Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/40b2a9-b2c7-4223-8848-0d2e4205686f/1/R2qc8xIB7ETeFtMUELFMOTQfjZ4.roa
File:                     R2qc8xIB7ETeFtMUELFMOTQfjZ4.roa (raw, json)
Hash identifier:          BfeJlxl1OQPY3ScyZzCp1zSxOdUPgq5TTtPThWNATH0=
Subject key identifier:   47:6A:9C:F3:12:01:EC:44:DE:16:D3:14:10:B1:4C:39:34:1F:8D:9E
Certificate issuer:       /CN=ebb5256fe3e07302ab7327b747b8df38245c4edf
Certificate serial:       019623CCE2B71215B4EA6D691A2A058AE986
Authority key identifier: EB:B5:25:6F:E3:E0:73:02:AB:73:27:B7:47:B8:DF:38:24:5C:4E:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/67Ulb-PgcwKrcye3R7jfOCRcTt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/40b2a9-b2c7-4223-8848-0d2e4205686f/1/R2qc8xIB7ETeFtMUELFMOTQfjZ4.roa
Signing time:             Fri 11 Apr 2025 07:42:32 +0000
ROA not before:           Fri 11 Apr 2025 07:42:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     719
IP address blocks:        91.235.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/40b2a9-b2c7-4223-8848-0d2e4205686f/1/67Ulb-PgcwKrcye3R7jfOCRcTt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/40b2a9-b2c7-4223-8848-0d2e4205686f/1/67Ulb-PgcwKrcye3R7jfOCRcTt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/67Ulb-PgcwKrcye3R7jfOCRcTt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:23:cc:e2:b7:12:15:b4:ea:6d:69:1a:2a:05:8a:e9:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebb5256fe3e07302ab7327b747b8df38245c4edf
        Validity
            Not Before: Apr 11 07:42:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=476a9cf31201ec44de16d31410b14c39341f8d9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6c:a8:82:b5:dd:f3:b1:80:a3:c0:dd:31:d3:
                    c6:f0:8a:aa:dd:0f:c0:ba:10:b4:ad:d7:07:b7:a1:
                    68:fa:08:e2:b6:93:05:28:74:a2:65:6f:e5:2a:97:
                    20:34:ec:36:b8:78:64:b6:15:bb:36:1a:e4:d3:32:
                    9b:f2:f7:55:20:d0:1a:0a:24:ea:c5:e0:94:cd:3f:
                    4e:a3:d9:67:6d:6d:4f:69:12:57:d7:a2:7e:09:57:
                    3d:41:67:4c:90:eb:c0:9e:d7:15:6f:fd:9d:37:c6:
                    c2:8a:fd:e6:99:e4:b7:f4:60:af:7f:74:3a:29:70:
                    03:25:b4:54:fc:f6:3e:4c:91:a2:13:dd:df:7c:9d:
                    61:6a:4e:a7:cc:08:63:12:dc:78:69:42:9a:48:ee:
                    36:b9:68:13:3c:6f:24:4a:23:9e:8e:46:c2:cc:c2:
                    cb:b4:26:ca:f9:e8:4d:1d:3c:eb:c0:1b:b9:98:cb:
                    1b:79:80:a6:1a:16:8f:95:ae:36:60:29:5b:36:97:
                    7d:f4:96:50:4c:44:7b:56:d6:57:23:1a:87:bb:c6:
                    f5:d3:13:2d:c6:c0:10:21:73:f4:5b:a7:f4:18:0a:
                    91:3a:2f:0b:de:82:29:57:0f:07:28:16:c1:28:8b:
                    90:9b:16:cc:14:e1:28:a9:34:4d:7e:d1:d8:72:25:
                    7d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:6A:9C:F3:12:01:EC:44:DE:16:D3:14:10:B1:4C:39:34:1F:8D:9E
            X509v3 Authority Key Identifier:
