Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/pEayhHqE2LsS2JqNOu8wTigFXWQ.roa
File:                     pEayhHqE2LsS2JqNOu8wTigFXWQ.roa (raw, json)
Hash identifier:          xO5IfYrXWQX7NXGLAWvUM5o4fMaOdr7urJcP0f6HOKk=
Subject key identifier:   A4:46:B2:84:7A:84:D8:BB:12:D8:9A:8D:3A:EF:30:4E:28:05:5D:64
Certificate issuer:       /CN=7252c7d5ed8c5a2bc2ad03065d41c3e4b3ac1575
Certificate serial:       01942445771CA340B29A8BC2D7F5F8063FF3
Authority key identifier: 72:52:C7:D5:ED:8C:5A:2B:C2:AD:03:06:5D:41:C3:E4:B3:AC:15:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clLH1e2MWivCrQMGXUHD5LOsFXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/pEayhHqE2LsS2JqNOu8wTigFXWQ.roa
Signing time:             Wed 01 Jan 2025 23:48:39 +0000
ROA not before:           Wed 01 Jan 2025 23:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47919
IP address blocks:        91.208.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/clLH1e2MWivCrQMGXUHD5LOsFXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/clLH1e2MWivCrQMGXUHD5LOsFXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clLH1e2MWivCrQMGXUHD5LOsFXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:77:1c:a3:40:b2:9a:8b:c2:d7:f5:f8:06:3f:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7252c7d5ed8c5a2bc2ad03065d41c3e4b3ac1575
        Validity
            Not Before: Jan  1 23:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a446b2847a84d8bb12d89a8d3aef304e28055d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:fa:bc:94:83:22:15:3f:40:b6:a4:f0:28:78:
                    03:30:21:11:c2:c9:d4:f3:46:47:3f:d8:58:c9:c2:
                    f3:3c:fd:03:e3:5b:aa:9e:30:79:3f:7a:9f:9e:f6:
                    dd:52:c3:0b:92:a8:f2:5e:e7:58:74:9c:ad:eb:cb:
                    2f:6b:ea:9e:1a:28:bd:cf:1c:a0:83:dc:4b:7d:6a:
                    fd:47:e0:d1:20:0c:d9:34:b2:dc:3b:f0:c2:69:e5:
                    4e:18:83:d2:9e:98:73:a1:01:e6:59:9f:80:ed:c7:
                    50:d8:e0:d9:08:3b:b6:52:f8:f8:5a:86:e2:e7:be:
                    cc:68:7a:f6:89:2a:04:e0:8e:6f:98:ad:e9:1b:e8:
                    28:9e:0d:00:7a:36:c2:05:87:f9:6b:1f:11:0b:5f:
                    2a:f4:11:77:1f:75:76:96:cc:71:5f:7d:cb:0b:43:
                    96:31:49:81:42:e9:25:ec:41:80:0d:e6:bf:40:30:
                    73:bf:5c:d0:d9:8e:89:9c:a1:1a:63:70:3b:a5:1a:
                    f1:f5:e4:16:79:b7:3c:db:bd:9e:3e:ad:12:5e:af:
                    1e:18:63:82:7e:96:4a:07:56:f4:71:94:22:4c:ed:
                    cb:43:33:ec:cf:5c:78:0b:dc:f9:39:12:75:95:76:
                    4a:a7:e3:28:3c:17:5b:66:f9:a8:0e:98:58:3a:0c:
                    1d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:46:B2:84:7A:84:D8:BB:12:D8:9A:8D:3A:EF:30:4E:28:05:5D:64
            X509v3 Authority Key Identifier:
