Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/mTa0tBmnc-EZQRSpAfUf53n7dTc.roa
File:                     mTa0tBmnc-EZQRSpAfUf53n7dTc.roa (raw, json)
Hash identifier:          1CRclX1Yx0St5CAEJDWGoq4O3N6WotLgVbncs/lahzE=
Subject key identifier:   99:36:B4:B4:19:A7:73:E1:19:41:14:A9:01:F5:1F:E7:79:FB:75:37
Certificate issuer:       /CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
Certificate serial:       0194236969BABBB79F3121F5FDAFEC865F34
Authority key identifier: F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/mTa0tBmnc-EZQRSpAfUf53n7dTc.roa
Signing time:             Wed 01 Jan 2025 19:48:18 +0000
ROA not before:           Wed 01 Jan 2025 19:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        91.192.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:69:ba:bb:b7:9f:31:21:f5:fd:af:ec:86:5f:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
        Validity
            Not Before: Jan  1 19:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9936b4b419a773e1194114a901f51fe779fb7537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:99:9e:7d:80:6b:ec:e6:4b:f6:af:b8:c0:e7:
                    0b:97:59:3e:46:c3:44:fb:12:1b:c9:6b:59:a2:08:
                    3f:1f:60:90:38:f8:f4:62:07:a4:d7:b7:b3:f1:cd:
                    35:27:45:e6:2a:4f:63:93:f6:23:c2:61:46:f7:0d:
                    ae:a9:4d:25:5e:69:08:87:04:51:6f:ef:18:f1:28:
                    88:d3:d9:87:17:34:2d:00:01:91:ba:7c:ec:b1:42:
                    84:3e:86:f2:d4:24:d9:80:99:c1:fe:72:26:37:04:
                    13:d5:fc:e6:12:a8:fe:a5:3f:b2:fa:77:64:7d:0e:
                    2f:26:01:7d:33:92:3d:aa:8e:7c:cb:a8:8b:c0:de:
                    26:49:17:61:71:de:bc:6e:a9:6a:f7:7c:ca:58:92:
                    66:3d:65:83:f5:e9:df:cb:76:e9:52:95:da:67:72:
                    23:b7:bd:b1:a3:99:5f:44:63:73:83:89:3d:3d:ba:
                    70:49:c8:0c:76:19:c3:6e:b3:23:38:61:50:43:ba:
                    33:bb:e3:cb:0d:1a:de:f1:d9:f8:d5:e3:37:82:15:
                    42:a8:35:08:fd:a7:f2:43:88:d8:5a:64:6e:91:0d:
                    ba:70:05:08:d2:70:be:87:bd:18:74:10:b5:ce:5f:
                    8f:6b:ee:73:31:40:d0:93:38:65:96:0d:59:32:9f:
                    02:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:36:B4:B4:19:A7:73:E1:19:41:14:A9:01:F5:1F:E7:79:FB:75:37
            X509v3 Authority Key Identifier:
                keyid:F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/mTa0tBmnc-EZQRSpAfUf53n7dTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:43:9f:ec:69:d6:a5:ce:9d:5d:e9:e0:8b:92:12:ba:16:1f:
         8a:49:b2:4d:d7:a8:be:8e:57:ac:41:0d:8b:e4:25:5c:e3:7e:
         83:d6:3f:fc:cf:bb:bf:36:0d:11:55:65:5b:8a:bf:24:e0:ad:
         20:2e:61:a2:5b:17:7d:30:27:4d:84:a6:91:35:9a:a3:b0:73:
         f4:1d:9c:93:84:8e:fb:fb:4d:8c:c6:c9:ad:b9:de:12:29:c6:
         5f:41:23:c8:3c:b2:2b:fc:25:5e:5d:1c:b5:d8:0a:fc:ca:0e:
         a3:e0:2d:fe:35:df:c5:f8:aa:0e:79:45:3c:8a:0e:a0:f0:52:
         0f:06:8a:31:a0:e0:bd:a7:32:e8:e8:6a:a9:98:f4:1d:01:e2:
         26:58:45:30:87:01:82:61:e7:92:42:79:47:30:b2:0e:28:1f:
         36:d4:cb:25:68:48:a0:ac:35:32:ea:d4:a4:63:c8:60:fa:97:
         48:f6:b0:bc:25:8e:7d:e1:37:11:b0:6a:49:ca:7b:58:84:d0:
         f5:a5:3f:c9:51:71:56:15:30:aa:d4:c2:5c:a3:12:ed:9a:30:
         ed:5f:97:1c:0c:b3:25:78:96:c5:c7:ac:9b:48:94:80:79:e9:
         39:f9:f1:bd:a7:ba:f9:a6:ce:cc:bd:e3:eb:c1:1c:db:a2:f2:
         aa:1e:cf:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaWm6u7efMSH1/a/shl80MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0NDBlNWViYTJmOGJmYzhmZThmZTU2Y2M4OGE0Mjg5NjUy
MzkwYmEwHhcNMjUwMTAxMTk0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTM2YjRiNDE5YTc3M2UxMTk0MTE0YTkwMWY1MWZlNzc5ZmI3NTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5mefYBr7OZL9q+4wOcLl1k+RsNE
+xIbyWtZogg/H2CQOPj0Ygek17ez8c01J0XmKk9jk/YjwmFG9w2uqU0lXmkIhwRR
b+8Y8SiI09mHFzQtAAGRunzssUKEPoby1CTZgJnB/nImNwQT1fzmEqj+pT+y+ndk
fQ4vJgF9M5I9qo58y6iLwN4mSRdhcd68bqlq93zKWJJmPWWD9enfy3bpUpXaZ3Ij
t72xo5lfRGNzg4k9PbpwScgMdhnDbrMjOGFQQ7ozu+PLDRre8dn41eM3ghVCqDUI
/afyQ4jYWmRukQ26cAUI0nC+h70YdBC1zl+Pa+5zMUDQkzhllg1ZMp8C2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJk2tLQZp3PhGUEUqQH1H+d5+3U3MB8GA1UdIwQY
MBaAFPRA5eui+L/I/o/lbMiKQollI5C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2Yt
MDBiOTJjMWMxZWY0LzEvbVRhMHRCbW5jLUVaUVJTcEFmVWY1M243ZFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2YtMDBiOTJjMWMxZWY0
LzEvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8DwMA0G
CSqGSIb3DQEBCwUAA4IBAQAiQ5/sadalzp1d6eCLkhK6Fh+KSbJN16i+jlesQQ2L
5CVc436D1j/8z7u/Ng0RVWVbir8k4K0gLmGiWxd9MCdNhKaRNZqjsHP0HZyThI77
+02Mxsmtud4SKcZfQSPIPLIr/CVeXRy12Ar8yg6j4C3+Nd/F+KoOeUU8ig6g8FIP
BooxoOC9pzLo6GqpmPQdAeImWEUwhwGCYeeSQnlHMLIOKB821MslaEigrDUy6tSk
Y8hg+pdI9rC8JY594TcRsGpJyntYhND1pT/JUXFWFTCq1MJcoxLtmjDtX5ccDLMl
eJbFx6ybSJSAeek5+fG9p7r5ps7MvePrwRzbovKqHs9c
-----END CERTIFICATE-----