Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/558c39-7510-4b63-aa57-1e2230df0746/1/jtxnMC6eCVYwIh8IyueFT2QEZ64.roa
File:                     jtxnMC6eCVYwIh8IyueFT2QEZ64.roa (raw, json)
Hash identifier:          9ndfbLnfP9lol8NT3K6+lPqG6lGo+1E6jKyJb1FexVw=
Subject key identifier:   8E:DC:67:30:2E:9E:09:56:30:22:1F:08:CA:E7:85:4F:64:04:67:AE
Certificate issuer:       /CN=af758e88feaf8d67059dc8787a2e5f31a06ac1e9
Certificate serial:       01942143EF44790D6F0F983BB0A9A4558215
Authority key identifier: AF:75:8E:88:FE:AF:8D:67:05:9D:C8:78:7A:2E:5F:31:A0:6A:C1:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3WOiP6vjWcFnch4ei5fMaBqwek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/558c39-7510-4b63-aa57-1e2230df0746/1/jtxnMC6eCVYwIh8IyueFT2QEZ64.roa
Signing time:             Wed 01 Jan 2025 09:48:07 +0000
ROA not before:           Wed 01 Jan 2025 09:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35413
IP address blocks:        91.195.180.0/24 maxlen: 24
                          91.195.181.0/24 maxlen: 24
                          193.239.252.0/24 maxlen: 24
                          193.239.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/558c39-7510-4b63-aa57-1e2230df0746/1/r3WOiP6vjWcFnch4ei5fMaBqwek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/558c39-7510-4b63-aa57-1e2230df0746/1/r3WOiP6vjWcFnch4ei5fMaBqwek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3WOiP6vjWcFnch4ei5fMaBqwek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 18:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ef:44:79:0d:6f:0f:98:3b:b0:a9:a4:55:82:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af758e88feaf8d67059dc8787a2e5f31a06ac1e9
        Validity
            Not Before: Jan  1 09:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8edc67302e9e095630221f08cae7854f640467ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:dd:95:05:00:b6:c7:4a:02:b5:56:05:a6:d3:
                    ca:bd:18:f7:79:ab:e3:3d:6b:49:d6:e3:21:01:e2:
                    a7:0f:ac:5e:13:87:b9:1c:c7:13:8b:6d:d6:52:f9:
                    6c:6a:66:a1:0e:d7:dc:a9:d8:7e:ae:86:51:88:51:
                    4d:bd:9c:92:04:ed:b8:3d:70:1b:65:bd:30:97:ee:
                    f0:f7:d6:97:fc:9c:78:17:ea:06:61:06:28:2e:fe:
                    46:0d:89:a0:1e:1c:a2:59:bd:d8:f7:b2:cc:10:12:
                    b3:d5:6a:bc:25:10:ce:4b:fc:1e:3c:6f:fc:f1:1b:
                    cf:f2:21:77:82:e3:d8:63:72:d0:17:8f:02:93:22:
                    34:e4:df:48:72:e0:2e:f8:13:b2:8f:93:6a:29:4a:
                    fa:d6:67:18:73:29:bb:93:d2:49:0f:73:75:80:43:
                    07:1b:b9:b7:34:d7:73:cb:29:22:41:98:b6:a0:4f:
                    08:c8:58:d5:75:ae:64:c1:7e:22:51:40:c2:f2:53:
                    b1:a1:e1:1f:87:6c:65:07:20:2b:93:a3:4a:32:f1:
                    4f:96:8e:e9:33:f1:ca:c9:4b:58:e4:c2:2f:fe:90:
                    d9:c5:37:a2:21:34:50:43:10:fd:5f:95:09:50:d7:
                    f0:07:ae:82:26:2a:d7:fe:6c:4d:05:7d:d5:06:03:
                    f9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:DC:67:30:2E:9E:09:56:30:22:1F:08:CA:E7:85:4F:64:04:67:AE
