Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/nOkgjQYrArcyyihUQCswunvrPDA.roa
File:                     nOkgjQYrArcyyihUQCswunvrPDA.roa (raw, json)
Hash identifier:          Lt1DqMt+BLg34tBT2X1N/gPEKBgxtUFzVdCJoM3+LOM=
Subject key identifier:   9C:E9:20:8D:06:2B:02:B7:32:CA:28:54:40:2B:30:BA:7B:EB:3C:30
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       019763BCAA181F18A49D82D3C0EDF4B2E235
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/nOkgjQYrArcyyihUQCswunvrPDA.roa
Signing time:             Thu 12 Jun 2025 10:43:18 +0000
ROA not before:           Thu 12 Jun 2025 10:43:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208737
IP address blocks:        91.92.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:bc:aa:18:1f:18:a4:9d:82:d3:c0:ed:f4:b2:e2:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Jun 12 10:43:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ce9208d062b02b732ca2854402b30ba7beb3c30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:23:54:d8:86:16:2f:99:d6:61:b9:de:14:16:
                    8a:1d:0c:d3:5c:00:c3:04:72:eb:fa:4c:35:16:56:
                    15:c9:e9:ec:11:31:1d:42:67:94:2b:d5:dd:27:d3:
                    c6:2d:7c:ff:3d:59:69:96:0e:95:46:23:78:f3:50:
                    33:e9:1e:3d:19:76:23:34:ac:5b:24:23:bb:47:7b:
                    7d:36:27:49:da:2b:05:0e:bb:a5:61:b8:7b:77:f0:
                    0d:7e:8b:0a:40:6f:c8:98:35:e9:ff:30:72:2f:9d:
                    49:bb:f5:19:44:82:f9:35:79:d4:a7:85:a9:4c:57:
                    d5:43:9c:1e:eb:08:88:f4:f2:43:0f:01:58:8d:96:
                    71:74:3e:f2:73:2b:79:f6:ce:8a:66:57:33:b3:65:
                    5a:c3:c7:56:27:1b:6b:40:af:5f:6f:f5:a8:cf:ca:
                    28:e1:cc:7d:02:06:1c:96:56:bf:d4:60:55:f3:c7:
                    88:bd:d0:ac:8c:4d:a3:ca:57:b5:37:36:d8:6f:10:
                    0e:6f:2d:53:27:da:9f:39:b3:b3:4e:4c:12:5d:03:
                    8e:19:7f:2c:2a:8b:cf:c2:73:fa:27:89:bd:a2:d2:
                    d8:43:37:c9:30:74:a4:b9:93:06:c3:b6:11:e0:b6:
                    db:6f:04:0b:d0:8a:a2:46:05:19:7e:90:48:3e:ae:
                    7f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:E9:20:8D:06:2B:02:B7:32:CA:28:54:40:2B:30:BA:7B:EB:3C:30
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/nOkgjQYrArcyyihUQCswunvrPDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:6b:cc:7d:c8:83:e2:97:7f:48:1a:43:9d:1b:ba:7b:7d:02:
         f1:f9:bd:13:3f:84:ba:80:89:9a:60:5c:7e:ac:96:06:e7:88:
         0f:60:fc:35:d9:9a:7d:e6:90:d1:44:ef:28:b6:e1:82:4b:01:
         a4:ce:a5:7d:5c:6d:e0:de:a4:26:ef:b0:ff:0f:9d:a3:f8:d8:
         c7:e0:2e:fd:33:53:59:db:da:5b:3e:d7:d8:b1:a2:09:fd:05:
         6a:56:a0:d6:fd:75:2d:12:4e:3f:a8:f3:fc:84:30:ab:33:a4:
         85:af:3d:32:e6:a7:83:2e:ee:bb:b9:ba:c7:0b:63:54:e7:95:
         d9:86:d4:93:09:37:ac:49:b4:0d:3b:76:2d:e3:86:3c:31:8a:
         27:d6:db:5b:34:ee:b1:b8:90:79:85:18:61:86:bd:00:1e:56:
         61:5a:52:84:0d:f5:78:64:4d:c4:15:21:24:15:b7:ef:f2:2e:
         58:74:96:da:4f:da:a5:7c:a4:3e:7b:d1:bd:25:bf:91:e3:3a:
         e2:bf:81:c2:ee:91:44:c3:78:ee:9f:0b:6f:44:c2:d1:ea:6e:
         07:1c:88:09:94:0e:40:ce:10:73:59:1a:88:a3:04:d9:a7:35:
         2e:5c:e1:90:ea:05:a2:16:d4:6d:c8:f6:ca:59:46:09:36:02:
         bc:a7:4f:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdjvKoYHxiknYLTwO30suI1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjUwNjEyMTA0MzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2U5MjA4ZDA2MmIwMmI3MzJjYTI4NTQ0MDJiMzBiYTdiZWIzYzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SNU2IYWL5nWYbneFBaKHQzTXADD
BHLr+kw1FlYVyensETEdQmeUK9XdJ9PGLXz/PVlplg6VRiN481Az6R49GXYjNKxb
JCO7R3t9NidJ2isFDrulYbh7d/ANfosKQG/ImDXp/zByL51Ju/UZRIL5NXnUp4Wp
TFfVQ5we6wiI9PJDDwFYjZZxdD7ycyt59s6KZlczs2Vaw8dWJxtrQK9fb/Woz8oo
4cx9AgYclla/1GBV88eIvdCsjE2jyle1NzbYbxAOby1TJ9qfObOzTkwSXQOOGX8s
KovPwnP6J4m9otLYQzfJMHSkuZMGw7YR4LbbbwQL0IqiRgUZfpBIPq5/GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzpII0GKwK3MsooVEArMLp76zwwMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvbk9rZ2pRWXJBcmN5eWloVVFDc3d1bnZyUERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1w2MA0G
CSqGSIb3DQEBCwUAA4IBAQBra8x9yIPil39IGkOdG7p7fQLx+b0TP4S6gImaYFx+
rJYG54gPYPw12Zp95pDRRO8otuGCSwGkzqV9XG3g3qQm77D/D52j+NjH4C79M1NZ
29pbPtfYsaIJ/QVqVqDW/XUtEk4/qPP8hDCrM6SFrz0y5qeDLu67ubrHC2NU55XZ
htSTCTesSbQNO3Yt44Y8MYon1ttbNO6xuJB5hRhhhr0AHlZhWlKEDfV4ZE3EFSEk
Fbfv8i5YdJbaT9qlfKQ+e9G9Jb+R4zriv4HC7pFEw3junwtvRMLR6m4HHIgJlA5A
zhBzWRqIowTZpzUuXOGQ6gWiFtRtyPbKWUYJNgK8p08j
-----END CERTIFICATE-----