Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/JtK5RD-DTIOQNW_JXWGlPrgL9tE.roa
File:                     JtK5RD-DTIOQNW_JXWGlPrgL9tE.roa (raw, json)
Hash identifier:          /+XnmRP4/kZj+79ZCDvZV6TsrFKYsjV9u/awORCe7Sg=
Subject key identifier:   26:D2:B9:44:3F:83:4C:83:90:35:6F:C9:5D:61:A5:3E:B8:0B:F6:D1
Certificate issuer:       /CN=4b48cf146b4c73d274096d705708d24b729329f8
Certificate serial:       01942521C55DED792175D8A9220CE764F3A9
Authority key identifier: 4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/JtK5RD-DTIOQNW_JXWGlPrgL9tE.roa
Signing time:             Thu 02 Jan 2025 03:49:17 +0000
ROA not before:           Thu 02 Jan 2025 03:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50684
IP address blocks:        91.148.232.0/22 maxlen: 24
                          91.148.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c5:5d:ed:79:21:75:d8:a9:22:0c:e7:64:f3:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b48cf146b4c73d274096d705708d24b729329f8
        Validity
            Not Before: Jan  2 03:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26d2b9443f834c8390356fc95d61a53eb80bf6d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e2:c8:55:22:2f:a5:50:d2:96:13:f7:9f:a8:
                    74:df:60:db:2b:fb:79:c7:bb:35:d7:cc:8f:92:b1:
                    dc:52:8a:d5:7a:ae:64:d2:73:ec:60:1b:71:82:e0:
                    fe:09:a2:77:0b:fb:8e:b5:3a:48:c6:d6:4a:da:93:
                    16:a2:8a:b5:a8:bf:00:e8:a4:19:db:b1:7a:c8:cf:
                    15:18:81:51:c7:e7:4a:95:6d:36:50:24:90:3f:b8:
                    4d:dc:ce:37:0d:e5:05:1a:2f:1f:f4:09:f0:d3:57:
                    f7:54:f4:42:bb:9f:b7:3f:23:9f:ab:65:76:29:e4:
                    fc:b7:19:a2:6f:1b:5d:1f:8b:fe:1e:ed:7a:4d:67:
                    ff:38:6e:b7:ff:b8:5f:4c:ff:b7:0f:51:99:9a:8d:
                    7b:bd:6d:8c:34:93:a0:82:2b:13:b6:6b:26:d3:24:
                    45:6f:5b:e0:f2:9a:36:19:bb:4c:63:67:bc:69:0c:
                    eb:fb:1a:92:e8:75:a3:05:63:09:8b:6f:12:e4:ec:
                    28:6a:99:82:4c:f8:96:60:57:61:a2:22:22:89:5b:
                    7c:e0:70:a9:d5:65:10:ac:6e:3e:dc:f5:2f:89:6e:
                    6f:34:fa:19:6a:c4:43:60:19:ef:b8:dd:89:29:fa:
                    c7:db:3b:66:d2:03:d2:42:fe:4c:d2:85:57:66:e5:
                    c1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D2:B9:44:3F:83:4C:83:90:35:6F:C9:5D:61:A5:3E:B8:0B:F6:D1
            X509v3 Authority Key Identifier:
                keyid:4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/JtK5RD-DTIOQNW_JXWGlPrgL9tE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.148.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7c:83:6f:3d:a4:be:a4:ba:79:4a:d7:14:48:04:25:c2:7a:a6:
         18:46:f8:33:44:9d:94:56:10:2d:bc:9e:be:ba:22:a3:e0:6b:
         81:e6:c0:fb:97:8d:7c:bb:12:02:46:58:a2:f1:11:d3:35:ed:
         30:ee:fd:a3:e7:b9:02:4e:32:78:f1:9e:50:0c:3e:ca:f3:8d:
         95:fb:ca:42:ef:fd:31:f0:38:16:d4:46:fb:eb:16:69:7d:bb:
         48:2b:3e:5f:c5:b7:fb:af:fe:ad:e3:19:8e:fb:c8:dc:bf:3e:
         5d:31:fc:60:e8:ba:92:65:d9:6e:08:ef:d1:ac:4e:75:30:ba:
         f0:5d:5e:a2:8c:28:8b:13:e8:be:0f:31:89:4b:a3:d5:73:94:
         93:a9:86:08:7a:30:80:33:68:ff:b7:bd:90:c9:15:93:2d:a3:
         09:e5:e2:93:86:34:51:9c:d3:14:c2:bc:a4:32:31:97:f1:80:
         44:60:84:d7:46:05:33:3e:bb:4a:a0:0d:20:5d:f4:3c:af:7b:
         1a:0e:aa:db:47:08:ba:ab:6b:00:f5:2a:a1:2b:ce:3f:8a:5d:
         a9:57:21:9f:66:b3:29:4f:17:c7:49:6d:aa:c8:20:a4:76:70:
         f3:af:92:c0:00:40:07:7c:b8:59:bb:5f:d8:b2:20:fb:fa:ef:
         c4:b7:9d:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIcVd7XkhddipIgznZPOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDhjZjE0NmI0YzczZDI3NDA5NmQ3MDU3MDhkMjRiNzI5
MzI5ZjgwHhcNMjUwMTAyMDM0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQyYjk0NDNmODM0YzgzOTAzNTZmYzk1ZDYxYTUzZWI4MGJmNmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOLIVSIvpVDSlhP3n6h032DbK/t5
x7s118yPkrHcUorVeq5k0nPsYBtxguD+CaJ3C/uOtTpIxtZK2pMWooq1qL8A6KQZ
27F6yM8VGIFRx+dKlW02UCSQP7hN3M43DeUFGi8f9Anw01f3VPRCu5+3PyOfq2V2
KeT8txmibxtdH4v+Hu16TWf/OG63/7hfTP+3D1GZmo17vW2MNJOggisTtmsm0yRF
b1vg8po2GbtMY2e8aQzr+xqS6HWjBWMJi28S5OwoapmCTPiWYFdhoiIiiVt84HCp
1WUQrG4+3PUviW5vNPoZasRDYBnvuN2JKfrH2ztm0gPSQv5M0oVXZuXB1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbSuUQ/g0yDkDVvyV1hpT64C/bRMB8GA1UdIwQY
MBaAFEtIzxRrTHPSdAltcFcI0ktykyn4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMt
NjRhNmEwNWI5OTA1LzEvSnRLNVJELURUSU9RTldfSlhXR2xQcmdMOXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMtNjRhNmEwNWI5OTA1
LzEvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW5ToMA0G
CSqGSIb3DQEBCwUAA4IBAQB8g289pL6kunlK1xRIBCXCeqYYRvgzRJ2UVhAtvJ6+
uiKj4GuB5sD7l418uxICRlii8RHTNe0w7v2j57kCTjJ48Z5QDD7K842V+8pC7/0x
8DgW1Eb76xZpfbtIKz5fxbf7r/6t4xmO+8jcvz5dMfxg6LqSZdluCO/RrE51MLrw
XV6ijCiLE+i+DzGJS6PVc5STqYYIejCAM2j/t72QyRWTLaMJ5eKThjRRnNMUwryk
MjGX8YBEYITXRgUzPrtKoA0gXfQ8r3saDqrbRwi6q2sA9SqhK84/il2pVyGfZrMp
TxfHSW2qyCCkdnDzr5LAAEAHfLhZu1/YsiD7+u/Et53K
-----END CERTIFICATE-----