Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/NTL9hhyVfkUbvzwrHmxk2bIEVX4.roa
File:                     NTL9hhyVfkUbvzwrHmxk2bIEVX4.roa (raw, json)
Hash identifier:          ba9KN6hx+KborpxzE1rPofIcZwpFv4dcSm6Q5HV5oTo=
Subject key identifier:   35:32:FD:86:1C:95:7E:45:1B:BF:3C:2B:1E:6C:64:D9:B2:04:55:7E
Certificate issuer:       /CN=07d75335f77bf4240976277b1dd0e19bb23a8e1d
Certificate serial:       018CC8DF15FA7FB57CC6C9443C35EF2FD8A2
Authority key identifier: 07:D7:53:35:F7:7B:F4:24:09:76:27:7B:1D:D0:E1:9B:B2:3A:8E:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9dTNfd79CQJdid7HdDhm7I6jh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/NTL9hhyVfkUbvzwrHmxk2bIEVX4.roa
Signing time:             Tue 02 Jan 2024 06:31:52 +0000
ROA not before:           Tue 02 Jan 2024 06:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205019
IP address blocks:        91.103.82.0/24 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/B9dTNfd79CQJdid7HdDhm7I6jh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/B9dTNfd79CQJdid7HdDhm7I6jh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9dTNfd79CQJdid7HdDhm7I6jh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:15:fa:7f:b5:7c:c6:c9:44:3c:35:ef:2f:d8:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d75335f77bf4240976277b1dd0e19bb23a8e1d
        Validity
            Not Before: Jan  2 06:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3532fd861c957e451bbf3c2b1e6c64d9b204557e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c7:d5:00:bc:1f:03:58:2c:f6:10:98:35:43:
                    81:52:58:0d:3d:7e:76:cf:30:8e:fb:fd:58:3f:1b:
                    fe:bb:31:6f:96:ce:6c:e4:87:fc:27:c9:b3:06:48:
                    4b:c0:51:7e:93:63:16:ae:2e:5a:a2:87:84:85:1e:
                    df:85:6c:3e:6c:22:b9:4a:e1:9c:83:50:ca:ce:3a:
                    18:7b:8a:ab:43:4a:a3:3b:c7:4d:de:11:e4:18:b5:
                    6f:69:5a:fe:4d:7f:b3:b0:82:f4:6b:89:6f:68:8a:
                    46:3a:2f:3c:13:91:a0:81:11:ee:01:06:b5:64:98:
                    5e:f5:68:32:10:74:dd:a0:a1:5d:25:42:c2:3c:c5:
                    9f:97:63:a4:c5:d8:f5:dd:2c:8f:1e:4a:25:da:52:
                    dd:e9:29:b9:e7:f5:bd:7c:61:e1:74:43:ac:8d:1b:
                    e5:ce:40:5e:9c:4e:d0:13:56:25:cf:03:53:0f:3e:
                    31:63:f9:9b:d3:1c:c5:8d:36:5d:57:ca:f4:f2:a3:
                    1b:c2:c9:15:56:7f:67:2c:c8:0c:71:16:e7:d3:26:
                    8b:63:43:50:3d:22:07:d8:78:4a:23:ad:2a:97:69:
                    64:d8:e8:13:25:b6:eb:35:3d:cb:52:f3:a0:3a:66:
                    b2:4a:0d:d7:b0:0a:31:b7:f9:10:73:b5:c2:fa:10:
                    2a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:32:FD:86:1C:95:7E:45:1B:BF:3C:2B:1E:6C:64:D9:B2:04:55:7E
            X509v3 Authority Key Identifier:
