Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/IDEflvuhIV83KNodcAdWAptJFNk.roa
File:                     IDEflvuhIV83KNodcAdWAptJFNk.roa (raw, json)
Hash identifier:          zpiVwHp2RqR56XaB25fCyR/sdSQ8zP/Sy5LNAYg81lo=
Subject key identifier:   20:31:1F:96:FB:A1:21:5F:37:28:DA:1D:70:07:56:02:9B:49:14:D9
Certificate issuer:       /CN=ff7d8a79bad4f983d0c49895af50ea8a03ebc70d
Certificate serial:       0195F17C9A1A5EFAFC8B55C58D757A741EA3
Authority key identifier: FF:7D:8A:79:BA:D4:F9:83:D0:C4:98:95:AF:50:EA:8A:03:EB:C7:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/IDEflvuhIV83KNodcAdWAptJFNk.roa
Signing time:             Tue 01 Apr 2025 13:13:49 +0000
ROA not before:           Tue 01 Apr 2025 13:13:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6698
IP address blocks:        91.239.78.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f1:7c:9a:1a:5e:fa:fc:8b:55:c5:8d:75:7a:74:1e:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff7d8a79bad4f983d0c49895af50ea8a03ebc70d
        Validity
            Not Before: Apr  1 13:13:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20311f96fba1215f3728da1d700756029b4914d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ed:e5:8e:95:7d:c3:d1:05:d3:82:3b:7e:97:
                    20:bc:01:f8:bf:a5:cc:27:fc:c9:2c:b5:08:e6:18:
                    1c:03:90:62:c7:8e:35:72:f9:a7:61:b8:04:ce:3f:
                    bb:8f:54:2a:e2:99:85:eb:64:62:a2:ff:db:bb:64:
                    09:e3:d7:f0:37:fb:85:ac:b1:aa:61:a6:b4:2c:32:
                    22:23:be:34:ed:09:48:6e:d0:bf:4a:f5:91:67:d9:
                    65:f5:81:6a:66:d6:97:b1:dc:2a:5f:1a:05:aa:fe:
                    5e:c2:f2:0c:50:f7:dd:37:a4:61:72:db:7f:14:1d:
                    c8:6f:77:fa:42:58:1c:80:c1:b0:17:e2:b2:e0:7a:
                    32:14:44:cc:5d:09:b8:55:7c:44:dd:96:3e:1b:10:
                    a0:17:05:96:e3:dd:35:f3:90:47:e7:df:db:33:47:
                    6f:f3:bf:e8:39:06:ef:37:ab:1f:e0:b2:56:de:3c:
                    c7:0c:6a:36:45:65:18:66:c6:ab:f5:cf:b4:bb:77:
                    3e:28:32:cf:75:b6:41:d9:1a:63:7d:7c:d9:a3:26:
                    ef:41:54:1d:9c:24:91:4e:a2:a4:bc:06:a3:c1:b4:
                    44:34:60:03:52:9c:c5:a0:f1:13:e5:eb:34:f8:2d:
                    6c:df:6a:39:fe:12:ad:47:2b:c4:ee:7a:d1:ff:d1:
                    6c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:31:1F:96:FB:A1:21:5F:37:28:DA:1D:70:07:56:02:9B:49:14:D9
            X509v3 Authority Key Identifier:
                keyid:FF:7D:8A:79:BA:D4:F9:83:D0:C4:98:95:AF:50:EA:8A:03:EB:C7:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/IDEflvuhIV83KNodcAdWAptJFNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:d4:ea:64:be:4c:0f:54:e8:e2:71:70:64:85:d9:69:a7:73:
         5f:b4:fb:74:4a:1f:a9:a1:46:06:a5:1b:db:65:1f:14:7a:c6:
         02:38:88:f9:14:4a:06:92:6b:c6:77:39:20:9a:8f:be:a9:18:
         db:71:0a:dd:86:20:e7:26:e5:99:09:92:e6:45:a8:2d:8d:2f:
         4e:83:d7:a8:89:71:19:b5:44:3c:22:d3:69:47:eb:71:6b:e2:
         3f:cc:74:5d:27:30:90:38:a7:9a:06:88:5c:15:9b:45:e1:6d:
         33:75:47:75:ad:63:04:72:bd:f6:89:0a:2a:72:f4:74:6f:69:
         09:77:ff:fa:3e:8e:8a:c2:27:1f:01:f4:84:00:b2:18:de:71:
         77:e5:e3:49:12:08:34:a5:14:28:26:77:7e:f4:f1:fd:e1:b8:
         da:35:06:ad:c6:08:fd:e6:d4:85:06:51:1b:c4:8f:c8:32:58:
         5e:3f:79:dc:6c:3d:89:9b:e4:a4:f5:b4:68:d7:58:42:17:42:
         00:9d:5f:a3:55:14:27:5b:ff:e7:b0:45:a4:68:22:aa:e0:a4:
         5a:e7:5a:df:22:58:f6:86:4e:70:1e:8e:7b:cd:cf:f1:e7:19:
         0d:01:ee:6f:6c:3a:6b:94:e6:c8:75:3d:23:40:3d:9e:85:61:
         61:12:22:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXxfJoaXvr8i1XFjXV6dB6jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmN2Q4YTc5YmFkNGY5ODNkMGM0OTg5NWFmNTBlYThhMDNl
YmM3MGQwHhcNMjUwNDAxMTMxMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDMxMWY5NmZiYTEyMTVmMzcyOGRhMWQ3MDA3NTYwMjliNDkxNGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAju3ljpV9w9EF04I7fpcgvAH4v6XM
J/zJLLUI5hgcA5Bix441cvmnYbgEzj+7j1Qq4pmF62Riov/bu2QJ49fwN/uFrLGq
Yaa0LDIiI7407QlIbtC/SvWRZ9ll9YFqZtaXsdwqXxoFqv5ewvIMUPfdN6Rhctt/
FB3Ib3f6QlgcgMGwF+Ky4HoyFETMXQm4VXxE3ZY+GxCgFwWW490185BH59/bM0dv
87/oOQbvN6sf4LJW3jzHDGo2RWUYZsar9c+0u3c+KDLPdbZB2RpjfXzZoybvQVQd
nCSRTqKkvAajwbRENGADUpzFoPET5es0+C1s32o5/hKtRyvE7nrR/9FswQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAxH5b7oSFfNyjaHXAHVgKbSRTZMB8GA1UdIwQY
MBaAFP99inm61PmD0MSYla9Q6ooD68cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzMyS2ViclUtWVBReEppVnIxRHFpZ1ByeHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NDI0ZWYtNjhhYS00YjcwLWIyY2Mt
MDg3M2UzOTk0ZDBlLzEvSURFZmx2dWhJVjgzS05vZGNBZFdBcHRKRk5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NDI0ZWYtNjhhYS00YjcwLWIyY2MtMDg3M2UzOTk0ZDBl
LzEvXzMyS2ViclUtWVBReEppVnIxRHFpZ1ByeHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+9OMA0G
CSqGSIb3DQEBCwUAA4IBAQA81OpkvkwPVOjicXBkhdlpp3NftPt0Sh+poUYGpRvb
ZR8UesYCOIj5FEoGkmvGdzkgmo++qRjbcQrdhiDnJuWZCZLmRagtjS9Og9eoiXEZ
tUQ8ItNpR+txa+I/zHRdJzCQOKeaBohcFZtF4W0zdUd1rWMEcr32iQoqcvR0b2kJ
d//6Po6KwicfAfSEALIY3nF35eNJEgg0pRQoJnd+9PH94bjaNQatxgj95tSFBlEb
xI/IMlheP3ncbD2Jm+Sk9bRo11hCF0IAnV+jVRQnW//nsEWkaCKq4KRa51rfIlj2
hk5wHo57zc/x5xkNAe5vbDprlObIdT0jQD2ehWFhEiIk
-----END CERTIFICATE-----