Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/bNTthk-6VNC8BPqO0CXb0wpv7Ko.roa
File:                     bNTthk-6VNC8BPqO0CXb0wpv7Ko.roa (raw, json)
Hash identifier:          U+k7jHV+TEaRK88+v5GTKPK+suUq7iPi4AwDl7BFsh0=
Subject key identifier:   6C:D4:ED:86:4F:BA:54:D0:BC:04:FA:8E:D0:25:DB:D3:0A:6F:EC:AA
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       019426D9FB6E0714113C2DFB82729974A2C5
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/bNTthk-6VNC8BPqO0CXb0wpv7Ko.roa
Signing time:             Thu 02 Jan 2025 11:50:07 +0000
ROA not before:           Thu 02 Jan 2025 11:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20616
IP address blocks:        91.208.142.0/24 maxlen: 24
                          195.246.242.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:fb:6e:07:14:11:3c:2d:fb:82:72:99:74:a2:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Jan  2 11:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6cd4ed864fba54d0bc04fa8ed025dbd30a6fecaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:33:84:54:79:17:d0:ac:b4:ab:ac:03:80:22:
                    9f:f9:29:8c:40:52:a8:d6:f1:0f:9c:c0:d7:5b:47:
                    ad:31:01:3c:28:af:40:fe:79:f7:95:30:2d:88:3c:
                    e8:f8:c3:5b:be:19:12:1a:c5:8a:bb:05:7d:ad:7d:
                    bc:3a:7f:3d:6c:88:70:58:a0:4a:59:d0:16:33:36:
                    73:a5:2f:f2:e2:c3:60:93:03:cd:e2:91:c3:1b:93:
                    48:27:fa:45:8a:56:9c:00:ea:d3:7a:1c:c1:78:12:
                    46:8d:b4:05:ab:f1:54:a5:29:40:1a:14:e7:3a:92:
                    04:82:d1:28:99:36:91:68:35:44:f5:93:5d:78:38:
                    b9:c5:7c:97:72:87:34:42:3e:18:2d:29:fe:f7:16:
                    85:4f:76:dc:41:3d:4d:df:7a:6e:65:4d:3e:31:d7:
                    bf:7d:09:c1:01:84:ec:d7:86:b8:8e:03:2e:ca:ab:
                    06:71:9e:5e:c0:93:25:aa:c1:fa:35:5a:1d:bb:6a:
                    99:93:30:e0:3d:bd:ee:69:27:17:1d:f9:07:de:30:
                    e8:5e:87:2f:a3:e1:25:a5:a7:dc:71:51:57:8b:1b:
                    9f:4a:12:62:f1:b2:da:d6:80:48:87:d2:39:37:ab:
                    12:c5:d7:d6:20:de:8a:bb:b7:d5:4b:ba:f9:7c:a0:
                    ff:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:D4:ED:86:4F:BA:54:D0:BC:04:FA:8E:D0:25:DB:D3:0A:6F:EC:AA
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/bNTthk-6VNC8BPqO0CXb0wpv7Ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.142.0/24
                  195.246.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:43:fc:37:d8:90:be:64:ce:7a:ee:1f:3e:b0:6a:ea:f1:9e:
         6a:e1:20:59:da:03:31:79:4e:24:6b:8f:3e:cf:8b:b9:e5:99:
         8e:f1:f6:ee:35:66:81:2e:c8:74:eb:38:da:03:5a:6d:eb:be:
         b1:5b:d9:da:59:4f:8a:13:60:e0:8b:9b:41:af:d4:73:ef:9f:
         18:6b:eb:fa:74:9f:40:e0:7a:8d:27:79:f5:08:80:52:19:4f:
         d5:82:fd:8c:b5:24:24:7e:b2:59:67:87:e9:38:d8:b5:29:29:
         af:e8:cd:7c:66:09:81:27:df:a8:c2:d6:06:94:9c:67:6b:85:
         24:a0:21:f1:f6:0b:16:be:00:b0:90:1f:3b:d1:9b:45:19:75:
         c8:ca:55:43:4a:bf:74:2f:6e:ea:75:01:ce:2c:7b:6b:7c:4d:
         9b:77:cd:84:89:bf:00:c3:16:f4:bf:bf:04:cd:1d:0d:26:83:
         d5:28:e0:73:e4:46:a7:ae:e8:a7:ff:25:98:ae:52:d4:f9:a5:
         ad:70:94:94:21:60:00:7a:8e:b4:3c:ec:b4:13:6b:05:42:33:
         10:7c:87:bb:08:24:59:c6:0b:ce:0c:a3:be:ef:58:2f:04:ca:
         e5:16:29:da:4b:15:d9:8e:17:73:0a:3e:b5:86:eb:44:50:af:
         a6:13:46:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2ftuBxQRPC37gnKZdKLFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjUwMTAyMTE1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2Q0ZWQ4NjRmYmE1NGQwYmMwNGZhOGVkMDI1ZGJkMzBhNmZlY2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzOEVHkX0Ky0q6wDgCKf+SmMQFKo
1vEPnMDXW0etMQE8KK9A/nn3lTAtiDzo+MNbvhkSGsWKuwV9rX28On89bIhwWKBK
WdAWMzZzpS/y4sNgkwPN4pHDG5NIJ/pFilacAOrTehzBeBJGjbQFq/FUpSlAGhTn
OpIEgtEomTaRaDVE9ZNdeDi5xXyXcoc0Qj4YLSn+9xaFT3bcQT1N33puZU0+Mde/
fQnBAYTs14a4jgMuyqsGcZ5ewJMlqsH6NVodu2qZkzDgPb3uaScXHfkH3jDoXocv
o+ElpafccVFXixufShJi8bLa1oBIh9I5N6sSxdfWIN6Ku7fVS7r5fKD/PQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGzU7YZPulTQvAT6jtAl29MKb+yqMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvYk5UdGhrLTZWTkM4QlBxTzBDWGIwd3B2N0tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9COAwQB
w/byMA0GCSqGSIb3DQEBCwUAA4IBAQAoQ/w32JC+ZM567h8+sGrq8Z5q4SBZ2gMx
eU4ka48+z4u55ZmO8fbuNWaBLsh06zjaA1pt676xW9naWU+KE2Dgi5tBr9Rz758Y
a+v6dJ9A4HqNJ3n1CIBSGU/Vgv2MtSQkfrJZZ4fpONi1KSmv6M18ZgmBJ9+owtYG
lJxna4UkoCHx9gsWvgCwkB870ZtFGXXIylVDSr90L27qdQHOLHtrfE2bd82Eib8A
wxb0v78EzR0NJoPVKOBz5Eanruin/yWYrlLU+aWtcJSUIWAAeo60POy0E2sFQjMQ
fIe7CCRZxgvODKO+71gvBMrlFinaSxXZjhdzCj61hutEUK+mE0b9
-----END CERTIFICATE-----