Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/e54dc8-a694-4fa9-bb6f-b902a97f144b/1/1-S9axjiECoFVFbxoTLP7k8hUrKw.roa
File:                     1-S9axjiECoFVFbxoTLP7k8hUrKw.roa (raw, json)
Hash identifier:          +KpSmdQY0uaMjR1ylAxprXZXg3kf0ZtjvDy8OppLqso=
Subject key identifier:   F9:2F:5A:C6:38:84:0A:81:55:15:BC:68:4C:B3:FB:93:C8:54:AC:AC
Certificate issuer:       /CN=3702d86b0e710668ea66da7dcd1b140dec1e0c3d
Certificate serial:       0194266AF76D72B4211BA01F0663757172A8
Authority key identifier: 37:02:D8:6B:0E:71:06:68:EA:66:DA:7D:CD:1B:14:0D:EC:1E:0C:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NwLYaw5xBmjqZtp9zRsUDeweDD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/e54dc8-a694-4fa9-bb6f-b902a97f144b/1/1-S9axjiECoFVFbxoTLP7k8hUrKw.roa
Signing time:             Thu 02 Jan 2025 09:48:51 +0000
ROA not before:           Thu 02 Jan 2025 09:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50349
IP address blocks:        91.214.0.0/22 maxlen: 22
                          93.190.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/e54dc8-a694-4fa9-bb6f-b902a97f144b/1/NwLYaw5xBmjqZtp9zRsUDeweDD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/e54dc8-a694-4fa9-bb6f-b902a97f144b/1/NwLYaw5xBmjqZtp9zRsUDeweDD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NwLYaw5xBmjqZtp9zRsUDeweDD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:f7:6d:72:b4:21:1b:a0:1f:06:63:75:71:72:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3702d86b0e710668ea66da7dcd1b140dec1e0c3d
        Validity
            Not Before: Jan  2 09:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f92f5ac638840a815515bc684cb3fb93c854acac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:99:4b:32:8f:3b:7d:04:e9:06:dd:fc:5a:31:
                    c3:33:a8:4b:b7:87:d3:d5:6c:fc:96:2f:84:84:11:
                    60:fd:43:a5:a0:03:33:03:f3:94:4f:9c:1b:b6:96:
                    95:d8:c9:f6:bd:6a:ea:da:b6:34:37:0d:63:94:8c:
                    93:e2:79:2e:1d:e7:87:de:6c:d8:98:2a:8f:5d:fa:
                    b5:05:a1:dc:77:e1:b3:b9:40:5c:99:ac:da:95:e3:
                    e3:6b:2a:80:09:5c:e9:3a:c9:40:e2:19:b8:f3:75:
                    9b:e7:04:87:9c:dc:2e:e0:9b:bd:92:8b:b0:d7:be:
                    ad:e6:9c:66:35:63:c9:22:9e:0f:9c:bb:12:e7:b7:
                    a9:16:c1:f3:63:09:60:1d:d7:de:12:10:8c:9f:39:
                    80:24:52:a0:ce:e4:cd:8b:78:1b:ef:56:af:e3:ca:
                    10:19:6f:32:09:f3:26:21:7f:ae:56:73:d5:36:68:
                    1d:4c:ac:37:fe:0e:5b:55:fc:26:c4:07:ef:ac:04:
                    52:12:c0:d5:44:c9:75:ee:fb:24:22:12:ce:50:d4:
                    bb:e0:96:a4:e3:a3:ed:70:11:7e:78:77:f7:b2:55:
                    f7:f5:a2:1d:ea:89:f3:7c:8f:b8:3d:b0:6c:e1:6f:
                    4d:12:77:29:4d:56:e7:cf:c9:f9:05:2f:cf:92:5e:
                    00:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:2F:5A:C6:38:84:0A:81:55:15:BC:68:4C:B3:FB:93:C8:54:AC:AC
            X509v3 Authority Key Identifier:
                keyid:37:02:D8:6B:0E:71:06:68:EA:66:DA:7D:CD:1B:14:0D:EC:1E:0C:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NwLYaw5xBmjqZtp9zRsUDeweDD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e54dc8-a694-4fa9-bb6f-b902a97f144b/1/1-S9axjiECoFVFbxoTLP7k8hUrKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e54dc8-a694-4fa9-bb6f-b902a97f144b/1/NwLYaw5xBmjqZtp9zRsUDeweDD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.0.0/22
                  93.190.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:95:84:58:75:ac:58:2a:37:69:56:f6:ed:3e:6e:71:d6:fe:
         f9:aa:f2:76:ce:56:7b:d6:6c:ff:74:06:c1:67:9b:2c:d0:13:
         c5:2b:64:30:b3:b1:bb:6a:2d:9f:d8:ef:e1:0b:06:41:99:26:
         2e:22:6e:41:92:34:f6:df:e0:9f:71:f7:40:2a:54:c5:58:a9:
         0e:c4:2a:1f:a8:6f:52:8d:ce:e4:09:b1:bd:32:a7:b2:8d:12:
         76:df:0f:39:1b:20:f5:48:8a:2c:5d:42:8b:29:ca:d9:dd:8b:
         a8:bd:88:3c:b9:55:6a:7a:c7:51:0c:b9:66:fe:85:6f:fa:08:
         99:c8:94:bd:6f:0a:44:9b:7a:7f:d1:7e:1a:4e:11:5a:f3:4e:
         35:3e:7e:01:a8:41:ce:32:89:94:4b:31:f2:66:d3:10:dd:e7:
         9a:49:91:6d:04:f4:65:a4:10:26:c0:bc:bc:81:af:d3:f5:07:
         1a:7c:18:5c:9a:27:28:b9:f2:2b:4d:7c:65:dd:a8:2d:55:b2:
         f7:f1:57:d1:ff:81:8b:ad:8f:72:d6:4d:31:a7:c1:77:56:9d:
         e4:55:86:69:08:c6:08:c0:61:c4:7c:7e:cd:50:7d:31:85:a7:
         c7:7f:08:93:68:d4:97:83:5f:1c:42:31:bd:fb:1b:8f:c7:37:
         4e:36:ff:38
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQmavdtcrQhG6AfBmN1cXKoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MDJkODZiMGU3MTA2NjhlYTY2ZGE3ZGNkMWIxNDBkZWMx
ZTBjM2QwHhcNMjUwMTAyMDk0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTJmNWFjNjM4ODQwYTgxNTUxNWJjNjg0Y2IzZmI5M2M4NTRhY2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5lLMo87fQTpBt38WjHDM6hLt4fT
1Wz8li+EhBFg/UOloAMzA/OUT5wbtpaV2Mn2vWrq2rY0Nw1jlIyT4nkuHeeH3mzY
mCqPXfq1BaHcd+GzuUBcmazalePjayqACVzpOslA4hm483Wb5wSHnNwu4Ju9kouw
176t5pxmNWPJIp4PnLsS57epFsHzYwlgHdfeEhCMnzmAJFKgzuTNi3gb71av48oQ
GW8yCfMmIX+uVnPVNmgdTKw3/g5bVfwmxAfvrARSEsDVRMl17vskIhLOUNS74Jak
46PtcBF+eHf3slX39aId6onzfI+4PbBs4W9NEncpTVbnz8n5BS/Pkl4AYwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPkvWsY4hAqBVRW8aEyz+5PIVKysMB8GA1UdIwQY
MBaAFDcC2GsOcQZo6mbafc0bFA3sHgw9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTndMWWF3NXhCbWpxWnRwOXpSc1VEZXdlREQwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lNTRkYzgtYTY5NC00ZmE5LWJiNmYt
YjkwMmE5N2YxNDRiLzEvMS1TOWF4amlFQ29GVkZieG9UTFA3azhoVXJLdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGEvZTU0ZGM4LWE2OTQtNGZhOS1iYjZmLWI5MDJhOTdmMTQ0
Yi8xL053TFlhdzV4Qm1qcVp0cDl6UnNVRGV3ZUREMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAlvWAAME
Al2+JDANBgkqhkiG9w0BAQsFAAOCAQEAb5WEWHWsWCo3aVb27T5ucdb++aryds5W
e9Zs/3QGwWebLNATxStkMLOxu2otn9jv4QsGQZkmLiJuQZI09t/gn3H3QCpUxVip
DsQqH6hvUo3O5AmxvTKnso0Sdt8PORsg9UiKLF1CiynK2d2LqL2IPLlVanrHUQy5
Zv6Fb/oImciUvW8KRJt6f9F+Gk4RWvNONT5+AahBzjKJlEsx8mbTEN3nmkmRbQT0
ZaQQJsC8vIGv0/UHGnwYXJonKLnyK018Zd2oLVWy9/FX0f+Bi62PctZNMafBd1ad
5FWGaQjGCMBhxHx+zVB9MYWnx38Ik2jUl4NfHEIxvfsbj8c3Tjb/OA==
-----END CERTIFICATE-----