                keyid:07:D7:53:35:F7:7B:F4:24:09:76:27:7B:1D:D0:E1:9B:B2:3A:8E:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9dTNfd79CQJdid7HdDhm7I6jh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/NTL9hhyVfkUbvzwrHmxk2bIEVX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/B9dTNfd79CQJdid7HdDhm7I6jh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:af:22:51:07:f8:cc:14:d9:b6:e6:13:73:12:ed:9f:1a:37:
         74:6d:93:f9:52:8b:51:d9:fa:19:7e:c4:aa:9c:0a:35:8b:ba:
         3f:7b:b0:af:14:dd:17:7b:c5:74:0a:08:c8:e6:8f:c3:48:e5:
         6e:38:22:47:2c:95:96:e5:53:2b:ce:3e:45:d5:16:cc:7e:a0:
         ba:ad:6a:64:7c:35:b6:63:20:8c:4d:98:9a:16:3d:76:eb:a0:
         bc:22:ed:fc:74:14:c2:74:39:72:21:9c:bf:b8:09:17:d1:f9:
         05:43:9c:c6:6d:d5:dc:54:66:82:e0:d7:74:d7:a8:e0:fd:6e:
         51:2d:39:97:85:3c:27:71:75:5e:ca:43:7b:ee:27:41:5c:d8:
         62:b0:f9:35:e6:91:1d:cb:de:bb:26:a2:af:b4:15:49:63:0f:
         fc:a4:4e:f7:eb:03:db:e4:c6:7a:1b:68:26:b5:8c:95:c4:39:
         40:09:a6:38:66:94:00:e4:20:a5:2e:d6:4e:49:0f:47:eb:b4:
         72:4f:52:17:2a:2e:35:8b:53:81:d5:bb:42:d4:80:81:91:d7:
         db:61:d7:9a:01:a2:ab:63:a8:f6:6e:57:17:42:04:3e:8c:11:
         b4:b6:63:fe:cc:74:93:bb:51:5d:36:04:66:3e:56:b6:64:1c:
         e9:52:a2:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xX6f7V8xslEPDXvL9iiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZDc1MzM1Zjc3YmY0MjQwOTc2Mjc3YjFkZDBlMTliYjIz
YThlMWQwHhcNMjQwMTAyMDYzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTMyZmQ4NjFjOTU3ZTQ1MWJiZjNjMmIxZTZjNjRkOWIyMDQ1NTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsfVALwfA1gs9hCYNUOBUlgNPX52
zzCO+/1YPxv+uzFvls5s5If8J8mzBkhLwFF+k2MWri5aooeEhR7fhWw+bCK5SuGc
g1DKzjoYe4qrQ0qjO8dN3hHkGLVvaVr+TX+zsIL0a4lvaIpGOi88E5GggRHuAQa1
ZJhe9WgyEHTdoKFdJULCPMWfl2Okxdj13SyPHkol2lLd6Sm55/W9fGHhdEOsjRvl
zkBenE7QE1YlzwNTDz4xY/mb0xzFjTZdV8r08qMbwskVVn9nLMgMcRbn0yaLY0NQ
PSIH2HhKI60ql2lk2OgTJbbrNT3LUvOgOmaySg3XsAoxt/kQc7XC+hAq5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUy/YYclX5FG788Kx5sZNmyBFV+MB8GA1UdIwQY
MBaAFAfXUzX3e/QkCXYnex3Q4ZuyOo4dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlkVE5mZDc5Q1FKZGlkN0hkRGhtN0k2amgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jZTNmYTctZmM4OC00ZjQ4LWE1Y2Ut
YTQ1YmJjYjM0ZGU1LzEvTlRMOWhoeVZma1Vidnp3ckhteGsyYklFVlg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jZTNmYTctZmM4OC00ZjQ4LWE1Y2UtYTQ1YmJjYjM0ZGU1
LzEvQjlkVE5mZDc5Q1FKZGlkN0hkRGhtN0k2amgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2dSMA0G
CSqGSIb3DQEBCwUAA4IBAQCiryJRB/jMFNm25hNzEu2fGjd0bZP5UotR2foZfsSq
nAo1i7o/e7CvFN0Xe8V0CgjI5o/DSOVuOCJHLJWW5VMrzj5F1RbMfqC6rWpkfDW2
YyCMTZiaFj1266C8Iu38dBTCdDlyIZy/uAkX0fkFQ5zGbdXcVGaC4Nd016jg/W5R
LTmXhTwncXVeykN77idBXNhisPk15pEdy967JqKvtBVJYw/8pE736wPb5MZ6G2gm
tYyVxDlACaY4ZpQA5CClLtZOSQ9H67RyT1IXKi41i1OB1btC1ICBkdfbYdeaAaKr
Y6j2blcXQgQ+jBG0tmP+zHSTu1FdNgRmPla2ZBzpUqIP
-----END CERTIFICATE-----