS1L9+jI1ym834pIoSHJW8XsPA
skW3Wpi0GAQSxg/L1btrmLua2bsPc2vuJLWV0u8/vRSVc82SAkzZv2VtHVM0doAL
QqVc4FsD6mS6fdc5J1FixngDul/9BQyQji/gyxOE0wNF
-----END CERTIFICATE-----