Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/0d3f51-af73-4045-a0f1-eab828eca45b/1/wb2OCWtGLle_xoyfZiBAYXNRWQs.roa
File:                     wb2OCWtGLle_xoyfZiBAYXNRWQs.roa (raw, json)
Hash identifier:          jJCn7p2i4Vby2gq7zMJi72HG/QhIugyd+as1pSv/rmM=
Subject key identifier:   C1:BD:8E:09:6B:46:2E:57:BF:C6:8C:9F:66:20:40:61:73:51:59:0B
Certificate issuer:       /CN=03ebb001528281734bf5c94bc4bef6f6e99a377e
Certificate serial:       0194236904EC58D68F62D1C724AD3DC7B498
Authority key identifier: 03:EB:B0:01:52:82:81:73:4B:F5:C9:4B:C4:BE:F6:F6:E9:9A:37:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A-uwAVKCgXNL9clLxL729umaN34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/0d3f51-af73-4045-a0f1-eab828eca45b/1/wb2OCWtGLle_xoyfZiBAYXNRWQs.roa
Signing time:             Wed 01 Jan 2025 19:47:52 +0000
ROA not before:           Wed 01 Jan 2025 19:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42878
IP address blocks:        91.193.200.0/22 maxlen: 22
                          91.193.200.0/24 maxlen: 24
                          91.193.201.0/24 maxlen: 24
                          91.193.202.0/24 maxlen: 24
                          91.193.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/0d3f51-af73-4045-a0f1-eab828eca45b/1/A-uwAVKCgXNL9clLxL729umaN34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/0d3f51-af73-4045-a0f1-eab828eca45b/1/A-uwAVKCgXNL9clLxL729umaN34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A-uwAVKCgXNL9clLxL729umaN34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:04:ec:58:d6:8f:62:d1:c7:24:ad:3d:c7:b4:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03ebb001528281734bf5c94bc4bef6f6e99a377e
        Validity
            Not Before: Jan  1 19:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1bd8e096b462e57bfc68c9f662040617351590b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:fa:76:00:c8:e6:79:c7:c6:43:d0:26:8a:91:
                    61:ee:98:69:64:6c:d0:06:7a:82:4a:6b:0f:9d:a9:
                    e4:0d:9a:02:c2:13:62:a3:22:d0:f0:94:bd:3a:0c:
                    fa:f2:1c:77:44:d3:6c:3f:8e:8f:26:25:89:6a:e7:
                    e7:4d:82:29:e5:f0:1f:18:5e:6b:fc:f8:f3:3e:cd:
                    5d:a7:71:79:88:e8:fe:8b:55:97:cc:80:9e:a6:a7:
                    19:39:19:1d:08:94:35:7b:69:13:9b:93:b9:ea:52:
                    7f:cd:47:1d:14:ab:2f:50:26:16:b8:ed:f2:c7:a1:
                    36:ca:f1:cc:54:04:8e:57:b9:7c:0d:af:fb:ad:d4:
                    c7:bf:33:5c:b8:0d:6f:ae:d0:55:7b:c0:a1:83:e1:
                    a2:08:46:b9:25:e7:c4:41:21:10:b8:ff:58:ca:46:
                    15:77:0d:18:4c:4c:c0:32:bc:fc:ca:b7:ca:58:4e:
                    d7:91:6f:06:bd:c2:d1:23:c5:0c:94:d3:d9:fa:8c:
                    cc:35:9b:1f:bc:df:f9:d5:49:a9:e9:a4:11:a1:41:
                    1a:03:b5:99:17:51:23:26:85:f2:2a:bd:a7:18:29:
                    c4:78:ca:85:60:07:20:b2:2d:aa:e9:48:bb:88:47:
                    c1:e1:58:84:11:cf:e5:c9:8b:df:a2:36:18:e4:09:
                    4b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:BD:8E:09:6B:46:2E:57:BF:C6:8C:9F:66:20:40:61:73:51:59:0B
