Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/bac182-d8f9-4b44-b83d-03a63ae1c7c1/1/8kfnwOtBgq_5_lkL_XTWGS_DW2A.roa
File:                     8kfnwOtBgq_5_lkL_XTWGS_DW2A.roa (raw, json)
Hash identifier:          R1ovdHUKN/hPy17oklKDPDEJOp9Mxs/OWbcQb2xo5Ek=
Subject key identifier:   F2:47:E7:C0:EB:41:82:AF:F9:FE:59:0B:FD:74:D6:19:2F:C3:5B:60
Certificate issuer:       /CN=5597b4d3a664dacc24934d48dd188ea18e8f27c1
Certificate serial:       019421B1F7282AF4CE1E06FFA116A6A01211
Authority key identifier: 55:97:B4:D3:A6:64:DA:CC:24:93:4D:48:DD:18:8E:A1:8E:8F:27:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VZe006Zk2swkk01I3RiOoY6PJ8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/bac182-d8f9-4b44-b83d-03a63ae1c7c1/1/8kfnwOtBgq_5_lkL_XTWGS_DW2A.roa
Signing time:             Wed 01 Jan 2025 11:48:18 +0000
ROA not before:           Wed 01 Jan 2025 11:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49270
IP address blocks:        91.212.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/bac182-d8f9-4b44-b83d-03a63ae1c7c1/1/VZe006Zk2swkk01I3RiOoY6PJ8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/bac182-d8f9-4b44-b83d-03a63ae1c7c1/1/VZe006Zk2swkk01I3RiOoY6PJ8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VZe006Zk2swkk01I3RiOoY6PJ8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f7:28:2a:f4:ce:1e:06:ff:a1:16:a6:a0:12:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5597b4d3a664dacc24934d48dd188ea18e8f27c1
        Validity
            Not Before: Jan  1 11:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f247e7c0eb4182aff9fe590bfd74d6192fc35b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a7:b2:1b:3d:ff:48:6f:69:8e:03:84:18:29:
                    33:8c:fa:1a:34:52:9c:43:54:42:85:45:45:69:35:
                    5b:1b:3e:d6:c7:da:4f:fd:6b:7f:53:9e:32:57:ca:
                    89:54:20:65:87:ad:3d:eb:7a:fb:a7:2c:f3:f3:b8:
                    e7:21:fe:37:09:e6:62:82:b4:de:af:8d:1e:a2:31:
                    fc:28:6d:00:74:f4:c4:4c:b7:b8:b1:59:15:e8:e7:
                    b3:07:1e:a6:9f:1c:12:47:32:d5:1b:74:69:1a:98:
                    ea:a1:05:f3:ca:0c:60:23:3c:72:f4:78:b4:9e:13:
                    c0:04:61:8f:16:b6:12:48:c8:2b:14:b5:48:1e:2c:
                    0e:bb:b2:5a:e4:a6:1a:94:fc:9a:37:ad:b7:1b:f8:
                    94:e9:c0:c4:5b:fb:88:c5:b4:c3:60:1d:18:9f:82:
                    18:fa:13:90:ff:80:c7:62:76:c9:f2:50:e0:b1:32:
                    69:a7:8c:64:c5:1d:8e:38:a2:69:2d:d3:7b:e1:d3:
                    81:93:ec:06:d0:e8:4d:f9:d3:22:b5:60:59:52:87:
                    c7:2d:d8:fd:0f:fd:cd:83:a3:a8:60:ec:94:4f:c4:
                    f6:e2:ca:ad:77:31:be:f1:1f:5c:da:ee:ad:df:9b:
                    00:bf:05:3c:05:1c:ea:0e:18:ec:2b:15:78:58:d5:
                    fb:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:47:E7:C0:EB:41:82:AF:F9:FE:59:0B:FD:74:D6:19:2F:C3:5B:60
            X509v3 Authority Key Identifier:
