Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/64p5o-0qnUcfwWS02nv_DkPvL3I.roa
File:                     64p5o-0qnUcfwWS02nv_DkPvL3I.roa (raw, json)
Hash identifier:          niXYitJiZ8IxUWpDspPEEvq6acqCjMtSycTMiACHf58=
Subject key identifier:   EB:8A:79:A3:ED:2A:9D:47:1F:C1:64:B4:DA:7B:FF:0E:43:EF:2F:72
Certificate issuer:       /CN=4b48cf146b4c73d274096d705708d24b729329f8
Certificate serial:       01942521C50A6B2BA13251757D04ABD026BE
Authority key identifier: 4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/64p5o-0qnUcfwWS02nv_DkPvL3I.roa
Signing time:             Thu 02 Jan 2025 03:49:17 +0000
ROA not before:           Thu 02 Jan 2025 03:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50525
IP address blocks:        91.148.232.0/22 maxlen: 24
                          91.148.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c5:0a:6b:2b:a1:32:51:75:7d:04:ab:d0:26:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b48cf146b4c73d274096d705708d24b729329f8
        Validity
            Not Before: Jan  2 03:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb8a79a3ed2a9d471fc164b4da7bff0e43ef2f72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d4:a5:34:1b:9b:5b:18:4e:3f:c5:a7:8c:15:
                    d2:a0:c4:65:0b:e3:24:bb:26:ff:d5:00:44:9d:ac:
                    f5:ad:cd:72:97:ba:07:f5:01:02:ad:69:a4:24:d2:
                    28:e5:ef:b4:49:57:c3:6f:0d:cf:e1:2e:0f:25:44:
                    09:7f:66:3c:f2:93:35:68:40:ee:87:01:46:ea:08:
                    d6:65:81:0f:b5:5f:56:e5:27:75:c4:e0:1e:5f:44:
                    d8:0c:9f:60:23:9d:90:f6:d8:f7:84:a4:df:6b:d1:
                    22:ba:77:dc:4f:e6:d7:b3:4a:69:b5:e7:05:fe:72:
                    36:a2:44:2d:e9:b7:c3:1b:43:ef:7c:32:4d:bc:e7:
                    c8:65:a5:40:ee:4a:78:6c:86:3f:49:42:dc:ba:22:
                    a3:6a:66:6c:98:01:96:03:0c:25:8f:82:27:8c:5f:
                    b5:24:45:0f:9d:22:45:00:db:1a:5d:0d:60:0d:53:
                    cf:3e:dc:4b:4d:51:0a:45:b4:87:65:3b:4b:8d:0a:
                    08:52:5d:fb:a6:5e:44:25:fe:59:d7:1d:93:0f:b9:
                    a8:24:fc:ac:0f:20:0b:5f:d9:07:13:dc:ad:e9:48:
                    78:69:61:dc:0a:79:bf:02:cc:8d:a1:56:86:98:02:
                    be:91:48:05:be:7f:4c:07:fa:a2:fb:c7:41:19:2d:
                    35:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:8A:79:A3:ED:2A:9D:47:1F:C1:64:B4:DA:7B:FF:0E:43:EF:2F:72
            X509v3 Authority Key Identifier:
                keyid:4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/64p5o-0qnUcfwWS02nv_DkPvL3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.148.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9d:c4:43:71:5f:42:25:86:95:b8:92:18:f3:15:17:9a:a2:af:
         6a:07:51:e4:cf:69:4c:3e:ec:05:e9:4d:e3:f7:59:2e:84:e1:
         f6:5f:48:81:0f:93:98:d9:7b:32:d3:a1:35:7f:ed:28:a0:a6:
         3b:af:83:58:dd:cf:5b:3f:c0:d1:ad:93:bd:b2:83:98:13:b1:
         33:c4:de:f3:ef:48:bd:55:5d:d7:56:d5:e4:65:ae:82:5b:6e:
         42:b7:8f:b4:1c:fd:b0:17:c6:ea:ba:58:5e:3f:70:92:1f:28:
         9c:9c:7f:06:2f:c3:80:6c:c0:e2:31:0b:a2:c9:15:b1:d2:19:
         e8:c9:3e:c3:f5:d8:55:36:92:a5:88:35:45:a3:08:bf:c1:82:
         41:de:42:2e:5b:84:d7:c0:63:b6:1d:64:15:da:ad:fa:59:1e:
         94:8b:a4:1e:40:23:30:fb:b6:82:58:cc:29:67:4f:21:ca:18:
         d9:75:cb:d9:f2:28:06:70:bd:29:32:57:15:4d:16:21:7c:f1:
         5f:7b:3a:34:f1:14:d6:9f:ec:e3:cb:9c:2f:fe:45:a0:06:bb:
         73:1d:ad:62:b3:11:95:fb:81:b8:ee:56:7d:ec:ec:35:0b:d4:
         16:06:a9:82:0e:7b:3a:01:1c:fe:37:fd:89:3d:55:61:b1:cc:
         ba:d2:da:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIcUKayuhMlF1fQSr0Ca+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDhjZjE0NmI0YzczZDI3NDA5NmQ3MDU3MDhkMjRiNzI5
MzI5ZjgwHhcNMjUwMTAyMDM0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjhhNzlhM2VkMmE5ZDQ3MWZjMTY0YjRkYTdiZmYwZTQzZWYyZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldSlNBubWxhOP8WnjBXSoMRlC+Mk
uyb/1QBEnaz1rc1yl7oH9QECrWmkJNIo5e+0SVfDbw3P4S4PJUQJf2Y88pM1aEDu
hwFG6gjWZYEPtV9W5Sd1xOAeX0TYDJ9gI52Q9tj3hKTfa9EiunfcT+bXs0pptecF
/nI2okQt6bfDG0PvfDJNvOfIZaVA7kp4bIY/SULcuiKjamZsmAGWAwwlj4InjF+1
JEUPnSJFANsaXQ1gDVPPPtxLTVEKRbSHZTtLjQoIUl37pl5EJf5Z1x2TD7moJPys
DyALX9kHE9yt6Uh4aWHcCnm/AsyNoVaGmAK+kUgFvn9MB/qi+8dBGS01uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuKeaPtKp1HH8FktNp7/w5D7y9yMB8GA1UdIwQY
MBaAFEtIzxRrTHPSdAltcFcI0ktykyn4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMt
NjRhNmEwNWI5OTA1LzEvNjRwNW8tMHFuVWNmd1dTMDJudl9Ea1B2TDNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMtNjRhNmEwNWI5OTA1
LzEvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW5ToMA0G
CSqGSIb3DQEBCwUAA4IBAQCdxENxX0IlhpW4khjzFReaoq9qB1Hkz2lMPuwF6U3j
91kuhOH2X0iBD5OY2Xsy06E1f+0ooKY7r4NY3c9bP8DRrZO9soOYE7EzxN7z70i9
VV3XVtXkZa6CW25Ct4+0HP2wF8bqulheP3CSHyicnH8GL8OAbMDiMQuiyRWx0hno
yT7D9dhVNpKliDVFowi/wYJB3kIuW4TXwGO2HWQV2q36WR6Ui6QeQCMw+7aCWMwp
Z08hyhjZdcvZ8igGcL0pMlcVTRYhfPFfezo08RTWn+zjy5wv/kWgBrtzHa1isxGV
+4G47lZ97Ow1C9QWBqmCDns6ARz+N/2JPVVhscy60tqj
-----END CERTIFICATE-----