Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/3e70ZZqi33Dl2b2l60x4ZQeIHq8.roa
File:                     3e70ZZqi33Dl2b2l60x4ZQeIHq8.roa (raw, json)
Hash identifier:          ezFIoSxfuKrnfHFTC4lkRDwVwAnl+AIoLI5PIzwvHuI=
Subject key identifier:   DD:EE:F4:65:9A:A2:DF:70:E5:D9:BD:A5:EB:4C:78:65:07:88:1E:AF
Certificate issuer:       /CN=560d1e89b4e742e69062a95d351deea96b5178fb
Certificate serial:       019421B1AD6B94AF2B1849C0BEE0D82D48C7
Authority key identifier: 56:0D:1E:89:B4:E7:42:E6:90:62:A9:5D:35:1D:EE:A9:6B:51:78:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vg0eibTnQuaQYqldNR3uqWtRePs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/3e70ZZqi33Dl2b2l60x4ZQeIHq8.roa
Signing time:             Wed 01 Jan 2025 11:47:59 +0000
ROA not before:           Wed 01 Jan 2025 11:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198154
IP address blocks:        91.231.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/Vg0eibTnQuaQYqldNR3uqWtRePs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/Vg0eibTnQuaQYqldNR3uqWtRePs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vg0eibTnQuaQYqldNR3uqWtRePs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ad:6b:94:af:2b:18:49:c0:be:e0:d8:2d:48:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=560d1e89b4e742e69062a95d351deea96b5178fb
        Validity
            Not Before: Jan  1 11:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ddeef4659aa2df70e5d9bda5eb4c786507881eaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8e:b6:34:ed:86:ac:5d:a8:c3:f9:51:df:10:
                    fe:97:72:af:5e:df:be:98:e5:b3:58:31:b8:15:30:
                    80:9a:61:94:95:a8:c5:f4:5c:8d:69:67:78:4b:87:
                    7a:53:98:18:fb:d3:7e:07:14:d3:60:70:90:d9:5d:
                    c9:8b:9c:11:38:99:c7:51:3b:63:77:e4:9a:cc:65:
                    16:4f:f6:59:68:44:f8:cd:4e:ab:2d:bb:54:9a:4d:
                    30:67:79:e0:55:07:16:b8:6f:b6:16:af:e3:7d:94:
                    05:ef:06:c6:c6:bf:1e:2d:e4:90:80:71:f1:07:96:
                    c4:d0:1f:ac:79:6e:8f:8d:6a:cf:26:ef:3b:74:17:
                    c5:e9:0d:60:d0:72:23:94:6c:19:d1:8a:60:6b:8d:
                    78:6e:19:a8:2c:71:57:2f:56:bc:d7:65:cc:3d:b6:
                    37:e1:e7:96:59:69:2f:6c:5f:c7:f9:62:4e:7a:63:
                    e9:1c:da:cd:25:40:d1:6d:1d:f4:49:b8:7a:d6:70:
                    44:d9:25:e4:e9:b2:3f:ee:e9:fb:be:43:8c:07:55:
                    23:b9:99:d8:0c:75:2d:bc:b6:8d:ef:0d:c6:3e:a6:
                    65:59:b8:e6:eb:46:2d:21:79:37:28:c5:93:70:06:
                    23:d5:54:dd:2b:a1:3b:fa:36:72:3a:b6:9d:5b:55:
                    4e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:EE:F4:65:9A:A2:DF:70:E5:D9:BD:A5:EB:4C:78:65:07:88:1E:AF
            X509v3 Authority Key Identifier:
