Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/xgRFqxuYECy3s3qxM6WfghCOWpk.roa
File:                     xgRFqxuYECy3s3qxM6WfghCOWpk.roa (raw, json)
Hash identifier:          C6vhgdbkPh06biK8G7xaWybwcmLZK2bGK2ryBwYlob0=
Subject key identifier:   C6:04:45:AB:1B:98:10:2C:B7:B3:7A:B1:33:A5:9F:82:10:8E:5A:99
Certificate issuer:       /CN=36b100e1f6f3ffe6e35e987e0d0195b7993a8d33
Certificate serial:       0194221FA1568994A3BC42C508AB448C7B5E
Authority key identifier: 36:B1:00:E1:F6:F3:FF:E6:E3:5E:98:7E:0D:01:95:B7:99:3A:8D:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NrEA4fbz_-bjXph-DQGVt5k6jTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/xgRFqxuYECy3s3qxM6WfghCOWpk.roa
Signing time:             Wed 01 Jan 2025 13:48:05 +0000
ROA not before:           Wed 01 Jan 2025 13:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6716
IP address blocks:        91.208.51.0/24 maxlen: 24
                          194.1.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/NrEA4fbz_-bjXph-DQGVt5k6jTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/NrEA4fbz_-bjXph-DQGVt5k6jTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NrEA4fbz_-bjXph-DQGVt5k6jTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a1:56:89:94:a3:bc:42:c5:08:ab:44:8c:7b:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36b100e1f6f3ffe6e35e987e0d0195b7993a8d33
        Validity
            Not Before: Jan  1 13:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c60445ab1b98102cb7b37ab133a59f82108e5a99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6e:e2:29:7b:3f:6d:77:0b:84:41:fe:13:9a:
                    4f:95:6a:4b:de:f8:6d:88:81:82:c0:88:c5:8b:03:
                    81:75:06:e3:ae:26:97:0d:ef:3f:3c:5e:57:a3:17:
                    a1:23:cf:f4:48:04:d1:64:ba:12:9c:a2:a5:b0:a0:
                    5e:9c:a8:32:b9:19:f8:b3:73:3d:c2:4d:99:12:c3:
                    f2:b5:11:98:d6:12:24:66:92:6a:66:06:97:4b:da:
                    23:83:e7:2b:5a:31:0e:f9:20:42:3f:40:af:79:1e:
                    c4:02:02:2c:a8:fe:22:c6:a7:4f:d4:46:e3:05:68:
                    92:0c:05:fa:b5:94:98:a2:ca:20:bb:3f:86:a1:1a:
                    e0:65:8f:66:44:d4:dc:51:77:9c:c5:a2:27:86:c2:
                    27:56:ac:37:9b:9d:5f:c6:e7:de:17:61:d6:08:5d:
                    f6:33:67:4e:c8:ac:ec:a6:4f:ea:71:f3:d7:2f:02:
                    ce:f6:11:4a:4d:a4:f2:f4:f2:34:06:d3:29:c4:e6:
                    fa:a3:eb:f3:e4:82:d0:90:7f:87:8d:9b:20:ed:76:
                    a1:f7:00:9e:e2:e8:7a:62:33:cc:bc:d0:e4:be:f3:
                    13:4a:e7:bf:d0:1a:c9:78:a2:f5:e2:17:d1:84:1c:
                    89:76:9f:fb:29:d5:ed:33:58:99:1e:e4:5d:38:0d:
                    7f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:04:45:AB:1B:98:10:2C:B7:B3:7A:B1:33:A5:9F:82:10:8E:5A:99
            X509v3 Authority Key Identifier:
                keyid:36:B1:00:E1:F6:F3:FF:E6:E3:5E:98:7E:0D:01:95:B7:99:3A:8D:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NrEA4fbz_-bjXph-DQGVt5k6jTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/xgRFqxuYECy3s3qxM6WfghCOWpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/71338d-e603-4926-a0f4-e22c6ed78485/1/NrEA4fbz_-bjXph-DQGVt5k6jTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.51.0/24
                  194.1.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:80:43:28:ca:92:6c:44:88:fe:aa:4d:78:6e:b4:c6:bc:2f:
         1d:55:26:f0:4e:09:f2:74:67:d2:e1:2e:8c:47:d9:85:9b:e7:
         0c:bd:d0:cb:51:0d:ab:5c:30:b8:df:c3:73:76:dc:d4:c3:1d:
         43:b5:12:a6:aa:02:6a:2a:46:f1:1f:c1:47:db:bc:84:cc:04:
         3b:97:52:63:42:f1:d7:47:6e:71:be:53:e9:2c:11:c7:a9:a5:
         9a:a3:c9:64:71:ba:e5:0b:9e:48:0e:24:57:3d:9b:84:62:43:
         4d:85:9d:9e:b2:de:f0:02:0d:f2:2d:5f:5a:ce:fc:47:e8:71:
         a8:c6:50:e1:3b:2c:26:0b:2c:d4:c1:d0:7a:45:ae:39:01:bf:
         02:df:ce:8c:72:ce:52:dc:b8:a1:57:f2:37:09:51:13:09:73:
         1d:e8:78:d1:18:99:68:17:7d:93:85:6f:fa:6f:82:ad:67:08:
         f6:63:bc:d2:bf:82:29:a8:ef:a9:97:0b:cc:56:6e:9e:5c:6b:
         13:ec:f6:e2:ee:e0:e9:3c:6e:29:f5:75:8a:c3:c3:93:74:b8:
         f0:22:87:84:fb:dc:7c:35:ee:05:1c:53:3d:1b:49:41:fe:3a:
         0e:9f:79:6f:e0:f7:72:6a:5e:44:fc:35:9c:74:79:a2:8f:9a:
         40:e4:da:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH6FWiZSjvELFCKtEjHteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YjEwMGUxZjZmM2ZmZTZlMzVlOTg3ZTBkMDE5NWI3OTkz
YThkMzMwHhcNMjUwMTAxMTM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjA0NDVhYjFiOTgxMDJjYjdiMzdhYjEzM2E1OWY4MjEwOGU1YTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn27iKXs/bXcLhEH+E5pPlWpL3vht
iIGCwIjFiwOBdQbjriaXDe8/PF5XoxehI8/0SATRZLoSnKKlsKBenKgyuRn4s3M9
wk2ZEsPytRGY1hIkZpJqZgaXS9ojg+crWjEO+SBCP0CveR7EAgIsqP4ixqdP1Ebj
BWiSDAX6tZSYosoguz+GoRrgZY9mRNTcUXecxaInhsInVqw3m51fxufeF2HWCF32
M2dOyKzspk/qcfPXLwLO9hFKTaTy9PI0BtMpxOb6o+vz5ILQkH+HjZsg7Xah9wCe
4uh6YjPMvNDkvvMTSue/0BrJeKL14hfRhByJdp/7KdXtM1iZHuRdOA1/uQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMYERasbmBAst7N6sTOln4IQjlqZMB8GA1UdIwQY
MBaAFDaxAOH28//m416Yfg0BlbeZOo0zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnJFQTRmYnpfLWJqWHBoLURRR1Z0NWs2alRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS83MTMzOGQtZTYwMy00OTI2LWEwZjQt
ZTIyYzZlZDc4NDg1LzEveGdSRnF4dVlFQ3kzczNxeE02V2ZnaENPV3BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS83MTMzOGQtZTYwMy00OTI2LWEwZjQtZTIyYzZlZDc4NDg1
LzEvTnJFQTRmYnpfLWJqWHBoLURRR1Z0NWs2alRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9AzAwQA
wgG3MA0GCSqGSIb3DQEBCwUAA4IBAQCbgEMoypJsRIj+qk14brTGvC8dVSbwTgny
dGfS4S6MR9mFm+cMvdDLUQ2rXDC438NzdtzUwx1DtRKmqgJqKkbxH8FH27yEzAQ7
l1JjQvHXR25xvlPpLBHHqaWao8lkcbrlC55IDiRXPZuEYkNNhZ2est7wAg3yLV9a
zvxH6HGoxlDhOywmCyzUwdB6Ra45Ab8C386Mcs5S3LihV/I3CVETCXMd6HjRGJlo
F32ThW/6b4KtZwj2Y7zSv4IpqO+plwvMVm6eXGsT7Pbi7uDpPG4p9XWKw8OTdLjw
IoeE+9x8Ne4FHFM9G0lB/joOn3lv4Pdyal5E/DWcdHmij5pA5No9
-----END CERTIFICATE-----