Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/Ve7YFtVIJ6oEkkG5DoS-ngCjYv0.roa
File:                     Ve7YFtVIJ6oEkkG5DoS-ngCjYv0.roa (raw, json)
Hash identifier:          shC3WnGXTQpp0bvZL5ZiYYKQZO5PyZEtvwp/+mUAkvs=
Subject key identifier:   55:EE:D8:16:D5:48:27:AA:04:92:41:B9:0E:84:BE:9E:00:A3:62:FD
Certificate issuer:       /CN=ec1d7290bfd1be123fbe0b075fd50dcf646c4f76
Certificate serial:       019428264FF099CE3811253A2403A82E8F26
Authority key identifier: EC:1D:72:90:BF:D1:BE:12:3F:BE:0B:07:5F:D5:0D:CF:64:6C:4F:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/Ve7YFtVIJ6oEkkG5DoS-ngCjYv0.roa
Signing time:             Thu 02 Jan 2025 17:53:06 +0000
ROA not before:           Thu 02 Jan 2025 17:53:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44934
IP address blocks:        91.203.56.0/22 maxlen: 24
                          2001:67c:6f0::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:4f:f0:99:ce:38:11:25:3a:24:03:a8:2e:8f:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec1d7290bfd1be123fbe0b075fd50dcf646c4f76
        Validity
            Not Before: Jan  2 17:53:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55eed816d54827aa049241b90e84be9e00a362fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3a:ba:23:17:5a:32:4e:92:91:5a:f2:14:e9:
                    df:f3:a5:07:83:2c:71:63:7b:9b:98:1a:18:c5:b8:
                    bf:9c:6e:9c:7f:5c:ca:bd:4c:9f:10:62:c7:ef:dd:
                    76:a6:58:fb:fb:ae:dc:5c:d0:b2:8d:73:8e:25:c9:
                    73:e7:36:1a:67:04:fa:11:f3:5d:37:ac:7f:89:a7:
                    63:b8:7f:6a:9a:7d:26:2c:0c:37:ad:c4:9a:ff:91:
                    75:cd:fd:ac:9b:ff:58:78:50:b1:66:15:60:be:21:
                    de:fb:aa:db:9d:4d:55:f2:35:94:1d:46:3e:c6:ff:
                    0a:3d:91:5b:5c:57:24:44:a7:52:6b:ca:49:1f:90:
                    44:c2:35:e3:b0:b1:53:09:ad:b9:99:32:15:9f:42:
                    f1:21:db:0d:e2:5a:43:49:cc:aa:ed:e5:4f:70:0d:
                    3a:63:94:14:8a:80:80:f5:51:72:69:cc:86:d3:99:
                    69:29:2d:e6:63:c0:2e:a6:0e:84:f1:c6:5b:5d:df:
                    a3:62:c8:24:aa:3e:36:48:46:3e:46:93:1d:6c:9d:
                    60:df:51:d4:e5:33:91:fe:1a:82:66:5b:b2:37:87:
                    a3:d2:35:b4:f7:be:93:e8:ee:30:ab:40:b0:67:0f:
                    18:1c:53:25:3f:0b:08:b9:b6:53:b6:cb:f7:fc:2b:
                    ba:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:EE:D8:16:D5:48:27:AA:04:92:41:B9:0E:84:BE:9E:00:A3:62:FD
            X509v3 Authority Key Identifier:
                keyid:EC:1D:72:90:BF:D1:BE:12:3F:BE:0B:07:5F:D5:0D:CF:64:6C:4F:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/Ve7YFtVIJ6oEkkG5DoS-ngCjYv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/b525eb-cea4-47fd-8f7d-68e949082f9b/1/7B1ykL_RvhI_vgsHX9UNz2RsT3Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.56.0/22
