Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/f0b954-9886-409b-8219-d3fdfa9a8f14/1/R0bDzTZMsFHuXIVscoarjoJ_wTM.roa
File:                     R0bDzTZMsFHuXIVscoarjoJ_wTM.roa (raw, json)
Hash identifier:          9HD9aEc03IRoCnCCjg3LQXd12HLkqdNv34Xu2fVDTFY=
Subject key identifier:   47:46:C3:CD:36:4C:B0:51:EE:5C:85:6C:72:86:AB:8E:82:7F:C1:33
Certificate issuer:       /CN=a986a0677b91c45667e45e12ee07f5219901a87a
Certificate serial:       01942521F73F858D14EB99E45FA272F01844
Authority key identifier: A9:86:A0:67:7B:91:C4:56:67:E4:5E:12:EE:07:F5:21:99:01:A8:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qYagZ3uRxFZn5F4S7gf1IZkBqHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/f0b954-9886-409b-8219-d3fdfa9a8f14/1/R0bDzTZMsFHuXIVscoarjoJ_wTM.roa
Signing time:             Thu 02 Jan 2025 03:49:30 +0000
ROA not before:           Thu 02 Jan 2025 03:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20559
IP address blocks:        91.197.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/f0b954-9886-409b-8219-d3fdfa9a8f14/1/qYagZ3uRxFZn5F4S7gf1IZkBqHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/f0b954-9886-409b-8219-d3fdfa9a8f14/1/qYagZ3uRxFZn5F4S7gf1IZkBqHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qYagZ3uRxFZn5F4S7gf1IZkBqHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f7:3f:85:8d:14:eb:99:e4:5f:a2:72:f0:18:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a986a0677b91c45667e45e12ee07f5219901a87a
        Validity
            Not Before: Jan  2 03:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4746c3cd364cb051ee5c856c7286ab8e827fc133
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:e0:31:4b:4c:d0:68:27:bf:14:db:1b:70:47:
                    df:25:cd:9b:d9:5f:51:c5:d3:eb:98:85:95:58:a2:
                    7b:37:b3:71:68:ea:28:3b:8e:dc:df:f2:e8:04:0a:
                    e6:a4:fb:84:74:94:8f:2c:c9:9f:2e:b3:82:22:bd:
                    33:4a:ac:20:08:f0:bd:d6:79:74:4e:03:35:8f:81:
                    9d:bf:17:26:7b:0e:15:38:92:20:3b:e9:ca:3e:9b:
                    31:98:9d:5b:81:b7:d3:9a:35:38:10:c9:c5:5e:6a:
                    52:61:90:98:44:d9:38:3f:09:39:22:d2:0f:9d:d5:
                    f0:11:f0:31:74:ca:1b:f5:ab:6e:de:b7:e4:08:9a:
                    0d:e2:07:69:cf:d2:00:18:7b:5d:86:0f:f8:16:6e:
                    ea:9d:8b:7a:85:7b:61:ae:f3:d9:76:e7:f8:98:1b:
                    87:4f:04:b1:98:79:6b:7c:a9:6f:5e:fd:67:c9:10:
                    d4:d1:dd:95:22:dd:b0:4f:5c:14:6a:04:8f:60:8d:
                    41:09:c9:99:e9:a1:7e:a5:12:7b:91:15:7e:b1:b1:
                    26:15:f9:c0:98:9f:d5:be:7c:57:82:ba:11:5a:37:
                    2a:a1:2d:b0:58:83:b9:89:fd:75:54:0f:73:2b:62:
                    71:21:c3:06:0a:6f:46:3a:52:17:73:ab:7f:39:c4:
                    a9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:46:C3:CD:36:4C:B0:51:EE:5C:85:6C:72:86:AB:8E:82:7F:C1:33
            X509v3 Authority Key Identifier:
                keyid:A9:86:A0:67:7B:91:C4:56:67:E4:5E:12:EE:07:F5:21:99:01:A8:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYagZ3uRxFZn5F4S7gf1IZkBqHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/f0b954-9886-409b-8219-d3fdfa9a8f14/1/R0bDzTZMsFHuXIVscoarjoJ_wTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/f0b954-9886-409b-8219-d3fdfa9a8f14/1/qYagZ3uRxFZn5F4S7gf1IZkBqHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:d6:7b:87:f0:15:d1:2d:f1:ae:eb:da:90:71:ef:49:80:3a:
         f4:67:cc:70:34:8d:b1:63:f8:27:e8:c0:bf:63:5d:ad:32:c5:
         22:f9:1c:e1:ce:2d:bb:31:a8:57:11:43:e3:59:01:8f:fe:ff:
         52:ed:86:62:ce:88:29:2a:1e:64:7d:49:31:24:5b:5e:d2:11:
         f8:d2:5a:eb:99:d3:b8:01:79:15:b9:73:0d:7f:46:80:e6:00:
         94:ec:de:4e:7a:19:3b:ef:f6:cb:39:09:c1:65:75:01:4c:9a:
         5a:22:58:eb:cd:27:4e:29:08:80:48:c8:dd:d2:2b:c1:c5:7f:
         61:bc:96:3d:ab:9a:66:4c:65:d9:95:93:d8:25:e9:e0:23:df:
         12:1b:e0:6b:07:ed:de:e3:24:c9:ed:cc:b4:38:df:20:ae:e8:
         b7:25:31:0e:97:bd:bd:ba:62:32:aa:ba:1d:14:4c:52:8f:db:
         75:9e:a0:16:82:38:28:71:c2:ca:b3:e2:61:51:2e:f5:83:cd:
         9b:f5:d0:7d:e9:66:91:b4:44:77:17:d5:a6:9c:20:0c:70:9d:
         92:50:1d:7a:7b:45:b5:e2:f5:dd:96:f9:6d:b4:46:c0:1c:8a:
         13:b9:1c:85:46:c7:c9:0f:19:1f:d4:6b:10:76:a7:3e:69:f0:
         e9:fb:56:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIfc/hY0U65nkX6Jy8BhEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODZhMDY3N2I5MWM0NTY2N2U0NWUxMmVlMDdmNTIxOTkw
MWE4N2EwHhcNMjUwMTAyMDM0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQ2YzNjZDM2NGNiMDUxZWU1Yzg1NmM3Mjg2YWI4ZTgyN2ZjMTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxuAxS0zQaCe/FNsbcEffJc2b2V9R
xdPrmIWVWKJ7N7NxaOooO47c3/LoBArmpPuEdJSPLMmfLrOCIr0zSqwgCPC91nl0
TgM1j4Gdvxcmew4VOJIgO+nKPpsxmJ1bgbfTmjU4EMnFXmpSYZCYRNk4Pwk5ItIP
ndXwEfAxdMob9atu3rfkCJoN4gdpz9IAGHtdhg/4Fm7qnYt6hXthrvPZduf4mBuH
TwSxmHlrfKlvXv1nyRDU0d2VIt2wT1wUagSPYI1BCcmZ6aF+pRJ7kRV+sbEmFfnA
mJ/VvnxXgroRWjcqoS2wWIO5if11VA9zK2JxIcMGCm9GOlIXc6t/OcSp0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdGw802TLBR7lyFbHKGq46Cf8EzMB8GA1UdIwQY
MBaAFKmGoGd7kcRWZ+ReEu4H9SGZAah6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlhZ1ozdVJ4RlpuNUY0UzdnZjFJWmtCcUhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9mMGI5NTQtOTg4Ni00MDliLTgyMTkt
ZDNmZGZhOWE4ZjE0LzEvUjBiRHpUWk1zRkh1WElWc2NvYXJqb0pfd1RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9mMGI5NTQtOTg4Ni00MDliLTgyMTktZDNmZGZhOWE4ZjE0
LzEvcVlhZ1ozdVJ4RlpuNUY0UzdnZjFJWmtCcUhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8VIMA0G
CSqGSIb3DQEBCwUAA4IBAQA71nuH8BXRLfGu69qQce9JgDr0Z8xwNI2xY/gn6MC/
Y12tMsUi+Rzhzi27MahXEUPjWQGP/v9S7YZizogpKh5kfUkxJFte0hH40lrrmdO4
AXkVuXMNf0aA5gCU7N5Oehk77/bLOQnBZXUBTJpaIljrzSdOKQiASMjd0ivBxX9h
vJY9q5pmTGXZlZPYJengI98SG+BrB+3e4yTJ7cy0ON8grui3JTEOl729umIyqrod
FExSj9t1nqAWgjgoccLKs+JhUS71g82b9dB96WaRtER3F9WmnCAMcJ2SUB16e0W1
4vXdlvlttEbAHIoTuRyFRsfJDxkf1GsQdqc+afDp+1Yr
-----END CERTIFICATE-----