Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/1KuevLKOXin1b0wgf0GWz0r6nwg.roa
File:                     1KuevLKOXin1b0wgf0GWz0r6nwg.roa (raw, json)
Hash identifier:          ASw2YdXHtzStc1C+SsPAtANeLSe13bWPdtXsO3TzYqc=
Subject key identifier:   D4:AB:9E:BC:B2:8E:5E:29:F5:6F:4C:20:7F:41:96:CF:4A:FA:9F:08
Certificate issuer:       /CN=2e2f6dd9799fa4ea084fd549d710c6896dfae291
Certificate serial:       01942067F24D0D8C867A9E2BB5A937EDBE07
Authority key identifier: 2E:2F:6D:D9:79:9F:A4:EA:08:4F:D5:49:D7:10:C6:89:6D:FA:E2:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Li9t2XmfpOoIT9VJ1xDGiW364pE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/1KuevLKOXin1b0wgf0GWz0r6nwg.roa
Signing time:             Wed 01 Jan 2025 05:47:50 +0000
ROA not before:           Wed 01 Jan 2025 05:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        91.238.123.0/24 maxlen: 24
                          193.46.81.0/24 maxlen: 24
                          194.9.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/Li9t2XmfpOoIT9VJ1xDGiW364pE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/Li9t2XmfpOoIT9VJ1xDGiW364pE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Li9t2XmfpOoIT9VJ1xDGiW364pE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f2:4d:0d:8c:86:7a:9e:2b:b5:a9:37:ed:be:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2f6dd9799fa4ea084fd549d710c6896dfae291
        Validity
            Not Before: Jan  1 05:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4ab9ebcb28e5e29f56f4c207f4196cf4afa9f08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:91:ac:d3:36:74:7f:6b:b5:b7:bd:c5:26:47:
                    24:19:0d:a9:c6:f1:f2:a4:90:52:5d:8f:40:2e:0c:
                    60:a1:18:51:06:32:4e:4e:a1:7d:58:30:94:56:a2:
                    95:06:d7:3d:da:b2:76:c6:37:99:45:48:b0:da:3e:
                    58:1a:6b:ff:02:5e:19:a6:3f:e8:b4:58:6b:13:c8:
                    f6:4d:02:18:c2:6b:d4:d7:d0:c7:66:67:7e:62:1d:
                    66:a2:fe:ef:95:cb:1d:09:a0:53:75:b2:41:be:65:
                    54:85:2a:fa:ca:6a:9f:da:69:3c:e7:34:d7:8d:9d:
                    f2:3a:4b:20:4f:1f:17:69:fe:e1:77:74:4f:1d:4e:
                    b6:5d:4b:70:b1:20:23:46:c5:d9:20:fc:04:2d:38:
                    39:8d:80:9a:4e:76:c2:fe:49:a9:54:33:8d:da:8e:
                    5a:46:db:c9:7c:ff:1b:d1:10:79:02:52:c6:08:b8:
                    a7:37:64:e1:0f:0b:4d:3d:d6:4a:72:d9:80:4e:52:
                    9a:e4:64:89:fb:24:20:9f:34:62:56:4c:2f:26:f8:
                    35:3e:4f:2f:ac:79:bf:98:50:ec:e5:b0:eb:4d:8b:
                    33:cd:ad:e6:4a:5c:9d:fd:58:91:c9:39:74:f7:0b:
                    23:cc:f3:50:e6:5e:19:9d:31:26:b6:1a:db:92:7e:
                    79:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:AB:9E:BC:B2:8E:5E:29:F5:6F:4C:20:7F:41:96:CF:4A:FA:9F:08
            X509v3 Authority Key Identifier:
                keyid:2E:2F:6D:D9:79:9F:A4:EA:08:4F:D5:49:D7:10:C6:89:6D:FA:E2:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Li9t2XmfpOoIT9VJ1xDGiW364pE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/1KuevLKOXin1b0wgf0GWz0r6nwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/1a4cc0-da92-4596-b123-561ced5bbf92/1/Li9t2XmfpOoIT9VJ1xDGiW364pE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.123.0/24
                  193.46.81.0/24
                  194.9.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:72:fe:d1:bb:8e:ff:81:21:0a:cc:a9:40:ae:ee:a8:8a:72:
         ca:e8:f6:41:e8:58:1c:cc:01:37:cd:1d:f0:31:ce:c8:c4:33:
         79:3f:c1:b5:c4:51:f3:96:54:d0:49:30:2b:19:70:77:41:be:
         5e:cb:08:47:c8:8f:dc:46:f3:ab:99:c4:15:e5:41:22:f8:23:
         e3:46:78:cb:db:4f:cf:67:4d:91:f2:3a:86:e8:6e:f7:24:39:
         e5:29:a6:a0:c3:ed:46:1e:ee:a9:da:6d:a9:1a:41:e4:e1:aa:
         5a:92:bd:e0:d7:89:ff:1f:cc:57:66:ce:0b:69:16:d8:d9:b5:
         1e:04:5f:12:fe:1a:6d:20:ea:f3:40:8e:7c:8f:a8:4c:c0:2d:
         43:7e:4c:f7:00:b5:85:1f:f2:a5:f8:1f:ef:37:89:59:bc:38:
         08:79:4b:db:2c:74:1a:82:3f:0b:03:f7:b0:ff:26:26:35:fe:
         0b:d7:f1:bf:11:b8:87:6a:f3:12:85:c2:b0:8d:a9:ea:02:b0:
         9c:8d:40:fb:f6:ad:7c:50:e6:ad:77:cf:cc:d5:fb:e6:91:95:
         c3:c8:cf:5d:60:d4:b4:97:09:5b:a7:f8:ab:d7:07:2d:ce:f1:
         2d:f8:11:db:b3:5a:e8:61:ef:19:b1:a6:18:7e:20:d7:42:31:
         f4:e6:b5:bc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQgZ/JNDYyGep4rtak37b4HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMmY2ZGQ5Nzk5ZmE0ZWEwODRmZDU0OWQ3MTBjNjg5NmRm
YWUyOTEwHhcNMjUwMTAxMDU0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGFiOWViY2IyOGU1ZTI5ZjU2ZjRjMjA3ZjQxOTZjZjRhZmE5ZjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZGs0zZ0f2u1t73FJkckGQ2pxvHy
pJBSXY9ALgxgoRhRBjJOTqF9WDCUVqKVBtc92rJ2xjeZRUiw2j5YGmv/Al4Zpj/o
tFhrE8j2TQIYwmvU19DHZmd+Yh1mov7vlcsdCaBTdbJBvmVUhSr6ymqf2mk85zTX
jZ3yOksgTx8Xaf7hd3RPHU62XUtwsSAjRsXZIPwELTg5jYCaTnbC/kmpVDON2o5a
RtvJfP8b0RB5AlLGCLinN2ThDwtNPdZKctmATlKa5GSJ+yQgnzRiVkwvJvg1Pk8v
rHm/mFDs5bDrTYszza3mSlyd/ViRyTl09wsjzPNQ5l4ZnTEmthrbkn559QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNSrnryyjl4p9W9MIH9Bls9K+p8IMB8GA1UdIwQY
MBaAFC4vbdl5n6TqCE/VSdcQxolt+uKRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGk5dDJYbWZwT29JVDlWSjF4REdpVzM2NHBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8xYTRjYzAtZGE5Mi00NTk2LWIxMjMt
NTYxY2VkNWJiZjkyLzEvMUt1ZXZMS09YaW4xYjB3Z2YwR1d6MHI2bndnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8xYTRjYzAtZGE5Mi00NTk2LWIxMjMtNTYxY2VkNWJiZjky
LzEvTGk5dDJYbWZwT29JVDlWSjF4REdpVzM2NHBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+57AwQA
wS5RAwQAwgkGMA0GCSqGSIb3DQEBCwUAA4IBAQBRcv7Ru47/gSEKzKlAru6oinLK
6PZB6FgczAE3zR3wMc7IxDN5P8G1xFHzllTQSTArGXB3Qb5eywhHyI/cRvOrmcQV
5UEi+CPjRnjL20/PZ02R8jqG6G73JDnlKaagw+1GHu6p2m2pGkHk4apakr3g14n/
H8xXZs4LaRbY2bUeBF8S/hptIOrzQI58j6hMwC1Dfkz3ALWFH/Kl+B/vN4lZvDgI
eUvbLHQagj8LA/ew/yYmNf4L1/G/EbiHavMShcKwjanqArCcjUD79q18UOatd8/M
1fvmkZXDyM9dYNS0lwlbp/ir1wctzvEt+BHbs1roYe8ZsaYYfiDXQjH05rW8
-----END CERTIFICATE-----