Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/TUnXBzr-7-tBP6GdN78mI5ahxe8.roa
File:                     TUnXBzr-7-tBP6GdN78mI5ahxe8.roa (raw, json)
Hash identifier:          xFiJ6sW6C+HN63QoP5r6OyDOw7tPBAVqmIPMSnDnKbc=
Subject key identifier:   4D:49:D7:07:3A:FE:EF:EB:41:3F:A1:9D:37:BF:26:23:96:A1:C5:EF
Certificate issuer:       /CN=b5b0a86659ec314f13a04e3a03dbdb1244a0e0a9
Certificate serial:       01942143F472E034EEA7550EB0EAA7A2E275
Authority key identifier: B5:B0:A8:66:59:EC:31:4F:13:A0:4E:3A:03:DB:DB:12:44:A0:E0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/TUnXBzr-7-tBP6GdN78mI5ahxe8.roa
Signing time:             Wed 01 Jan 2025 09:48:09 +0000
ROA not before:           Wed 01 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59268
IP address blocks:        91.206.144.0/24 maxlen: 24
                          91.223.161.0/24 maxlen: 24
                          193.28.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f4:72:e0:34:ee:a7:55:0e:b0:ea:a7:a2:e2:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5b0a86659ec314f13a04e3a03dbdb1244a0e0a9
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d49d7073afeefeb413fa19d37bf262396a1c5ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:04:f2:36:f0:4e:3e:84:ca:3b:d8:03:9f:74:
                    5c:80:ae:ea:5c:fe:d7:01:cd:f8:ef:a1:77:a6:24:
                    97:67:74:fc:b8:5a:3b:d2:73:cc:39:c9:d7:3a:62:
                    3c:8e:7d:77:ed:21:de:e7:24:58:1c:8f:c2:02:47:
                    9f:fb:51:35:46:d1:1b:46:dc:cf:54:61:fa:8d:54:
                    1e:a8:20:a6:35:68:7e:f2:eb:da:9f:c4:44:e3:48:
                    8c:2a:b8:1e:1f:f8:06:e9:c0:40:f2:b7:91:a1:5f:
                    d0:60:77:e2:18:3e:e2:fc:23:ca:46:97:e3:4a:57:
                    c6:eb:48:84:63:e5:d1:68:f8:8f:f9:3b:75:b6:78:
                    a5:f9:61:b4:70:a3:5f:c3:3b:ef:44:5a:ed:07:e2:
                    88:b7:34:e8:89:25:30:0b:8b:f5:6c:ce:3a:9f:63:
                    30:a3:c6:0a:9d:90:68:2b:a4:be:a5:3a:85:af:ed:
                    f4:07:46:df:c5:b1:b9:68:c4:5d:a7:94:97:77:34:
                    17:75:35:dd:54:a5:f0:e2:b3:87:8b:8b:4d:fc:6f:
                    04:8d:78:38:9e:00:56:f5:8b:35:95:e3:2b:86:58:
                    e4:0a:ff:a1:44:e8:7e:11:6c:7b:d4:fe:50:8b:f8:
                    fc:b4:a4:03:e2:e6:ed:46:25:23:24:8e:ad:16:a0:
                    3e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:49:D7:07:3A:FE:EF:EB:41:3F:A1:9D:37:BF:26:23:96:A1:C5:EF
            X509v3 Authority Key Identifier:
                keyid:B5:B0:A8:66:59:EC:31:4F:13:A0:4E:3A:03:DB:DB:12:44:A0:E0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/TUnXBzr-7-tBP6GdN78mI5ahxe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.144.0/24
