Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/208129-d086-49d4-9dc7-5a9ac7f39023/1/OMa6gi_iwh1hBu7tbqj9s02UqHs.roa
File:                     OMa6gi_iwh1hBu7tbqj9s02UqHs.roa (raw, json)
Hash identifier:          MtN6hH7mkES8J6BxizWre+aErU3W714/kzoONVlpny4=
Subject key identifier:   38:C6:BA:82:2F:E2:C2:1D:61:06:EE:ED:6E:A8:FD:B3:4D:94:A8:7B
Certificate issuer:       /CN=377bd10f7d906c131c8c9e2fc7316416df4ae224
Certificate serial:       019420D61BA1AC62C1B024BD6774F5BE07DB
Authority key identifier: 37:7B:D1:0F:7D:90:6C:13:1C:8C:9E:2F:C7:31:64:16:DF:4A:E2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N3vRD32QbBMcjJ4vxzFkFt9K4iQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/208129-d086-49d4-9dc7-5a9ac7f39023/1/OMa6gi_iwh1hBu7tbqj9s02UqHs.roa
Signing time:             Wed 01 Jan 2025 07:48:10 +0000
ROA not before:           Wed 01 Jan 2025 07:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47271
IP address blocks:        91.198.11.0/24 maxlen: 24
                          91.209.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/208129-d086-49d4-9dc7-5a9ac7f39023/1/N3vRD32QbBMcjJ4vxzFkFt9K4iQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/208129-d086-49d4-9dc7-5a9ac7f39023/1/N3vRD32QbBMcjJ4vxzFkFt9K4iQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N3vRD32QbBMcjJ4vxzFkFt9K4iQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:1b:a1:ac:62:c1:b0:24:bd:67:74:f5:be:07:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=377bd10f7d906c131c8c9e2fc7316416df4ae224
        Validity
            Not Before: Jan  1 07:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38c6ba822fe2c21d6106eeed6ea8fdb34d94a87b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:c0:cd:96:71:a1:f2:90:66:79:b0:90:e7:0c:
                    16:16:e1:05:1b:e8:7f:cc:19:a0:67:28:af:39:b7:
                    33:83:cd:b1:7b:c8:36:97:d8:90:9e:32:0a:b8:18:
                    d6:12:65:ed:d8:29:af:1b:f5:a8:21:8f:92:ba:4d:
                    7d:66:be:f2:76:61:10:9f:e4:be:92:99:c7:64:f1:
                    32:1c:8a:3b:22:99:0f:cc:71:15:42:5d:b4:74:00:
                    05:a3:40:bc:3e:8a:a7:78:14:c5:c3:45:b5:72:f0:
                    0a:49:db:49:d9:f8:bd:4f:64:69:8a:c4:01:f1:03:
                    20:7f:b0:19:8b:da:36:f8:60:f7:01:1d:0b:a3:3c:
                    4c:bf:7c:f3:6a:11:f8:25:7e:2b:c5:e2:78:05:af:
                    90:17:05:35:d1:9e:df:df:88:ff:2b:ce:af:8c:ce:
                    1e:9d:97:51:48:2a:09:6e:39:5d:96:77:16:93:6e:
                    08:91:f1:66:05:96:3c:91:5c:b8:64:61:69:2b:12:
                    ad:8c:16:59:7b:ef:4a:47:9d:59:c7:3f:c9:e3:67:
                    61:27:5e:d6:10:cf:75:67:9c:ff:3b:fa:94:ae:51:
                    cd:ff:cb:f0:d3:02:8b:91:2c:a0:07:ff:38:4a:47:
                    3b:1c:12:69:6b:fa:a5:6b:01:09:94:95:e7:16:67:
                    f5:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:C6:BA:82:2F:E2:C2:1D:61:06:EE:ED:6E:A8:FD:B3:4D:94:A8:7B
            X509v3 Authority Key Identifier:
                keyid:37:7B:D1:0F:7D:90:6C:13:1C:8C:9E:2F:C7:31:64:16:DF:4A:E2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N3vRD32QbBMcjJ4vxzFkFt9K4iQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/208129-d086-49d4-9dc7-5a9ac7f39023/1/OMa6gi_iwh1hBu7tbqj9s02UqHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/208129-d086-49d4-9dc7-5a9ac7f39023/1/N3vRD32QbBMcjJ4vxzFkFt9K4iQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.11.0/24
                  91.209.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:29:51:0d:cf:85:bb:96:45:79:13:b9:12:83:88:e7:22:49:
         1b:46:07:df:78:bd:d6:4f:cf:d6:61:6e:ce:be:31:b5:75:00:
         6d:cd:1e:5f:72:40:d8:0a:24:ba:6a:24:6d:4a:7c:26:95:d4:
         89:74:e9:e5:7b:41:48:b6:d7:fa:a5:da:3a:07:4c:e8:3c:50:
         be:8c:fd:d3:3a:9b:e1:e3:4b:e9:74:19:05:30:e5:47:1c:40:
         34:43:25:8b:49:18:a4:27:7d:f7:b7:fa:4b:d0:2f:c0:23:81:
         f8:ca:e6:76:26:6c:1b:73:4a:2f:9d:08:0c:a6:cc:2a:c7:de:
         66:dd:14:2a:c0:6e:e5:a7:2e:47:81:1b:ca:90:b8:84:16:6c:
         f8:fe:7f:53:60:ec:62:d6:16:10:64:86:cc:90:40:12:37:c4:
         af:30:43:9a:4b:d9:8e:01:da:57:39:32:0f:c8:85:e5:de:c7:
         f8:9a:17:3c:28:bc:72:62:9a:d6:be:94:6f:8c:4c:4d:37:e4:
         d6:95:df:2a:4b:fb:80:2b:c2:1d:07:f4:42:00:00:c6:ca:c9:
         a8:84:fd:9d:04:67:e8:c7:6a:bd:39:e0:33:23:03:46:b9:e0:
         29:31:58:f8:12:53:4d:d0:60:e9:68:45:2c:49:2a:2c:ce:3d:
         a1:e3:17:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1huhrGLBsCS9Z3T1vgfbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3N2JkMTBmN2Q5MDZjMTMxYzhjOWUyZmM3MzE2NDE2ZGY0
YWUyMjQwHhcNMjUwMTAxMDc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGM2YmE4MjJmZTJjMjFkNjEwNmVlZWQ2ZWE4ZmRiMzRkOTRhODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2sDNlnGh8pBmebCQ5wwWFuEFG+h/
zBmgZyivObczg82xe8g2l9iQnjIKuBjWEmXt2CmvG/WoIY+Suk19Zr7ydmEQn+S+
kpnHZPEyHIo7IpkPzHEVQl20dAAFo0C8PoqneBTFw0W1cvAKSdtJ2fi9T2RpisQB
8QMgf7AZi9o2+GD3AR0LozxMv3zzahH4JX4rxeJ4Ba+QFwU10Z7f34j/K86vjM4e
nZdRSCoJbjldlncWk24IkfFmBZY8kVy4ZGFpKxKtjBZZe+9KR51Zxz/J42dhJ17W
EM91Z5z/O/qUrlHN/8vw0wKLkSygB/84Skc7HBJpa/qlawEJlJXnFmf1JQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDjGuoIv4sIdYQbu7W6o/bNNlKh7MB8GA1UdIwQY
MBaAFDd70Q99kGwTHIyeL8cxZBbfSuIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjN2UkQzMlFiQk1jako0dnh6RmtGdDlLNGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8yMDgxMjktZDA4Ni00OWQ0LTlkYzct
NWE5YWM3ZjM5MDIzLzEvT01hNmdpX2l3aDFoQnU3dGJxajlzMDJVcUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8yMDgxMjktZDA4Ni00OWQ0LTlkYzctNWE5YWM3ZjM5MDIz
LzEvTjN2UkQzMlFiQk1jako0dnh6RmtGdDlLNGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8YLAwQA
W9EDMA0GCSqGSIb3DQEBCwUAA4IBAQCUKVENz4W7lkV5E7kSg4jnIkkbRgffeL3W
T8/WYW7OvjG1dQBtzR5fckDYCiS6aiRtSnwmldSJdOnle0FIttf6pdo6B0zoPFC+
jP3TOpvh40vpdBkFMOVHHEA0QyWLSRikJ333t/pL0C/AI4H4yuZ2Jmwbc0ovnQgM
pswqx95m3RQqwG7lpy5HgRvKkLiEFmz4/n9TYOxi1hYQZIbMkEASN8SvMEOaS9mO
AdpXOTIPyIXl3sf4mhc8KLxyYprWvpRvjExNN+TWld8qS/uAK8IdB/RCAADGysmo
hP2dBGfox2q9OeAzIwNGueApMVj4ElNN0GDpaEUsSSoszj2h4xe7
-----END CERTIFICATE-----