Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/2x0oIHlLniQgJ8wCGF91u-VP36U.roa
File:                     2x0oIHlLniQgJ8wCGF91u-VP36U.roa (raw, json)
Hash identifier:          hTRJW3J22JabEFrfjLPUALfCkvH53/llK6Ms4YgJ720=
Subject key identifier:   DB:1D:28:20:79:4B:9E:24:20:27:CC:02:18:5F:75:BB:E5:4F:DF:A5
Certificate issuer:       /CN=5ac8f68ac415059d56d1938c375a5986a6fff4b1
Certificate serial:       019422FB7451508A2841EB71F018A2A074B5
Authority key identifier: 5A:C8:F6:8A:C4:15:05:9D:56:D1:93:8C:37:5A:59:86:A6:FF:F4:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/2x0oIHlLniQgJ8wCGF91u-VP36U.roa
Signing time:             Wed 01 Jan 2025 17:48:12 +0000
ROA not before:           Wed 01 Jan 2025 17:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196731
IP address blocks:        91.212.87.0/24 maxlen: 24
                          2001:67c:db0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:74:51:50:8a:28:41:eb:71:f0:18:a2:a0:74:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ac8f68ac415059d56d1938c375a5986a6fff4b1
        Validity
            Not Before: Jan  1 17:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db1d2820794b9e242027cc02185f75bbe54fdfa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:47:9b:2f:8c:56:02:f0:90:c3:22:cf:ac:e4:
                    e6:40:9e:93:e9:2a:d1:1b:95:65:5b:af:db:29:a7:
                    64:20:29:b9:72:ac:70:61:4e:6e:45:66:c2:27:d6:
                    a4:a7:6c:20:6d:4a:68:a4:b6:84:33:16:89:63:fd:
                    d3:89:24:f2:36:65:f9:58:cc:ee:65:05:48:4d:67:
                    e2:81:f2:5a:92:42:99:91:44:48:f9:11:a2:34:82:
                    1c:0b:d5:9c:8f:55:cf:35:05:3a:c2:7b:d8:85:4a:
                    28:c6:10:87:93:00:52:f4:7c:a3:a4:df:9e:1d:c8:
                    19:57:04:98:c0:4b:45:88:40:1c:c6:fe:7b:90:7e:
                    5f:58:0a:88:0f:fd:17:bf:79:c6:8d:88:1f:d8:95:
                    be:9a:d5:43:b5:e9:6e:22:9a:5b:4f:1a:bb:65:a3:
                    6e:d9:63:0f:b2:62:4e:08:3d:76:c3:ee:ad:ae:c6:
                    a6:b5:bd:f7:3a:ed:ba:da:9f:4f:98:d0:49:33:2e:
                    07:86:51:44:8e:1d:cb:86:aa:fa:a4:67:d0:c6:8c:
                    80:bc:ff:d6:c4:98:1d:fb:96:67:6b:05:6c:66:c3:
                    90:80:c6:de:03:49:f9:bf:45:68:0a:b2:f2:6f:39:
                    d3:20:52:23:87:8b:5b:5f:3d:d7:e9:0b:17:00:ba:
                    8a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:1D:28:20:79:4B:9E:24:20:27:CC:02:18:5F:75:BB:E5:4F:DF:A5
            X509v3 Authority Key Identifier:
                keyid:5A:C8:F6:8A:C4:15:05:9D:56:D1:93:8C:37:5A:59:86:A6:FF:F4:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/2x0oIHlLniQgJ8wCGF91u-VP36U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.87.0/24
