Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/i5Z-UkQ8_GCMdTDvdRVzZJd1s3E.roa
File:                     i5Z-UkQ8_GCMdTDvdRVzZJd1s3E.roa (raw, json)
Hash identifier:          hFp0HQZXTf6e9rwGzdmb+2RH6Ma6X1h19nbiCrFmx6o=
Subject key identifier:   8B:96:7E:52:44:3C:FC:60:8C:75:30:EF:75:15:73:64:97:75:B3:71
Certificate issuer:       /CN=178c8f20c939aaa9c80cce6a0d1567183ca1c599
Certificate serial:       01942143FB1C65ABB1B2C6815776A53C1241
Authority key identifier: 17:8C:8F:20:C9:39:AA:A9:C8:0C:CE:6A:0D:15:67:18:3C:A1:C5:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/i5Z-UkQ8_GCMdTDvdRVzZJd1s3E.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35470
IP address blocks:        91.199.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fb:1c:65:ab:b1:b2:c6:81:57:76:a5:3c:12:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=178c8f20c939aaa9c80cce6a0d1567183ca1c599
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b967e52443cfc608c7530ef751573649775b371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:40:15:16:6e:ab:50:0e:70:8a:97:32:58:72:
                    5d:3a:5a:94:c4:58:79:34:c4:b1:88:ca:2c:ad:52:
                    20:33:60:d0:3a:56:7b:b5:57:2b:18:ca:82:34:ac:
                    18:ab:05:23:eb:f7:67:de:53:67:99:79:38:cc:f4:
                    6c:84:91:68:99:1d:b4:85:8d:f1:6f:53:51:36:2c:
                    3a:48:f5:76:3b:b9:ce:0b:67:67:c8:01:55:31:c2:
                    de:98:31:70:56:9a:57:40:b8:3a:74:94:76:06:c7:
                    59:15:52:44:80:cc:58:4b:49:77:52:f1:26:65:3f:
                    69:b0:73:6c:26:e4:2b:7e:b8:54:5b:77:78:1d:71:
                    c3:42:f1:f1:d3:30:20:c9:e0:c9:64:5f:6b:0e:18:
                    c9:e4:38:63:45:2b:5c:dd:6a:44:5b:d7:3d:63:03:
                    d5:fa:16:74:5e:28:95:0b:14:7a:cb:bc:24:5e:75:
                    e8:e7:f9:6d:36:6e:ec:33:52:9c:48:ab:9c:63:7e:
                    17:8a:20:8c:60:42:4d:ab:07:bf:66:34:88:23:50:
                    49:0b:4b:f2:be:19:90:b0:bf:49:50:02:62:6c:57:
                    1d:0b:32:fc:ab:dc:c8:28:60:0d:b8:e4:27:e9:e2:
                    19:a9:72:eb:62:15:03:a0:c3:4d:f7:d8:fd:f3:58:
                    63:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:96:7E:52:44:3C:FC:60:8C:75:30:EF:75:15:73:64:97:75:B3:71
            X509v3 Authority Key Identifier:
                keyid:17:8C:8F:20:C9:39:AA:A9:C8:0C:CE:6A:0D:15:67:18:3C:A1:C5:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/i5Z-UkQ8_GCMdTDvdRVzZJd1s3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:66:3b:65:4b:ad:1f:ef:54:9a:20:15:2f:23:ba:7f:a1:8e:
