Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k3kjNvMvBenh1AyNmcQSjGvYDbQ.roa
File:                     k3kjNvMvBenh1AyNmcQSjGvYDbQ.roa (raw, json)
Hash identifier:          jARnTSCipnJFRZiBu5yZN5cDi9shMHcX6gkB2LU6NLA=
Subject key identifier:   93:79:23:36:F3:2F:05:E9:E1:D4:0C:8D:99:C4:12:8C:6B:D8:0D:B4
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5011F6FFEC6AD197991E7171DFD47DA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k3kjNvMvBenh1AyNmcQSjGvYDbQ.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198352
IP address blocks:        91.190.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1f:6f:fe:c6:ad:19:79:91:e7:17:1d:fd:47:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93792336f32f05e9e1d40c8d99c4128c6bd80db4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:22:c2:a2:3f:26:67:30:32:60:59:9e:8e:84:
                    81:66:79:82:69:de:2e:12:d2:7a:8a:69:54:77:19:
                    db:30:82:08:c3:14:45:c0:5d:a2:39:62:3e:be:b1:
                    17:46:46:a5:d8:b6:07:d3:45:ca:0e:ca:49:6d:5d:
                    51:a3:3f:0f:0b:9f:71:6a:7a:b6:40:53:ad:71:a5:
                    e2:85:f4:ce:9e:ef:9e:cb:02:bf:d8:b8:49:09:7f:
                    0e:d0:78:b6:c2:f4:00:ee:00:92:74:83:fe:0b:df:
                    92:17:18:a2:b1:be:03:ac:3e:1e:f0:f4:12:cd:69:
                    2e:d6:27:24:65:e4:fb:9e:2e:0f:2b:67:99:95:77:
                    73:96:2a:ec:b5:5f:65:23:8d:06:c5:2f:a7:a1:7b:
                    b8:d5:28:c1:76:0b:5b:06:18:89:39:be:ae:33:5a:
                    2d:33:23:3b:0e:6f:fb:e8:4b:23:67:b7:f0:07:96:
                    72:40:0a:28:1a:85:87:ba:d1:62:94:ee:c0:39:f1:
                    16:d0:d5:56:19:08:8c:52:87:25:36:e2:f3:12:4f:
                    f5:77:70:60:00:95:fb:60:73:2b:e1:bc:8f:68:1a:
                    08:b2:0a:97:c6:6a:dc:b2:66:80:94:d0:4a:4f:78:
                    1f:c6:20:27:d8:d3:8a:2b:4e:1b:06:05:cf:bc:b7:
                    9f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:79:23:36:F3:2F:05:E9:E1:D4:0C:8D:99:C4:12:8C:6B:D8:0D:B4
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k3kjNvMvBenh1AyNmcQSjGvYDbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:47:e6:6f:df:f0:8d:29:1f:e6:40:00:16:00:57:97:68:ac:
         4f:17:99:c5:ed:55:6a:b9:67:4f:2e:53:f4:ae:fe:a0:f4:3d:
         40:49:3e:81:d6:86:d2:4b:d9:9a:92:63:f8:68:4a:33:b7:73:
         88:a9:77:00:cf:c2:12:74:0a:64:91:c6:dc:44:f8:05:87:7f:
         fb:2e:d2:6c:9b:d4:fd:56:ad:05:1f:df:67:ce:b0:13:86:e1:
         a2:ec:93:df:60:12:4f:4d:87:47:11:14:87:2a:1a:e8:7a:81:
         e6:cd:29:6b:d6:29:6c:1f:35:b9:35:94:81:ce:c7:10:bc:0b:
         a2:c8:b2:6f:91:8b:b1:df:86:a9:56:d0:c9:97:18:d4:50:00:
         fa:c6:c6:8b:ea:c8:22:48:5d:75:8c:e8:61:72:35:37:04:6d:
         e0:e2:9c:f7:23:4b:35:c7:a7:33:68:2d:81:a5:4f:1b:30:34:
         b2:af:79:b2:b1:d1:0d:3a:e7:41:64:b7:10:f2:d0:31:cd:9a:
         47:9c:ea:a0:68:46:e2:aa:1f:a5:9c:14:04:4d:04:c0:81:6f:
         70:59:a2:e4:aa:22:e8:42:29:b1:5a:5e:c4:fb:d2:03:cd:c4:
         64:66:27:9a:58:8f:33:57:ce:1c:7e:46:1e:52:b6:86:7f:9d:
         a5:dd:92:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAR9v/satGXmR5xcd/UfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzc5MjMzNmYzMmYwNWU5ZTFkNDBjOGQ5OWM0MTI4YzZiZDgwZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSLCoj8mZzAyYFmejoSBZnmCad4u
EtJ6imlUdxnbMIIIwxRFwF2iOWI+vrEXRkal2LYH00XKDspJbV1Roz8PC59xanq2
QFOtcaXihfTOnu+eywK/2LhJCX8O0Hi2wvQA7gCSdIP+C9+SFxiisb4DrD4e8PQS
zWku1ickZeT7ni4PK2eZlXdzlirstV9lI40GxS+noXu41SjBdgtbBhiJOb6uM1ot
MyM7Dm/76EsjZ7fwB5ZyQAooGoWHutFilO7AOfEW0NVWGQiMUoclNuLzEk/1d3Bg
AJX7YHMr4byPaBoIsgqXxmrcsmaAlNBKT3gfxiAn2NOKK04bBgXPvLefWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJN5IzbzLwXp4dQMjZnEEoxr2A20MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvazNrak52TXZCZW5oMUF5Tm1jUVNqR3ZZRGJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW75iMA0G
CSqGSIb3DQEBCwUAA4IBAQAyR+Zv3/CNKR/mQAAWAFeXaKxPF5nF7VVquWdPLlP0
rv6g9D1AST6B1obSS9makmP4aEozt3OIqXcAz8ISdApkkcbcRPgFh3/7LtJsm9T9
Vq0FH99nzrAThuGi7JPfYBJPTYdHERSHKhroeoHmzSlr1ilsHzW5NZSBzscQvAui
yLJvkYux34apVtDJlxjUUAD6xsaL6sgiSF11jOhhcjU3BG3g4pz3I0s1x6czaC2B
pU8bMDSyr3mysdENOudBZLcQ8tAxzZpHnOqgaEbiqh+lnBQETQTAgW9wWaLkqiLo
QimxWl7E+9IDzcRkZieaWI8zV84cfkYeUraGf52l3ZJL
-----END CERTIFICATE-----