Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/4iz3Hu7F2tbrDoJ4Ra5IwOQBcc8.roa
File:                     4iz3Hu7F2tbrDoJ4Ra5IwOQBcc8.roa (raw, json)
Hash identifier:          IuX1GQGX1ljfGB12u2KgCWJaKWaeRSMtVHGJgPlmubc=
Subject key identifier:   E2:2C:F7:1E:EE:C5:DA:D6:EB:0E:82:78:45:AE:48:C0:E4:01:71:CF
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       01946DC136B11825673DE9254FE2619A94B7
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/4iz3Hu7F2tbrDoJ4Ra5IwOQBcc8.roa
Signing time:             Thu 16 Jan 2025 06:16:06 +0000
ROA not before:           Thu 16 Jan 2025 06:16:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201744
IP address blocks:        91.149.193.0/24 maxlen: 24
                          91.149.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6d:c1:36:b1:18:25:67:3d:e9:25:4f:e2:61:9a:94:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: Jan 16 06:16:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e22cf71eeec5dad6eb0e827845ae48c0e40171cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e1:5e:36:32:2c:6f:8f:1c:c2:d7:40:d1:c9:
                    2e:d7:d5:e4:69:19:d6:9d:6a:1f:a5:7d:b1:6b:90:
                    91:f8:68:bd:f0:19:53:1e:80:7e:98:ab:ca:5a:1b:
                    4a:ea:4c:06:5b:ac:09:de:37:3a:6e:c4:2a:70:cc:
                    78:b6:04:eb:5c:57:51:7d:8e:62:dd:e1:a3:8b:16:
                    17:3e:b2:db:e5:4f:bf:1c:28:f7:71:1e:65:27:41:
                    56:95:f8:62:d8:70:d8:f5:d3:57:02:d7:25:6e:6a:
                    04:f2:2b:71:11:f8:d7:28:db:b6:1e:2f:a8:56:eb:
                    f5:da:05:97:f6:18:d7:41:e2:21:07:03:21:da:cd:
                    53:5a:72:a6:46:ff:db:af:39:17:d7:00:2e:32:81:
                    fc:66:e4:26:4b:cc:c0:96:3f:d4:e5:63:59:c0:3f:
                    d6:b7:7f:6b:9c:3d:de:e6:fc:e8:06:65:77:67:44:
                    66:5b:98:c7:d8:27:ba:db:a0:74:b1:e5:1d:14:dc:
                    f6:9d:98:50:48:e1:95:29:da:50:29:45:5e:7c:35:
                    9f:a4:a7:a1:a1:d6:e8:5e:b7:89:75:f4:81:af:55:
                    1a:be:3e:72:14:96:e0:04:4f:09:d1:b9:cb:7b:0b:
                    6b:6f:5c:9e:12:42:44:19:eb:10:97:c1:52:af:42:
                    72:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:2C:F7:1E:EE:C5:DA:D6:EB:0E:82:78:45:AE:48:C0:E4:01:71:CF
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/4iz3Hu7F2tbrDoJ4Ra5IwOQBcc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.193.0/24
                  91.149.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:7e:7e:a5:9a:b3:cf:19:49:52:cf:13:2a:86:b2:64:d3:b5:
         d9:0c:cb:4b:3f:b6:4e:3b:3e:f1:3c:c7:bd:4e:ee:fb:78:f5:
         7f:39:7b:3f:3b:38:4d:22:c6:c0:f8:17:52:62:a6:93:71:24:
         f6:c4:2b:c9:b8:9b:e1:f8:ae:52:7c:66:ec:ec:06:07:4a:df:
         2a:09:c2:98:bb:6f:be:a9:d5:3f:9a:4d:7a:c1:03:7c:37:06:
         cb:e7:a8:c0:24:aa:12:5e:df:5f:a3:7b:25:ce:e4:37:47:b5:
         9f:3d:4d:01:3e:26:04:10:b2:3e:7b:87:04:21:04:2c:a1:4d:
         31:8d:83:41:a6:55:6c:4e:eb:91:56:da:37:f8:c2:59:f6:95:
         bc:fd:5c:64:55:0b:1f:5a:57:79:b8:a6:e6:de:37:71:e8:2e:
         cb:be:c5:c7:10:64:0d:39:8e:dc:ed:5c:b3:f6:52:9c:eb:c7:
         80:ae:70:78:ed:62:40:e9:46:57:e8:90:2e:c9:d3:fe:31:35:
         5e:a4:2d:f0:7b:16:3f:df:c6:33:b6:fd:60:00:0d:f1:1d:c9:
         99:d6:38:f0:17:b5:f3:22:01:c8:6f:fb:22:78:a1:eb:86:5b:
         b6:7d:fa:3d:b7:89:6e:57:56:d8:d0:02:09:fd:ed:ae:d4:fd:
         1a:dd:ae:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRtwTaxGCVnPeklT+JhmpS3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjUwMTE2MDYxNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjJjZjcxZWVlYzVkYWQ2ZWIwZTgyNzg0NWFlNDhjMGU0MDE3MWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteFeNjIsb48cwtdA0cku19XkaRnW
nWofpX2xa5CR+Gi98BlTHoB+mKvKWhtK6kwGW6wJ3jc6bsQqcMx4tgTrXFdRfY5i
3eGjixYXPrLb5U+/HCj3cR5lJ0FWlfhi2HDY9dNXAtclbmoE8itxEfjXKNu2Hi+o
Vuv12gWX9hjXQeIhBwMh2s1TWnKmRv/brzkX1wAuMoH8ZuQmS8zAlj/U5WNZwD/W
t39rnD3e5vzoBmV3Z0RmW5jH2Ce626B0seUdFNz2nZhQSOGVKdpQKUVefDWfpKeh
odboXreJdfSBr1Uavj5yFJbgBE8J0bnLewtrb1yeEkJEGesQl8FSr0JywQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOIs9x7uxdrW6w6CeEWuSMDkAXHPMB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvNGl6M0h1N0YydGJyRG9KNFJhNUl3T1FCY2M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW5XBAwQA
W5XrMA0GCSqGSIb3DQEBCwUAA4IBAQAXfn6lmrPPGUlSzxMqhrJk07XZDMtLP7ZO
Oz7xPMe9Tu77ePV/OXs/OzhNIsbA+BdSYqaTcST2xCvJuJvh+K5SfGbs7AYHSt8q
CcKYu2++qdU/mk16wQN8NwbL56jAJKoSXt9fo3slzuQ3R7WfPU0BPiYEELI+e4cE
IQQsoU0xjYNBplVsTuuRVto3+MJZ9pW8/VxkVQsfWld5uKbm3jdx6C7LvsXHEGQN
OY7c7Vyz9lKc68eArnB47WJA6UZX6JAuydP+MTVepC3wexY/38Yztv1gAA3xHcmZ
1jjwF7XzIgHIb/sieKHrhlu2ffo9t4luV1bY0AIJ/e2u1P0a3a4/
-----END CERTIFICATE-----