Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tE9u9DLgUUeuV-QjhsjROMhAbbQ.roa
File:                     tE9u9DLgUUeuV-QjhsjROMhAbbQ.roa (raw, json)
Hash identifier:          iKTneXKjHtysmSnZnA7pxSZ1x/IMBsKa1Tlw1w9oLoc=
Subject key identifier:   B4:4F:6E:F4:32:E0:51:47:AE:57:E4:23:86:C8:D1:38:C8:40:6D:B4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019428247057D9CDE82BB48153EE5A1200F8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tE9u9DLgUUeuV-QjhsjROMhAbbQ.roa
Signing time:             Thu 02 Jan 2025 17:51:04 +0000
ROA not before:           Thu 02 Jan 2025 17:51:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34295
IP address blocks:        2.58.92.0/24 maxlen: 32
                          91.92.68.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:70:57:d9:cd:e8:2b:b4:81:53:ee:5a:12:00:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b44f6ef432e05147ae57e42386c8d138c8406db4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:52:1d:5a:f6:f8:cb:1b:d9:54:79:e8:02:5c:
                    ab:3f:85:b1:18:2c:35:d2:f7:7f:b4:7e:9d:c0:9c:
                    35:d2:99:3d:de:1b:3c:db:83:f3:d0:6e:89:8f:ca:
                    37:15:1a:b8:32:6e:6c:d3:43:31:47:91:4c:c8:de:
                    fc:f6:d3:2e:f4:bd:ea:a1:a4:97:6f:97:22:a2:55:
                    0e:5c:ce:7d:99:45:2e:f3:be:97:83:fd:5e:60:06:
                    bf:e6:2a:02:7e:fa:5b:21:91:74:48:1b:ac:9d:b4:
                    8e:4e:0d:15:4d:03:50:2c:1a:2a:60:14:8c:9a:20:
                    b1:1a:21:12:72:bc:2c:3d:0b:a1:ec:ff:4d:21:f1:
                    e9:9f:b3:6a:ec:06:0b:7b:92:9f:91:ec:9b:15:30:
                    c0:de:a9:02:c8:3c:3e:90:fa:34:3a:e3:30:e4:c2:
                    53:96:08:92:ea:57:bf:b3:0d:c6:b7:88:24:4c:70:
                    88:e1:ba:64:72:6a:14:86:48:77:cd:6e:22:b5:d2:
                    47:bb:83:34:14:8f:18:c2:4a:e0:49:21:07:17:b6:
                    38:07:11:35:5d:a8:fd:16:71:30:61:e2:ec:a4:d1:
                    88:b1:66:22:ad:f9:34:dc:92:36:01:79:18:69:78:
                    9d:09:f0:15:66:22:fd:b0:68:66:db:78:ed:ef:84:
                    8c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:4F:6E:F4:32:E0:51:47:AE:57:E4:23:86:C8:D1:38:C8:40:6D:B4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tE9u9DLgUUeuV-QjhsjROMhAbbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.92.0/24
                  91.92.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:c2:a8:97:11:8b:a1:14:6d:03:c7:38:4a:99:34:31:ce:61:
         61:89:cc:ef:62:ba:92:bb:e5:d5:07:b3:41:17:62:2b:65:18:
         79:9f:64:41:d7:e0:dc:b0:18:bc:bd:b0:69:fc:7b:ec:df:cf:
         32:0c:71:e2:2a:95:bf:c5:25:fe:4c:0c:ae:fc:5d:ee:65:03:
         97:44:92:b4:2e:9d:3c:b9:66:78:8d:ae:81:05:57:4a:ea:4d:
         5b:c9:40:99:0a:e2:e1:f0:64:3c:e2:fa:12:c9:38:8e:87:b5:
         00:2c:07:49:04:f1:25:37:f4:dd:b9:82:e7:75:ea:6b:e6:62:
         c9:a6:31:b6:fd:bd:5d:e6:30:ce:34:b2:22:1f:4a:a8:46:45:
         ad:cf:22:c3:b1:e4:5e:7d:28:1d:c8:82:fd:61:68:0d:1c:11:
         fc:e6:08:8d:1d:8b:38:c4:9c:ce:9f:8e:ba:61:1e:de:14:fa:
         40:fd:f8:de:da:86:50:74:92:ca:0b:6f:a8:7b:79:be:97:b5:
         2e:2c:d1:9e:40:88:4b:56:34:43:e2:6c:8a:7a:68:9d:f0:32:
         17:d9:96:df:d5:2d:5e:ff:1c:9f:26:42:2b:96:01:07:58:7c:
         ef:d8:f5:10:68:09:a4:10:cd:06:da:cb:8c:95:6e:12:fe:b3:
         96:42:9b:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJHBX2c3oK7SBU+5aEgD4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDRmNmVmNDMyZTA1MTQ3YWU1N2U0MjM4NmM4ZDEzOGM4NDA2ZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilIdWvb4yxvZVHnoAlyrP4WxGCw1
0vd/tH6dwJw10pk93hs824Pz0G6Jj8o3FRq4Mm5s00MxR5FMyN789tMu9L3qoaSX
b5ciolUOXM59mUUu876Xg/1eYAa/5ioCfvpbIZF0SBusnbSOTg0VTQNQLBoqYBSM
miCxGiEScrwsPQuh7P9NIfHpn7Nq7AYLe5KfkeybFTDA3qkCyDw+kPo0OuMw5MJT
lgiS6le/sw3Gt4gkTHCI4bpkcmoUhkh3zW4itdJHu4M0FI8YwkrgSSEHF7Y4BxE1
Xaj9FnEwYeLspNGIsWYirfk03JI2AXkYaXidCfAVZiL9sGhm23jt74SM3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLRPbvQy4FFHrlfkI4bI0TjIQG20MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdEU5dTlETGdVVWV1Vi1RamhzalJPTWhBYmJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjpcAwQB
W1xEMA0GCSqGSIb3DQEBCwUAA4IBAQCowqiXEYuhFG0DxzhKmTQxzmFhiczvYrqS
u+XVB7NBF2IrZRh5n2RB1+DcsBi8vbBp/Hvs388yDHHiKpW/xSX+TAyu/F3uZQOX
RJK0Lp08uWZ4ja6BBVdK6k1byUCZCuLh8GQ84voSyTiOh7UALAdJBPElN/TduYLn
depr5mLJpjG2/b1d5jDONLIiH0qoRkWtzyLDseRefSgdyIL9YWgNHBH85giNHYs4
xJzOn466YR7eFPpA/fje2oZQdJLKC2+oe3m+l7UuLNGeQIhLVjRD4myKemid8DIX
2Zbf1S1e/xyfJkIrlgEHWHzv2PUQaAmkEM0G2suMlW4S/rOWQpsB
-----END CERTIFICATE-----