Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/V0QFDu-V0n67eo3WJRDedpTie3o.roa
File:                     V0QFDu-V0n67eo3WJRDedpTie3o.roa (raw, json)
Hash identifier:          R/HCU7wDkaK5/B+qWsoSx1Nagdi1RpU8Hk3KEZPvFC4=
Subject key identifier:   57:44:05:0E:EF:95:D2:7E:BB:7A:8D:D6:25:10:DE:76:94:E2:7B:7A
Certificate issuer:       /CN=27f48c85a42b00b39d1803e63c9fd5adebf7f95e
Certificate serial:       019424B379873C66352FFA054C623BB816EF
Authority key identifier: 27:F4:8C:85:A4:2B:00:B3:9D:18:03:E6:3C:9F:D5:AD:EB:F7:F9:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_SMhaQrALOdGAPmPJ_Vrev3-V4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/V0QFDu-V0n67eo3WJRDedpTie3o.roa
Signing time:             Thu 02 Jan 2025 01:48:49 +0000
ROA not before:           Thu 02 Jan 2025 01:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44005
IP address blocks:        91.198.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/J_SMhaQrALOdGAPmPJ_Vrev3-V4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/J_SMhaQrALOdGAPmPJ_Vrev3-V4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_SMhaQrALOdGAPmPJ_Vrev3-V4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:79:87:3c:66:35:2f:fa:05:4c:62:3b:b8:16:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27f48c85a42b00b39d1803e63c9fd5adebf7f95e
        Validity
            Not Before: Jan  2 01:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5744050eef95d27ebb7a8dd62510de7694e27b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a9:66:39:40:41:86:05:9e:7e:07:dc:5c:39:
                    23:b4:a0:75:b2:d0:84:16:98:22:21:4c:de:51:03:
                    76:89:39:79:41:fb:21:b1:6b:2f:70:63:33:f2:3d:
                    0b:b4:e8:a7:fe:3b:7f:80:7a:3c:05:3b:c9:b4:d1:
                    60:c7:40:34:32:21:cc:0a:85:b7:51:76:b8:9e:f4:
                    48:da:1c:6b:d2:ab:4c:70:d4:a7:05:b5:45:21:75:
                    2c:e6:95:af:4f:2c:85:52:bf:f0:9c:6a:8f:fc:f8:
                    dc:56:8c:17:ea:4b:bd:ac:f4:ac:48:bd:cf:c4:8a:
                    82:cc:a2:41:c9:fc:5c:c4:02:9a:4e:d3:e4:4d:cf:
                    77:56:a6:32:e9:59:41:f1:9b:c0:16:ce:a4:a7:65:
                    2d:1c:cb:6d:c5:f5:74:ed:f5:d6:80:42:3e:af:36:
                    fe:35:cc:02:f0:a5:cb:9c:8b:64:cd:e7:25:3e:9e:
                    ec:63:ff:12:66:e8:ef:cf:b1:c2:cf:56:88:68:3b:
                    f6:5e:17:fa:23:02:e2:68:67:0a:41:e2:0e:b0:e7:
                    55:bf:93:92:2a:4e:98:ca:9a:05:c0:4e:cc:9f:ca:
                    a8:ca:09:4d:4a:15:ae:fe:73:2a:be:e4:e2:8b:af:
                    01:27:89:29:88:81:d1:5e:32:ad:1b:dd:66:c4:d8:
                    97:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:44:05:0E:EF:95:D2:7E:BB:7A:8D:D6:25:10:DE:76:94:E2:7B:7A
            X509v3 Authority Key Identifier:
                keyid:27:F4:8C:85:A4:2B:00:B3:9D:18:03:E6:3C:9F:D5:AD:EB:F7:F9:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_SMhaQrALOdGAPmPJ_Vrev3-V4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/V0QFDu-V0n67eo3WJRDedpTie3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/J_SMhaQrALOdGAPmPJ_Vrev3-V4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:27:a5:ea:b8:0c:28:82:9e:54:f1:f8:d2:d9:28:97:18:a3:
         db:e9:ac:d9:a5:a5:08:12:57:5f:c5:ef:f9:ba:50:23:51:25:
         e0:a9:71:d0:e7:e2:54:c6:94:7f:01:44:a3:9c:0f:e5:79:25:
         87:ec:21:0a:e2:b3:32:46:91:bc:85:df:c3:7d:99:c9:3d:86:
         fe:88:71:c2:77:a1:25:b2:13:6e:9f:fd:05:ff:e7:50:8b:a0:
         12:4d:de:48:3f:a6:40:39:9c:3e:c6:b1:df:bc:37:72:fb:20:
         b8:fa:b6:e1:3a:92:f8:02:4a:a9:19:ac:54:ab:c3:d7:db:f4:
         12:a3:65:00:60:16:91:af:d1:b4:d1:91:ff:7a:a2:de:5a:07:
         46:08:c2:78:2c:04:91:63:2f:86:13:2a:f5:e2:c9:fe:16:0f:
         5a:72:33:2d:33:9d:67:ee:0a:c3:fb:9f:44:98:68:7a:a1:75:
         00:f4:26:08:d9:c3:cc:02:83:fc:1e:85:68:aa:53:cf:2e:7f:
         1f:49:43:2d:19:79:67:0a:08:75:04:a1:c0:e0:e2:2b:7c:31:
         d5:39:c0:76:d9:4d:da:50:99:44:a1:be:d6:d2:bd:93:17:4e:
         eb:18:f7:ad:59:2c:5f:6b:ca:cf:37:a7:f0:8b:c4:44:20:42:
         d2:36:93:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks3mHPGY1L/oFTGI7uBbvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZjQ4Yzg1YTQyYjAwYjM5ZDE4MDNlNjNjOWZkNWFkZWJm
N2Y5NWUwHhcNMjUwMTAyMDE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzQ0MDUwZWVmOTVkMjdlYmI3YThkZDYyNTEwZGU3Njk0ZTI3YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqlmOUBBhgWefgfcXDkjtKB1stCE
FpgiIUzeUQN2iTl5QfshsWsvcGMz8j0LtOin/jt/gHo8BTvJtNFgx0A0MiHMCoW3
UXa4nvRI2hxr0qtMcNSnBbVFIXUs5pWvTyyFUr/wnGqP/PjcVowX6ku9rPSsSL3P
xIqCzKJByfxcxAKaTtPkTc93VqYy6VlB8ZvAFs6kp2UtHMttxfV07fXWgEI+rzb+
NcwC8KXLnItkzeclPp7sY/8SZujvz7HCz1aIaDv2Xhf6IwLiaGcKQeIOsOdVv5OS
Kk6YypoFwE7Mn8qoyglNShWu/nMqvuTii68BJ4kpiIHRXjKtG91mxNiXPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdEBQ7vldJ+u3qN1iUQ3naU4nt6MB8GA1UdIwQY
MBaAFCf0jIWkKwCznRgD5jyf1a3r9/leMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl9TTWhhUXJBTE9kR0FQbVBKX1ZyZXYzLVY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi80ZDRiMjQtOWI1OC00ZTNjLWE1MTUt
ZTMyNTYyMWU4NmRkLzEvVjBRRkR1LVYwbjY3ZW8zV0pSRGVkcFRpZTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi80ZDRiMjQtOWI1OC00ZTNjLWE1MTUtZTMyNTYyMWU4NmRk
LzEvSl9TTWhhUXJBTE9kR0FQbVBKX1ZyZXYzLVY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8brMA0G
CSqGSIb3DQEBCwUAA4IBAQCcJ6XquAwogp5U8fjS2SiXGKPb6azZpaUIEldfxe/5
ulAjUSXgqXHQ5+JUxpR/AUSjnA/leSWH7CEK4rMyRpG8hd/DfZnJPYb+iHHCd6El
shNun/0F/+dQi6ASTd5IP6ZAOZw+xrHfvDdy+yC4+rbhOpL4AkqpGaxUq8PX2/QS
o2UAYBaRr9G00ZH/eqLeWgdGCMJ4LASRYy+GEyr14sn+Fg9acjMtM51n7grD+59E
mGh6oXUA9CYI2cPMAoP8HoVoqlPPLn8fSUMtGXlnCgh1BKHA4OIrfDHVOcB22U3a
UJlEob7W0r2TF07rGPetWSxfa8rPN6fwi8REIELSNpMA
-----END CERTIFICATE-----