Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/xMvpgjkxKbx_nJXqKUz8HP8cBlY.roa
File:                     xMvpgjkxKbx_nJXqKUz8HP8cBlY.roa (raw, json)
Hash identifier:          xpvtl/jAMstPAGZTh7RwpFcbxDqkgPOXgahD3aZqXp0=
Subject key identifier:   C4:CB:E9:82:39:31:29:BC:7F:9C:95:EA:29:4C:FC:1C:FF:1C:06:56
Certificate issuer:       /CN=485355706836c6d07c7fd25d5b59db0b6d894fb5
Certificate serial:       019424B3EB880E3041E5F4FD4B1805D612A3
Authority key identifier: 48:53:55:70:68:36:C6:D0:7C:7F:D2:5D:5B:59:DB:0B:6D:89:4F:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SFNVcGg2xtB8f9JdW1nbC22JT7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/xMvpgjkxKbx_nJXqKUz8HP8cBlY.roa
Signing time:             Thu 02 Jan 2025 01:49:18 +0000
ROA not before:           Thu 02 Jan 2025 01:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44477
IP address blocks:        91.228.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/SFNVcGg2xtB8f9JdW1nbC22JT7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/SFNVcGg2xtB8f9JdW1nbC22JT7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SFNVcGg2xtB8f9JdW1nbC22JT7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:eb:88:0e:30:41:e5:f4:fd:4b:18:05:d6:12:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=485355706836c6d07c7fd25d5b59db0b6d894fb5
        Validity
            Not Before: Jan  2 01:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4cbe982393129bc7f9c95ea294cfc1cff1c0656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e5:ab:6e:22:55:75:c7:f2:d6:8f:43:3d:70:
                    e8:6c:84:49:28:53:13:f6:54:90:8f:bc:2f:16:17:
                    dd:2a:7e:04:00:cf:46:a9:d5:e5:e1:01:4e:68:67:
                    19:b9:92:8f:e8:73:a5:17:bb:5e:dd:42:e6:44:84:
                    45:8c:e1:21:c7:8b:78:8f:53:ae:28:0f:1f:18:3a:
                    d4:e1:c3:27:51:ee:14:ec:e5:e0:c9:a8:bd:39:ba:
                    8e:57:6f:9e:05:d6:92:21:9b:1b:9e:7d:2e:d0:b4:
                    da:32:61:9d:c5:96:76:d9:06:56:7a:92:a9:17:0c:
                    49:68:fe:61:61:7e:0c:1e:d2:d6:27:4c:48:58:e2:
                    ad:01:9a:b5:06:19:6f:fb:8f:62:75:a4:a6:31:03:
                    d1:88:de:b9:f2:f3:12:a5:c7:40:7f:71:b6:c0:14:
                    75:0a:78:22:69:38:5a:b3:b8:13:a1:88:54:e1:73:
                    28:e5:40:7c:40:d2:94:71:a6:12:c5:87:51:1e:cb:
                    81:c5:3b:89:f6:be:bb:a5:eb:63:08:79:f7:55:07:
                    84:99:74:c6:79:44:97:4e:b0:6b:58:c4:76:bb:6a:
                    43:82:ee:d5:9c:7c:36:59:aa:e5:87:dd:1d:65:59:
                    7b:62:c4:5e:70:6d:33:53:92:4b:7d:a7:9f:40:be:
                    1b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:CB:E9:82:39:31:29:BC:7F:9C:95:EA:29:4C:FC:1C:FF:1C:06:56
            X509v3 Authority Key Identifier:
