Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/b4597f-ee1c-462b-ab84-ebe59e274840/1/KjnQlCcdJhz06sy0Po6XV6X4Dxs.roa
File:                     KjnQlCcdJhz06sy0Po6XV6X4Dxs.roa (raw, json)
Hash identifier:          7iYFRHNGF/wVVpMowkckxg8ZXNPJvk/0QIk/gscq6GM=
Subject key identifier:   2A:39:D0:94:27:1D:26:1C:F4:EA:CC:B4:3E:8E:97:57:A5:F8:0F:1B
Certificate issuer:       /CN=e87244897c7917b791e100d4680339c4a3593fc3
Certificate serial:       018CC80108DD629C6AF4A0FAB6C28056EF12
Authority key identifier: E8:72:44:89:7C:79:17:B7:91:E1:00:D4:68:03:39:C4:A3:59:3F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6HJEiXx5F7eR4QDUaAM5xKNZP8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/b4597f-ee1c-462b-ab84-ebe59e274840/1/KjnQlCcdJhz06sy0Po6XV6X4Dxs.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197093
IP address blocks:        91.223.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/b4597f-ee1c-462b-ab84-ebe59e274840/1/6HJEiXx5F7eR4QDUaAM5xKNZP8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/b4597f-ee1c-462b-ab84-ebe59e274840/1/6HJEiXx5F7eR4QDUaAM5xKNZP8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6HJEiXx5F7eR4QDUaAM5xKNZP8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 01:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:08:dd:62:9c:6a:f4:a0:fa:b6:c2:80:56:ef:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e87244897c7917b791e100d4680339c4a3593fc3
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a39d094271d261cf4eaccb43e8e9757a5f80f1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:01:9a:8e:7c:44:bb:fd:62:9a:f8:43:58:52:
                    44:f5:ff:9a:10:b6:9f:9e:00:f8:13:23:db:4b:17:
                    10:00:bb:cc:6a:8c:b8:38:a4:4f:3c:6e:58:77:c4:
                    22:1c:df:0a:e7:d0:e7:a6:b5:18:fc:6c:fe:c5:96:
                    f0:a4:05:cf:4a:33:5f:c8:d4:7c:ef:7e:28:1e:76:
                    af:82:67:68:d1:03:0b:a8:be:11:53:a3:a3:66:8d:
                    bd:0f:52:91:bc:64:1a:37:08:9d:82:6a:8c:ee:dd:
                    e1:61:49:d8:d2:24:b8:ba:44:31:c7:f0:24:00:f8:
                    c4:8b:37:47:df:a6:42:98:41:42:0f:fd:b3:8e:55:
                    4d:00:18:4b:a2:b4:d8:48:cf:fe:08:b9:e0:4a:a7:
                    ea:1d:0b:34:f2:65:cb:17:ca:6a:94:3a:25:54:fe:
                    8b:37:e9:bd:c9:2f:64:d6:0b:a3:fe:6d:54:20:2d:
                    4a:d0:85:79:e1:d8:61:bb:67:9c:3d:8c:5a:15:a1:
                    f2:6e:50:08:da:a2:2f:17:64:c9:c0:db:a1:d8:32:
                    ed:2c:dd:db:88:16:b0:e1:d9:db:07:81:16:86:47:
                    74:54:5b:16:8d:97:52:39:01:84:45:b9:f3:c4:d1:
                    a0:67:37:e8:e6:7f:11:ec:62:8c:db:3f:20:d3:46:
                    cc:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:39:D0:94:27:1D:26:1C:F4:EA:CC:B4:3E:8E:97:57:A5:F8:0F:1B
            X509v3 Authority Key Identifier:
