Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/nNbHw-B9ovJEjkk8hXq6L72QjEA.roa
File:                     nNbHw-B9ovJEjkk8hXq6L72QjEA.roa (raw, json)
Hash identifier:          gipZmwcUyYZU1rfrC2SjuA4uq7CTXt+ZJKoz6Ec8OnA=
Subject key identifier:   9C:D6:C7:C3:E0:7D:A2:F2:44:8E:49:3C:85:7A:BA:2F:BD:90:8C:40
Certificate issuer:       /CN=43a5ca15bc23c325f1341e9889d858b8ed76d74e
Certificate serial:       01941FFAA86D866C443FC0A586A607F53916
Authority key identifier: 43:A5:CA:15:BC:23:C3:25:F1:34:1E:98:89:D8:58:B8:ED:76:D7:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q6XKFbwjwyXxNB6YidhYuO12104.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/nNbHw-B9ovJEjkk8hXq6L72QjEA.roa
Signing time:             Wed 01 Jan 2025 03:48:28 +0000
ROA not before:           Wed 01 Jan 2025 03:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201661
IP address blocks:        91.198.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/Q6XKFbwjwyXxNB6YidhYuO12104.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/Q6XKFbwjwyXxNB6YidhYuO12104.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q6XKFbwjwyXxNB6YidhYuO12104.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Jan 2025 19:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a8:6d:86:6c:44:3f:c0:a5:86:a6:07:f5:39:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43a5ca15bc23c325f1341e9889d858b8ed76d74e
        Validity
            Not Before: Jan  1 03:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cd6c7c3e07da2f2448e493c857aba2fbd908c40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:52:0b:60:15:0c:bd:89:3a:35:01:02:27:11:
                    40:bb:a3:29:69:6e:f9:42:c4:4c:b1:24:c1:1c:17:
                    4a:38:f8:5a:58:19:24:82:d5:32:89:71:e0:b3:ed:
                    f3:a3:20:a7:59:15:5c:60:05:77:74:9c:23:7c:d9:
                    3a:62:0f:9f:e2:c0:99:14:98:43:92:42:26:7f:19:
                    60:be:2d:e4:93:01:52:b1:51:bb:7b:ae:7b:84:88:
                    51:eb:de:e0:18:31:3b:4b:97:54:bd:e0:f8:99:0d:
                    dc:29:c8:b3:91:9a:f3:e4:fc:01:0e:1f:93:d5:57:
                    1b:4c:ff:13:10:75:3f:35:cf:1a:3e:08:ac:d8:65:
                    b4:e4:9e:6c:01:53:be:7c:7a:c0:4f:ec:e1:c7:de:
                    3f:b5:e8:0b:ac:03:6c:53:ea:a8:7d:1c:ff:93:e9:
                    2f:62:39:b4:fe:74:43:6e:2f:fd:d8:c4:61:f4:32:
                    6d:02:16:56:f8:64:73:ad:45:60:87:17:a9:55:0d:
                    e5:f2:12:2d:69:4d:1e:f5:ce:7b:06:d3:19:63:18:
                    27:b3:ec:5f:d4:c3:57:0f:7e:a5:a4:72:b3:bd:fc:
                    94:b3:8a:69:23:56:32:ae:16:3a:2b:45:f7:e9:bc:
                    d3:ef:44:a0:8d:9c:40:80:bb:8b:91:02:57:c0:a6:
                    51:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:D6:C7:C3:E0:7D:A2:F2:44:8E:49:3C:85:7A:BA:2F:BD:90:8C:40
            X509v3 Authority Key Identifier:
                keyid:43:A5:CA:15:BC:23:C3:25:F1:34:1E:98:89:D8:58:B8:ED:76:D7:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q6XKFbwjwyXxNB6YidhYuO12104.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/nNbHw-B9ovJEjkk8hXq6L72QjEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/Q6XKFbwjwyXxNB6YidhYuO12104.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:f2:27:fc:13:f7:ec:d9:a6:27:68:0a:c5:1f:cb:84:0d:2a:
         8f:e1:9c:a0:f2:2a:8e:58:02:bf:b6:51:32:a8:e5:cd:62:13:
         13:20:29:e0:a0:c5:21:9c:9c:aa:ac:22:fd:4d:99:72:45:54:
         88:93:2c:d9:45:25:49:50:34:4e:ed:fa:87:0c:95:60:0f:cb:
         69:73:c8:75:f9:0d:8e:10:de:6a:0c:8e:92:99:7d:9a:f4:49:
         3d:3a:32:6f:f8:fd:ac:e6:bd:17:52:11:1d:2f:e2:46:e8:ed:
         8a:1a:6d:a5:41:29:47:ec:5f:4a:7f:0b:b7:60:d9:70:cc:95:
         c3:19:42:f3:ab:37:02:2e:7d:b8:a5:ae:fa:23:4d:e8:45:bd:
         e8:46:e2:08:f7:00:68:5e:07:7b:d1:c6:ef:7a:d8:43:b0:e2:
         41:aa:4b:38:c8:9c:a0:68:ea:76:7a:0f:97:0f:5c:5e:c4:3e:
         68:8b:02:ad:a3:3f:02:83:73:e4:7b:4c:b3:a3:ad:93:b2:5c:
         2c:f5:6e:8e:c0:e8:f2:d7:83:26:f3:ca:e4:06:b0:58:98:63:
         5d:8b:a9:05:b7:c0:1a:39:2e:7a:93:26:42:59:c7:03:8a:15:
         00:e1:b1:48:14:56:30:87:e2:72:d2:84:09:cd:1f:c3:c8:d5:
         c5:5f:1f:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qhthmxEP8ClhqYH9TkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYTVjYTE1YmMyM2MzMjVmMTM0MWU5ODg5ZDg1OGI4ZWQ3
NmQ3NGUwHhcNMjUwMTAxMDM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2Q2YzdjM2UwN2RhMmYyNDQ4ZTQ5M2M4NTdhYmEyZmJkOTA4YzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FILYBUMvYk6NQECJxFAu6MpaW75
QsRMsSTBHBdKOPhaWBkkgtUyiXHgs+3zoyCnWRVcYAV3dJwjfNk6Yg+f4sCZFJhD
kkImfxlgvi3kkwFSsVG7e657hIhR697gGDE7S5dUveD4mQ3cKcizkZrz5PwBDh+T
1VcbTP8TEHU/Nc8aPgis2GW05J5sAVO+fHrAT+zhx94/tegLrANsU+qofRz/k+kv
Yjm0/nRDbi/92MRh9DJtAhZW+GRzrUVghxepVQ3l8hItaU0e9c57BtMZYxgns+xf
1MNXD36lpHKzvfyUs4ppI1YyrhY6K0X36bzT70SgjZxAgLuLkQJXwKZRWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzWx8PgfaLyRI5JPIV6ui+9kIxAMB8GA1UdIwQY
MBaAFEOlyhW8I8Ml8TQemInYWLjtdtdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTZYS0Zid2p3eVh4TkI2WWlkaFl1TzEyMTA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi84NzRiZWUtZTcyYS00YmViLTkxZTgt
YTk2ZTI2MTAzY2VlLzEvbk5iSHctQjlvdkpFamtrOGhYcTZMNzJRakVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi84NzRiZWUtZTcyYS00YmViLTkxZTgtYTk2ZTI2MTAzY2Vl
LzEvUTZYS0Zid2p3eVh4TkI2WWlkaFl1TzEyMTA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZeMA0G
CSqGSIb3DQEBCwUAA4IBAQBp8if8E/fs2aYnaArFH8uEDSqP4Zyg8iqOWAK/tlEy
qOXNYhMTICngoMUhnJyqrCL9TZlyRVSIkyzZRSVJUDRO7fqHDJVgD8tpc8h1+Q2O
EN5qDI6SmX2a9Ek9OjJv+P2s5r0XUhEdL+JG6O2KGm2lQSlH7F9Kfwu3YNlwzJXD
GULzqzcCLn24pa76I03oRb3oRuII9wBoXgd70cbvethDsOJBqks4yJygaOp2eg+X
D1xexD5oiwKtoz8Cg3Pke0yzo62Tslws9W6OwOjy14Mm88rkBrBYmGNdi6kFt8Aa
OS56kyZCWccDihUA4bFIFFYwh+Jy0oQJzR/DyNXFXx8X
-----END CERTIFICATE-----