         cf:0d:ca:5b:71:02:4d:92:2f:51:21:1c:bb:93:63:9f:21:5a:
         05:58:f9:a4:27:b5:e5:b9:3f:c1:bf:d6:10:92:d6:34:af:a6:
         21:4f:24:e6:21:71:58:c6:8c:d4:5c:7a:56:a4:ec:76:60:df:
         d4:05:16:cf:dc:84:d0:23:03:e8:1d:18:ac:55:30:63:04:da:
         83:8b:cb:8e:e9:89:30:15:8e:10:30:fa:bf:94:59:6f:c5:d4:
         9d:4a:89:25:2c:e8:c0:52:55:db:89:e7:24:1c:a4:ff:10:14:
         23:c7:45:88:8f:e0:d2:15:ed:15:22:4c:6e:42:c2:d4:27:66:
         f8:64:a2:a4:94:55:da:b4:6d:62:f0:31:1d:08:bb:3e:a2:28:
         b5:a9:16:ed:91:43:cd:9a:2a:3a:b1:d7:1f:99:c1:72:88:bd:
         4c:33:0b:62:f6:dc:11:7e:6b:9a:55:47:5e:aa:8d:c6:67:81:
         1a:b5:80:85:ed:8d:12:9d:c8:e4:33:0b:1d:93:3a:b4:0f:23:
         d3:95:1a:8e:9d:c8:5e:4e:47:03:50:e7:28:7c:77:fe:4f:89:
         16:9e:ae:e8:8e:a7:6c:40:36:0c:81:19:e3:bf:e7:eb:4c:c8:
         58:a6:38:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/scZauxssaBV3alPBJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OGM4ZjIwYzkzOWFhYTljODBjY2U2YTBkMTU2NzE4M2Nh
MWM1OTkwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yjk2N2U1MjQ0M2NmYzYwOGM3NTMwZWY3NTE1NzM2NDk3NzViMzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEAVFm6rUA5wipcyWHJdOlqUxFh5
NMSxiMosrVIgM2DQOlZ7tVcrGMqCNKwYqwUj6/dn3lNnmXk4zPRshJFomR20hY3x
b1NRNiw6SPV2O7nOC2dnyAFVMcLemDFwVppXQLg6dJR2BsdZFVJEgMxYS0l3UvEm
ZT9psHNsJuQrfrhUW3d4HXHDQvHx0zAgyeDJZF9rDhjJ5DhjRStc3WpEW9c9YwPV
+hZ0XiiVCxR6y7wkXnXo5/ltNm7sM1KcSKucY34XiiCMYEJNqwe/ZjSII1BJC0vy
vhmQsL9JUAJibFcdCzL8q9zIKGANuOQn6eIZqXLrYhUDoMNN99j981hjFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuWflJEPPxgjHUw73UVc2SXdbNxMB8GA1UdIwQY
MBaAFBeMjyDJOaqpyAzOag0VZxg8ocWZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjR5UElNazVxcW5JRE01cURSVm5HRHloeFprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy83ZWRkOWEtZmI3Mi00M2Q3LWIyNTIt
NGNkMTFlOGI3NDk3LzEvaTVaLVVrUThfR0NNZFREdmRSVnpaSmQxczNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy83ZWRkOWEtZmI3Mi00M2Q3LWIyNTItNGNkMTFlOGI3NDk3
LzEvRjR5UElNazVxcW5JRE01cURSVm5HRHloeFprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8dKMA0G
CSqGSIb3DQEBCwUAA4IBAQAtZjtlS60f71SaIBUvI7p/oY7PDcpbcQJNki9RIRy7
k2OfIVoFWPmkJ7XluT/Bv9YQktY0r6YhTyTmIXFYxozUXHpWpOx2YN/UBRbP3ITQ
IwPoHRisVTBjBNqDi8uO6YkwFY4QMPq/lFlvxdSdSoklLOjAUlXbieckHKT/EBQj
x0WIj+DSFe0VIkxuQsLUJ2b4ZKKklFXatG1i8DEdCLs+oii1qRbtkUPNmio6sdcf
mcFyiL1MMwti9twRfmuaVUdeqo3GZ4EatYCF7Y0SncjkMwsdkzq0DyPTlRqOnche
TkcDUOcofHf+T4kWnq7ojqdsQDYMgRnjv+frTMhYpjhi
-----END CERTIFICATE-----