                IPv6:
                  2001:67c:db0::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:c4:80:f6:99:76:62:9b:5a:6d:3c:ad:55:c2:51:1e:70:92:
         f7:e2:40:a2:ac:78:2b:0d:64:16:ea:e8:fb:ab:0c:7e:60:70:
         77:98:44:4e:57:34:88:08:5b:d1:68:d8:8d:f3:8e:88:68:62:
         8d:41:e1:28:0b:f7:8c:d9:19:b8:9d:09:17:52:84:1e:8a:fe:
         6b:be:aa:d0:1e:74:4d:f5:6a:ef:70:fb:c9:53:3f:f6:d8:de:
         e5:1f:20:d0:58:09:ca:6c:4b:9e:3b:c4:2a:e9:26:a1:9c:00:
         9c:37:b1:1f:05:6d:be:c9:ad:37:9c:a3:28:ea:7c:d8:db:23:
         fc:03:89:62:b7:77:ff:c0:68:88:b7:eb:69:d2:b4:da:07:86:
         0b:1e:61:3f:69:8b:e2:81:98:cf:66:e8:ba:d6:b1:50:65:77:
         d4:8b:a2:fd:9d:06:37:af:2f:31:3a:69:62:16:da:6a:3b:d6:
         ba:4d:73:a4:82:3e:fc:11:22:45:5f:08:1b:14:be:be:c3:60:
         fc:09:f0:3e:87:f2:06:c7:80:78:40:60:f9:67:fc:40:b4:f9:
         35:e6:85:9b:ae:b5:87:c0:dd:a3:b3:6d:73:16:50:4c:11:b0:
         4a:90:05:8b:35:2c:97:67:66:81:f6:95:d7:8a:84:24:a2:5f:
         38:3c:65:49
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQi+3RRUIooQetx8BiioHS1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYzhmNjhhYzQxNTA1OWQ1NmQxOTM4YzM3NWE1OTg2YTZm
ZmY0YjEwHhcNMjUwMTAxMTc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjFkMjgyMDc5NGI5ZTI0MjAyN2NjMDIxODVmNzViYmU1NGZkZmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUebL4xWAvCQwyLPrOTmQJ6T6SrR
G5VlW6/bKadkICm5cqxwYU5uRWbCJ9akp2wgbUpopLaEMxaJY/3TiSTyNmX5WMzu
ZQVITWfigfJakkKZkURI+RGiNIIcC9Wcj1XPNQU6wnvYhUooxhCHkwBS9HyjpN+e
HcgZVwSYwEtFiEAcxv57kH5fWAqID/0Xv3nGjYgf2JW+mtVDteluIppbTxq7ZaNu
2WMPsmJOCD12w+6trsamtb33Ou262p9PmNBJMy4HhlFEjh3Lhqr6pGfQxoyAvP/W
xJgd+5ZnawVsZsOQgMbeA0n5v0VoCrLybznTIFIjh4tbXz3X6QsXALqKSQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNsdKCB5S54kICfMAhhfdbvlT9+lMB8GA1UdIwQY
MBaAFFrI9orEFQWdVtGTjDdaWYam//SxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3NqMmlzUVZCWjFXMFpPTU4xcFpocWJfOUxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC82OWU3ZTQtZTNlYS00NmE1LTk4Njct
MWM4MTMyZDVmNGI0LzEvMngwb0lIbExuaVFnSjh3Q0dGOTF1LVZQMzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC82OWU3ZTQtZTNlYS00NmE1LTk4NjctMWM4MTMyZDVmNGI0
LzEvV3NqMmlzUVZCWjFXMFpPTU4xcFpocWJfOUxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9RXMA8E
AgACMAkDBwAgAQZ8DbAwDQYJKoZIhvcNAQELBQADggEBAErEgPaZdmKbWm08rVXC
UR5wkvfiQKKseCsNZBbq6PurDH5gcHeYRE5XNIgIW9Fo2I3zjohoYo1B4SgL94zZ
GbidCRdShB6K/mu+qtAedE31au9w+8lTP/bY3uUfINBYCcpsS547xCrpJqGcAJw3
sR8Fbb7JrTecoyjqfNjbI/wDiWK3d//AaIi362nStNoHhgseYT9pi+KBmM9m6LrW
sVBld9SLov2dBjevLzE6aWIW2mo71rpNc6SCPvwRIkVfCBsUvr7DYPwJ8D6H8gbH
gHhAYPln/EC0+TXmhZuutYfA3aOzbXMWUEwRsEqQBYs1LJdnZoH2ldeKhCSiXzg8
ZUk=
-----END CERTIFICATE-----