                keyid:55:97:B4:D3:A6:64:DA:CC:24:93:4D:48:DD:18:8E:A1:8E:8F:27:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VZe006Zk2swkk01I3RiOoY6PJ8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/bac182-d8f9-4b44-b83d-03a63ae1c7c1/1/8kfnwOtBgq_5_lkL_XTWGS_DW2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/bac182-d8f9-4b44-b83d-03a63ae1c7c1/1/VZe006Zk2swkk01I3RiOoY6PJ8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:1e:81:92:63:16:6d:7f:ee:86:03:09:04:59:27:8f:5f:ce:
         07:62:32:91:0d:8f:21:03:52:a8:2c:64:e2:fc:7b:9e:0e:48:
         44:c2:e1:7d:67:b2:7c:bb:b8:4e:b1:b3:f3:cc:75:c8:ad:ec:
         7e:fb:be:db:f8:38:89:17:66:1a:ab:2b:58:7d:99:74:90:6c:
         73:fb:72:1d:c0:49:21:f9:54:41:28:bf:3b:f8:ec:96:9d:39:
         f5:2c:c5:2f:80:18:9f:64:72:2b:96:77:a6:52:a8:7d:09:e8:
         38:c8:c4:17:dd:46:af:3f:c0:35:72:88:76:76:44:21:1c:2b:
         79:b9:a2:2b:92:f6:aa:81:d8:57:84:15:9e:0f:4e:28:1c:c5:
         53:ea:14:0a:4e:b2:40:e4:c8:4c:87:77:e7:ae:b3:dd:ca:2c:
         0c:af:94:1b:59:40:63:1e:d7:16:8f:17:39:27:8f:c7:3f:71:
         e5:f0:f3:c6:e2:19:1a:6d:5b:e2:14:1c:29:6e:b6:c6:9b:8e:
         69:7a:1d:5d:11:51:11:69:3b:96:c9:ef:da:6c:40:df:ab:d6:
         aa:3e:00:89:c1:d6:05:26:58:2a:e7:d4:d8:92:04:d5:56:f3:
         1d:74:53:20:cd:48:76:fa:21:1c:15:5d:68:dd:7d:cd:85:71:
         3d:76:a5:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsfcoKvTOHgb/oRamoBIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OTdiNGQzYTY2NGRhY2MyNDkzNGQ0OGRkMTg4ZWExOGU4
ZjI3YzEwHhcNMjUwMTAxMTE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQ3ZTdjMGViNDE4MmFmZjlmZTU5MGJmZDc0ZDYxOTJmYzM1YjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKeyGz3/SG9pjgOEGCkzjPoaNFKc
Q1RChUVFaTVbGz7Wx9pP/Wt/U54yV8qJVCBlh60963r7pyzz87jnIf43CeZigrTe
r40eojH8KG0AdPTETLe4sVkV6OezBx6mnxwSRzLVG3RpGpjqoQXzygxgIzxy9Hi0
nhPABGGPFrYSSMgrFLVIHiwOu7Ja5KYalPyaN623G/iU6cDEW/uIxbTDYB0Yn4IY
+hOQ/4DHYnbJ8lDgsTJpp4xkxR2OOKJpLdN74dOBk+wG0OhN+dMitWBZUofHLdj9
D/3Ng6OoYOyUT8T24sqtdzG+8R9c2u6t35sAvwU8BRzqDhjsKxV4WNX7+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJH58DrQYKv+f5ZC/101hkvw1tgMB8GA1UdIwQY
MBaAFFWXtNOmZNrMJJNNSN0YjqGOjyfBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlplMDA2Wmsyc3drazAxSTNSaU9vWTZQSjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9iYWMxODItZDhmOS00YjQ0LWI4M2Qt
MDNhNjNhZTFjN2MxLzEvOGtmbndPdEJncV81X2xrTF9YVFdHU19EVzJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9iYWMxODItZDhmOS00YjQ0LWI4M2QtMDNhNjNhZTFjN2Mx
LzEvVlplMDA2Wmsyc3drazAxSTNSaU9vWTZQSjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9S/MA0G
CSqGSIb3DQEBCwUAA4IBAQA0HoGSYxZtf+6GAwkEWSePX84HYjKRDY8hA1KoLGTi
/HueDkhEwuF9Z7J8u7hOsbPzzHXIrex++77b+DiJF2YaqytYfZl0kGxz+3IdwEkh
+VRBKL87+OyWnTn1LMUvgBifZHIrlnemUqh9Ceg4yMQX3UavP8A1coh2dkQhHCt5
uaIrkvaqgdhXhBWeD04oHMVT6hQKTrJA5MhMh3fnrrPdyiwMr5QbWUBjHtcWjxc5
J4/HP3Hl8PPG4hkabVviFBwpbrbGm45peh1dEVERaTuWye/abEDfq9aqPgCJwdYF
Jlgq59TYkgTVVvMddFMgzUh2+iEcFV1o3X3NhXE9dqV3
-----END CERTIFICATE-----