Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/7a9279-69f5-4a09-8cae-edb30b02b5ba/1/id8eO-SAr4HmH_kU9gWG3wDOyMg.roa
File:                     id8eO-SAr4HmH_kU9gWG3wDOyMg.roa (raw, json)
Hash identifier:          QVeP890/1IAEaEOIUM6FuUPhuYx18zEBeNk09Lb1+ls=
Subject key identifier:   89:DF:1E:3B:E4:80:AF:81:E6:1F:F9:14:F6:05:86:DF:00:CE:C8:C8
Certificate issuer:       /CN=7a924b8e5c90bab30ae58b3564ddaa17cdfb1085
Certificate serial:       0194221F5A897A73FCB9DFC375DA8775309C
Authority key identifier: 7A:92:4B:8E:5C:90:BA:B3:0A:E5:8B:35:64:DD:AA:17:CD:FB:10:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/epJLjlyQurMK5Ys1ZN2qF837EIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/7a9279-69f5-4a09-8cae-edb30b02b5ba/1/id8eO-SAr4HmH_kU9gWG3wDOyMg.roa
Signing time:             Wed 01 Jan 2025 13:47:47 +0000
ROA not before:           Wed 01 Jan 2025 13:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197604
IP address blocks:        91.230.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/7a9279-69f5-4a09-8cae-edb30b02b5ba/1/epJLjlyQurMK5Ys1ZN2qF837EIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/7a9279-69f5-4a09-8cae-edb30b02b5ba/1/epJLjlyQurMK5Ys1ZN2qF837EIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/epJLjlyQurMK5Ys1ZN2qF837EIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5a:89:7a:73:fc:b9:df:c3:75:da:87:75:30:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a924b8e5c90bab30ae58b3564ddaa17cdfb1085
        Validity
            Not Before: Jan  1 13:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89df1e3be480af81e61ff914f60586df00cec8c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8a:99:6a:88:d1:31:63:10:b5:57:8d:b4:8e:
                    f9:03:f6:87:f7:0e:79:72:53:42:7b:96:f6:0d:ec:
                    42:7b:b6:12:fa:45:47:a2:48:7c:8a:e3:d3:8e:09:
                    3f:d7:0d:63:d8:22:ae:ab:56:2e:82:77:eb:93:ea:
                    9f:0c:9d:4c:87:1c:d4:96:de:a0:86:fd:92:fc:81:
                    8c:8f:da:44:a8:5a:41:6e:a5:50:53:49:7b:73:b2:
                    3e:09:03:3b:ec:20:2d:58:d2:ba:27:dc:95:95:ce:
                    49:c4:75:10:c9:7f:31:d0:cb:6d:03:39:64:77:df:
                    08:77:4a:29:9d:71:25:96:5f:57:ae:49:9b:0d:52:
                    11:a4:1e:83:17:c4:36:8e:7f:d4:f7:12:a0:58:c7:
                    24:0d:09:2a:74:b0:f5:06:fa:6e:e3:a8:2b:bc:68:
                    47:1f:20:c0:e5:34:63:0c:db:a6:6b:3c:35:c8:a8:
                    77:d7:24:5d:bb:ed:01:fe:4e:11:f0:7b:0d:53:0c:
                    4e:9e:59:05:4a:95:3f:f5:91:85:58:dc:40:6e:7c:
                    ff:7a:96:06:89:be:a3:62:4d:7e:d7:ff:1f:2d:60:
                    c6:63:61:d3:4b:56:c4:bd:3f:3d:b2:33:af:e6:43:
                    8c:7a:51:d6:b0:ed:15:04:ea:b5:f6:eb:7f:e4:34:
                    03:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:DF:1E:3B:E4:80:AF:81:E6:1F:F9:14:F6:05:86:DF:00:CE:C8:C8
            X509v3 Authority Key Identifier:
                keyid:7A:92:4B:8E:5C:90:BA:B3:0A:E5:8B:35:64:DD:AA:17:CD:FB:10:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/epJLjlyQurMK5Ys1ZN2qF837EIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a9279-69f5-4a09-8cae-edb30b02b5ba/1/id8eO-SAr4HmH_kU9gWG3wDOyMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a9279-69f5-4a09-8cae-edb30b02b5ba/1/epJLjlyQurMK5Ys1ZN2qF837EIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:ac:47:a8:3f:ef:d2:00:56:0f:e6:5c:0b:04:7e:25:2d:e4:
         45:d1:64:76:40:15:e7:ec:74:0f:78:14:a3:d8:ae:47:8c:0b:
         c5:cb:aa:3b:ac:33:7c:05:b7:cb:13:29:46:83:66:81:48:95:
         9b:99:97:2c:4f:05:68:41:30:6f:81:39:9a:00:da:c3:bb:16:
         f7:79:e0:14:99:a9:ee:cd:5d:10:af:31:a9:5b:2b:27:2b:21:
         d4:f8:f2:f5:52:96:d6:7b:47:dc:8f:34:3b:a5:df:90:db:3a:
         1a:69:a6:64:d8:3f:94:66:97:6b:7d:2b:1c:3e:a3:64:e7:73:
         c0:9f:78:1f:1f:7b:4f:ac:18:92:9f:1f:5d:95:ff:c2:14:00:
         16:5d:6b:fb:39:e5:3b:31:4a:78:f8:3f:d1:c0:36:35:92:5e:
         dd:0e:db:f3:a6:96:b0:cb:ad:e8:e1:53:12:2b:b9:8b:cf:b7:
         d3:72:b6:3c:ba:b4:fd:ff:50:68:e7:13:36:eb:e5:bb:51:39:
         53:1c:ec:be:37:3b:19:dd:d1:98:78:c4:63:3c:c0:da:b2:07:
         61:5c:04:be:f0:f0:66:65:a1:24:2c:fc:68:dd:58:b2:2b:0b:
         31:00:90:7e:a8:8e:0d:78:30:20:d0:6f:e6:00:8e:eb:c8:18:
         ca:d1:bb:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH1qJenP8ud/DddqHdTCcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhOTI0YjhlNWM5MGJhYjMwYWU1OGIzNTY0ZGRhYTE3Y2Rm
YjEwODUwHhcNMjUwMTAxMTM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWRmMWUzYmU0ODBhZjgxZTYxZmY5MTRmNjA1ODZkZjAwY2VjOGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IqZaojRMWMQtVeNtI75A/aH9w55
clNCe5b2DexCe7YS+kVHokh8iuPTjgk/1w1j2CKuq1Yugnfrk+qfDJ1MhxzUlt6g
hv2S/IGMj9pEqFpBbqVQU0l7c7I+CQM77CAtWNK6J9yVlc5JxHUQyX8x0MttAzlk
d98Id0opnXElll9XrkmbDVIRpB6DF8Q2jn/U9xKgWMckDQkqdLD1Bvpu46grvGhH
HyDA5TRjDNumazw1yKh31yRdu+0B/k4R8HsNUwxOnlkFSpU/9ZGFWNxAbnz/epYG
ib6jYk1+1/8fLWDGY2HTS1bEvT89sjOv5kOMelHWsO0VBOq19ut/5DQDswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInfHjvkgK+B5h/5FPYFht8AzsjIMB8GA1UdIwQY
MBaAFHqSS45ckLqzCuWLNWTdqhfN+xCFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXBKTGpseVF1ck1LNVlzMVpOMnFGODM3RUlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83YTkyNzktNjlmNS00YTA5LThjYWUt
ZWRiMzBiMDJiNWJhLzEvaWQ4ZU8tU0FyNEhtSF9rVTlnV0czd0RPeU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83YTkyNzktNjlmNS00YTA5LThjYWUtZWRiMzBiMDJiNWJh
LzEvZXBKTGpseVF1ck1LNVlzMVpOMnFGODM3RUlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+bmMA0G
CSqGSIb3DQEBCwUAA4IBAQBxrEeoP+/SAFYP5lwLBH4lLeRF0WR2QBXn7HQPeBSj
2K5HjAvFy6o7rDN8BbfLEylGg2aBSJWbmZcsTwVoQTBvgTmaANrDuxb3eeAUmanu
zV0QrzGpWysnKyHU+PL1UpbWe0fcjzQ7pd+Q2zoaaaZk2D+UZpdrfSscPqNk53PA
n3gfH3tPrBiSnx9dlf/CFAAWXWv7OeU7MUp4+D/RwDY1kl7dDtvzppawy63o4VMS
K7mLz7fTcrY8urT9/1Bo5xM26+W7UTlTHOy+NzsZ3dGYeMRjPMDasgdhXAS+8PBm
ZaEkLPxo3ViyKwsxAJB+qI4NeDAg0G/mAI7ryBjK0bt8
-----END CERTIFICATE-----