Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/ccbf7a-ec38-44e6-b2eb-7187977e057e/1/cuExqJqxDerCAtylcJmCrVbgef4.roa
File:                     cuExqJqxDerCAtylcJmCrVbgef4.roa (raw, json)
Hash identifier:          598WR0Sv6MZYZg5mTZECmrWO2D4wIr/fUZ49xt8Yu9Q=
Subject key identifier:   72:E1:31:A8:9A:B1:0D:EA:C2:02:DC:A5:70:99:82:AD:56:E0:79:FE
Certificate issuer:       /CN=888c7b94642d2e4bbfb9583ad941f51eb8c45640
Certificate serial:       019427B65D721D9B7E9F7CDD294D04A00C64
Authority key identifier: 88:8C:7B:94:64:2D:2E:4B:BF:B9:58:3A:D9:41:F5:1E:B8:C4:56:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iIx7lGQtLku_uVg62UH1HrjEVkA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/ccbf7a-ec38-44e6-b2eb-7187977e057e/1/cuExqJqxDerCAtylcJmCrVbgef4.roa
Signing time:             Thu 02 Jan 2025 15:50:50 +0000
ROA not before:           Thu 02 Jan 2025 15:50:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197679
IP address blocks:        91.224.238.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/ccbf7a-ec38-44e6-b2eb-7187977e057e/1/iIx7lGQtLku_uVg62UH1HrjEVkA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/ccbf7a-ec38-44e6-b2eb-7187977e057e/1/iIx7lGQtLku_uVg62UH1HrjEVkA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iIx7lGQtLku_uVg62UH1HrjEVkA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:5d:72:1d:9b:7e:9f:7c:dd:29:4d:04:a0:0c:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=888c7b94642d2e4bbfb9583ad941f51eb8c45640
        Validity
            Not Before: Jan  2 15:50:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72e131a89ab10deac202dca5709982ad56e079fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:70:8b:cd:fe:f3:1e:8a:5a:17:ce:7b:01:7c:
                    53:31:a4:3c:c9:30:b1:73:03:c2:10:79:36:bd:eb:
                    f3:98:1b:ce:62:92:b7:f5:f0:56:20:e8:19:bb:fd:
                    22:fc:a0:fe:dc:8c:f4:66:73:f6:09:69:f9:ee:ee:
                    e4:33:eb:41:f0:db:27:a8:b2:47:ce:51:a3:28:6b:
                    f9:7b:e3:4f:c7:93:2b:14:14:e5:a2:85:e0:05:dc:
                    b9:82:f8:64:c0:2a:2d:46:58:8a:22:06:91:d1:e3:
                    9a:57:ea:e0:01:72:a2:c5:cf:95:00:46:31:22:9a:
                    66:15:9d:66:0b:dd:a2:5a:b7:8e:54:82:56:a9:2e:
                    5a:ea:ab:fb:86:30:5e:7a:4f:ae:fb:ef:6b:00:b8:
                    f1:f5:94:2e:07:28:ac:0d:ef:5f:a5:b2:06:f5:04:
                    07:03:1c:04:45:a4:ea:fc:0e:2c:8e:65:50:aa:8c:
                    77:21:4a:fd:21:e6:d7:79:93:d8:63:5a:75:ba:f8:
                    8e:24:17:f3:69:37:86:3a:fc:50:02:47:03:5a:52:
                    63:ad:1b:99:15:2f:d8:00:dc:b2:7b:2b:44:08:0b:
                    5d:7e:b8:72:9a:b4:ec:37:13:fb:1d:d6:3b:1e:fd:
                    b8:eb:6e:57:b3:a3:d7:56:15:6f:93:ab:59:07:93:
                    5e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E1:31:A8:9A:B1:0D:EA:C2:02:DC:A5:70:99:82:AD:56:E0:79:FE
            X509v3 Authority Key Identifier:
                keyid:88:8C:7B:94:64:2D:2E:4B:BF:B9:58:3A:D9:41:F5:1E:B8:C4:56:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iIx7lGQtLku_uVg62UH1HrjEVkA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ccbf7a-ec38-44e6-b2eb-7187977e057e/1/cuExqJqxDerCAtylcJmCrVbgef4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ccbf7a-ec38-44e6-b2eb-7187977e057e/1/iIx7lGQtLku_uVg62UH1HrjEVkA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:4a:ee:96:63:8f:fa:30:83:3c:35:3c:59:3a:76:9e:37:10:
         3f:90:60:d0:0c:20:f5:ee:87:55:e5:5f:50:3c:fb:6c:fc:87:
         bc:97:be:e5:c2:f2:71:62:50:c7:2a:1f:06:43:c8:22:3f:b1:
         dd:a8:96:29:ca:ca:59:98:7a:56:fc:ee:e9:7b:13:13:54:52:
         5e:42:61:92:c7:c7:c2:e3:8f:55:10:ca:e9:68:1c:4c:f7:1b:
         02:ed:f7:19:18:35:41:49:ec:1c:7a:9d:f6:70:5f:24:de:c1:
         40:03:b4:90:ee:a8:3a:e1:cf:a6:e7:6e:6d:a3:fa:85:18:65:
         fe:b8:70:4e:95:74:82:0a:3c:fe:b1:05:c5:b9:b9:d4:cc:a3:
         b1:86:01:54:87:5c:be:e7:9e:a4:f3:14:2a:89:52:21:ab:6e:
         9e:af:dd:02:da:d1:cf:8b:9d:a3:a5:cf:38:67:bf:e5:46:c5:
         f7:7f:eb:33:ff:c9:71:71:78:a3:ba:25:cb:58:77:d2:92:d5:
         f2:e4:59:76:73:e4:23:88:fd:2d:4f:f5:8b:10:fd:e2:bf:48:
         b1:d4:39:01:5a:c1:36:84:36:d9:d6:74:73:05:79:5f:f8:bc:
         a5:6c:94:97:dc:d8:87:d8:92:ba:7d:eb:20:ee:0f:ed:c1:a9:
         05:c4:60:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntl1yHZt+n3zdKU0EoAxkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4OGM3Yjk0NjQyZDJlNGJiZmI5NTgzYWQ5NDFmNTFlYjhj
NDU2NDAwHhcNMjUwMTAyMTU1MDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmUxMzFhODlhYjEwZGVhYzIwMmRjYTU3MDk5ODJhZDU2ZTA3OWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXCLzf7zHopaF857AXxTMaQ8yTCx
cwPCEHk2vevzmBvOYpK39fBWIOgZu/0i/KD+3Iz0ZnP2CWn57u7kM+tB8NsnqLJH
zlGjKGv5e+NPx5MrFBTlooXgBdy5gvhkwCotRliKIgaR0eOaV+rgAXKixc+VAEYx
IppmFZ1mC92iWreOVIJWqS5a6qv7hjBeek+u++9rALjx9ZQuByisDe9fpbIG9QQH
AxwERaTq/A4sjmVQqox3IUr9IebXeZPYY1p1uviOJBfzaTeGOvxQAkcDWlJjrRuZ
FS/YANyyeytECAtdfrhymrTsNxP7HdY7Hv24625Xs6PXVhVvk6tZB5NelwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLhMaiasQ3qwgLcpXCZgq1W4Hn+MB8GA1UdIwQY
MBaAFIiMe5RkLS5Lv7lYOtlB9R64xFZAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUl4N2xHUXRMa3VfdVZnNjJVSDFIcmpFVmtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9jY2JmN2EtZWMzOC00NGU2LWIyZWIt
NzE4Nzk3N2UwNTdlLzEvY3VFeHFKcXhEZXJDQXR5bGNKbUNyVmJnZWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9jY2JmN2EtZWMzOC00NGU2LWIyZWItNzE4Nzk3N2UwNTdl
LzEvaUl4N2xHUXRMa3VfdVZnNjJVSDFIcmpFVmtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+DuMA0G
CSqGSIb3DQEBCwUAA4IBAQCUSu6WY4/6MIM8NTxZOnaeNxA/kGDQDCD17odV5V9Q
PPts/Ie8l77lwvJxYlDHKh8GQ8giP7HdqJYpyspZmHpW/O7pexMTVFJeQmGSx8fC
449VEMrpaBxM9xsC7fcZGDVBSewcep32cF8k3sFAA7SQ7qg64c+m525to/qFGGX+
uHBOlXSCCjz+sQXFubnUzKOxhgFUh1y+556k8xQqiVIhq26er90C2tHPi52jpc84
Z7/lRsX3f+sz/8lxcXijuiXLWHfSktXy5Fl2c+QjiP0tT/WLEP3iv0ix1DkBWsE2
hDbZ1nRzBXlf+LylbJSX3NiH2JK6fesg7g/twakFxGCo
-----END CERTIFICATE-----