                keyid:EB:B5:25:6F:E3:E0:73:02:AB:73:27:B7:47:B8:DF:38:24:5C:4E:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/67Ulb-PgcwKrcye3R7jfOCRcTt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/40b2a9-b2c7-4223-8848-0d2e4205686f/1/R2qc8xIB7ETeFtMUELFMOTQfjZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/40b2a9-b2c7-4223-8848-0d2e4205686f/1/67Ulb-PgcwKrcye3R7jfOCRcTt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:27:75:f0:27:27:52:d9:c2:bc:11:84:85:ef:6c:c1:50:b4:
         57:76:7e:64:31:7d:42:e4:10:72:0b:f6:37:d1:42:49:20:b7:
         e4:36:95:d3:e6:4d:ad:a4:11:c7:b4:b7:f7:4b:61:d7:d4:e7:
         d8:2e:84:41:d3:fc:5b:5f:3b:38:80:fa:3f:65:4a:f2:f9:41:
         35:0d:0a:ba:0f:fa:4d:19:08:a7:2a:38:bf:20:8a:fd:36:34:
         6a:27:57:24:64:b3:ff:fb:61:c2:fc:74:63:2f:36:18:b0:7b:
         36:77:98:8a:6e:49:15:16:2a:a9:5d:3c:c0:a3:d0:c1:7b:70:
         8a:8e:32:02:c3:15:62:ec:8c:1e:18:17:ca:47:7c:b8:a7:ae:
         bc:93:3a:47:44:bc:3d:a0:cc:e3:ce:02:8f:ea:75:de:25:89:
         e2:53:b9:ad:1b:b2:95:9a:2d:5d:cb:eb:e8:d9:c9:ae:34:5a:
         98:30:2d:a4:58:37:43:07:da:21:03:79:0b:bc:15:b3:74:33:
         1f:ba:83:73:ce:69:72:87:02:39:aa:14:8b:03:ce:d7:f3:b0:
         6d:f3:13:79:04:89:0f:ba:31:40:94:34:00:03:85:66:d0:8c:
         cd:68:fa:3c:17:00:88:f5:cc:30:02:38:4d:d2:61:39:bc:c6:
         b7:e4:25:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYjzOK3EhW06m1pGioFiumGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYjUyNTZmZTNlMDczMDJhYjczMjdiNzQ3YjhkZjM4MjQ1
YzRlZGYwHhcNMjUwNDExMDc0MjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzZhOWNmMzEyMDFlYzQ0ZGUxNmQzMTQxMGIxNGMzOTM0MWY4ZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGyogrXd87GAo8DdMdPG8Iqq3Q/A
uhC0rdcHt6Fo+gjitpMFKHSiZW/lKpcgNOw2uHhkthW7Nhrk0zKb8vdVINAaCiTq
xeCUzT9Oo9lnbW1PaRJX16J+CVc9QWdMkOvAntcVb/2dN8bCiv3mmeS39GCvf3Q6
KXADJbRU/PY+TJGiE93ffJ1hak6nzAhjEtx4aUKaSO42uWgTPG8kSiOejkbCzMLL
tCbK+ehNHTzrwBu5mMsbeYCmGhaPla42YClbNpd99JZQTER7VtZXIxqHu8b10xMt
xsAQIXP0W6f0GAqROi8L3oIpVw8HKBbBKIuQmxbMFOEoqTRNftHYciV9QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdqnPMSAexE3hbTFBCxTDk0H42eMB8GA1UdIwQY
MBaAFOu1JW/j4HMCq3Mnt0e43zgkXE7fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjdVbGItUGdjd0tyY3llM1I3amZPQ1JjVHQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS80MGIyYTktYjJjNy00MjIzLTg4NDgt
MGQyZTQyMDU2ODZmLzEvUjJxYzh4SUI3RVRlRnRNVUVMRk1PVFFmalo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS80MGIyYTktYjJjNy00MjIzLTg4NDgtMGQyZTQyMDU2ODZm
LzEvNjdVbGItUGdjd0tyY3llM1I3amZPQ1JjVHQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+vXMA0G
CSqGSIb3DQEBCwUAA4IBAQCQJ3XwJydS2cK8EYSF72zBULRXdn5kMX1C5BByC/Y3
0UJJILfkNpXT5k2tpBHHtLf3S2HX1OfYLoRB0/xbXzs4gPo/ZUry+UE1DQq6D/pN
GQinKji/IIr9NjRqJ1ckZLP/+2HC/HRjLzYYsHs2d5iKbkkVFiqpXTzAo9DBe3CK
jjICwxVi7IweGBfKR3y4p668kzpHRLw9oMzjzgKP6nXeJYniU7mtG7KVmi1dy+vo
2cmuNFqYMC2kWDdDB9ohA3kLvBWzdDMfuoNzzmlyhwI5qhSLA87X87Bt8xN5BIkP
ujFAlDQAA4Vm0IzNaPo8FwCI9cwwAjhN0mE5vMa35CVD
-----END CERTIFICATE-----