                IPv6:
                  2001:67c:6f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:1b:f8:55:90:ac:62:d2:d5:0a:e4:5b:98:a7:7e:88:f6:26:
         92:1f:66:5b:98:af:9c:12:7a:c4:5f:3c:d6:09:6d:bd:bd:cc:
         9e:1f:28:d5:ee:d1:36:71:c2:c7:76:dd:81:18:af:07:b5:42:
         03:1c:37:ea:8c:44:63:3b:1a:69:ea:6c:15:f3:9d:16:2d:5b:
         2f:83:b6:91:cb:38:87:8f:2c:0a:44:c6:e8:37:72:2e:24:f9:
         d1:71:19:ef:fe:2a:c7:db:27:7e:42:70:c8:06:be:9e:a5:b9:
         41:f5:79:bf:3a:d1:79:57:3c:65:fd:fb:b1:84:55:44:a1:be:
         e6:84:f5:25:2e:fd:97:ea:2b:e1:8f:b8:8c:cd:a0:69:a9:b5:
         79:b7:93:fa:bb:e9:6b:4e:c5:3b:03:3a:06:a6:8b:a3:66:1e:
         b2:7a:57:c6:90:9f:0e:ec:f8:d8:ac:db:21:ff:c4:fc:02:ba:
         13:54:85:89:73:f8:a8:58:c8:22:ea:a9:41:18:a6:a1:9e:17:
         d3:8d:62:77:6e:a9:73:fe:88:44:9c:63:12:f3:f0:88:aa:d3:
         83:5e:82:03:f5:8e:03:52:3a:0b:47:a0:e4:9b:6f:95:10:a3:
         f9:30:d3:55:91:ae:c1:3f:b9:05:64:6c:0f:0a:da:98:08:4e:
         44:fc:23:34
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQoJk/wmc44ESU6JAOoLo8mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMWQ3MjkwYmZkMWJlMTIzZmJlMGIwNzVmZDUwZGNmNjQ2
YzRmNzYwHhcNMjUwMTAyMTc1MzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWVlZDgxNmQ1NDgyN2FhMDQ5MjQxYjkwZTg0YmU5ZTAwYTM2MmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzq6IxdaMk6SkVryFOnf86UHgyxx
Y3ubmBoYxbi/nG6cf1zKvUyfEGLH7912plj7+67cXNCyjXOOJclz5zYaZwT6EfNd
N6x/iadjuH9qmn0mLAw3rcSa/5F1zf2sm/9YeFCxZhVgviHe+6rbnU1V8jWUHUY+
xv8KPZFbXFckRKdSa8pJH5BEwjXjsLFTCa25mTIVn0LxIdsN4lpDScyq7eVPcA06
Y5QUioCA9VFyacyG05lpKS3mY8Aupg6E8cZbXd+jYsgkqj42SEY+RpMdbJ1g31HU
5TOR/hqCZluyN4ej0jW0976T6O4wq0CwZw8YHFMlPwsIubZTtsv3/Cu6AQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFXu2BbVSCeqBJJBuQ6Evp4Ao2L9MB8GA1UdIwQY
MBaAFOwdcpC/0b4SP74LB1/VDc9kbE92MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0IxeWtMX1J2aElfdmdzSFg5VU56MlJzVDNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9iNTI1ZWItY2VhNC00N2ZkLThmN2Qt
NjhlOTQ5MDgyZjliLzEvVmU3WUZ0VklKNm9Fa2tHNURvUy1uZ0NqWXYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9iNTI1ZWItY2VhNC00N2ZkLThmN2QtNjhlOTQ5MDgyZjli
LzEvN0IxeWtMX1J2aElfdmdzSFg5VU56MlJzVDNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCW8s4MA8E
AgACMAkDBwAgAQZ8BvAwDQYJKoZIhvcNAQELBQADggEBAH4b+FWQrGLS1QrkW5in
foj2JpIfZluYr5wSesRfPNYJbb29zJ4fKNXu0TZxwsd23YEYrwe1QgMcN+qMRGM7
GmnqbBXznRYtWy+DtpHLOIePLApExug3ci4k+dFxGe/+KsfbJ35CcMgGvp6luUH1
eb860XlXPGX9+7GEVUShvuaE9SUu/ZfqK+GPuIzNoGmptXm3k/q76WtOxTsDOgam
i6NmHrJ6V8aQnw7s+Nis2yH/xPwCuhNUhYlz+KhYyCLqqUEYpqGeF9ONYnduqXP+
iEScYxLz8Iiq04NeggP1jgNSOgtHoOSbb5UQo/kw01WRrsE/uQVkbA8K2pgITkT8
IzQ=
-----END CERTIFICATE-----