                keyid:72:52:C7:D5:ED:8C:5A:2B:C2:AD:03:06:5D:41:C3:E4:B3:AC:15:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clLH1e2MWivCrQMGXUHD5LOsFXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/pEayhHqE2LsS2JqNOu8wTigFXWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/clLH1e2MWivCrQMGXUHD5LOsFXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:93:8a:8d:76:e4:64:66:e8:43:96:e5:41:bf:24:e4:0b:8f:
         10:a8:2c:7d:94:fb:bd:e0:5b:75:bc:cc:be:47:f4:90:02:44:
         bc:6d:0a:0d:b4:9c:78:a0:83:c6:98:d4:b7:48:05:73:86:0d:
         27:78:80:c3:e8:6e:e9:aa:4d:e7:23:a3:22:46:7a:ca:9c:25:
         c7:6d:b6:60:73:26:11:e3:4b:d4:6e:4f:5d:28:17:89:bb:8b:
         59:15:65:7d:58:43:a6:1c:ef:b4:8a:2b:d1:a7:a0:b8:d6:95:
         58:40:47:4b:07:90:81:71:db:ed:83:0d:c0:96:4c:ac:da:5d:
         57:35:4f:ae:9a:b2:07:33:03:a6:ca:da:44:37:d3:81:e5:a2:
         38:fa:af:30:fe:81:71:10:cf:46:01:4f:09:9f:fb:03:fb:46:
         61:57:27:c6:41:89:7b:43:55:e4:7a:39:66:e4:97:5f:9f:c6:
         ac:ee:9a:94:e4:9a:ce:c1:bd:11:a9:37:0c:87:dc:dc:c8:ff:
         53:a9:12:1f:00:9a:c8:08:0a:22:f9:df:b0:5d:d2:79:3b:d5:
         e9:f9:8b:a7:08:f2:66:2b:3e:ba:53:15:2a:38:b5:0f:f4:e1:
         c1:84:d5:39:9d:09:5a:71:2f:a4:75:ef:ba:2f:25:6d:2f:88:
         24:50:f0:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRXcco0CymovC1/X4Bj/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNTJjN2Q1ZWQ4YzVhMmJjMmFkMDMwNjVkNDFjM2U0YjNh
YzE1NzUwHhcNMjUwMTAxMjM0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDQ2YjI4NDdhODRkOGJiMTJkODlhOGQzYWVmMzA0ZTI4MDU1ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fq8lIMiFT9AtqTwKHgDMCERwsnU
80ZHP9hYycLzPP0D41uqnjB5P3qfnvbdUsMLkqjyXudYdJyt68sva+qeGii9zxyg
g9xLfWr9R+DRIAzZNLLcO/DCaeVOGIPSnphzoQHmWZ+A7cdQ2ODZCDu2Uvj4Wobi
577MaHr2iSoE4I5vmK3pG+gong0AejbCBYf5ax8RC18q9BF3H3V2lsxxX33LC0OW
MUmBQukl7EGADea/QDBzv1zQ2Y6JnKEaY3A7pRrx9eQWebc8272ePq0SXq8eGGOC
fpZKB1b0cZQiTO3LQzPsz1x4C9z5ORJ1lXZKp+MoPBdbZvmoDphYOgwdyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRGsoR6hNi7EtiajTrvME4oBV1kMB8GA1UdIwQY
MBaAFHJSx9XtjForwq0DBl1Bw+SzrBV1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2xMSDFlMk1XaXZDclFNR1hVSEQ1TE9zRlhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yYjlkODktZWQ4Mi00NDAxLTgxZDkt
NjdkMWIyYTYxYmIwLzEvcEVheWhIcUUyTHNTMkpxTk91OHdUaWdGWFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8yYjlkODktZWQ4Mi00NDAxLTgxZDktNjdkMWIyYTYxYmIw
LzEvY2xMSDFlMk1XaXZDclFNR1hVSEQ1TE9zRlhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9DGMA0G
CSqGSIb3DQEBCwUAA4IBAQAnk4qNduRkZuhDluVBvyTkC48QqCx9lPu94Ft1vMy+
R/SQAkS8bQoNtJx4oIPGmNS3SAVzhg0neIDD6G7pqk3nI6MiRnrKnCXHbbZgcyYR
40vUbk9dKBeJu4tZFWV9WEOmHO+0iivRp6C41pVYQEdLB5CBcdvtgw3Alkys2l1X
NU+umrIHMwOmytpEN9OB5aI4+q8w/oFxEM9GAU8Jn/sD+0ZhVyfGQYl7Q1Xkejlm
5Jdfn8as7pqU5JrOwb0RqTcMh9zcyP9TqRIfAJrICAoi+d+wXdJ5O9Xp+YunCPJm
Kz66UxUqOLUP9OHBhNU5nQlacS+kde+6LyVtL4gkUPDz
-----END CERTIFICATE-----