Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/cdUHvSSzeVk2kQzX1mHqKxhfmZg.roa
File:                     cdUHvSSzeVk2kQzX1mHqKxhfmZg.roa (raw, json)
Hash identifier:          2xANcXQ2qVWXH5fAbLpWYBlwCCDXMuV3fNwWKA7y19g=
Subject key identifier:   71:D5:07:BD:24:B3:79:59:36:91:0C:D7:D6:61:EA:2B:18:5F:99:98
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       01946BA7CDA0E57813F1038B90B144293CBE
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/cdUHvSSzeVk2kQzX1mHqKxhfmZg.roa
Signing time:             Wed 15 Jan 2025 20:29:06 +0000
ROA not before:           Wed 15 Jan 2025 20:29:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400529
IP address blocks:        91.190.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6b:a7:cd:a0:e5:78:13:f1:03:8b:90:b1:44:29:3c:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jan 15 20:29:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71d507bd24b3795936910cd7d661ea2b185f9998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bc:3d:4e:1f:82:75:89:d7:79:30:73:f1:df:
                    a8:c4:18:3d:38:ba:a2:0f:cd:8f:32:a4:33:32:03:
                    2d:81:df:b9:65:11:eb:b7:2f:8d:ce:ad:12:20:db:
                    95:ae:fa:0d:50:a7:1a:bb:b6:d8:9e:ab:cf:3f:26:
                    f0:fd:93:8e:24:57:22:5a:0f:4e:d9:c3:2f:14:4d:
                    b1:6c:32:c7:7a:f1:e3:bd:6c:5c:c1:8a:34:f9:39:
                    c7:0f:bc:af:17:6f:1f:37:4e:d9:e6:96:33:b9:c5:
                    9d:55:d2:d2:02:ae:66:82:e0:b1:53:3f:e2:75:6e:
                    51:3c:5d:01:7d:e8:de:fb:f8:af:67:3a:75:4a:98:
                    1f:52:c6:33:6f:5d:6c:22:a7:a0:67:b5:b7:55:fb:
                    2d:83:a8:ab:6c:1c:4f:b2:88:ab:78:3d:3a:cd:51:
                    ec:d5:c1:9e:80:ae:54:bb:f8:00:63:4b:a8:69:49:
                    3d:89:2b:9b:5d:93:99:cf:ec:5e:32:54:94:e2:75:
                    27:95:48:98:bb:73:05:75:97:eb:b2:91:08:67:96:
                    7e:5b:e5:31:a9:e0:2e:3f:38:27:5f:0f:01:a5:61:
                    88:d9:f7:7a:5c:40:f5:42:12:b8:d0:c4:5a:e2:d7:
                    04:3c:68:8b:b6:00:c1:50:ec:f8:3c:79:87:31:dd:
                    21:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D5:07:BD:24:B3:79:59:36:91:0C:D7:D6:61:EA:2B:18:5F:99:98
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/cdUHvSSzeVk2kQzX1mHqKxhfmZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:60:c0:41:34:b0:2e:54:eb:44:54:5e:d9:be:09:5d:a8:61:
         cf:9d:2a:32:8d:a8:97:f2:03:f6:03:ea:a8:69:66:a7:46:2e:
         c5:30:22:e5:39:1d:62:2d:92:72:7d:ee:04:ca:61:d8:ce:f4:
         e9:00:19:1e:c3:be:a6:01:ba:27:ba:5b:6e:8d:cb:d7:fc:75:
         9e:11:57:85:17:d8:5b:ef:5b:22:00:c9:ad:0c:4c:e7:de:33:
         78:42:df:d3:58:56:cf:2e:30:27:84:23:41:e4:aa:f1:d5:a8:
         78:6e:b4:24:e2:18:5d:eb:9a:a2:d4:cc:1d:57:a6:69:f9:7a:
         10:7b:7f:86:6b:67:9a:80:fa:55:ae:c8:47:bc:48:8b:3d:93:
         1a:7e:26:b8:cf:36:3b:90:6c:8f:bb:76:d2:d0:e6:9d:b0:06:
         77:5b:a2:58:92:72:99:4d:09:13:74:f9:01:5f:f9:fa:73:e6:
         6d:b5:a8:db:c0:2e:67:cd:a9:c4:0b:a1:c4:d2:2a:89:d7:9f:
         92:ca:f0:ac:25:a3:61:a8:27:ea:92:34:07:87:63:a1:6c:d4:
         cb:7e:45:69:f9:00:b6:47:a0:c9:6c:a1:78:95:e2:e8:d4:de:
         5e:ec:11:b3:6e:c8:71:3d:51:aa:28:36:a0:cb:2c:65:d1:e7:
         21:2f:53:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRrp82g5XgT8QOLkLFEKTy+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwMTE1MjAyOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQ1MDdiZDI0YjM3OTU5MzY5MTBjZDdkNjYxZWEyYjE4NWY5OTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbw9Th+CdYnXeTBz8d+oxBg9OLqi
D82PMqQzMgMtgd+5ZRHrty+Nzq0SINuVrvoNUKcau7bYnqvPPybw/ZOOJFciWg9O
2cMvFE2xbDLHevHjvWxcwYo0+TnHD7yvF28fN07Z5pYzucWdVdLSAq5mguCxUz/i
dW5RPF0Bfeje+/ivZzp1SpgfUsYzb11sIqegZ7W3Vfstg6irbBxPsoireD06zVHs
1cGegK5Uu/gAY0uoaUk9iSubXZOZz+xeMlSU4nUnlUiYu3MFdZfrspEIZ5Z+W+Ux
qeAuPzgnXw8BpWGI2fd6XED1QhK40MRa4tcEPGiLtgDBUOz4PHmHMd0hHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHVB70ks3lZNpEM19Zh6isYX5mYMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvY2RVSHZTU3plVmsya1F6WDFtSHFLeGhmbVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW76aMA0G
CSqGSIb3DQEBCwUAA4IBAQBSYMBBNLAuVOtEVF7ZvgldqGHPnSoyjaiX8gP2A+qo
aWanRi7FMCLlOR1iLZJyfe4EymHYzvTpABkew76mAbonultujcvX/HWeEVeFF9hb
71siAMmtDEzn3jN4Qt/TWFbPLjAnhCNB5Krx1ah4brQk4hhd65qi1MwdV6Zp+XoQ
e3+Ga2eagPpVrshHvEiLPZMafia4zzY7kGyPu3bS0OadsAZ3W6JYknKZTQkTdPkB
X/n6c+ZttajbwC5nzanEC6HE0iqJ15+SyvCsJaNhqCfqkjQHh2OhbNTLfkVp+QC2
R6DJbKF4leLo1N5e7BGzbshxPVGqKDagyyxl0echL1Pa
-----END CERTIFICATE-----