Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/2da1ec-aa4b-4d94-98cb-a776e4a63e6f/1/rJjHJUl0uD_7dHjW4bG3nCxQ5iY.roa
File:                     rJjHJUl0uD_7dHjW4bG3nCxQ5iY.roa (raw, json)
Hash identifier:          nazoboMf2p4XX7ExK1xqcEEDrXTJmHzU9uxX+kIOchk=
Subject key identifier:   AC:98:C7:25:49:74:B8:3F:FB:74:78:D6:E1:B1:B7:9C:2C:50:E6:26
Certificate issuer:       /CN=afa51165aa5036acda11fee0020e34fcc439ede6
Certificate serial:       0194221F7C4519C05C3790AF3186FF093E1F
Authority key identifier: AF:A5:11:65:AA:50:36:AC:DA:11:FE:E0:02:0E:34:FC:C4:39:ED:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r6URZapQNqzaEf7gAg40_MQ57eY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/2da1ec-aa4b-4d94-98cb-a776e4a63e6f/1/rJjHJUl0uD_7dHjW4bG3nCxQ5iY.roa
Signing time:             Wed 01 Jan 2025 13:47:56 +0000
ROA not before:           Wed 01 Jan 2025 13:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57115
IP address blocks:        91.230.83.0/24 maxlen: 24
                          195.191.92.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/2da1ec-aa4b-4d94-98cb-a776e4a63e6f/1/r6URZapQNqzaEf7gAg40_MQ57eY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/2da1ec-aa4b-4d94-98cb-a776e4a63e6f/1/r6URZapQNqzaEf7gAg40_MQ57eY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r6URZapQNqzaEf7gAg40_MQ57eY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 04:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:7c:45:19:c0:5c:37:90:af:31:86:ff:09:3e:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afa51165aa5036acda11fee0020e34fcc439ede6
        Validity
            Not Before: Jan  1 13:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac98c7254974b83ffb7478d6e1b1b79c2c50e626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:bb:e4:ff:09:5f:4b:61:1f:8d:7e:85:c7:f6:
                    52:ae:55:24:a3:45:28:b6:b7:4a:f2:5f:fc:af:2a:
                    99:9f:49:b6:0b:87:bb:56:25:c9:b9:f5:0e:c5:36:
                    5d:53:a8:e2:aa:6b:0f:c1:f1:63:ac:a6:ea:d3:5b:
                    c2:e5:52:03:07:ef:a8:16:2a:3d:f7:8d:d7:d0:0e:
                    a8:16:ba:11:a2:f7:e3:a3:4e:9a:16:eb:f3:21:c4:
                    25:20:dd:69:d9:b3:43:53:01:b0:b0:a0:78:bd:d1:
                    b8:39:21:88:a8:9f:a9:dd:79:82:bc:1b:39:fa:a6:
                    bd:06:71:ee:87:4f:24:27:d8:bb:5e:f1:bb:f2:6f:
                    e6:29:48:83:b5:e7:b6:48:95:dc:3c:61:b9:37:38:
                    c6:7c:82:87:44:af:7a:dc:b8:04:ab:52:be:2c:91:
                    f9:c9:9d:a8:c1:f4:f1:a0:bc:f2:82:7f:56:0e:43:
                    f3:52:b7:b8:e0:7c:0b:7d:d5:e3:10:fb:09:ee:fa:
                    67:36:7b:d0:4d:f8:fa:e5:06:89:69:f3:c7:76:1e:
                    10:4b:04:70:97:0c:93:90:83:69:b4:25:e0:0c:3c:
                    f2:80:61:88:6c:46:54:8f:72:2c:f1:59:65:7b:0f:
                    2a:b7:00:91:8e:c7:08:56:3e:b2:e0:21:54:1e:e3:
                    31:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:98:C7:25:49:74:B8:3F:FB:74:78:D6:E1:B1:B7:9C:2C:50:E6:26
            X509v3 Authority Key Identifier:
                keyid:AF:A5:11:65:AA:50:36:AC:DA:11:FE:E0:02:0E:34:FC:C4:39:ED:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r6URZapQNqzaEf7gAg40_MQ57eY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/2da1ec-aa4b-4d94-98cb-a776e4a63e6f/1/rJjHJUl0uD_7dHjW4bG3nCxQ5iY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/2da1ec-aa4b-4d94-98cb-a776e4a63e6f/1/r6URZapQNqzaEf7gAg40_MQ57eY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.83.0/24
                  195.191.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:47:a1:09:77:ab:e7:7e:3a:39:3c:e9:59:0e:7e:df:a4:d7:
         95:9a:f9:25:58:d4:44:00:e6:89:11:c4:e9:5e:f6:10:ee:f5:
         b8:25:7a:c4:53:f0:ca:58:4f:2d:51:8a:ef:8f:e8:ff:89:1a:
         c9:37:69:53:04:25:6e:5e:e0:c4:f2:72:5b:20:e7:9b:b6:3d:
         49:8d:b7:72:39:8e:6d:21:c1:ef:1f:f2:ff:6a:ac:d4:8e:f4:
         69:e7:41:30:3c:b9:0b:82:a3:96:7e:a1:04:39:ea:f2:ef:2c:
         7a:8b:4d:f8:00:3e:a3:39:d8:48:81:61:ef:7c:ec:7e:3e:02:
         04:d2:f1:d0:92:bb:8e:27:65:2a:26:1d:8f:fd:3e:7f:13:af:
         69:8c:e2:58:f9:7a:c5:d6:95:b2:20:3e:75:a3:3a:6f:5c:7e:
         ae:bd:7f:00:fa:2a:7a:ef:4a:06:c2:d0:3a:c7:a8:93:64:a9:
         49:2b:b7:97:9f:76:fc:c6:d2:a9:05:c8:dd:a0:f0:37:23:34:
         16:7e:b7:ba:79:01:bf:72:fc:f5:9b:cd:5d:b2:b8:c3:c9:d7:
         c2:ba:70:d1:7c:00:86:4b:f5:fc:26:01:a0:43:d4:26:da:c8:
         9d:d0:09:ac:2e:4b:0c:9d:6b:f0:ee:90:02:f4:55:d2:be:ec:
         2f:a5:32:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH3xFGcBcN5CvMYb/CT4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYTUxMTY1YWE1MDM2YWNkYTExZmVlMDAyMGUzNGZjYzQz
OWVkZTYwHhcNMjUwMTAxMTM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzk4YzcyNTQ5NzRiODNmZmI3NDc4ZDZlMWIxYjc5YzJjNTBlNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37vk/wlfS2EfjX6Fx/ZSrlUko0Uo
trdK8l/8ryqZn0m2C4e7ViXJufUOxTZdU6jiqmsPwfFjrKbq01vC5VIDB++oFio9
943X0A6oFroRovfjo06aFuvzIcQlIN1p2bNDUwGwsKB4vdG4OSGIqJ+p3XmCvBs5
+qa9BnHuh08kJ9i7XvG78m/mKUiDtee2SJXcPGG5NzjGfIKHRK963LgEq1K+LJH5
yZ2owfTxoLzygn9WDkPzUre44HwLfdXjEPsJ7vpnNnvQTfj65QaJafPHdh4QSwRw
lwyTkINptCXgDDzygGGIbEZUj3Is8Vllew8qtwCRjscIVj6y4CFUHuMxmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKyYxyVJdLg/+3R41uGxt5wsUOYmMB8GA1UdIwQY
MBaAFK+lEWWqUDas2hH+4AIONPzEOe3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjZVUlphcFFOcXphRWY3Z0FnNDBfTVE1N2VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yZGExZWMtYWE0Yi00ZDk0LTk4Y2It
YTc3NmU0YTYzZTZmLzEvckpqSEpVbDB1RF83ZEhqVzRiRzNuQ3hRNWlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yZGExZWMtYWE0Yi00ZDk0LTk4Y2ItYTc3NmU0YTYzZTZm
LzEvcjZVUlphcFFOcXphRWY3Z0FnNDBfTVE1N2VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+ZTAwQB
w79cMA0GCSqGSIb3DQEBCwUAA4IBAQClR6EJd6vnfjo5POlZDn7fpNeVmvklWNRE
AOaJEcTpXvYQ7vW4JXrEU/DKWE8tUYrvj+j/iRrJN2lTBCVuXuDE8nJbIOebtj1J
jbdyOY5tIcHvH/L/aqzUjvRp50EwPLkLgqOWfqEEOery7yx6i034AD6jOdhIgWHv
fOx+PgIE0vHQkruOJ2UqJh2P/T5/E69pjOJY+XrF1pWyID51ozpvXH6uvX8A+ip6
70oGwtA6x6iTZKlJK7eXn3b8xtKpBcjdoPA3IzQWfre6eQG/cvz1m81dsrjDydfC
unDRfACGS/X8JgGgQ9Qm2sid0AmsLksMnWvw7pAC9FXSvuwvpTL2
-----END CERTIFICATE-----