Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/b_Hf4C7DHqDvU3rPrk8yR1EVzMk.roa
File:                     b_Hf4C7DHqDvU3rPrk8yR1EVzMk.roa (raw, json)
Hash identifier:          B0oNiXflIFSUREkZoOMdxw9fvdV4h0sgQd5bJTkzRM4=
Subject key identifier:   6F:F1:DF:E0:2E:C3:1E:A0:EF:53:7A:CF:AE:4F:32:47:51:15:CC:C9
Certificate issuer:       /CN=daac15b782bc32747b538dec2a222416cd684825
Certificate serial:       01941FFA2C915B08149AB527877A93343487
Authority key identifier: DA:AC:15:B7:82:BC:32:74:7B:53:8D:EC:2A:22:24:16:CD:68:48:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2qwVt4K8MnR7U43sKiIkFs1oSCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/b_Hf4C7DHqDvU3rPrk8yR1EVzMk.roa
Signing time:             Wed 01 Jan 2025 03:47:56 +0000
ROA not before:           Wed 01 Jan 2025 03:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201953
IP address blocks:        91.212.25.0/24 maxlen: 24
                          185.253.228.0/22 maxlen: 22
                          2001:67c:5c8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/2qwVt4K8MnR7U43sKiIkFs1oSCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/2qwVt4K8MnR7U43sKiIkFs1oSCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2qwVt4K8MnR7U43sKiIkFs1oSCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:2c:91:5b:08:14:9a:b5:27:87:7a:93:34:34:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daac15b782bc32747b538dec2a222416cd684825
        Validity
            Not Before: Jan  1 03:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ff1dfe02ec31ea0ef537acfae4f32475115ccc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a7:e6:bc:0e:b7:68:13:bc:59:a5:e5:5a:76:
                    9a:b4:8c:36:5c:64:23:c1:6e:f1:14:ce:71:9e:8c:
                    53:ca:5c:26:3f:9a:5a:a8:7b:fd:30:e8:f5:71:8c:
                    40:bd:62:d1:4a:e7:59:a2:4b:92:f9:9c:a1:c4:cf:
                    65:42:1e:e3:58:ae:79:c6:01:e4:98:78:0e:57:1d:
                    27:3a:ff:ed:90:3b:ce:f1:93:c7:dd:04:02:80:b9:
                    a8:f4:72:06:30:7a:53:0a:ba:69:f3:d2:6a:20:c0:
                    34:6b:32:9f:01:d4:aa:34:cc:3e:2c:9b:56:bd:42:
                    43:ba:1c:7e:6a:0a:9d:ce:3c:f4:d8:bc:6d:b8:a3:
                    61:1f:02:c3:80:2c:13:d1:12:8a:df:74:9a:e5:0a:
                    33:e1:72:de:1b:36:28:95:c3:2b:61:6f:ae:27:40:
                    9c:59:5a:e9:5e:61:46:6c:e9:a2:21:10:2b:be:93:
                    b1:93:f7:db:50:06:67:96:5b:f5:69:f3:0d:1a:de:
                    2c:2a:fc:14:13:f5:47:30:eb:8c:39:2f:8f:f6:de:
                    c9:25:db:ac:64:9c:5a:42:36:8f:de:46:97:9b:f6:
                    9c:9c:73:e4:bc:e2:e2:12:7d:41:30:4b:59:0b:00:
                    c8:2c:43:1f:e3:b2:18:34:1f:36:26:8b:64:89:fd:
                    d4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F1:DF:E0:2E:C3:1E:A0:EF:53:7A:CF:AE:4F:32:47:51:15:CC:C9
            X509v3 Authority Key Identifier:
                keyid:DA:AC:15:B7:82:BC:32:74:7B:53:8D:EC:2A:22:24:16:CD:68:48:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2qwVt4K8MnR7U43sKiIkFs1oSCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/b_Hf4C7DHqDvU3rPrk8yR1EVzMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/2qwVt4K8MnR7U43sKiIkFs1oSCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.25.0/24
                  185.253.228.0/22
                IPv6:
                  2001:67c:5c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:21:bc:f9:54:75:a5:14:ec:a5:dd:7f:d5:f6:9d:68:fb:6c:
         27:d2:bd:c0:8a:41:dc:9d:8b:19:bd:41:c7:f0:19:77:03:da:
         e7:ee:b5:db:45:1f:bf:0a:67:cc:a4:2d:81:73:60:8b:ea:68:
         5f:75:de:01:37:8d:f6:19:4c:31:84:d9:ec:5a:78:2d:07:a4:
         ec:b2:f5:e2:4e:52:d8:fc:5b:c4:34:cb:f7:52:94:eb:b6:00:
         f1:e1:a9:a5:a5:80:bd:5d:90:6c:94:d5:03:8b:9d:cb:36:f2:
         8d:fe:6a:46:36:12:82:c9:91:d0:aa:7e:e9:cb:25:fd:9f:fa:
         a1:ff:3c:9d:78:75:ef:b2:4e:4e:b5:c0:33:40:79:fe:e0:a2:
         a1:65:93:95:e6:80:9f:e5:c4:fc:af:d9:84:17:82:ca:7a:4c:
         5c:66:05:c5:03:92:08:00:38:bd:e6:f5:f9:0d:0b:75:6a:e6:
         d2:74:96:9c:33:bb:50:ca:95:33:8f:10:de:e5:39:d0:7d:ea:
         30:51:68:7b:ec:df:b3:9f:28:33:72:22:44:1a:3d:e0:c7:33:
         55:da:4b:35:a1:37:a5:38:3c:b2:91:5b:1d:70:6e:69:72:0e:
         4f:a3:4f:5f:9f:0d:d4:5b:24:7b:42:b0:61:7b:48:3d:a1:ed:
         7c:29:b5:90
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQf+iyRWwgUmrUnh3qTNDSHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWMxNWI3ODJiYzMyNzQ3YjUzOGRlYzJhMjIyNDE2Y2Q2
ODQ4MjUwHhcNMjUwMTAxMDM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmYxZGZlMDJlYzMxZWEwZWY1MzdhY2ZhZTRmMzI0NzUxMTVjY2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6fmvA63aBO8WaXlWnaatIw2XGQj
wW7xFM5xnoxTylwmP5paqHv9MOj1cYxAvWLRSudZokuS+ZyhxM9lQh7jWK55xgHk
mHgOVx0nOv/tkDvO8ZPH3QQCgLmo9HIGMHpTCrpp89JqIMA0azKfAdSqNMw+LJtW
vUJDuhx+agqdzjz02LxtuKNhHwLDgCwT0RKK33Sa5Qoz4XLeGzYolcMrYW+uJ0Cc
WVrpXmFGbOmiIRArvpOxk/fbUAZnllv1afMNGt4sKvwUE/VHMOuMOS+P9t7JJdus
ZJxaQjaP3kaXm/acnHPkvOLiEn1BMEtZCwDILEMf47IYNB82Jotkif3UqwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFG/x3+Auwx6g71N6z65PMkdRFczJMB8GA1UdIwQY
MBaAFNqsFbeCvDJ0e1ON7CoiJBbNaEglMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnF3VnQ0SzhNblI3VTQzc0tpSWtGczFvU0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi81NmYyZTktNzJhYS00YTQxLTg5NDYt
MTgyNDMyYTk2ZGJkLzEvYl9IZjRDN0RIcUR2VTNyUHJrOHlSMUVWek1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi81NmYyZTktNzJhYS00YTQxLTg5NDYtMTgyNDMyYTk2ZGJk
LzEvMnF3VnQ0SzhNblI3VTQzc0tpSWtGczFvU0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW9QZAwQC
uf3kMA8EAgACMAkDBwAgAQZ8BcgwDQYJKoZIhvcNAQELBQADggEBABYhvPlUdaUU
7KXdf9X2nWj7bCfSvcCKQdydixm9QcfwGXcD2ufutdtFH78KZ8ykLYFzYIvqaF91
3gE3jfYZTDGE2exaeC0HpOyy9eJOUtj8W8Q0y/dSlOu2APHhqaWlgL1dkGyU1QOL
ncs28o3+akY2EoLJkdCqfunLJf2f+qH/PJ14de+yTk61wDNAef7goqFlk5XmgJ/l
xPyv2YQXgsp6TFxmBcUDkggAOL3m9fkNC3Vq5tJ0lpwzu1DKlTOPEN7lOdB96jBR
aHvs37OfKDNyIkQaPeDHM1XaSzWhN6U4PLKRWx1wbmlyDk+jT1+fDdRbJHtCsGF7
SD2h7XwptZA=
-----END CERTIFICATE-----