            X509v3 Authority Key Identifier:
                keyid:AF:75:8E:88:FE:AF:8D:67:05:9D:C8:78:7A:2E:5F:31:A0:6A:C1:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3WOiP6vjWcFnch4ei5fMaBqwek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/558c39-7510-4b63-aa57-1e2230df0746/1/jtxnMC6eCVYwIh8IyueFT2QEZ64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/558c39-7510-4b63-aa57-1e2230df0746/1/r3WOiP6vjWcFnch4ei5fMaBqwek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.180.0/23
                  193.239.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:4d:e3:1b:9e:e3:2c:fb:af:0d:35:08:05:df:5f:3a:7d:e6:
         6d:a0:70:7c:9d:1e:42:5a:f0:c8:2e:f5:6e:3b:a7:51:8f:0d:
         be:72:f4:8a:1c:de:be:fa:a7:2b:ff:97:9e:5b:b7:6d:03:e6:
         15:2f:aa:4e:48:55:08:e5:2a:e5:92:67:5e:1a:05:29:bc:cb:
         85:88:eb:82:5e:7d:01:e3:96:f0:46:4f:2d:6a:3c:2f:39:16:
         26:d9:cd:17:92:e7:4a:77:da:a9:f6:47:ea:d1:7a:44:bd:3d:
         03:47:04:d4:50:42:f9:ab:f8:e1:65:c0:63:1f:30:0e:e5:3d:
         dd:ed:a1:90:47:7f:2c:7d:42:dc:df:da:d7:3d:9c:e9:a9:76:
         65:0d:0d:5c:49:6a:ca:4f:ee:cc:54:16:c2:95:73:4b:b0:a4:
         09:95:b9:8a:62:f6:e6:9a:77:3c:6b:94:cb:c0:ca:6b:4d:28:
         70:05:da:82:20:77:1f:50:a9:96:52:4e:99:46:aa:89:f7:96:
         20:df:c4:66:08:eb:f9:de:f5:8a:33:de:ac:c7:e5:41:46:6d:
         2f:4d:e1:7f:7f:14:de:54:cf:7d:ba:a9:a6:9e:d7:7d:d5:05:
         34:23:31:80:64:9c:a2:a5:3a:17:2a:38:e4:ee:2f:a6:0f:90:
         da:8b:98:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ+9EeQ1vD5g7sKmkVYIVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzU4ZTg4ZmVhZjhkNjcwNTlkYzg3ODdhMmU1ZjMxYTA2
YWMxZTkwHhcNMjUwMTAxMDk0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWRjNjczMDJlOWUwOTU2MzAyMjFmMDhjYWU3ODU0ZjY0MDQ2N2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAud2VBQC2x0oCtVYFptPKvRj3eavj
PWtJ1uMhAeKnD6xeE4e5HMcTi23WUvlsamahDtfcqdh+roZRiFFNvZySBO24PXAb
Zb0wl+7w99aX/Jx4F+oGYQYoLv5GDYmgHhyiWb3Y97LMEBKz1Wq8JRDOS/wePG/8
8RvP8iF3guPYY3LQF48CkyI05N9IcuAu+BOyj5NqKUr61mcYcym7k9JJD3N1gEMH
G7m3NNdzyykiQZi2oE8IyFjVda5kwX4iUUDC8lOxoeEfh2xlByArk6NKMvFPlo7p
M/HKyUtY5MIv/pDZxTeiITRQQxD9X5UJUNfwB66CJirX/mxNBX3VBgP5NQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI7cZzAunglWMCIfCMrnhU9kBGeuMB8GA1UdIwQY
MBaAFK91joj+r41nBZ3IeHouXzGgasHpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNXT2lQNnZqV2NGbmNoNGVpNWZNYUJxd2VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS81NThjMzktNzUxMC00YjYzLWFhNTct
MWUyMjMwZGYwNzQ2LzEvanR4bk1DNmVDVll3SWg4SXl1ZUZUMlFFWjY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS81NThjMzktNzUxMC00YjYzLWFhNTctMWUyMjMwZGYwNzQ2
LzEvcjNXT2lQNnZqV2NGbmNoNGVpNWZNYUJxd2VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8O0AwQB
we/8MA0GCSqGSIb3DQEBCwUAA4IBAQBvTeMbnuMs+68NNQgF3186feZtoHB8nR5C
WvDILvVuO6dRjw2+cvSKHN6++qcr/5eeW7dtA+YVL6pOSFUI5SrlkmdeGgUpvMuF
iOuCXn0B45bwRk8tajwvORYm2c0XkudKd9qp9kfq0XpEvT0DRwTUUEL5q/jhZcBj
HzAO5T3d7aGQR38sfULc39rXPZzpqXZlDQ1cSWrKT+7MVBbClXNLsKQJlbmKYvbm
mnc8a5TLwMprTShwBdqCIHcfUKmWUk6ZRqqJ95Yg38RmCOv53vWKM96sx+VBRm0v
TeF/fxTeVM99uqmmntd91QU0IzGAZJyipToXKjjk7i+mD5Dai5jy
-----END CERTIFICATE-----