                keyid:48:53:55:70:68:36:C6:D0:7C:7F:D2:5D:5B:59:DB:0B:6D:89:4F:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SFNVcGg2xtB8f9JdW1nbC22JT7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/xMvpgjkxKbx_nJXqKUz8HP8cBlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/SFNVcGg2xtB8f9JdW1nbC22JT7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:b2:b6:33:c8:78:5c:d5:2e:fa:45:c1:da:61:c9:f0:91:00:
         a5:63:55:83:de:e1:ea:e3:f5:0a:1b:23:3e:d3:a1:8d:ea:9d:
         07:e2:e7:4f:aa:23:2a:c2:97:e9:57:ab:8f:00:f3:6c:31:f9:
         53:0e:5e:2f:a9:94:ce:5a:7c:04:f3:a1:9c:a5:46:c0:15:4d:
         75:f1:71:b3:e6:75:22:2b:0a:d5:12:3a:0f:d1:01:ea:85:d8:
         0b:d2:1f:9c:11:82:f0:ff:bb:46:5f:7f:36:34:c2:8c:c2:78:
         2e:91:66:45:a9:20:00:1a:6e:63:14:0a:80:d5:af:c2:c7:fa:
         89:fe:0a:0a:8d:83:45:14:5e:de:88:9a:bf:5f:c6:62:90:97:
         ae:22:f5:16:a5:ed:bf:98:67:6b:94:9c:7b:f6:51:e0:1e:a2:
         3e:5b:20:75:12:98:31:15:e3:bd:ca:75:be:92:19:37:66:3f:
         58:24:e6:2a:24:bf:4e:eb:13:9f:0f:83:55:8e:01:58:fe:a8:
         67:87:ee:cf:6d:de:0f:38:ec:5d:02:cb:64:4a:29:ca:34:39:
         d2:e7:3d:a4:a0:21:07:95:1b:cc:65:01:42:71:ad:e7:3c:ca:
         70:81:4b:2a:db:1e:b4:3a:ca:5f:49:b4:ea:02:36:16:96:a9:
         ee:2a:04:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks+uIDjBB5fT9SxgF1hKjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NTM1NTcwNjgzNmM2ZDA3YzdmZDI1ZDViNTlkYjBiNmQ4
OTRmYjUwHhcNMjUwMTAyMDE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGNiZTk4MjM5MzEyOWJjN2Y5Yzk1ZWEyOTRjZmMxY2ZmMWMwNjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOWrbiJVdcfy1o9DPXDobIRJKFMT
9lSQj7wvFhfdKn4EAM9GqdXl4QFOaGcZuZKP6HOlF7te3ULmRIRFjOEhx4t4j1Ou
KA8fGDrU4cMnUe4U7OXgyai9ObqOV2+eBdaSIZsbnn0u0LTaMmGdxZZ22QZWepKp
FwxJaP5hYX4MHtLWJ0xIWOKtAZq1Bhlv+49idaSmMQPRiN658vMSpcdAf3G2wBR1
CngiaThas7gToYhU4XMo5UB8QNKUcaYSxYdRHsuBxTuJ9r67petjCHn3VQeEmXTG
eUSXTrBrWMR2u2pDgu7VnHw2Warlh90dZVl7YsRecG0zU5JLfaefQL4brQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTL6YI5MSm8f5yV6ilM/Bz/HAZWMB8GA1UdIwQY
MBaAFEhTVXBoNsbQfH/SXVtZ2wttiU+1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0ZOVmNHZzJ4dEI4ZjlKZFcxbmJDMjJKVDdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8wMGVjMzctMzg0MS00ZjY0LWExYmQt
ZGQ5ZGQ3NjMzMzlkLzEveE12cGdqa3hLYnhfbkpYcUtVejhIUDhjQmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8wMGVjMzctMzg0MS00ZjY0LWExYmQtZGQ5ZGQ3NjMzMzlk
LzEvU0ZOVmNHZzJ4dEI4ZjlKZFcxbmJDMjJKVDdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+QKMA0G
CSqGSIb3DQEBCwUAA4IBAQBRsrYzyHhc1S76RcHaYcnwkQClY1WD3uHq4/UKGyM+
06GN6p0H4udPqiMqwpfpV6uPAPNsMflTDl4vqZTOWnwE86GcpUbAFU118XGz5nUi
KwrVEjoP0QHqhdgL0h+cEYLw/7tGX382NMKMwngukWZFqSAAGm5jFAqA1a/Cx/qJ
/goKjYNFFF7eiJq/X8ZikJeuIvUWpe2/mGdrlJx79lHgHqI+WyB1EpgxFeO9ynW+
khk3Zj9YJOYqJL9O6xOfD4NVjgFY/qhnh+7Pbd4POOxdAstkSinKNDnS5z2koCEH
lRvMZQFCca3nPMpwgUsq2x60OspfSbTqAjYWlqnuKgQK
-----END CERTIFICATE-----