Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/cSVJv9Y-FnxxLG20frdAri_noBk.roa
File:                     cSVJv9Y-FnxxLG20frdAri_noBk.roa (raw, json)
Hash identifier:          34paWKddNtWaw0Vl7xzlk/3/M190Z6IXyvbGbAK4Tj8=
Subject key identifier:   71:25:49:BF:D6:3E:16:7C:71:2C:6D:B4:7E:B7:40:AE:2F:E7:A0:19
Certificate issuer:       /CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
Certificate serial:       0194228E43E6232999C7575A3439280A9407
Authority key identifier: 48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/cSVJv9Y-FnxxLG20frdAri_noBk.roa
Signing time:             Wed 01 Jan 2025 15:48:56 +0000
ROA not before:           Wed 01 Jan 2025 15:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35744
IP address blocks:        91.238.176.0/24 maxlen: 24
                          185.28.56.0/24 maxlen: 24
                          2a00:9b60:5353::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:43:e6:23:29:99:c7:57:5a:34:39:28:0a:94:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
        Validity
            Not Before: Jan  1 15:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=712549bfd63e167c712c6db47eb740ae2fe7a019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:be:eb:43:62:0d:82:ff:6c:ea:bc:f9:b3:cc:
                    db:5c:7c:2f:8e:2a:03:48:98:a2:e4:12:45:eb:f1:
                    87:a8:7a:c7:64:17:55:ff:da:c7:cc:91:95:c9:50:
                    42:07:ef:d7:1f:c1:cc:85:84:ed:e1:f6:83:b8:da:
                    31:ad:5b:b2:0a:52:10:b6:2f:53:e5:2d:a0:4f:20:
                    d6:ad:0e:de:a9:d8:bc:b8:41:8d:55:82:c6:77:b4:
                    cf:2e:5e:86:c7:57:a0:9a:e6:76:7f:68:41:d0:5f:
                    e4:f6:65:38:33:fa:1c:ea:d7:af:01:c3:2a:9c:e5:
                    ac:6f:54:8a:a8:2b:8c:92:1d:9b:dd:7f:a2:59:d2:
                    d2:74:06:24:d0:2e:64:8f:b4:e7:08:9f:25:04:ac:
                    00:9a:cc:97:b7:de:e3:83:61:ef:04:7b:92:30:95:
                    b1:c1:ab:e3:2f:22:c0:c0:02:d0:50:cd:f6:ef:62:
                    b3:91:82:d5:2d:3b:4b:51:95:a4:9b:e1:63:d2:e8:
                    b5:16:34:86:42:51:89:8a:c6:36:1c:62:42:8e:89:
                    13:0b:80:b8:c7:55:3e:de:5c:cd:3e:8f:b0:7a:9d:
                    d3:f7:c1:f8:3b:10:07:fc:6f:cd:7d:e2:c1:57:d2:
                    02:64:be:45:83:12:e4:f0:27:f6:06:6e:db:4f:79:
                    65:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:25:49:BF:D6:3E:16:7C:71:2C:6D:B4:7E:B7:40:AE:2F:E7:A0:19
            X509v3 Authority Key Identifier:
                keyid:48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/cSVJv9Y-FnxxLG20frdAri_noBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.176.0/24
                  185.28.56.0/24
                IPv6:
                  2a00:9b60:5353::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:ef:ed:c2:ad:47:bc:ba:18:2d:9d:34:11:df:66:de:de:21:
         9b:ed:a8:3f:07:50:37:62:7e:f4:53:35:5b:70:bf:73:95:1e:
         00:d8:d5:51:90:c3:86:85:96:b0:85:02:bc:27:a3:e4:bb:fd:
         fd:60:df:2a:b0:b5:b1:b9:98:82:df:0e:cb:06:ff:02:db:44:
         c3:01:3b:18:39:59:b7:8d:2b:99:b5:89:fe:33:e7:40:4f:8b:
         b1:1f:53:3e:49:75:de:98:50:75:4d:4e:30:13:c7:cd:7d:40:
         d7:4a:95:7b:99:eb:60:fb:3e:2a:1e:a1:28:3c:c9:da:d7:5f:
         9b:da:e1:5f:43:6e:de:72:c6:bd:54:e9:4e:10:64:ac:0b:b1:
         f4:eb:be:97:de:b9:6f:e1:bb:d5:21:ec:f8:f8:e8:06:57:05:
         cc:e9:15:72:9a:5f:fe:29:8b:20:a7:8c:72:5e:6d:7f:33:9c:
         18:06:0d:77:e3:39:95:b7:43:84:31:7c:64:d9:b6:69:36:c4:
         67:e7:63:35:b2:8e:16:67:14:2c:74:5e:07:54:0e:90:fa:48:
         0d:72:bc:6f:84:dd:af:8d:9b:c9:1b:71:65:34:1d:e0:5e:b2:
         a9:e5:46:12:2a:47:54:13:ee:fb:6d:97:a8:dc:3e:c7:79:7e:
         63:d6:ab:a8
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQijkPmIymZx1daNDkoCpQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4OGM2NWRjMzU5YjU4Y2E2YmE1ZDNkYWViODc0ZjA1ODY4
NGU4YzYwHhcNMjUwMTAxMTU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI1NDliZmQ2M2UxNjdjNzEyYzZkYjQ3ZWI3NDBhZTJmZTdhMDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvb7rQ2INgv9s6rz5s8zbXHwvjioD
SJii5BJF6/GHqHrHZBdV/9rHzJGVyVBCB+/XH8HMhYTt4faDuNoxrVuyClIQti9T
5S2gTyDWrQ7eqdi8uEGNVYLGd7TPLl6Gx1egmuZ2f2hB0F/k9mU4M/oc6tevAcMq
nOWsb1SKqCuMkh2b3X+iWdLSdAYk0C5kj7TnCJ8lBKwAmsyXt97jg2HvBHuSMJWx
wavjLyLAwALQUM3272KzkYLVLTtLUZWkm+Fj0ui1FjSGQlGJisY2HGJCjokTC4C4
x1U+3lzNPo+wep3T98H4OxAH/G/NfeLBV9ICZL5FgxLk8Cf2Bm7bT3ll4wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHElSb/WPhZ8cSxttH63QK4v56AZMB8GA1UdIwQY
MBaAFEiMZdw1m1jKa6XT2uuHTwWGhOjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQt
YjBkNzJlOTEwZWZlLzEvY1NWSnY5WS1Gbnh4TEcyMGZyZEFyaV9ub0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQtYjBkNzJlOTEwZWZl
LzEvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW+6wAwQA
uRw4MA8EAgACMAkDBwAqAJtgU1MwDQYJKoZIhvcNAQELBQADggEBAITv7cKtR7y6
GC2dNBHfZt7eIZvtqD8HUDdifvRTNVtwv3OVHgDY1VGQw4aFlrCFArwno+S7/f1g
3yqwtbG5mILfDssG/wLbRMMBOxg5WbeNK5m1if4z50BPi7EfUz5Jdd6YUHVNTjAT
x819QNdKlXuZ62D7PioeoSg8ydrXX5va4V9Dbt5yxr1U6U4QZKwLsfTrvpfeuW/h
u9Uh7Pj46AZXBczpFXKaX/4piyCnjHJebX8znBgGDXfjOZW3Q4QxfGTZtmk2xGfn
YzWyjhZnFCx0XgdUDpD6SA1yvG+E3a+Nm8kbcWU0HeBesqnlRhIqR1QT7vttl6jc
Psd5fmPWq6g=
-----END CERTIFICATE-----