                keyid:56:0D:1E:89:B4:E7:42:E6:90:62:A9:5D:35:1D:EE:A9:6B:51:78:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vg0eibTnQuaQYqldNR3uqWtRePs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/3e70ZZqi33Dl2b2l60x4ZQeIHq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/Vg0eibTnQuaQYqldNR3uqWtRePs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:33:12:71:d1:eb:6a:cd:15:ed:fb:33:ee:fa:a7:9b:ba:f8:
         55:3b:b9:c0:c7:6e:6a:e3:b5:1d:09:fe:02:17:c2:e2:ba:dc:
         06:cb:5c:bc:3d:49:ec:7d:b1:8d:b3:a2:55:70:b2:35:e3:99:
         bb:b6:bc:0e:11:dc:94:cf:cb:3a:f0:af:b7:39:87:61:4a:95:
         1d:93:f2:94:a2:11:7c:d1:90:8b:fc:b0:6a:e0:b8:0a:02:40:
         3e:b2:00:ce:51:c7:5b:79:04:15:a2:fd:8b:df:f4:87:95:20:
         a1:b7:cb:7b:f7:04:06:1f:c6:28:47:65:fb:27:d5:c8:76:aa:
         4c:69:d6:03:80:9f:07:e7:4b:b9:95:a4:46:50:1d:72:54:28:
         5e:da:5a:a3:29:4a:cb:94:bb:93:a3:f5:48:f8:35:bf:a1:44:
         f9:3b:c1:e8:04:2d:12:cc:0e:f4:b2:cb:6b:57:f1:e6:c3:5b:
         2e:5b:d8:91:ea:e8:83:db:5f:42:d9:32:ce:c0:be:a2:cf:0a:
         64:82:f8:b4:b6:5f:68:d3:a8:89:22:49:f2:ee:e8:df:53:a2:
         eb:66:cf:32:50:61:a5:59:76:a0:ba:78:68:ff:ed:8e:0c:39:
         60:90:3c:f3:47:b9:14:79:6e:88:8a:0d:a7:06:ea:b9:b4:8e:
         a7:81:1b:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsa1rlK8rGEnAvuDYLUjHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2MGQxZTg5YjRlNzQyZTY5MDYyYTk1ZDM1MWRlZWE5NmI1
MTc4ZmIwHhcNMjUwMTAxMTE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGVlZjQ2NTlhYTJkZjcwZTVkOWJkYTVlYjRjNzg2NTA3ODgxZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY62NO2GrF2ow/lR3xD+l3KvXt++
mOWzWDG4FTCAmmGUlajF9FyNaWd4S4d6U5gY+9N+BxTTYHCQ2V3Ji5wROJnHUTtj
d+SazGUWT/ZZaET4zU6rLbtUmk0wZ3ngVQcWuG+2Fq/jfZQF7wbGxr8eLeSQgHHx
B5bE0B+seW6PjWrPJu87dBfF6Q1g0HIjlGwZ0Ypga414bhmoLHFXL1a812XMPbY3
4eeWWWkvbF/H+WJOemPpHNrNJUDRbR30Sbh61nBE2SXk6bI/7un7vkOMB1UjuZnY
DHUtvLaN7w3GPqZlWbjm60YtIXk3KMWTcAYj1VTdK6E7+jZyOradW1VOxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3u9GWaot9w5dm9petMeGUHiB6vMB8GA1UdIwQY
MBaAFFYNHom050LmkGKpXTUd7qlrUXj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmcwZWliVG5RdWFRWXFsZE5SM3VxV3RSZVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS84YTczNGEtZDJiOC00MTFlLWE1NTct
NTBkNmJhNmFhY2I4LzEvM2U3MFpacWkzM0RsMmIybDYweDRaUWVJSHE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS84YTczNGEtZDJiOC00MTFlLWE1NTctNTBkNmJhNmFhY2I4
LzEvVmcwZWliVG5RdWFRWXFsZE5SM3VxV3RSZVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+feMA0G
CSqGSIb3DQEBCwUAA4IBAQBeMxJx0etqzRXt+zPu+qebuvhVO7nAx25q47UdCf4C
F8LiutwGy1y8PUnsfbGNs6JVcLI145m7trwOEdyUz8s68K+3OYdhSpUdk/KUohF8
0ZCL/LBq4LgKAkA+sgDOUcdbeQQVov2L3/SHlSCht8t79wQGH8YoR2X7J9XIdqpM
adYDgJ8H50u5laRGUB1yVChe2lqjKUrLlLuTo/VI+DW/oUT5O8HoBC0SzA70sstr
V/Hmw1suW9iR6uiD219C2TLOwL6izwpkgvi0tl9o06iJIkny7ujfU6LrZs8yUGGl
WXagunho/+2ODDlgkDzzR7kUeW6Iig2nBuq5tI6ngRuh
-----END CERTIFICATE-----