Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/76xLkfM6kYxOK1NXh9OOS2MHsHA.roa
File:                     76xLkfM6kYxOK1NXh9OOS2MHsHA.roa (raw, json)
Hash identifier:          6Sbux0XZ8H/iAJjFbORSyS+kiaCneStSNPq6dnkA+DU=
Subject key identifier:   EF:AC:4B:91:F3:3A:91:8C:4E:2B:53:57:87:D3:8E:4B:63:07:B0:70
Certificate issuer:       /CN=88d129a7c78fb66d0773bc99008357e507c1e7be
Certificate serial:       019425218044AB42BB7B6A8EAA683100C2B2
Authority key identifier: 88:D1:29:A7:C7:8F:B6:6D:07:73:BC:99:00:83:57:E5:07:C1:E7:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iNEpp8ePtm0Hc7yZAINX5QfB574.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/76xLkfM6kYxOK1NXh9OOS2MHsHA.roa
Signing time:             Thu 02 Jan 2025 03:48:59 +0000
ROA not before:           Thu 02 Jan 2025 03:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210579
IP address blocks:        91.214.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/iNEpp8ePtm0Hc7yZAINX5QfB574.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/iNEpp8ePtm0Hc7yZAINX5QfB574.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iNEpp8ePtm0Hc7yZAINX5QfB574.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:80:44:ab:42:bb:7b:6a:8e:aa:68:31:00:c2:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88d129a7c78fb66d0773bc99008357e507c1e7be
        Validity
            Not Before: Jan  2 03:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efac4b91f33a918c4e2b535787d38e4b6307b070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:67:63:23:53:a9:39:4d:2a:3d:6d:09:72:a2:
                    51:a1:de:5d:89:76:e3:c9:4a:cf:20:08:7a:96:c8:
                    da:c5:70:cd:cc:c4:ec:9b:70:32:b8:0b:72:94:26:
                    e3:f9:12:b1:8c:7a:be:fc:35:ee:a4:c9:5d:42:cb:
                    c5:e5:b6:c3:96:35:b0:1a:9c:5f:0c:46:a1:46:83:
                    f6:9e:08:59:9d:f4:c5:47:16:d0:fa:2d:b1:5b:b3:
                    74:11:e1:4e:0e:8e:d2:09:08:0e:3d:fc:25:cd:8a:
                    80:68:b2:c5:d9:4f:ea:68:ac:b9:25:af:86:0c:2d:
                    e3:c3:4c:7d:ff:8e:3b:22:8c:82:c1:d0:de:64:82:
                    93:fc:f6:19:50:50:56:36:43:4e:5f:85:fb:23:bd:
                    59:05:97:e0:a6:aa:83:fb:56:83:eb:31:a6:3a:9b:
                    f3:99:7b:81:fe:70:3a:b0:7e:f5:10:11:91:a5:7b:
                    4c:27:d5:60:35:c7:81:72:4a:6e:bd:23:25:c5:c0:
                    44:ab:ea:33:62:97:51:b7:d0:71:c8:1e:3d:25:c1:
                    9d:ee:6d:dc:dd:27:e4:68:e6:f4:64:97:c8:f1:ca:
                    3d:ab:f5:e8:a9:c7:fd:9d:97:e9:8c:0c:3a:29:48:
                    01:85:42:ac:93:b0:3c:91:bf:dd:dc:43:7c:d6:0d:
                    18:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:AC:4B:91:F3:3A:91:8C:4E:2B:53:57:87:D3:8E:4B:63:07:B0:70
            X509v3 Authority Key Identifier:
