Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cc843e-60c7-47ac-823b-f8d6bd30cc19/1/GpM90An4j0aWnAQVOPwoRVNatnk.roa
File:                     GpM90An4j0aWnAQVOPwoRVNatnk.roa (raw, json)
Hash identifier:          MKIleZe0XP5Hk0DTuIZD6iDzaTxtrUWEQu34eF8ZBrE=
Subject key identifier:   1A:93:3D:D0:09:F8:8F:46:96:9C:04:15:38:FC:28:45:53:5A:B6:79
Certificate issuer:       /CN=0adcf62c6b5411139a5d1309dd9ed926f4314320
Certificate serial:       019424B280275A172B2A6083D0A3A810C645
Authority key identifier: 0A:DC:F6:2C:6B:54:11:13:9A:5D:13:09:DD:9E:D9:26:F4:31:43:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ctz2LGtUEROaXRMJ3Z7ZJvQxQyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cc843e-60c7-47ac-823b-f8d6bd30cc19/1/GpM90An4j0aWnAQVOPwoRVNatnk.roa
Signing time:             Thu 02 Jan 2025 01:47:45 +0000
ROA not before:           Thu 02 Jan 2025 01:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208693
IP address blocks:        91.132.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cc843e-60c7-47ac-823b-f8d6bd30cc19/1/Ctz2LGtUEROaXRMJ3Z7ZJvQxQyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cc843e-60c7-47ac-823b-f8d6bd30cc19/1/Ctz2LGtUEROaXRMJ3Z7ZJvQxQyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ctz2LGtUEROaXRMJ3Z7ZJvQxQyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:80:27:5a:17:2b:2a:60:83:d0:a3:a8:10:c6:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0adcf62c6b5411139a5d1309dd9ed926f4314320
        Validity
            Not Before: Jan  2 01:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a933dd009f88f46969c041538fc2845535ab679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:dd:e6:83:5e:ed:d7:00:d1:e1:77:2f:c8:6e:
                    20:4b:09:c5:7c:b5:9c:3b:28:78:8b:95:27:71:da:
                    9d:f9:3a:9f:5f:60:5b:7f:d9:ba:62:3f:cf:d8:9f:
                    ec:d0:86:4c:6a:25:ec:50:d3:b6:d6:92:2a:92:1b:
                    06:ef:bd:b5:90:eb:38:c1:ec:52:0e:68:7e:da:78:
                    05:12:5d:dc:56:37:64:81:9f:0c:95:ce:93:6b:7c:
                    df:bf:4b:0c:f4:3f:d0:d9:5a:da:3c:36:0b:54:08:
                    a6:d8:e6:5e:6d:a2:f9:37:76:92:28:7c:66:80:6d:
                    1c:f4:64:2b:fc:5c:14:2a:ad:cc:52:28:3f:e7:f5:
                    ed:0c:99:75:41:3b:ea:6c:24:2f:02:7a:c1:db:ad:
                    ce:7b:f5:5a:2d:f2:39:e0:a5:31:d6:32:ee:38:d9:
                    01:5d:51:7d:6c:d8:22:97:75:bd:b7:52:7e:31:24:
                    fc:a7:78:5c:be:ac:99:8e:17:3e:73:92:7e:83:ef:
                    30:16:e7:9c:70:5d:a6:37:0c:4c:78:d5:1f:5a:f0:
                    fc:cb:5c:b8:93:44:6d:c7:19:dd:32:60:ca:84:3a:
                    84:a5:ef:18:55:ce:93:e1:51:4e:e8:aa:68:fe:a8:
                    b1:73:dd:e9:b1:54:1e:25:5e:25:dc:59:61:36:4d:
                    7f:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:93:3D:D0:09:F8:8F:46:96:9C:04:15:38:FC:28:45:53:5A:B6:79
            X509v3 Authority Key Identifier:
                keyid:0A:DC:F6:2C:6B:54:11:13:9A:5D:13:09:DD:9E:D9:26:F4:31:43:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ctz2LGtUEROaXRMJ3Z7ZJvQxQyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cc843e-60c7-47ac-823b-f8d6bd30cc19/1/GpM90An4j0aWnAQVOPwoRVNatnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cc843e-60c7-47ac-823b-f8d6bd30cc19/1/Ctz2LGtUEROaXRMJ3Z7ZJvQxQyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:f8:ff:ac:60:e2:99:0e:f5:8a:bb:fd:2a:fa:e2:ed:ca:cb:
         f4:1d:ec:6f:8d:78:a9:88:db:43:cb:9a:00:05:3e:2d:db:23:
         9b:a5:fc:67:9f:30:17:74:f4:e0:68:2e:45:1a:08:63:82:9b:
         7e:68:5a:78:26:0b:ac:f5:31:fa:aa:c8:8a:99:fc:e9:ae:39:
         ca:6d:63:ef:a3:d8:08:1e:e7:71:4f:34:e8:a1:0f:cf:5a:e8:
         00:ea:9b:13:5b:a8:ed:27:3a:2c:41:83:ac:0c:2e:2c:91:58:
         4b:a3:3b:2f:1a:34:4a:dc:2f:7a:5e:ab:4c:57:c9:5f:68:c3:
         b1:0c:2d:6e:11:ac:65:be:a9:d6:d9:fc:8b:11:d8:7d:4d:50:
         31:6c:94:4f:97:14:2c:e8:49:9c:c8:6a:93:21:0f:45:a6:14:
         c2:28:3d:20:27:14:c7:a7:9e:a6:25:ce:45:07:3e:5f:56:61:
         27:29:c3:40:78:dc:9a:35:ec:72:dd:3c:24:24:54:23:ba:c1:
         30:37:73:88:28:79:00:a0:44:c2:59:ac:cb:d7:2f:dc:c7:6e:
         bf:88:64:10:b5:30:e0:7f:6c:68:cd:4f:63:42:e7:14:bf:34:
         89:e3:36:d0:2f:7f:b8:ec:43:0e:15:91:55:0a:99:f1:7c:eb:
         20:f7:a7:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksoAnWhcrKmCD0KOoEMZFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZGNmNjJjNmI1NDExMTM5YTVkMTMwOWRkOWVkOTI2ZjQz
MTQzMjAwHhcNMjUwMTAyMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTkzM2RkMDA5Zjg4ZjQ2OTY5YzA0MTUzOGZjMjg0NTUzNWFiNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2N3mg17t1wDR4XcvyG4gSwnFfLWc
Oyh4i5Uncdqd+TqfX2Bbf9m6Yj/P2J/s0IZMaiXsUNO21pIqkhsG7721kOs4wexS
Dmh+2ngFEl3cVjdkgZ8Mlc6Ta3zfv0sM9D/Q2VraPDYLVAim2OZebaL5N3aSKHxm
gG0c9GQr/FwUKq3MUig/5/XtDJl1QTvqbCQvAnrB263Oe/VaLfI54KUx1jLuONkB
XVF9bNgil3W9t1J+MST8p3hcvqyZjhc+c5J+g+8wFueccF2mNwxMeNUfWvD8y1y4
k0RtxxndMmDKhDqEpe8YVc6T4VFO6Kpo/qixc93psVQeJV4l3FlhNk1/RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqTPdAJ+I9GlpwEFTj8KEVTWrZ5MB8GA1UdIwQY
MBaAFArc9ixrVBETml0TCd2e2Sb0MUMgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3R6MkxHdFVFUk9hWFJNSjNaN1pKdlF4UXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYzg0M2UtNjBjNy00N2FjLTgyM2It
ZjhkNmJkMzBjYzE5LzEvR3BNOTBBbjRqMGFXbkFRVk9Qd29SVk5hdG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYzg0M2UtNjBjNy00N2FjLTgyM2ItZjhkNmJkMzBjYzE5
LzEvQ3R6MkxHdFVFUk9hWFJNSjNaN1pKdlF4UXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4TzMA0G
CSqGSIb3DQEBCwUAA4IBAQA5+P+sYOKZDvWKu/0q+uLtysv0HexvjXipiNtDy5oA
BT4t2yObpfxnnzAXdPTgaC5FGghjgpt+aFp4Jgus9TH6qsiKmfzprjnKbWPvo9gI
HudxTzTooQ/PWugA6psTW6jtJzosQYOsDC4skVhLozsvGjRK3C96XqtMV8lfaMOx
DC1uEaxlvqnW2fyLEdh9TVAxbJRPlxQs6EmcyGqTIQ9FphTCKD0gJxTHp56mJc5F
Bz5fVmEnKcNAeNyaNexy3TwkJFQjusEwN3OIKHkAoETCWazL1y/cx26/iGQQtTDg
f2xozU9jQucUvzSJ4zbQL3+47EMOFZFVCpnxfOsg96eE
-----END CERTIFICATE-----