Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/zku7rL4ehWHvRZK1RwrAb6MT-1c.roa
File:                     zku7rL4ehWHvRZK1RwrAb6MT-1c.roa (raw, json)
Hash identifier:          nNwzvzSXO21Gwoc000T5O5APuYh4t3vWkKVJ9XFGR80=
Subject key identifier:   CE:4B:BB:AC:BE:1E:85:61:EF:45:92:B5:47:0A:C0:6F:A3:13:FB:57
Certificate issuer:       /CN=eaf96df31b3f404df5b77e399ce79371b4f44443
Certificate serial:       0194266ABB8E552509271EDB24C5B5F83E12
Authority key identifier: EA:F9:6D:F3:1B:3F:40:4D:F5:B7:7E:39:9C:E7:93:71:B4:F4:44:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6vlt8xs_QE31t345nOeTcbT0REM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/zku7rL4ehWHvRZK1RwrAb6MT-1c.roa
Signing time:             Thu 02 Jan 2025 09:48:36 +0000
ROA not before:           Thu 02 Jan 2025 09:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56886
IP address blocks:        91.229.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/6vlt8xs_QE31t345nOeTcbT0REM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/6vlt8xs_QE31t345nOeTcbT0REM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6vlt8xs_QE31t345nOeTcbT0REM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:bb:8e:55:25:09:27:1e:db:24:c5:b5:f8:3e:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaf96df31b3f404df5b77e399ce79371b4f44443
        Validity
            Not Before: Jan  2 09:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce4bbbacbe1e8561ef4592b5470ac06fa313fb57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e7:b1:05:35:c2:33:2e:cb:f2:a2:22:0e:eb:
                    c4:a0:7b:0d:11:b9:b9:b4:c8:a0:19:a5:be:e8:00:
                    b9:0d:b3:38:dc:07:57:59:ac:14:df:26:e4:1a:26:
                    4e:dc:72:32:83:b9:48:75:ed:59:3f:71:94:9a:a1:
                    3f:a1:84:ef:59:c8:1b:7a:26:eb:78:b7:ad:a3:7a:
                    5b:88:0b:88:a4:43:0a:54:65:bf:ed:f9:b0:f6:b1:
                    97:74:7c:bc:76:14:a9:e9:57:da:97:fb:32:cc:9d:
                    06:11:97:69:4b:40:5d:b0:36:80:3d:4e:14:24:0e:
                    03:5f:bd:3f:99:25:b3:25:0f:c3:d2:8a:26:e3:92:
                    00:3f:39:7d:e6:e6:68:87:81:10:f4:23:4c:7c:1b:
                    db:df:9d:b6:6c:dc:63:4c:f2:51:83:59:3d:84:d6:
                    93:6c:28:c3:8b:e1:a0:c8:2b:ea:46:f2:ac:bb:4d:
                    04:fd:d4:97:d2:06:49:9f:de:a7:2d:5c:2e:92:b0:
                    9d:d7:e2:25:d7:41:5c:00:f3:17:15:41:aa:15:5c:
                    c5:22:15:87:7a:b3:42:98:ad:8a:64:9d:af:3a:57:
                    c5:78:97:38:82:40:e3:4a:71:19:20:cd:6b:4c:0a:
                    32:9d:7e:61:92:d1:10:2c:ee:49:69:05:08:b8:28:
                    b5:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:4B:BB:AC:BE:1E:85:61:EF:45:92:B5:47:0A:C0:6F:A3:13:FB:57
            X509v3 Authority Key Identifier:
                keyid:EA:F9:6D:F3:1B:3F:40:4D:F5:B7:7E:39:9C:E7:93:71:B4:F4:44:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6vlt8xs_QE31t345nOeTcbT0REM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/zku7rL4ehWHvRZK1RwrAb6MT-1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/6vlt8xs_QE31t345nOeTcbT0REM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:43:d7:99:58:a4:8b:1a:62:0c:d0:2f:a1:be:23:d5:03:3f:
         99:d9:65:7f:97:e8:5f:90:52:f6:2e:0b:e7:f7:59:59:fd:91:
         92:33:fe:79:c7:6f:45:ab:8c:f8:27:2d:b5:b8:8a:f0:e8:bd:
         e7:a8:28:29:c0:cf:b6:f2:c0:2f:0b:7d:0c:a4:bc:0c:0e:79:
         b9:58:11:e4:80:b9:b6:40:89:0d:89:a6:ff:ed:bb:a6:fe:6d:
         4e:aa:ca:a9:fa:23:f6:50:f0:66:3f:98:05:10:ec:f8:95:5a:
         c7:fe:2e:7e:82:4b:25:3c:f0:20:9b:17:d4:44:99:c1:61:40:
         ce:54:67:29:76:97:39:ec:8e:ca:63:f4:1b:82:0b:0c:33:aa:
         be:c5:61:d2:5f:cf:fc:a7:51:35:ac:a2:74:5e:0d:57:fb:02:
         35:82:4a:76:73:79:6e:20:f8:c6:13:20:5c:39:5b:c7:dd:bf:
         5b:5c:b7:41:54:17:9e:02:f0:f9:39:30:99:e8:a7:a7:32:ef:
         a9:5c:c1:90:cf:78:b6:00:8a:e9:36:a6:fa:e1:5a:a1:33:e9:
         04:b2:70:47:83:53:25:9c:84:a1:b1:f0:2f:23:59:d5:e9:02:
         55:b2:7e:ef:51:ab:86:e6:6a:99:50:1f:87:fb:e4:43:d7:24:
         12:52:74:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmaruOVSUJJx7bJMW1+D4SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZjk2ZGYzMWIzZjQwNGRmNWI3N2UzOTljZTc5MzcxYjRm
NDQ0NDMwHhcNMjUwMTAyMDk0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTRiYmJhY2JlMWU4NTYxZWY0NTkyYjU0NzBhYzA2ZmEzMTNmYjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOexBTXCMy7L8qIiDuvEoHsNEbm5
tMigGaW+6AC5DbM43AdXWawU3ybkGiZO3HIyg7lIde1ZP3GUmqE/oYTvWcgbeibr
eLeto3pbiAuIpEMKVGW/7fmw9rGXdHy8dhSp6Vfal/syzJ0GEZdpS0BdsDaAPU4U
JA4DX70/mSWzJQ/D0oom45IAPzl95uZoh4EQ9CNMfBvb3522bNxjTPJRg1k9hNaT
bCjDi+GgyCvqRvKsu00E/dSX0gZJn96nLVwukrCd1+Il10FcAPMXFUGqFVzFIhWH
erNCmK2KZJ2vOlfFeJc4gkDjSnEZIM1rTAoynX5hktEQLO5JaQUIuCi1XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5Lu6y+HoVh70WStUcKwG+jE/tXMB8GA1UdIwQY
MBaAFOr5bfMbP0BN9bd+OZznk3G09ERDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnZsdDh4c19RRTMxdDM0NW5PZVRjYlQwUkVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8wZTAzOWEtYmU5Ni00MWZjLWFiY2Qt
OTY0YjYxYmMzMTliLzEvemt1N3JMNGVoV0h2UlpLMVJ3ckFiNk1ULTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8wZTAzOWEtYmU5Ni00MWZjLWFiY2QtOTY0YjYxYmMzMTli
LzEvNnZsdDh4c19RRTMxdDM0NW5PZVRjYlQwUkVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+XpMA0G
CSqGSIb3DQEBCwUAA4IBAQBXQ9eZWKSLGmIM0C+hviPVAz+Z2WV/l+hfkFL2Lgvn
91lZ/ZGSM/55x29Fq4z4Jy21uIrw6L3nqCgpwM+28sAvC30MpLwMDnm5WBHkgLm2
QIkNiab/7bum/m1Oqsqp+iP2UPBmP5gFEOz4lVrH/i5+gkslPPAgmxfURJnBYUDO
VGcpdpc57I7KY/QbggsMM6q+xWHSX8/8p1E1rKJ0Xg1X+wI1gkp2c3luIPjGEyBc
OVvH3b9bXLdBVBeeAvD5OTCZ6KenMu+pXMGQz3i2AIrpNqb64VqhM+kEsnBHg1Ml
nIShsfAvI1nV6QJVsn7vUauG5mqZUB+H++RD1yQSUnSR
-----END CERTIFICATE-----