Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/hqJT9dXLYONYSp1MMIISmcenX5Y.roa
File:                     hqJT9dXLYONYSp1MMIISmcenX5Y.roa (raw, json)
Hash identifier:          gvyMoUKCM3FEq1EUdxK6PLv1crX0gVQWMwkD7viuNPA=
Subject key identifier:   86:A2:53:F5:D5:CB:60:E3:58:4A:9D:4C:30:82:12:99:C7:A7:5F:96
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA970078F9C94BD2FC6609825A2B6A
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/hqJT9dXLYONYSp1MMIISmcenX5Y.roa
Signing time:             Tue 02 Jan 2024 10:31:37 +0000
ROA not before:           Tue 02 Jan 2024 10:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34636
IP address blocks:        91.186.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:97:00:78:f9:c9:4b:d2:fc:66:09:82:5a:2b:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86a253f5d5cb60e3584a9d4c30821299c7a75f96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:17:f3:9b:09:71:51:4c:ad:6b:26:db:77:7f:
                    66:82:91:70:e4:4a:e3:db:1b:73:2a:e2:12:77:a1:
                    a0:4c:30:fb:8c:03:c0:35:b8:62:79:b4:0d:1e:3e:
                    d9:a5:c0:b9:6a:6c:5c:3a:b6:9f:3f:1c:72:ed:bf:
                    42:fc:34:a9:52:52:45:77:03:4c:d5:af:4d:c6:ea:
                    27:be:2f:97:23:be:80:1f:b4:59:b6:3e:f2:42:ad:
                    8a:e9:24:82:48:9f:eb:6d:d1:17:6a:9f:d7:56:99:
                    1a:79:b3:c4:f3:8b:4c:e2:55:eb:a1:0c:d9:f7:a7:
                    0c:e0:51:28:0e:9e:fd:02:00:bd:2c:de:10:1e:7d:
                    bf:26:ce:a7:35:c8:44:f4:d2:45:b4:4e:20:12:4e:
                    8f:60:42:be:a3:b0:41:77:c3:41:37:6a:8d:ec:56:
                    ee:28:ae:2c:04:d0:9a:0c:34:da:d0:04:57:49:cc:
                    78:10:41:76:29:4e:6f:77:73:21:aa:8c:5b:76:23:
                    90:c4:18:2d:81:30:3f:8b:39:15:80:55:36:ab:2d:
                    a0:82:cc:02:7b:c9:2a:cc:94:dc:ea:c4:24:de:cc:
                    b0:3b:70:8f:f7:b2:b0:9b:d5:ad:49:ed:8d:61:37:
                    9b:a5:80:17:75:8c:3b:46:11:96:d6:cb:1b:05:08:
                    7a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:A2:53:F5:D5:CB:60:E3:58:4A:9D:4C:30:82:12:99:C7:A7:5F:96
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/hqJT9dXLYONYSp1MMIISmcenX5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:8f:b9:2e:b6:bd:a6:1e:a3:29:68:ad:98:e3:fe:c4:4c:6f:
         5e:2a:c3:e8:79:2b:90:47:4e:9e:ad:ca:a0:23:23:55:df:da:
         08:bb:5f:ca:c1:69:42:74:f6:14:dd:f5:a2:64:59:64:ed:c4:
         43:a2:aa:bd:e1:30:5d:9f:5d:32:c7:ee:8f:6a:2e:71:a6:75:
         ca:a9:48:df:0a:b5:04:e0:d3:34:30:61:e5:12:9a:bd:5f:0a:
         c1:c4:0f:68:c8:ca:5b:c1:d2:42:98:af:47:1d:fd:ec:65:8f:
         1c:4d:6b:2f:fb:d7:23:50:32:0f:2b:62:d6:27:65:bc:8d:b9:
         dc:01:c6:ae:7a:6c:30:7d:76:bb:0c:78:2b:0b:0f:58:01:47:
         6f:d6:f0:67:fe:be:78:de:6d:53:97:6a:ec:e8:ea:6a:e0:72:
         58:71:d4:9f:46:19:4c:eb:15:b3:94:1c:5b:a3:86:66:c8:0f:
         92:45:9a:e7:77:47:fd:fd:ff:ca:69:32:bd:f6:04:a8:f6:11:
         40:45:d8:43:28:18:b9:52:42:a9:3e:2c:c7:ce:1e:4c:ff:f8:
         fc:92:d5:45:33:98:86:be:0f:e1:8a:b3:4c:8d:f4:25:12:3e:
         17:ad:16:25:d0:d3:85:1b:6a:6c:72:e8:a7:7f:e6:84:db:91:
         31:16:9f:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJupcAePnJS9L8ZgmCWitqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmEyNTNmNWQ1Y2I2MGUzNTg0YTlkNGMzMDgyMTI5OWM3YTc1Zjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRfzmwlxUUytaybbd39mgpFw5Erj
2xtzKuISd6GgTDD7jAPANbhiebQNHj7ZpcC5amxcOrafPxxy7b9C/DSpUlJFdwNM
1a9Nxuonvi+XI76AH7RZtj7yQq2K6SSCSJ/rbdEXap/XVpkaebPE84tM4lXroQzZ
96cM4FEoDp79AgC9LN4QHn2/Js6nNchE9NJFtE4gEk6PYEK+o7BBd8NBN2qN7Fbu
KK4sBNCaDDTa0ARXScx4EEF2KU5vd3MhqoxbdiOQxBgtgTA/izkVgFU2qy2ggswC
e8kqzJTc6sQk3sywO3CP97Kwm9WtSe2NYTebpYAXdYw7RhGW1ssbBQh6VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaiU/XVy2DjWEqdTDCCEpnHp1+WMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvaHFKVDlkWExZT05ZU3AxTU1JSVNtY2VuWDVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7rBMA0G
CSqGSIb3DQEBCwUAA4IBAQAcj7kutr2mHqMpaK2Y4/7ETG9eKsPoeSuQR06ercqg
IyNV39oIu1/KwWlCdPYU3fWiZFlk7cRDoqq94TBdn10yx+6Pai5xpnXKqUjfCrUE
4NM0MGHlEpq9XwrBxA9oyMpbwdJCmK9HHf3sZY8cTWsv+9cjUDIPK2LWJ2W8jbnc
AcauemwwfXa7DHgrCw9YAUdv1vBn/r543m1Tl2rs6Opq4HJYcdSfRhlM6xWzlBxb
o4ZmyA+SRZrnd0f9/f/KaTK99gSo9hFARdhDKBi5UkKpPizHzh5M//j8ktVFM5iG
vg/hirNMjfQlEj4XrRYl0NOFG2pscuinf+aE25ExFp+S
-----END CERTIFICATE-----