Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/kb1hhl4VhznPe9ar0pe3UEE3K-I.roa
File:                     kb1hhl4VhznPe9ar0pe3UEE3K-I.roa (raw, json)
Hash identifier:          smgbn2o+yW8NSkrB4nhx/ecIptLt+NRlqrEvEJN1ma8=
Subject key identifier:   91:BD:61:86:5E:15:87:39:CF:7B:D6:AB:D2:97:B7:50:41:37:2B:E2
Certificate issuer:       /CN=770d35d7566ee7246e4d2133cbde48a774423c77
Certificate serial:       0194266C3F4828E33DE27A89491B83EC3E06
Authority key identifier: 77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/kb1hhl4VhznPe9ar0pe3UEE3K-I.roa
Signing time:             Thu 02 Jan 2025 09:50:15 +0000
ROA not before:           Thu 02 Jan 2025 09:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61175
IP address blocks:        193.27.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:3f:48:28:e3:3d:e2:7a:89:49:1b:83:ec:3e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=770d35d7566ee7246e4d2133cbde48a774423c77
        Validity
            Not Before: Jan  2 09:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91bd61865e158739cf7bd6abd297b75041372be2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f2:37:10:c7:a5:7c:19:71:d4:b4:1a:13:4d:
                    d0:04:4f:38:17:ed:83:b6:52:c1:81:b0:ec:7e:2e:
                    80:9d:2b:d0:5b:3f:08:82:97:78:fb:0f:07:97:2d:
                    96:58:9c:54:e0:7f:e1:88:e4:19:c8:1e:5f:ed:aa:
                    06:d8:a2:24:fa:64:90:e6:e1:c2:27:56:8e:34:1e:
                    d5:07:32:2d:d7:b2:e6:e1:3b:81:30:3d:a9:8d:91:
                    fc:28:63:36:81:57:b1:be:b5:46:32:09:78:1c:c2:
                    fd:54:d3:9e:ef:1d:d1:e8:91:57:1c:0f:32:9a:85:
                    fc:01:9a:8c:7c:27:af:97:7e:4b:cd:0f:5d:f2:18:
                    7f:28:3a:9b:01:18:11:d9:c0:cc:29:5d:5e:cb:74:
                    ac:f6:0f:9a:9f:45:a2:1e:e7:8f:a8:47:42:b4:be:
                    04:e6:d0:1c:09:45:4e:f7:99:9c:46:ca:0b:d5:19:
                    6a:43:aa:26:54:d7:00:12:fd:3c:e2:23:65:bc:7f:
                    b9:11:3b:cb:85:51:9e:72:aa:d8:86:46:14:92:f0:
                    ac:cd:51:48:f4:b2:7b:d8:5f:17:6b:4d:62:a6:bf:
                    90:8e:d4:ed:a0:4f:5d:34:2a:96:b0:77:9a:ea:9c:
                    b6:04:0c:78:1f:f0:75:cb:81:34:cc:eb:e3:bd:a3:
                    63:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:BD:61:86:5E:15:87:39:CF:7B:D6:AB:D2:97:B7:50:41:37:2B:E2
            X509v3 Authority Key Identifier:
                keyid:77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/kb1hhl4VhznPe9ar0pe3UEE3K-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:71:df:9f:91:2c:a1:40:4f:3b:ab:14:4f:cb:f7:fe:a5:fa:
         66:9a:28:6c:76:01:db:6b:61:0b:b3:4f:45:cf:93:3a:9c:46:
         dd:24:88:b1:22:cf:13:af:bc:6b:cb:e7:a0:c7:3c:d4:4d:58:
         f8:d0:90:26:ee:cc:b2:12:55:9f:51:07:a3:d2:fe:d2:f7:79:
         d2:82:f1:4e:40:eb:2e:c8:b6:d1:24:8a:3f:de:7c:6c:be:ef:
         50:cd:05:65:ca:f0:06:c2:18:98:25:b9:d3:52:2c:81:3e:bd:
         0a:e1:0c:b4:49:7a:f6:1c:9d:d1:60:58:da:af:63:49:5e:0e:
         c1:08:c4:0f:0f:e1:84:1b:50:a7:c6:f8:6a:37:95:95:e5:80:
         47:c4:22:78:a9:2b:6b:04:c9:bf:b0:27:85:b9:f3:6d:54:38:
         b8:ad:6e:c4:cf:06:67:1d:10:f5:eb:2a:a1:1e:4d:4a:04:5f:
         90:82:b7:da:f5:07:6f:36:74:e0:3a:6c:96:31:94:41:4b:f5:
         57:d2:1e:59:dc:ad:71:d5:88:dc:85:d5:5c:dd:aa:a7:c1:da:
         7c:36:79:bb:8a:3d:5b:48:d9:0f:8c:e5:d1:00:99:21:4a:2c:
         64:8b:81:34:72:c6:9f:c7:b2:20:b1:7f:58:ef:53:3d:5e:d9:
         78:44:61:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbD9IKOM94nqJSRuD7D4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MGQzNWQ3NTY2ZWU3MjQ2ZTRkMjEzM2NiZGU0OGE3NzQ0
MjNjNzcwHhcNMjUwMTAyMDk1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWJkNjE4NjVlMTU4NzM5Y2Y3YmQ2YWJkMjk3Yjc1MDQxMzcyYmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPI3EMelfBlx1LQaE03QBE84F+2D
tlLBgbDsfi6AnSvQWz8Igpd4+w8Hly2WWJxU4H/hiOQZyB5f7aoG2KIk+mSQ5uHC
J1aONB7VBzIt17Lm4TuBMD2pjZH8KGM2gVexvrVGMgl4HML9VNOe7x3R6JFXHA8y
moX8AZqMfCevl35LzQ9d8hh/KDqbARgR2cDMKV1ey3Ss9g+an0WiHuePqEdCtL4E
5tAcCUVO95mcRsoL1RlqQ6omVNcAEv084iNlvH+5ETvLhVGecqrYhkYUkvCszVFI
9LJ72F8Xa01ipr+QjtTtoE9dNCqWsHea6py2BAx4H/B1y4E0zOvjvaNjwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJG9YYZeFYc5z3vWq9KXt1BBNyviMB8GA1UdIwQY
MBaAFHcNNddWbuckbk0hM8veSKd0Qjx3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQt
NTQ3NWRlNjAzY2QzLzEva2IxaGhsNFZoem5QZTlhcjBwZTNVRUUzSy1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQtNTQ3NWRlNjAzY2Qz
LzEvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRvlMA0G
CSqGSIb3DQEBCwUAA4IBAQBBcd+fkSyhQE87qxRPy/f+pfpmmihsdgHba2ELs09F
z5M6nEbdJIixIs8Tr7xry+egxzzUTVj40JAm7syyElWfUQej0v7S93nSgvFOQOsu
yLbRJIo/3nxsvu9QzQVlyvAGwhiYJbnTUiyBPr0K4Qy0SXr2HJ3RYFjar2NJXg7B
CMQPD+GEG1CnxvhqN5WV5YBHxCJ4qStrBMm/sCeFufNtVDi4rW7EzwZnHRD16yqh
Hk1KBF+Qgrfa9QdvNnTgOmyWMZRBS/VX0h5Z3K1x1YjchdVc3aqnwdp8Nnm7ij1b
SNkPjOXRAJkhSixki4E0csafx7IgsX9Y71M9Xtl4RGF9
-----END CERTIFICATE-----