Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/ew1zgYS28PrRo2_vyICjeeeZzZk.roa
File:                     ew1zgYS28PrRo2_vyICjeeeZzZk.roa (raw, json)
Hash identifier:          Fhi/oH9QUYxK/iP3UryNP+xQPg6T4wc9jRF/RdGEuMY=
Subject key identifier:   7B:0D:73:81:84:B6:F0:FA:D1:A3:6F:EF:C8:80:A3:79:E7:99:CD:99
Certificate issuer:       /CN=96c0ce9f87d9d275f6cae4dc9cdfb5d4437d8ceb
Certificate serial:       0194258F2F6606DBA5A507CF5C06FA944EC8
Authority key identifier: 96:C0:CE:9F:87:D9:D2:75:F6:CA:E4:DC:9C:DF:B5:D4:43:7D:8C:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lsDOn4fZ0nX2yuTcnN-11EN9jOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/ew1zgYS28PrRo2_vyICjeeeZzZk.roa
Signing time:             Thu 02 Jan 2025 05:48:48 +0000
ROA not before:           Thu 02 Jan 2025 05:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7155
IP address blocks:        91.201.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/lsDOn4fZ0nX2yuTcnN-11EN9jOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/lsDOn4fZ0nX2yuTcnN-11EN9jOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lsDOn4fZ0nX2yuTcnN-11EN9jOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:2f:66:06:db:a5:a5:07:cf:5c:06:fa:94:4e:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96c0ce9f87d9d275f6cae4dc9cdfb5d4437d8ceb
        Validity
            Not Before: Jan  2 05:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b0d738184b6f0fad1a36fefc880a379e799cd99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c1:9f:56:8d:a1:35:bb:81:02:9d:a6:9e:ad:
                    26:9a:a5:86:da:f7:86:ea:a4:90:79:ad:26:ff:ca:
                    e8:91:eb:aa:b3:19:cc:82:c6:80:e8:bc:66:56:de:
                    1d:62:39:fe:1e:1c:66:e7:6f:d9:eb:d7:16:ed:4e:
                    45:40:2f:8d:e3:c7:7b:52:96:42:b5:a8:0c:d7:b0:
                    6c:fe:15:61:f6:bb:47:86:51:8f:e6:83:c1:9b:e8:
                    f3:5f:af:89:b9:8a:b4:9f:50:e0:0e:bc:e2:c8:4c:
                    2c:5d:c6:7b:c2:99:14:0b:b0:79:14:f1:4a:12:be:
                    9c:b2:aa:12:76:d4:14:d9:8b:61:b8:0b:ec:f8:46:
                    19:43:f9:9c:7e:23:51:b0:78:21:12:3b:e5:a1:2e:
                    0e:66:9c:33:6d:a5:50:47:ab:1e:6e:b4:b5:e3:76:
                    ce:36:d5:df:a4:3c:a7:0b:f0:f1:22:56:07:02:96:
                    af:b5:13:55:51:0a:45:b0:cf:37:78:1e:12:45:2e:
                    1e:aa:d3:54:e3:a6:62:c9:82:cd:a5:93:97:ab:b2:
                    25:26:7b:fd:5f:ff:c1:e4:61:f4:84:06:b3:a3:ba:
                    22:04:21:03:f1:0d:83:e8:c3:f4:16:cd:57:4d:2b:
                    da:e1:97:77:8f:97:33:de:1d:9e:f3:46:e8:73:b4:
                    9d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:0D:73:81:84:B6:F0:FA:D1:A3:6F:EF:C8:80:A3:79:E7:99:CD:99
            X509v3 Authority Key Identifier:
                keyid:96:C0:CE:9F:87:D9:D2:75:F6:CA:E4:DC:9C:DF:B5:D4:43:7D:8C:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lsDOn4fZ0nX2yuTcnN-11EN9jOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/ew1zgYS28PrRo2_vyICjeeeZzZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/lsDOn4fZ0nX2yuTcnN-11EN9jOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:c5:38:c9:3b:56:cf:88:0b:45:9f:93:40:3e:3a:15:49:2d:
         43:e0:1b:b8:06:fc:44:e7:68:57:db:ad:9b:ce:df:68:c3:6a:
         00:d6:40:94:40:e6:01:f3:02:09:a9:94:b9:38:08:14:7c:2e:
         88:cf:a3:15:9a:2c:14:e9:db:af:a9:cc:b0:7d:85:7b:77:42:
         ab:c8:59:a5:cb:bf:ef:63:ac:54:a9:94:d3:bc:8e:2c:ea:53:
         0f:6c:a9:7a:a4:c1:f4:0f:c2:2b:33:33:77:fe:ca:2a:2b:f7:
         f8:85:5d:af:58:62:a8:53:03:ea:0d:59:95:0e:57:bb:ac:d9:
         52:63:0d:22:63:51:1c:9f:c9:4e:9b:bc:1f:e5:d9:20:eb:a7:
         a0:41:b8:7a:f7:67:19:75:68:ed:07:84:1d:3a:2a:6b:9b:42:
         f3:99:ca:8a:05:6d:ad:70:7c:23:72:90:11:59:89:78:33:eb:
         8b:67:5a:d0:32:be:fb:7c:e8:57:f9:9f:2d:b5:11:03:b7:b9:
         ce:37:d7:54:fe:b7:87:e8:83:05:0a:ce:81:d3:13:e7:6c:44:
         06:a8:70:9d:bf:2c:7e:55:d1:b3:84:95:76:47:09:39:79:e4:
         bb:0e:05:9c:23:4e:4e:54:79:5b:e6:87:9b:79:0e:e4:c1:ee:
         4e:85:7a:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljy9mBtulpQfPXAb6lE7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YzBjZTlmODdkOWQyNzVmNmNhZTRkYzljZGZiNWQ0NDM3
ZDhjZWIwHhcNMjUwMTAyMDU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjBkNzM4MTg0YjZmMGZhZDFhMzZmZWZjODgwYTM3OWU3OTljZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcGfVo2hNbuBAp2mnq0mmqWG2veG
6qSQea0m/8rokeuqsxnMgsaA6LxmVt4dYjn+Hhxm52/Z69cW7U5FQC+N48d7UpZC
tagM17Bs/hVh9rtHhlGP5oPBm+jzX6+JuYq0n1DgDrziyEwsXcZ7wpkUC7B5FPFK
Er6csqoSdtQU2YthuAvs+EYZQ/mcfiNRsHghEjvloS4OZpwzbaVQR6sebrS143bO
NtXfpDynC/DxIlYHApavtRNVUQpFsM83eB4SRS4eqtNU46ZiyYLNpZOXq7IlJnv9
X//B5GH0hAazo7oiBCED8Q2D6MP0Fs1XTSva4Zd3j5cz3h2e80boc7SdUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsNc4GEtvD60aNv78iAo3nnmc2ZMB8GA1UdIwQY
MBaAFJbAzp+H2dJ19srk3JzftdRDfYzrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHNET240ZlowblgyeXVUY25OLTExRU45ak9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8zYWEzODYtOTA1Ny00OWEwLWEyMjkt
NWU3N2ZhMDMzM2EzLzEvZXcxemdZUzI4UHJSbzJfdnlJQ2plZWVaelprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8zYWEzODYtOTA1Ny00OWEwLWEyMjktNWU3N2ZhMDMzM2Ez
LzEvbHNET240ZlowblgyeXVUY25OLTExRU45ak9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8nHMA0G
CSqGSIb3DQEBCwUAA4IBAQA3xTjJO1bPiAtFn5NAPjoVSS1D4Bu4BvxE52hX262b
zt9ow2oA1kCUQOYB8wIJqZS5OAgUfC6Iz6MVmiwU6duvqcywfYV7d0KryFmly7/v
Y6xUqZTTvI4s6lMPbKl6pMH0D8IrMzN3/soqK/f4hV2vWGKoUwPqDVmVDle7rNlS
Yw0iY1Ecn8lOm7wf5dkg66egQbh692cZdWjtB4QdOiprm0LzmcqKBW2tcHwjcpAR
WYl4M+uLZ1rQMr77fOhX+Z8ttREDt7nON9dU/reH6IMFCs6B0xPnbEQGqHCdvyx+
VdGzhJV2Rwk5eeS7DgWcI05OVHlb5oebeQ7kwe5OhXqW
-----END CERTIFICATE-----