                keyid:E8:72:44:89:7C:79:17:B7:91:E1:00:D4:68:03:39:C4:A3:59:3F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6HJEiXx5F7eR4QDUaAM5xKNZP8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b4597f-ee1c-462b-ab84-ebe59e274840/1/KjnQlCcdJhz06sy0Po6XV6X4Dxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b4597f-ee1c-462b-ab84-ebe59e274840/1/6HJEiXx5F7eR4QDUaAM5xKNZP8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:4c:39:eb:72:25:db:9c:f4:4f:e2:62:21:4f:75:a2:8d:2b:
         a6:c8:f5:df:b2:d6:8d:68:85:cc:99:0f:09:18:61:19:23:62:
         8e:22:42:6c:f4:38:02:83:bc:fb:6d:f5:da:23:29:7d:7a:1e:
         81:3c:9d:13:7e:bf:9b:32:45:78:95:6a:e9:e2:f7:1d:87:0d:
         6c:95:f5:0a:43:e6:8c:b1:b2:ac:ee:42:98:c8:c7:17:e4:19:
         97:ae:6a:06:a7:3e:9e:9b:82:34:70:ca:2c:be:40:ff:05:81:
         55:e7:7e:36:45:11:76:6f:94:b1:42:d2:20:bf:87:3a:de:3c:
         6d:43:a4:38:44:c4:25:4d:13:1b:67:bd:6b:bc:7d:a9:d0:b1:
         40:50:80:74:ee:e6:f7:6b:e1:18:29:1f:b3:3f:3e:0e:d9:1b:
         48:1e:76:f3:86:1d:28:ab:32:42:cb:dd:72:04:73:25:85:51:
         c8:8e:a2:da:42:ce:71:de:94:d3:d8:25:5d:1b:95:91:62:ab:
         af:1b:4e:52:7a:71:3b:f2:9e:0f:79:c9:84:aa:3a:d7:d8:b4:
         0a:95:52:73:4f:c4:a7:2c:e1:38:a3:95:2a:1b:62:04:f4:0d:
         92:26:19:89:f0:d7:96:74:01:23:e5:46:a7:54:49:a6:ea:aa:
         54:9f:a4:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQjdYpxq9KD6tsKAVu8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NzI0NDg5N2M3OTE3Yjc5MWUxMDBkNDY4MDMzOWM0YTM1
OTNmYzMwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTM5ZDA5NDI3MWQyNjFjZjRlYWNjYjQzZThlOTc1N2E1ZjgwZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgGajnxEu/1imvhDWFJE9f+aELaf
ngD4EyPbSxcQALvMaoy4OKRPPG5Yd8QiHN8K59DnprUY/Gz+xZbwpAXPSjNfyNR8
734oHnavgmdo0QMLqL4RU6OjZo29D1KRvGQaNwidgmqM7t3hYUnY0iS4ukQxx/Ak
APjEizdH36ZCmEFCD/2zjlVNABhLorTYSM/+CLngSqfqHQs08mXLF8pqlDolVP6L
N+m9yS9k1guj/m1UIC1K0IV54dhhu2ecPYxaFaHyblAI2qIvF2TJwNuh2DLtLN3b
iBaw4dnbB4EWhkd0VFsWjZdSOQGERbnzxNGgZzfo5n8R7GKM2z8g00bMawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCo50JQnHSYc9OrMtD6Ol1el+A8bMB8GA1UdIwQY
MBaAFOhyRIl8eRe3keEA1GgDOcSjWT/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkhKRWlYeDVGN2VSNFFEVWFBTTV4S05aUDhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iNDU5N2YtZWUxYy00NjJiLWFiODQt
ZWJlNTllMjc0ODQwLzEvS2puUWxDY2RKaHowNnN5MFBvNlhWNlg0RHhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iNDU5N2YtZWUxYy00NjJiLWFiODQtZWJlNTllMjc0ODQw
LzEvNkhKRWlYeDVGN2VSNFFEVWFBTTV4S05aUDhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW983MA0G
CSqGSIb3DQEBCwUAA4IBAQBlTDnrciXbnPRP4mIhT3WijSumyPXfstaNaIXMmQ8J
GGEZI2KOIkJs9DgCg7z7bfXaIyl9eh6BPJ0Tfr+bMkV4lWrp4vcdhw1slfUKQ+aM
sbKs7kKYyMcX5BmXrmoGpz6em4I0cMosvkD/BYFV5342RRF2b5SxQtIgv4c63jxt
Q6Q4RMQlTRMbZ71rvH2p0LFAUIB07ub3a+EYKR+zPz4O2RtIHnbzhh0oqzJCy91y
BHMlhVHIjqLaQs5x3pTT2CVdG5WRYquvG05SenE78p4PecmEqjrX2LQKlVJzT8Sn
LOE4o5UqG2IE9A2SJhmJ8NeWdAEj5UanVEmm6qpUn6Rr
-----END CERTIFICATE-----