Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/LoWrhbVZ8jr7hgklkvLgB0CFX1Q.roa
File:                     LoWrhbVZ8jr7hgklkvLgB0CFX1Q.roa (raw, json)
Hash identifier:          MbE472GZrVjRUkjmiZKaY+eUbJoNLqUdRh4VdOgfIjM=
Subject key identifier:   2E:85:AB:85:B5:59:F2:3A:FB:86:09:25:92:F2:E0:07:40:85:5F:54
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       01971A8DDF7315A23FE96B3673CCA961269B
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/LoWrhbVZ8jr7hgklkvLgB0CFX1Q.roa
Signing time:             Thu 29 May 2025 05:39:54 +0000
ROA not before:           Thu 29 May 2025 05:39:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        91.186.194.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1a:8d:df:73:15:a2:3f:e9:6b:36:73:cc:a9:61:26:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: May 29 05:39:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e85ab85b559f23afb86092592f2e00740855f54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:36:7a:31:7d:9f:1e:07:e0:75:9e:d8:cf:c1:
                    58:3d:3a:6b:85:1e:0c:23:89:d2:ac:47:be:14:05:
                    ae:05:8b:de:5a:c0:88:af:4a:ae:72:60:52:02:6e:
                    ad:b5:24:16:c9:31:a9:83:99:e3:57:6e:2a:6c:84:
                    8d:0d:88:66:fc:ee:81:e7:e3:74:7f:13:7d:13:24:
                    17:2d:08:8f:a9:f9:48:54:87:87:fb:60:a3:ae:fc:
                    2c:7b:85:88:ee:1f:55:14:1c:f6:a1:be:7c:85:5a:
                    c5:de:83:1b:86:6f:b7:58:e1:d6:e6:1b:be:3a:42:
                    c5:9e:30:f4:62:cd:70:66:c6:f8:5f:76:8a:fa:a2:
                    cb:b4:2c:6f:e0:7f:e4:41:01:6e:ab:fc:bd:92:eb:
                    91:2f:e3:47:d8:3b:b7:de:7e:0c:b7:bd:9e:96:b9:
                    c2:eb:3f:d0:2c:bb:27:80:a2:9f:f8:0c:98:45:a7:
                    cc:8d:8e:2c:a0:17:94:6e:6f:d2:4c:b4:83:8e:a1:
                    4c:9a:0e:06:96:8f:e0:01:90:60:ab:26:dc:63:3b:
                    8d:9f:5f:db:f3:34:c7:0a:ea:6c:31:b6:c9:0e:fc:
                    88:2f:3d:f4:6f:22:0f:fb:38:dd:6a:c2:7f:4c:be:
                    cf:97:08:02:f0:d6:29:68:81:09:1c:9d:f1:ad:19:
                    c5:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:85:AB:85:B5:59:F2:3A:FB:86:09:25:92:F2:E0:07:40:85:5F:54
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/LoWrhbVZ8jr7hgklkvLgB0CFX1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:71:88:a0:af:2b:dd:3a:e6:72:c0:9b:2d:17:d7:8c:fc:f5:
         c0:e1:ba:be:df:86:ca:f4:59:71:ec:df:95:05:9a:e1:8e:d0:
         90:a8:5e:39:10:88:2c:b6:ea:f4:5d:89:f1:3e:d0:f5:9e:e0:
         77:b0:4c:e0:c9:64:56:0f:6f:89:b3:d4:b3:95:95:ea:6e:dd:
         0a:d6:62:a3:50:1d:f4:57:f1:30:33:11:8c:46:de:cc:75:d3:
         e1:54:12:75:71:1c:1e:23:85:85:51:0b:53:47:bf:ff:25:78:
         b5:0b:52:26:e3:b5:8e:d5:08:1c:a4:e5:2a:7b:57:06:cc:f3:
         bc:ed:c5:52:f8:17:f7:60:cc:f8:41:4f:f0:e7:28:12:7b:64:
         19:9e:38:71:28:dd:a2:6c:da:2d:0e:83:58:1c:6b:0c:d2:01:
         ff:a9:6e:68:df:01:2f:5a:ce:6c:47:71:f8:6e:2e:4b:f9:69:
         d0:33:d9:bd:ec:75:aa:8d:fd:d9:08:7f:df:34:aa:61:c4:c5:
         93:c6:15:7e:e4:4b:a3:f8:62:80:33:a3:44:8e:5e:e2:30:e3:
         aa:d4:93:ec:76:27:18:b3:7a:47:d7:e8:6e:2f:9f:5f:96:29:
         a5:aa:60:e7:54:d5:62:ec:69:ff:70:02:33:00:c9:54:ea:83:
         c0:ca:43:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcajd9zFaI/6Ws2c8ypYSabMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUwNTI5MDUzOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTg1YWI4NWI1NTlmMjNhZmI4NjA5MjU5MmYyZTAwNzQwODU1ZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDZ6MX2fHgfgdZ7Yz8FYPTprhR4M
I4nSrEe+FAWuBYveWsCIr0qucmBSAm6ttSQWyTGpg5njV24qbISNDYhm/O6B5+N0
fxN9EyQXLQiPqflIVIeH+2Cjrvwse4WI7h9VFBz2ob58hVrF3oMbhm+3WOHW5hu+
OkLFnjD0Ys1wZsb4X3aK+qLLtCxv4H/kQQFuq/y9kuuRL+NH2Du33n4Mt72elrnC
6z/QLLsngKKf+AyYRafMjY4soBeUbm/STLSDjqFMmg4Glo/gAZBgqybcYzuNn1/b
8zTHCupsMbbJDvyILz30byIP+zjdasJ/TL7PlwgC8NYpaIEJHJ3xrRnFzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6Fq4W1WfI6+4YJJZLy4AdAhV9UMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvTG9XcmhiVlo4anI3aGdrbGt2TGdCMENGWDFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW7rCMA0G
CSqGSIb3DQEBCwUAA4IBAQAtcYigryvdOuZywJstF9eM/PXA4bq+34bK9Flx7N+V
BZrhjtCQqF45EIgstur0XYnxPtD1nuB3sEzgyWRWD2+Js9SzlZXqbt0K1mKjUB30
V/EwMxGMRt7MddPhVBJ1cRweI4WFUQtTR7//JXi1C1Im47WO1QgcpOUqe1cGzPO8
7cVS+Bf3YMz4QU/w5ygSe2QZnjhxKN2ibNotDoNYHGsM0gH/qW5o3wEvWs5sR3H4
bi5L+WnQM9m97HWqjf3ZCH/fNKphxMWTxhV+5Euj+GKAM6NEjl7iMOOq1JPsdicY
s3pH1+huL59flimlqmDnVNVi7Gn/cAIzAMlU6oPAykO5
-----END CERTIFICATE-----