Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/449ae6-5943-46d0-b00c-927b86356fa7/1/1-veQxSzqgnwuwyzarzzUI6GU1Vo.roa
File:                     1-veQxSzqgnwuwyzarzzUI6GU1Vo.roa (raw, json)
Hash identifier:          bIWGmao73L88A9Mc0bEmGHNF/q2XxTrM/cwuMLwX1wg=
Subject key identifier:   FA:F7:90:C5:2C:EA:82:7C:2E:C3:2C:DA:AF:3C:D4:23:A1:94:D5:5A
Certificate issuer:       /CN=1f1de936ff1784b78296b8bc4b4b0381b293ed10
Certificate serial:       019424B2620CB36F7220D8C155893438BE14
Authority key identifier: 1F:1D:E9:36:FF:17:84:B7:82:96:B8:BC:4B:4B:03:81:B2:93:ED:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx3pNv8XhLeClri8S0sDgbKT7RA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/449ae6-5943-46d0-b00c-927b86356fa7/1/1-veQxSzqgnwuwyzarzzUI6GU1Vo.roa
Signing time:             Thu 02 Jan 2025 01:47:37 +0000
ROA not before:           Thu 02 Jan 2025 01:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209913
IP address blocks:        91.199.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/449ae6-5943-46d0-b00c-927b86356fa7/1/Hx3pNv8XhLeClri8S0sDgbKT7RA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/449ae6-5943-46d0-b00c-927b86356fa7/1/Hx3pNv8XhLeClri8S0sDgbKT7RA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx3pNv8XhLeClri8S0sDgbKT7RA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:62:0c:b3:6f:72:20:d8:c1:55:89:34:38:be:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1de936ff1784b78296b8bc4b4b0381b293ed10
        Validity
            Not Before: Jan  2 01:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=faf790c52cea827c2ec32cdaaf3cd423a194d55a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f6:48:1d:9f:c6:ed:70:2f:90:bd:72:32:50:
                    c1:be:9e:fb:ab:12:01:7c:b8:d9:8f:11:c4:e1:19:
                    6b:99:21:13:b5:e5:16:e3:02:c0:44:56:df:00:81:
                    d9:74:6a:e7:24:e9:09:3e:17:1e:95:9e:78:e4:10:
                    f5:61:bb:65:16:be:a1:a0:f7:71:e3:e6:ef:bd:2f:
                    30:4f:57:53:0a:85:a3:89:d9:31:5d:b3:43:86:32:
                    f6:8b:08:21:7d:80:af:b0:a1:7b:19:63:c1:e7:0d:
                    17:13:f2:e8:a4:ce:88:ae:64:7f:60:21:2f:02:87:
                    0b:7a:2a:53:5f:f0:1f:ea:e4:96:d7:3c:ab:96:4a:
                    28:7e:45:ea:4c:a7:b1:bb:79:84:a5:bb:d0:62:18:
                    59:7b:1c:03:32:a5:1b:3c:84:74:f9:38:21:44:da:
                    76:23:60:ef:23:36:c1:44:d5:6a:4e:b8:78:c9:94:
                    e1:85:58:7d:0c:6d:8b:4e:e1:cf:bb:f9:2e:52:96:
                    41:ba:44:9a:8c:e4:db:66:88:3f:da:92:85:72:c0:
                    2b:26:f4:1b:4c:03:7e:7b:b9:e6:b0:28:ea:37:48:
                    39:da:ee:d8:65:49:ca:c8:5a:2f:01:40:fa:07:9f:
                    22:72:f1:ce:aa:d8:f5:f7:ae:ad:e1:a2:02:69:95:
                    ef:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:F7:90:C5:2C:EA:82:7C:2E:C3:2C:DA:AF:3C:D4:23:A1:94:D5:5A
            X509v3 Authority Key Identifier:
                keyid:1F:1D:E9:36:FF:17:84:B7:82:96:B8:BC:4B:4B:03:81:B2:93:ED:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx3pNv8XhLeClri8S0sDgbKT7RA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/449ae6-5943-46d0-b00c-927b86356fa7/1/1-veQxSzqgnwuwyzarzzUI6GU1Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/449ae6-5943-46d0-b00c-927b86356fa7/1/Hx3pNv8XhLeClri8S0sDgbKT7RA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:37:be:a2:df:e6:e2:45:2e:78:91:c3:8a:82:fe:0b:4e:cf:
         1f:d3:bb:86:3c:a4:5e:ba:1c:b4:ea:34:d6:3b:58:ea:82:50:
         bd:00:ea:01:ae:32:2b:78:39:e8:b4:4d:d1:b8:db:53:02:6f:
         cd:6c:8f:ce:a1:8f:9f:51:fa:8a:47:57:61:da:a7:46:d2:b1:
         53:ba:2e:9b:14:cf:66:83:60:2b:8f:a5:42:06:4c:21:ab:ac:
         12:65:64:bb:3f:6f:4c:7f:42:d2:1f:d2:31:f3:72:a3:5d:ee:
         bb:1a:90:94:14:aa:61:0f:b8:2f:22:a8:65:83:33:93:1e:32:
         2f:2e:25:67:bc:1f:05:6b:16:03:a8:e2:98:b4:0d:68:e4:ed:
         75:67:f0:21:e2:43:be:22:00:87:22:c4:37:29:52:33:c9:58:
         b0:4d:73:27:a9:ba:ba:70:83:03:1d:e4:41:10:df:1f:8e:9d:
         e4:ba:85:b6:c1:19:cb:7c:cc:99:0c:a4:26:5c:d1:d5:4a:e2:
         20:8b:5e:e9:86:cc:d3:d7:70:87:a0:d9:e2:a4:fc:4b:ee:7f:
         4d:dc:2c:17:b5:fe:10:d4:13:15:1b:fe:28:ae:18:be:95:47:
         ba:2f:4d:05:3a:a4:a1:93:9d:8e:f0:4c:a5:00:41:3c:40:ea:
         94:6b:47:66
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQksmIMs29yINjBVYk0OL4UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWRlOTM2ZmYxNzg0Yjc4Mjk2YjhiYzRiNGIwMzgxYjI5
M2VkMTAwHhcNMjUwMTAyMDE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWY3OTBjNTJjZWE4MjdjMmVjMzJjZGFhZjNjZDQyM2ExOTRkNTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPZIHZ/G7XAvkL1yMlDBvp77qxIB
fLjZjxHE4RlrmSETteUW4wLARFbfAIHZdGrnJOkJPhcelZ545BD1YbtlFr6hoPdx
4+bvvS8wT1dTCoWjidkxXbNDhjL2iwghfYCvsKF7GWPB5w0XE/LopM6IrmR/YCEv
AocLeipTX/Af6uSW1zyrlkoofkXqTKexu3mEpbvQYhhZexwDMqUbPIR0+TghRNp2
I2DvIzbBRNVqTrh4yZThhVh9DG2LTuHPu/kuUpZBukSajOTbZog/2pKFcsArJvQb
TAN+e7nmsCjqN0g52u7YZUnKyFovAUD6B58icvHOqtj1966t4aICaZXvLQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPr3kMUs6oJ8LsMs2q881COhlNVaMB8GA1UdIwQY
MBaAFB8d6Tb/F4S3gpa4vEtLA4Gyk+0QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHgzcE52OFhoTGVDbHJpOFMwc0RnYktUN1JBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi80NDlhZTYtNTk0My00NmQwLWIwMGMt
OTI3Yjg2MzU2ZmE3LzEvMS12ZVF4U3pxZ253dXd5emFyenpVSTZHVTFWby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzYvNDQ5YWU2LTU5NDMtNDZkMC1iMDBjLTkyN2I4NjM1NmZh
Ny8xL0h4M3BOdjhYaExlQ2xyaThTMHNEZ2JLVDdSQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvHujAN
BgkqhkiG9w0BAQsFAAOCAQEAODe+ot/m4kUueJHDioL+C07PH9O7hjykXroctOo0
1jtY6oJQvQDqAa4yK3g56LRN0bjbUwJvzWyPzqGPn1H6ikdXYdqnRtKxU7oumxTP
ZoNgK4+lQgZMIausEmVkuz9vTH9C0h/SMfNyo13uuxqQlBSqYQ+4LyKoZYMzkx4y
Ly4lZ7wfBWsWA6jimLQNaOTtdWfwIeJDviIAhyLENylSM8lYsE1zJ6m6unCDAx3k
QRDfH46d5LqFtsEZy3zMmQykJlzR1UriIIte6YbM09dwh6DZ4qT8S+5/TdwsF7X+
ENQTFRv+KK4YvpVHui9NBTqkoZOdjvBMpQBBPEDqlGtHZg==
-----END CERTIFICATE-----