Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/puaohYxhGlR_ojExuJSBgJp58B4.roa
File:                     puaohYxhGlR_ojExuJSBgJp58B4.roa (raw, json)
Hash identifier:          1Zbm+b0MGHPeRak+rHKtmgsa3JMwl8hkqHTwmCOmzbo=
Subject key identifier:   A6:E6:A8:85:8C:61:1A:54:7F:A2:31:31:B8:94:81:80:9A:79:F0:1E
Certificate issuer:       /CN=1a93849bff337df8b8b0bd1ae252ee6119d8a61f
Certificate serial:       01942826F0AAC2A486BDF7083988A1A75A14
Authority key identifier: 1A:93:84:9B:FF:33:7D:F8:B8:B0:BD:1A:E2:52:EE:61:19:D8:A6:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GpOEm_8zffi4sL0a4lLuYRnYph8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/puaohYxhGlR_ojExuJSBgJp58B4.roa
Signing time:             Thu 02 Jan 2025 17:53:48 +0000
ROA not before:           Thu 02 Jan 2025 17:53:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8315
IP address blocks:        91.200.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/GpOEm_8zffi4sL0a4lLuYRnYph8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/GpOEm_8zffi4sL0a4lLuYRnYph8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GpOEm_8zffi4sL0a4lLuYRnYph8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:f0:aa:c2:a4:86:bd:f7:08:39:88:a1:a7:5a:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a93849bff337df8b8b0bd1ae252ee6119d8a61f
        Validity
            Not Before: Jan  2 17:53:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6e6a8858c611a547fa23131b89481809a79f01e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:68:de:cc:01:02:0c:db:d8:8e:42:32:96:4d:
                    b5:84:52:a6:9c:93:09:31:17:8a:67:66:40:a9:13:
                    52:fd:06:67:67:ee:1e:9c:4c:83:a5:03:c7:ff:ff:
                    97:fb:e9:12:a8:c4:40:69:2d:cd:50:4a:86:01:78:
                    e7:65:12:4a:c7:59:f7:cb:39:42:56:67:9f:28:95:
                    d8:1d:8e:7c:47:59:da:5a:98:bd:d2:e5:aa:3a:d8:
                    5b:06:87:cb:2b:63:2b:93:66:9f:11:85:fe:ac:5e:
                    64:ce:05:2c:45:8c:1b:43:d2:2a:37:ae:d7:ce:bc:
                    fe:fb:b2:c1:af:1e:60:ef:45:37:8e:2b:c7:d8:83:
                    0f:b1:78:02:89:ea:e3:ba:f9:ce:9a:5f:83:50:98:
                    60:80:5e:e4:3d:82:75:e0:ce:ee:95:1f:77:01:b0:
                    64:14:71:43:19:e2:23:32:37:bb:4f:4b:c8:d9:77:
                    de:72:c0:d2:23:50:99:d3:32:b9:86:32:9e:67:8b:
                    4b:6b:02:aa:a1:49:c5:22:5b:0f:0b:2b:e5:44:a8:
                    ac:93:cd:ae:46:7d:fb:c8:e0:01:e0:7a:6e:c5:fe:
                    d6:21:ae:ed:88:ac:74:2d:2c:b8:9e:c6:2e:69:c1:
                    66:a0:85:d7:ea:c8:c0:08:30:ee:d1:85:ab:86:b9:
                    e9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:E6:A8:85:8C:61:1A:54:7F:A2:31:31:B8:94:81:80:9A:79:F0:1E
            X509v3 Authority Key Identifier:
