Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/xkwddNbzJemwb2yTo01W08IMXMw.roa
File:                     xkwddNbzJemwb2yTo01W08IMXMw.roa (raw, json)
Hash identifier:          6y3kogdMCD6BDF1QeKe6dqP9/brnLL3TgEnQWCik99o=
Subject key identifier:   C6:4C:1D:74:D6:F3:25:E9:B0:6F:6C:93:A3:4D:56:D3:C2:0C:5C:CC
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       01942068703842EE48583E46AD9F70C30955
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/xkwddNbzJemwb2yTo01W08IMXMw.roa
Signing time:             Wed 01 Jan 2025 05:48:22 +0000
ROA not before:           Wed 01 Jan 2025 05:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3214
IP address blocks:        91.193.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:18:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:70:38:42:ee:48:58:3e:46:ad:9f:70:c3:09:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  1 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c64c1d74d6f325e9b06f6c93a34d56d3c20c5ccc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9e:7a:38:d5:37:22:6f:e1:45:d3:c5:65:57:
                    0d:d7:e2:d8:ec:df:6d:69:44:69:26:73:cb:dc:6b:
                    04:42:d8:da:6d:7b:b1:84:a1:20:5a:f3:b4:5c:fa:
                    5a:0b:0e:d4:2c:11:21:18:b0:4c:51:c3:94:ea:8e:
                    c2:24:31:f1:b9:18:92:24:f1:45:b7:9b:6d:6b:21:
                    46:52:7d:1f:db:d4:0d:e5:53:f5:21:92:f6:f2:5f:
                    29:d7:d7:42:32:2d:f6:41:c7:ad:cd:2d:82:19:d3:
                    dc:02:8d:9e:8b:ab:b8:8e:29:16:6e:b4:cc:2c:ef:
                    71:7f:8c:a0:1b:0b:8c:7d:d0:05:7c:c7:2d:7d:fe:
                    92:14:1c:42:2f:1b:44:7f:30:f9:cd:fa:4f:51:3d:
                    c7:bc:59:54:0d:7d:03:a5:32:fb:7b:18:4b:9a:8d:
                    1b:05:8f:ed:63:29:9e:99:a8:0e:a0:e2:40:1f:ed:
                    51:1f:d6:95:92:f6:bb:54:de:3f:4d:05:0c:e4:8e:
                    d4:f6:21:96:c3:92:44:4a:ed:10:97:4e:4a:00:21:
                    62:e4:74:4b:a8:02:f3:3a:84:24:a6:84:e6:e7:88:
                    10:de:6b:ed:a9:e1:80:0b:79:b6:a5:94:b3:58:38:
                    fa:ba:ba:89:73:f4:d2:59:2f:b9:c2:5e:e9:d9:df:
                    31:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:4C:1D:74:D6:F3:25:E9:B0:6F:6C:93:A3:4D:56:D3:C2:0C:5C:CC
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/xkwddNbzJemwb2yTo01W08IMXMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:49:70:5d:b1:33:7e:16:1c:22:4d:5e:d4:c9:14:50:23:bd:
         30:88:5d:b7:2e:26:c8:5f:f2:f2:ad:4d:23:bf:f4:16:cc:40:
         08:da:6b:9d:26:ff:34:ca:ae:78:dd:1c:5e:de:b0:59:da:98:
         b8:b1:57:00:f1:3f:9f:7b:48:67:03:c7:7b:62:fc:92:44:d1:
         99:07:a7:ce:3e:ef:37:ef:fd:dc:32:79:c4:a3:d9:13:77:2c:
         b1:1d:3f:0c:29:7a:ce:81:9a:41:e7:60:8e:28:d8:e5:f0:b3:
         47:9d:db:40:cd:4a:29:4f:00:83:c2:d8:b0:3a:fb:c3:eb:98:
         a5:1f:6f:0b:08:4e:57:1a:ca:40:13:57:fe:ee:c9:c0:98:a0:
         03:bf:6e:1f:7a:15:69:13:29:5c:4c:b5:ec:2b:5e:10:f2:ca:
         47:a3:42:a0:59:e9:05:38:e2:27:16:0e:2d:92:e2:dd:a8:a7:
         b0:59:66:9d:b7:a5:e8:86:e5:5f:bd:86:ec:42:a1:ea:8f:03:
         37:8c:5e:8b:92:3f:62:c2:bc:3c:44:d3:cb:2d:e7:07:04:c5:
         05:a8:ba:43:dc:3b:81:a9:70:78:0b:62:12:a1:97:64:22:e3:
         4a:50:b5:39:ab:d8:4b:a7:a6:aa:bc:22:cb:60:4b:57:30:73:
         3b:59:1e:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaHA4Qu5IWD5GrZ9wwwlVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwMTAxMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjRjMWQ3NGQ2ZjMyNWU5YjA2ZjZjOTNhMzRkNTZkM2MyMGM1Y2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJ56ONU3Im/hRdPFZVcN1+LY7N9t
aURpJnPL3GsEQtjabXuxhKEgWvO0XPpaCw7ULBEhGLBMUcOU6o7CJDHxuRiSJPFF
t5ttayFGUn0f29QN5VP1IZL28l8p19dCMi32QcetzS2CGdPcAo2ei6u4jikWbrTM
LO9xf4ygGwuMfdAFfMctff6SFBxCLxtEfzD5zfpPUT3HvFlUDX0DpTL7exhLmo0b
BY/tYymemagOoOJAH+1RH9aVkva7VN4/TQUM5I7U9iGWw5JESu0Ql05KACFi5HRL
qALzOoQkpoTm54gQ3mvtqeGAC3m2pZSzWDj6urqJc/TSWS+5wl7p2d8xwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZMHXTW8yXpsG9sk6NNVtPCDFzMMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEveGt3ZGROYnpKZW13YjJ5VG8wMVcwOElNWE13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8FLMA0G
CSqGSIb3DQEBCwUAA4IBAQAQSXBdsTN+FhwiTV7UyRRQI70wiF23LibIX/LyrU0j
v/QWzEAI2mudJv80yq543Rxe3rBZ2pi4sVcA8T+fe0hnA8d7YvySRNGZB6fOPu83
7/3cMnnEo9kTdyyxHT8MKXrOgZpB52COKNjl8LNHndtAzUopTwCDwtiwOvvD65il
H28LCE5XGspAE1f+7snAmKADv24fehVpEylcTLXsK14Q8spHo0KgWekFOOInFg4t
kuLdqKewWWadt6XohuVfvYbsQqHqjwM3jF6Lkj9iwrw8RNPLLecHBMUFqLpD3DuB
qXB4C2ISoZdkIuNKULU5q9hLp6aqvCLLYEtXMHM7WR6S
-----END CERTIFICATE-----