Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/c171d4-0672-414d-a02d-cd027a0681bd/1/tUCrU1IYyKTeHFgwWPnOhupAFLs.roa
File:                     tUCrU1IYyKTeHFgwWPnOhupAFLs.roa (raw, json)
Hash identifier:          iXh/inx+REdww29ghj8Pv8YnJ7SgvDrT4boXFVW4VlI=
Subject key identifier:   B5:40:AB:53:52:18:C8:A4:DE:1C:58:30:58:F9:CE:86:EA:40:14:BB
Certificate issuer:       /CN=8968883765549991d7ff376126d58a909a14b8f1
Certificate serial:       019456040477EC988B8C55DB1AFD2B0B2E0A
Authority key identifier: 89:68:88:37:65:54:99:91:D7:FF:37:61:26:D5:8A:90:9A:14:B8:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWiIN2VUmZHX_zdhJtWKkJoUuPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/c171d4-0672-414d-a02d-cd027a0681bd/1/tUCrU1IYyKTeHFgwWPnOhupAFLs.roa
Signing time:             Sat 11 Jan 2025 15:38:11 +0000
ROA not before:           Sat 11 Jan 2025 15:38:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52194
IP address blocks:        91.203.234.0/24 maxlen: 24
                          193.106.97.0/24 maxlen: 24
                          194.242.26.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/c171d4-0672-414d-a02d-cd027a0681bd/1/iWiIN2VUmZHX_zdhJtWKkJoUuPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/c171d4-0672-414d-a02d-cd027a0681bd/1/iWiIN2VUmZHX_zdhJtWKkJoUuPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iWiIN2VUmZHX_zdhJtWKkJoUuPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:56:04:04:77:ec:98:8b:8c:55:db:1a:fd:2b:0b:2e:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8968883765549991d7ff376126d58a909a14b8f1
        Validity
            Not Before: Jan 11 15:38:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b540ab535218c8a4de1c583058f9ce86ea4014bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:e8:34:ec:ac:62:32:8b:47:85:2d:84:a5:f9:
                    81:d0:d5:6b:a0:86:91:55:1c:97:be:ee:75:82:87:
                    6c:71:fb:53:65:89:0f:ad:7a:e7:f7:73:c8:0e:65:
                    33:ee:10:a9:09:c7:e1:ae:55:7c:56:7a:ca:c2:c1:
                    40:70:0e:a2:83:b1:ad:aa:b3:87:6e:9f:01:f5:01:
                    fc:b3:bf:b0:ae:2b:e9:ef:6b:d4:a7:fc:e5:09:70:
                    a6:94:8b:9b:0d:91:24:d5:b9:ad:12:c3:40:49:18:
                    4d:75:e6:ae:56:15:56:91:a7:4a:d7:b7:9e:a7:f8:
                    f1:89:95:18:d7:1a:60:f3:bc:3e:97:b4:36:96:fb:
                    fc:73:7d:ed:c3:dc:0f:6a:44:3c:5d:de:44:69:59:
                    12:fd:f3:a7:15:61:84:57:43:95:35:98:53:82:cc:
                    3e:d8:54:7c:1e:84:3f:c4:55:b0:f7:83:85:1c:bd:
                    7f:72:2e:26:59:b8:6f:3e:38:a9:da:50:67:ec:e7:
                    e5:68:51:26:5a:76:7b:b7:ae:ef:44:ce:6f:17:fc:
                    32:a8:a3:bb:6e:73:2f:e3:9f:0e:4c:46:d4:9b:9d:
                    cf:99:97:d3:68:0f:6a:69:57:5c:c9:bc:1c:a9:de:
                    bf:2a:01:d3:c8:1f:f2:af:32:a2:7b:b5:b5:de:cb:
                    23:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:40:AB:53:52:18:C8:A4:DE:1C:58:30:58:F9:CE:86:EA:40:14:BB
            X509v3 Authority Key Identifier:
                keyid:89:68:88:37:65:54:99:91:D7:FF:37:61:26:D5:8A:90:9A:14:B8:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWiIN2VUmZHX_zdhJtWKkJoUuPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/c171d4-0672-414d-a02d-cd027a0681bd/1/tUCrU1IYyKTeHFgwWPnOhupAFLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/c171d4-0672-414d-a02d-cd027a0681bd/1/iWiIN2VUmZHX_zdhJtWKkJoUuPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.234.0/24
                  193.106.97.0/24
                  194.242.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:81:eb:ed:e9:a8:49:09:de:59:c9:6e:1f:df:72:5f:dd:9e:
         15:9c:5f:a1:f5:54:f0:aa:9b:de:82:22:28:f0:93:67:04:2d:
         56:21:8f:12:76:2c:2b:91:77:79:6f:bb:f0:b6:42:39:67:0d:
         16:e9:00:31:69:00:74:52:5b:f5:43:13:66:e6:78:36:65:0a:
         69:d0:18:e2:54:8a:1f:19:04:98:8f:d8:ce:51:85:fd:37:c6:
         ab:1d:6c:e2:74:76:44:ea:4e:5a:61:3f:f1:3b:f7:3b:1c:78:
         cb:2d:71:c3:5a:5e:08:5f:6a:b9:6e:95:08:b3:20:89:72:71:
         46:e7:7e:0e:58:58:f6:4e:b8:b2:f4:70:e1:11:6d:1b:5a:71:
         6b:46:06:9b:c4:3f:0d:c9:97:4e:89:e1:8c:3e:3d:1c:65:c2:
         13:22:66:cc:03:66:ff:48:0f:85:f4:aa:8c:df:fb:7b:0c:14:
         ab:57:5f:a4:6b:73:5d:da:57:93:8d:72:61:77:2a:7a:c1:06:
         af:bc:28:29:3e:8f:9d:f1:1e:a1:6f:08:21:17:1e:3b:95:93:
         db:f2:51:f4:c1:67:11:cf:59:57:a0:54:8e:75:47:4c:bb:14:
         28:92:b8:19:f8:15:6b:00:16:95:41:a2:06:bc:8f:d0:99:3d:
         dc:15:30:18
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRWBAR37JiLjFXbGv0rCy4KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5Njg4ODM3NjU1NDk5OTFkN2ZmMzc2MTI2ZDU4YTkwOWEx
NGI4ZjEwHhcNMjUwMTExMTUzODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTQwYWI1MzUyMThjOGE0ZGUxYzU4MzA1OGY5Y2U4NmVhNDAxNGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Og07KxiMotHhS2EpfmB0NVroIaR
VRyXvu51godscftTZYkPrXrn93PIDmUz7hCpCcfhrlV8VnrKwsFAcA6ig7GtqrOH
bp8B9QH8s7+wrivp72vUp/zlCXCmlIubDZEk1bmtEsNASRhNdeauVhVWkadK17ee
p/jxiZUY1xpg87w+l7Q2lvv8c33tw9wPakQ8Xd5EaVkS/fOnFWGEV0OVNZhTgsw+
2FR8HoQ/xFWw94OFHL1/ci4mWbhvPjip2lBn7OflaFEmWnZ7t67vRM5vF/wyqKO7
bnMv458OTEbUm53PmZfTaA9qaVdcybwcqd6/KgHTyB/yrzKie7W13ssjrwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLVAq1NSGMik3hxYMFj5zobqQBS7MB8GA1UdIwQY
MBaAFIloiDdlVJmR1/83YSbVipCaFLjxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdpSU4yVlVtWkhYX3pkaEp0V0trSm9VdVBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9jMTcxZDQtMDY3Mi00MTRkLWEwMmQt
Y2QwMjdhMDY4MWJkLzEvdFVDclUxSVl5S1RlSEZnd1dQbk9odXBBRkxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9jMTcxZDQtMDY3Mi00MTRkLWEwMmQtY2QwMjdhMDY4MWJk
LzEvaVdpSU4yVlVtWkhYX3pkaEp0V0trSm9VdVBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8vqAwQA
wWphAwQBwvIaMA0GCSqGSIb3DQEBCwUAA4IBAQBdgevt6ahJCd5ZyW4f33Jf3Z4V
nF+h9VTwqpvegiIo8JNnBC1WIY8SdiwrkXd5b7vwtkI5Zw0W6QAxaQB0Ulv1QxNm
5ng2ZQpp0BjiVIofGQSYj9jOUYX9N8arHWzidHZE6k5aYT/xO/c7HHjLLXHDWl4I
X2q5bpUIsyCJcnFG534OWFj2Triy9HDhEW0bWnFrRgabxD8NyZdOieGMPj0cZcIT
ImbMA2b/SA+F9KqM3/t7DBSrV1+ka3Nd2leTjXJhdyp6wQavvCgpPo+d8R6hbwgh
Fx47lZPb8lH0wWcRz1lXoFSOdUdMuxQokrgZ+BVrABaVQaIGvI/QmT3cFTAY
-----END CERTIFICATE-----