Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bBnnNEw_Enofyae9K82jPfLHcm4.roa
File:                     bBnnNEw_Enofyae9K82jPfLHcm4.roa (raw, json)
Hash identifier:          5ZP5NqKpjLJceuyxINPHdqu5aLVoZVycTc6G5n8rWZU=
Subject key identifier:   6C:19:E7:34:4C:3F:12:7A:1F:C9:A7:BD:2B:CD:A3:3D:F2:C7:72:6E
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228D9EED3F3964A182DE461A855513BD
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bBnnNEw_Enofyae9K82jPfLHcm4.roa
Signing time:             Wed 01 Jan 2025 15:48:14 +0000
ROA not before:           Wed 01 Jan 2025 15:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43352
IP address blocks:        91.93.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:9e:ed:3f:39:64:a1:82:de:46:1a:85:55:13:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c19e7344c3f127a1fc9a7bd2bcda33df2c7726e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:ed:83:a9:21:d3:53:2e:9e:90:81:5e:44:46:
                    f4:42:c5:59:84:0f:e0:01:02:b5:95:50:f6:d3:74:
                    4e:b5:74:a1:c9:db:0c:8e:c4:a3:5b:f5:75:90:8a:
                    1d:1e:4b:30:12:a2:68:af:91:39:a1:f8:5c:60:4f:
                    49:89:d3:35:7f:d9:be:d5:fa:a8:ca:e7:7f:e0:37:
                    f1:48:4b:08:f0:f4:74:4d:40:90:c3:33:34:55:f2:
                    cf:55:47:8a:e5:3c:aa:49:ab:37:79:33:c3:9a:9f:
                    de:a1:19:f7:e3:96:ba:3b:76:22:05:7c:5d:78:5b:
                    d9:24:51:a5:59:2d:c3:97:4c:77:4c:63:85:f1:d4:
                    20:14:bd:4c:5d:79:fa:f6:a0:b8:92:6e:f2:3a:32:
                    b7:37:c9:68:56:36:6f:25:83:8c:cd:64:9e:6e:34:
                    d1:87:e6:19:ea:0e:f3:90:52:3b:34:e4:d1:d4:58:
                    2b:4f:04:35:50:11:ef:24:b6:0e:16:94:ff:28:09:
                    2b:d3:53:b8:25:9a:0d:55:68:bd:9f:e6:90:30:02:
                    ae:3f:13:74:2e:a8:de:b1:a2:19:f4:4a:52:b7:c4:
                    3a:8b:3c:95:3e:16:19:b1:42:d3:c7:e8:2c:0f:e0:
                    9f:6f:8a:55:83:ed:9e:a3:cd:4e:b1:f2:82:61:12:
                    f4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:19:E7:34:4C:3F:12:7A:1F:C9:A7:BD:2B:CD:A3:3D:F2:C7:72:6E
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bBnnNEw_Enofyae9K82jPfLHcm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.93.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:91:58:64:b9:cb:38:b3:30:1c:09:5d:0c:d3:bc:8a:38:8c:
         f3:be:9e:de:5f:e1:c1:cc:ab:87:61:65:d0:2f:a2:4e:ed:2b:
         96:f4:a6:3c:b0:0e:15:d8:40:ef:7b:76:59:17:ce:52:47:57:
         bc:06:a1:ff:98:f9:5b:4a:ca:00:cc:52:01:8e:6d:77:23:e0:
         bb:6e:dc:5c:41:de:23:84:8d:92:95:2b:bb:62:1b:2f:fc:8b:
         cd:da:6d:2c:d1:a1:ec:15:47:69:65:64:14:2e:0a:32:f9:df:
         e8:48:75:3a:0a:d8:52:aa:e8:75:cf:84:5b:4e:56:87:74:21:
         07:f2:0a:4c:85:38:fe:10:b0:da:dd:ac:72:ed:e9:90:7b:1a:
         40:af:fd:fe:b8:03:3b:31:f3:98:88:07:13:6f:3a:d0:b6:f5:
         ac:a2:6c:90:7a:38:29:16:a8:e3:13:6e:aa:8c:c6:98:21:1d:
         c7:be:fc:7e:3d:3d:93:ee:50:3b:07:98:db:9c:47:80:06:b4:
         67:7e:47:5d:aa:14:0f:d2:32:84:34:7f:c6:52:22:db:d4:4a:
         88:cb:28:d3:8c:b1:7b:b2:99:16:99:e4:9e:6e:1b:fe:52:60:
         d5:e0:cb:6d:9c:3a:b6:21:04:2f:f3:23:e1:0a:c8:a5:2b:8e:
         61:4e:7b:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZ7tPzlkoYLeRhqFVRO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzE5ZTczNDRjM2YxMjdhMWZjOWE3YmQyYmNkYTMzZGYyYzc3MjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7u2DqSHTUy6ekIFeREb0QsVZhA/g
AQK1lVD203ROtXShydsMjsSjW/V1kIodHkswEqJor5E5ofhcYE9JidM1f9m+1fqo
yud/4DfxSEsI8PR0TUCQwzM0VfLPVUeK5TyqSas3eTPDmp/eoRn345a6O3YiBXxd
eFvZJFGlWS3Dl0x3TGOF8dQgFL1MXXn69qC4km7yOjK3N8loVjZvJYOMzWSebjTR
h+YZ6g7zkFI7NOTR1FgrTwQ1UBHvJLYOFpT/KAkr01O4JZoNVWi9n+aQMAKuPxN0
LqjesaIZ9EpSt8Q6izyVPhYZsULTx+gsD+Cfb4pVg+2eo81OsfKCYRL0VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwZ5zRMPxJ6H8mnvSvNoz3yx3JuMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvYkJubk5Fd19Fbm9meWFlOUs4MmpQZkxIY200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW12LMA0G
CSqGSIb3DQEBCwUAA4IBAQA5kVhkucs4szAcCV0M07yKOIzzvp7eX+HBzKuHYWXQ
L6JO7SuW9KY8sA4V2EDve3ZZF85SR1e8BqH/mPlbSsoAzFIBjm13I+C7btxcQd4j
hI2SlSu7Yhsv/IvN2m0s0aHsFUdpZWQULgoy+d/oSHU6CthSquh1z4RbTlaHdCEH
8gpMhTj+ELDa3axy7emQexpAr/3+uAM7MfOYiAcTbzrQtvWsomyQejgpFqjjE26q
jMaYIR3Hvvx+PT2T7lA7B5jbnEeABrRnfkddqhQP0jKENH/GUiLb1EqIyyjTjLF7
spkWmeSebhv+UmDV4MttnDq2IQQv8yPhCsilK45hTntj
-----END CERTIFICATE-----