            X509v3 Authority Key Identifier:
                keyid:03:EB:B0:01:52:82:81:73:4B:F5:C9:4B:C4:BE:F6:F6:E9:9A:37:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A-uwAVKCgXNL9clLxL729umaN34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0d3f51-af73-4045-a0f1-eab828eca45b/1/wb2OCWtGLle_xoyfZiBAYXNRWQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0d3f51-af73-4045-a0f1-eab828eca45b/1/A-uwAVKCgXNL9clLxL729umaN34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:48:1a:ed:b2:12:cd:dc:c1:a6:df:17:10:83:aa:06:05:f9:
         fb:97:8d:62:97:ae:77:52:cd:f6:21:09:04:7e:fd:ef:8a:6f:
         50:3d:b9:48:81:a8:2c:1e:9c:6a:c1:9b:3a:af:4f:75:1f:05:
         0a:4d:85:c7:96:3e:ae:be:a2:5c:d3:af:91:fe:a9:a7:04:e8:
         c3:4a:51:7a:14:a0:5f:42:58:ed:83:ee:52:dd:8f:56:76:25:
         01:f0:cf:6c:1a:cc:a4:b7:57:0a:77:fb:9a:a8:5b:e1:b7:ac:
         99:92:7c:b9:e8:47:6d:40:e2:98:80:15:5b:3b:06:ff:ce:b5:
         62:ab:54:a1:e6:c1:4c:f6:ee:50:b9:71:b4:81:5d:7a:87:91:
         94:f1:d4:1f:d1:4e:9c:1a:ab:cd:53:e8:0a:3e:40:e1:3a:52:
         cf:40:46:9e:a2:78:1c:92:c7:08:8e:fb:16:0d:c3:df:cb:1a:
         db:c7:cf:1b:d8:dd:f8:99:a6:b0:d4:96:03:61:d8:8d:89:57:
         ea:9a:9a:2c:e0:e9:5f:9f:35:a9:1f:df:73:9b:98:82:66:66:
         a0:c1:9c:14:16:01:23:bc:23:54:84:06:eb:b5:60:37:ec:6f:
         e1:11:4d:fb:4e:fb:a4:ac:40:43:c7:de:da:94:ce:76:a6:8e:
         16:9d:8b:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaQTsWNaPYtHHJK09x7SYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZWJiMDAxNTI4MjgxNzM0YmY1Yzk0YmM0YmVmNmY2ZTk5
YTM3N2UwHhcNMjUwMTAxMTk0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWJkOGUwOTZiNDYyZTU3YmZjNjhjOWY2NjIwNDA2MTczNTE1OTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5fp2AMjmecfGQ9AmipFh7phpZGzQ
BnqCSmsPnankDZoCwhNioyLQ8JS9Ogz68hx3RNNsP46PJiWJaufnTYIp5fAfGF5r
/PjzPs1dp3F5iOj+i1WXzICepqcZORkdCJQ1e2kTm5O56lJ/zUcdFKsvUCYWuO3y
x6E2yvHMVASOV7l8Da/7rdTHvzNcuA1vrtBVe8Chg+GiCEa5JefEQSEQuP9YykYV
dw0YTEzAMrz8yrfKWE7XkW8GvcLRI8UMlNPZ+ozMNZsfvN/51Ump6aQRoUEaA7WZ
F1EjJoXyKr2nGCnEeMqFYAcgsi2q6Ui7iEfB4ViEEc/lyYvfojYY5AlLhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMG9jglrRi5Xv8aMn2YgQGFzUVkLMB8GA1UdIwQY
MBaAFAPrsAFSgoFzS/XJS8S+9vbpmjd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQS11d0FWS0NnWE5MOWNsTHhMNzI5dW1hTjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8wZDNmNTEtYWY3My00MDQ1LWEwZjEt
ZWFiODI4ZWNhNDViLzEvd2IyT0NXdEdMbGVfeG95ZlppQkFZWE5SV1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8wZDNmNTEtYWY3My00MDQ1LWEwZjEtZWFiODI4ZWNhNDVi
LzEvQS11d0FWS0NnWE5MOWNsTHhMNzI5dW1hTjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8HIMA0G
CSqGSIb3DQEBCwUAA4IBAQBXSBrtshLN3MGm3xcQg6oGBfn7l41il653Us32IQkE
fv3vim9QPblIgagsHpxqwZs6r091HwUKTYXHlj6uvqJc06+R/qmnBOjDSlF6FKBf
Qljtg+5S3Y9WdiUB8M9sGsykt1cKd/uaqFvht6yZkny56EdtQOKYgBVbOwb/zrVi
q1Sh5sFM9u5QuXG0gV16h5GU8dQf0U6cGqvNU+gKPkDhOlLPQEaeongckscIjvsW
DcPfyxrbx88b2N34maaw1JYDYdiNiVfqmpos4OlfnzWpH99zm5iCZmagwZwUFgEj
vCNUhAbrtWA37G/hEU37TvukrEBDx97alM52po4WnYv5
-----END CERTIFICATE-----