                keyid:1A:93:84:9B:FF:33:7D:F8:B8:B0:BD:1A:E2:52:EE:61:19:D8:A6:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GpOEm_8zffi4sL0a4lLuYRnYph8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/puaohYxhGlR_ojExuJSBgJp58B4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/GpOEm_8zffi4sL0a4lLuYRnYph8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:00:c9:6f:18:2b:5f:e3:3d:af:66:37:9e:0b:0e:1d:88:af:
         54:ce:06:1d:ed:f1:86:dd:81:c9:28:7e:6d:e3:d9:33:25:b7:
         6d:de:ad:d1:f6:c4:95:dc:60:25:6a:5b:48:fc:af:f6:2c:9a:
         55:e6:6a:df:2b:f2:d9:a3:55:5b:1a:99:51:a9:48:c7:e3:fa:
         18:7b:59:9b:8b:bf:fc:5a:32:c3:4e:51:76:29:9b:ac:ed:06:
         07:cd:8e:1d:c1:46:dd:ea:83:e0:88:29:c5:47:02:a1:5f:86:
         ca:f5:02:fb:4a:0c:7b:fb:b7:09:91:41:fb:e8:e8:06:9f:94:
         cd:72:ea:ae:f6:fa:4a:c0:0a:92:5c:e1:96:c9:02:af:d6:91:
         ec:cf:7b:34:bd:86:e5:6c:7d:47:10:bc:31:d9:76:50:82:b2:
         eb:f1:86:b5:1b:75:b3:3d:cb:b4:26:49:93:f7:71:4c:34:18:
         44:f8:48:e9:3f:b9:54:df:d0:b7:85:7c:93:d2:1d:77:78:06:
         99:83:5f:2f:20:ac:7f:19:ca:f9:c3:e4:36:7f:88:ad:e1:c5:
         ea:10:69:e9:c9:00:4e:6a:70:d2:f8:e1:f6:42:db:ab:60:ef:
         d6:00:bd:a6:c9:21:ce:37:ec:e7:af:97:72:5b:5d:df:f1:73:
         8c:ee:eb:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJvCqwqSGvfcIOYihp1oUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhOTM4NDliZmYzMzdkZjhiOGIwYmQxYWUyNTJlZTYxMTlk
OGE2MWYwHhcNMjUwMTAyMTc1MzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmU2YTg4NThjNjExYTU0N2ZhMjMxMzFiODk0ODE4MDlhNzlmMDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWjezAECDNvYjkIylk21hFKmnJMJ
MReKZ2ZAqRNS/QZnZ+4enEyDpQPH//+X++kSqMRAaS3NUEqGAXjnZRJKx1n3yzlC
VmefKJXYHY58R1naWpi90uWqOthbBofLK2Mrk2afEYX+rF5kzgUsRYwbQ9IqN67X
zrz++7LBrx5g70U3jivH2IMPsXgCierjuvnOml+DUJhggF7kPYJ14M7ulR93AbBk
FHFDGeIjMje7T0vI2XfecsDSI1CZ0zK5hjKeZ4tLawKqoUnFIlsPCyvlRKisk82u
Rn37yOAB4Hpuxf7WIa7tiKx0LSy4nsYuacFmoIXX6sjACDDu0YWrhrnpsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbmqIWMYRpUf6IxMbiUgYCaefAeMB8GA1UdIwQY
MBaAFBqThJv/M334uLC9GuJS7mEZ2KYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3BPRW1fOHpmZmk0c0wwYTRsTHVZUm5ZcGg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9kNDQ5N2EtMTFmMi00OWFjLWFlZjkt
NDNlNjdkNWQwYTg1LzEvcHVhb2hZeGhHbFJfb2pFeHVKU0JnSnA1OEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9kNDQ5N2EtMTFmMi00OWFjLWFlZjktNDNlNjdkNWQwYTg1
LzEvR3BPRW1fOHpmZmk0c0wwYTRsTHVZUm5ZcGg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8gyMA0G
CSqGSIb3DQEBCwUAA4IBAQAoAMlvGCtf4z2vZjeeCw4diK9UzgYd7fGG3YHJKH5t
49kzJbdt3q3R9sSV3GAlaltI/K/2LJpV5mrfK/LZo1VbGplRqUjH4/oYe1mbi7/8
WjLDTlF2KZus7QYHzY4dwUbd6oPgiCnFRwKhX4bK9QL7Sgx7+7cJkUH76OgGn5TN
cuqu9vpKwAqSXOGWyQKv1pHsz3s0vYblbH1HELwx2XZQgrLr8Ya1G3WzPcu0JkmT
93FMNBhE+EjpP7lU39C3hXyT0h13eAaZg18vIKx/Gcr5w+Q2f4it4cXqEGnpyQBO
anDS+OH2QturYO/WAL2mySHON+znr5dyW13f8XOM7utT
-----END CERTIFICATE-----