                keyid:88:D1:29:A7:C7:8F:B6:6D:07:73:BC:99:00:83:57:E5:07:C1:E7:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iNEpp8ePtm0Hc7yZAINX5QfB574.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/76xLkfM6kYxOK1NXh9OOS2MHsHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/iNEpp8ePtm0Hc7yZAINX5QfB574.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:ad:c1:4b:83:0f:19:42:e6:e5:ec:96:aa:ef:cc:d0:82:d1:
         3c:0e:93:ca:46:8d:75:db:41:43:29:14:d6:de:3e:4d:dc:1c:
         54:15:73:84:f9:2a:c1:ea:22:b0:8c:10:eb:be:fb:fe:72:50:
         b0:5f:2a:28:4c:e3:a9:78:94:b0:c5:23:28:42:e7:a7:0c:b9:
         48:c0:93:39:9f:5c:26:23:f9:af:ea:06:e1:11:cd:70:de:d5:
         c1:ff:c5:b5:64:19:5e:61:98:78:4e:81:08:d4:5d:3f:c2:a6:
         99:48:69:f6:3c:92:8e:7b:ad:98:c8:75:e0:96:2d:3a:77:a0:
         e2:de:97:0c:5b:4b:d4:11:c0:64:a6:52:7c:8d:1b:08:98:3e:
         85:d7:a4:33:aa:e9:05:73:5b:7b:de:d5:d1:59:57:80:ef:07:
         17:87:58:73:d4:65:79:a5:60:e0:0b:99:d9:21:d1:3b:c7:e3:
         5d:5e:b4:61:77:82:3a:1b:94:ef:64:e9:2b:9e:aa:7d:92:9d:
         a2:00:54:bf:3e:84:4c:7a:23:3d:39:4c:48:04:27:47:8f:1c:
         43:8f:1c:cd:0e:ce:77:86:12:d4:f6:c9:8a:91:ff:7f:13:4e:
         ca:d2:5e:6c:ca:35:aa:4b:e1:6e:0d:b3:41:79:f3:c4:0c:30:
         a4:54:fe:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIYBEq0K7e2qOqmgxAMKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZDEyOWE3Yzc4ZmI2NmQwNzczYmM5OTAwODM1N2U1MDdj
MWU3YmUwHhcNMjUwMTAyMDM0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmFjNGI5MWYzM2E5MThjNGUyYjUzNTc4N2QzOGU0YjYzMDdiMDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGdjI1OpOU0qPW0JcqJRod5diXbj
yUrPIAh6lsjaxXDNzMTsm3AyuAtylCbj+RKxjHq+/DXupMldQsvF5bbDljWwGpxf
DEahRoP2nghZnfTFRxbQ+i2xW7N0EeFODo7SCQgOPfwlzYqAaLLF2U/qaKy5Ja+G
DC3jw0x9/447IoyCwdDeZIKT/PYZUFBWNkNOX4X7I71ZBZfgpqqD+1aD6zGmOpvz
mXuB/nA6sH71EBGRpXtMJ9VgNceBckpuvSMlxcBEq+ozYpdRt9BxyB49JcGd7m3c
3SfkaOb0ZJfI8co9q/Xoqcf9nZfpjAw6KUgBhUKsk7A8kb/d3EN81g0YRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+sS5HzOpGMTitTV4fTjktjB7BwMB8GA1UdIwQY
MBaAFIjRKafHj7ZtB3O8mQCDV+UHwee+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU5FcHA4ZVB0bTBIYzd5WkFJTlg1UWZCNTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9kODZmYzQtMTc1Zi00MjNkLTk4NGUt
ODU5ZjdmYWNlNjk1LzEvNzZ4TGtmTTZrWXhPSzFOWGg5T09TMk1Ic0hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9kODZmYzQtMTc1Zi00MjNkLTk4NGUtODU5ZjdmYWNlNjk1
LzEvaU5FcHA4ZVB0bTBIYzd5WkFJTlg1UWZCNTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ZwMA0G
CSqGSIb3DQEBCwUAA4IBAQAIrcFLgw8ZQubl7Jaq78zQgtE8DpPKRo1120FDKRTW
3j5N3BxUFXOE+SrB6iKwjBDrvvv+clCwXyooTOOpeJSwxSMoQuenDLlIwJM5n1wm
I/mv6gbhEc1w3tXB/8W1ZBleYZh4ToEI1F0/wqaZSGn2PJKOe62YyHXgli06d6Di
3pcMW0vUEcBkplJ8jRsImD6F16QzqukFc1t73tXRWVeA7wcXh1hz1GV5pWDgC5nZ
IdE7x+NdXrRhd4I6G5TvZOkrnqp9kp2iAFS/PoRMeiM9OUxIBCdHjxxDjxzNDs53
hhLU9smKkf9/E07K0l5syjWqS+FuDbNBefPEDDCkVP6e
-----END CERTIFICATE-----