                  91.223.161.0/24
                  193.28.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:82:ed:5d:5e:a8:93:d0:72:6e:d9:b2:b9:00:3c:10:3e:b1:
         14:a2:ac:b6:52:f5:10:b6:8d:00:e6:1e:ad:69:7b:37:6e:90:
         4c:77:43:c7:18:c5:97:8d:f8:4b:d2:0f:ad:81:5b:a2:25:7c:
         98:66:34:42:34:62:81:6a:24:84:ab:18:a5:53:11:9a:ce:9c:
         2c:76:c7:9f:ba:db:37:31:66:6e:4c:30:65:34:46:5b:a4:5d:
         fa:ee:08:f7:f3:76:a7:3a:cd:c0:39:47:46:db:39:ba:6d:9b:
         9c:ac:36:1e:5f:78:fa:c2:3f:65:5a:4d:c7:70:e4:70:d2:af:
         3d:2e:5b:6e:fe:c7:d4:40:5b:c7:38:fb:73:24:6c:70:9b:4e:
         8c:81:d2:e7:5e:93:b1:cf:16:26:f0:a5:e1:93:38:70:2d:c9:
         62:75:35:40:a5:c3:ce:f5:d6:70:36:cd:ca:79:02:ce:54:ef:
         a9:5d:e3:03:0f:74:ea:69:73:93:8d:54:54:a8:5a:d2:76:cc:
         b0:fa:d2:93:2d:ef:e6:18:cd:70:a0:2b:9f:3a:0e:57:04:cc:
         cc:23:43:09:43:85:55:1b:18:41:92:cc:d7:31:c5:fc:e7:32:
         9a:1d:e5:7c:c9:02:da:5b:c5:bc:01:ec:c7:70:2b:84:5d:92:
         e8:4c:d3:9a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhQ/Ry4DTup1UOsOqnouJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YjBhODY2NTllYzMxNGYxM2EwNGUzYTAzZGJkYjEyNDRh
MGUwYTkwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQ5ZDcwNzNhZmVlZmViNDEzZmExOWQzN2JmMjYyMzk2YTFjNWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQTyNvBOPoTKO9gDn3RcgK7qXP7X
Ac3476F3piSXZ3T8uFo70nPMOcnXOmI8jn137SHe5yRYHI/CAkef+1E1RtEbRtzP
VGH6jVQeqCCmNWh+8uvan8RE40iMKrgeH/gG6cBA8reRoV/QYHfiGD7i/CPKRpfj
SlfG60iEY+XRaPiP+Tt1tnil+WG0cKNfwzvvRFrtB+KItzToiSUwC4v1bM46n2Mw
o8YKnZBoK6S+pTqFr+30B0bfxbG5aMRdp5SXdzQXdTXdVKXw4rOHi4tN/G8EjXg4
ngBW9Ys1leMrhljkCv+hROh+EWx71P5Qi/j8tKQD4ubtRiUjJI6tFqA+MwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE1J1wc6/u/rQT+hnTe/JiOWocXvMB8GA1UdIwQY
MBaAFLWwqGZZ7DFPE6BOOgPb2xJEoOCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGJDb1psbnNNVThUb0U0NkE5dmJFa1NnNEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wNDQ0MDItYzRkNC00MjU5LTkzZTIt
N2ZiZjVlZTI5MGFjLzEvVFVuWEJ6ci03LXRCUDZHZE43OG1JNWFoeGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wNDQ0MDItYzRkNC00MjU5LTkzZTItN2ZiZjVlZTI5MGFj
LzEvdGJDb1psbnNNVThUb0U0NkE5dmJFa1NnNEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW86QAwQA
W9+hAwQAwRyfMA0GCSqGSIb3DQEBCwUAA4IBAQBlgu1dXqiT0HJu2bK5ADwQPrEU
oqy2UvUQto0A5h6taXs3bpBMd0PHGMWXjfhL0g+tgVuiJXyYZjRCNGKBaiSEqxil
UxGazpwsdsefuts3MWZuTDBlNEZbpF367gj383anOs3AOUdG2zm6bZucrDYeX3j6
wj9lWk3HcORw0q89Lltu/sfUQFvHOPtzJGxwm06MgdLnXpOxzxYm8KXhkzhwLcli
dTVApcPO9dZwNs3KeQLOVO+pXeMDD3TqaXOTjVRUqFrSdsyw+tKTLe/mGM1woCuf
Og5XBMzMI0MJQ4VVGxhBkszXMcX85zKaHeV8yQLaW8W8AezHcCuEXZLoTNOa
-----END CERTIFICATE-----