Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/0f9632-8c3d-4f7c-b22a-92f1d7dfc817/1/6gwfZ0imtXXPhJEbNpqe4SziOnE.roa
File:                     6gwfZ0imtXXPhJEbNpqe4SziOnE.roa (raw, json)
Hash identifier:          Pn+V1Yp5GxtDMsze+Fax5FaJ18PgHU1//S1rPV1x8cg=
Subject key identifier:   EA:0C:1F:67:48:A6:B5:75:CF:84:91:1B:36:9A:9E:E1:2C:E2:3A:71
Certificate issuer:       /CN=9bd0f8b42045c73870216ce0369cbd1a80bc8995
Certificate serial:       0194258F3CCB12B837417CC2594C15751588
Authority key identifier: 9B:D0:F8:B4:20:45:C7:38:70:21:6C:E0:36:9C:BD:1A:80:BC:89:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9D4tCBFxzhwIWzgNpy9GoC8iZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/0f9632-8c3d-4f7c-b22a-92f1d7dfc817/1/6gwfZ0imtXXPhJEbNpqe4SziOnE.roa
Signing time:             Thu 02 Jan 2025 05:48:51 +0000
ROA not before:           Thu 02 Jan 2025 05:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199408
IP address blocks:        91.194.0.0/23 maxlen: 23
                          91.194.14.0/23 maxlen: 23
                          91.194.14.0/24 maxlen: 24
                          91.194.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/0f9632-8c3d-4f7c-b22a-92f1d7dfc817/1/m9D4tCBFxzhwIWzgNpy9GoC8iZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/0f9632-8c3d-4f7c-b22a-92f1d7dfc817/1/m9D4tCBFxzhwIWzgNpy9GoC8iZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9D4tCBFxzhwIWzgNpy9GoC8iZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:3c:cb:12:b8:37:41:7c:c2:59:4c:15:75:15:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd0f8b42045c73870216ce0369cbd1a80bc8995
        Validity
            Not Before: Jan  2 05:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea0c1f6748a6b575cf84911b369a9ee12ce23a71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:3a:bf:d5:bc:bb:b5:5a:b6:b7:d6:fc:f6:de:
                    63:93:6a:86:ec:7d:6b:a8:33:e2:15:5b:ac:dd:cf:
                    d9:aa:75:38:50:00:3a:44:c3:67:55:0e:4f:3c:ef:
                    b4:cb:1d:80:ba:13:2b:ae:cc:39:ec:af:58:73:6d:
                    24:a9:24:44:6d:e9:09:54:ce:ef:b9:7e:ed:44:67:
                    6f:5f:d5:b1:4b:5e:86:48:ee:b7:24:b8:d3:06:71:
                    09:ba:20:07:ba:4f:7f:ad:3d:05:4e:3a:5a:35:db:
                    b4:5e:33:e9:05:d8:b7:71:d3:74:95:ca:d3:77:05:
                    a0:19:92:c8:66:13:7d:e3:4c:d0:5e:1d:59:88:e5:
                    69:ce:cb:bc:29:5e:92:2e:89:b6:e9:ad:1e:f3:ad:
                    5b:bd:ad:b9:d8:85:9f:cb:9f:3c:cf:7c:b0:7a:d9:
                    49:ca:e8:bf:e6:9a:ac:98:0e:da:1b:55:03:0b:66:
                    56:c8:02:51:0e:49:2c:e5:4e:08:5d:c6:4b:f9:9c:
                    92:48:44:3c:f8:05:cd:f2:20:ca:f8:f2:e2:ad:ed:
                    65:49:e6:bc:ef:a6:15:b6:0a:4e:4f:9f:7d:1f:69:
                    b4:f9:4c:b1:e6:8c:c5:f1:7f:f1:b9:5b:66:48:e5:
                    f8:65:6b:b4:37:46:60:dc:66:72:29:0a:cf:d2:8a:
                    98:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:0C:1F:67:48:A6:B5:75:CF:84:91:1B:36:9A:9E:E1:2C:E2:3A:71
            X509v3 Authority Key Identifier:
                keyid:9B:D0:F8:B4:20:45:C7:38:70:21:6C:E0:36:9C:BD:1A:80:BC:89:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9D4tCBFxzhwIWzgNpy9GoC8iZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/0f9632-8c3d-4f7c-b22a-92f1d7dfc817/1/6gwfZ0imtXXPhJEbNpqe4SziOnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/0f9632-8c3d-4f7c-b22a-92f1d7dfc817/1/m9D4tCBFxzhwIWzgNpy9GoC8iZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.0.0/23
                  91.194.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:ed:00:65:b0:fe:49:7a:f0:26:ee:71:cd:62:74:a7:0e:81:
         ba:92:76:c6:6f:01:00:06:db:0f:03:14:81:61:bc:fc:05:02:
         61:85:5e:5c:4e:dd:79:d5:c9:0f:59:7b:f5:e8:72:c0:dd:c0:
         dd:33:e0:af:42:1a:30:bd:16:5e:1d:64:0e:b3:fb:d1:6a:8d:
         03:84:cf:3c:99:a4:6e:98:6b:bb:1e:dd:85:92:de:2b:cb:f2:
         93:c4:9e:47:87:5e:31:5d:4b:5e:41:9d:58:d4:6a:bd:6e:48:
         f6:92:f4:0e:c7:31:aa:96:7f:22:a1:c3:80:0c:19:08:c2:4f:
         ba:a8:87:a5:90:37:0b:72:91:27:8d:8a:28:67:d4:40:c9:23:
         51:d7:3d:df:06:07:3d:6f:8d:48:cf:80:0d:ad:5c:ac:db:de:
         2c:27:ec:50:58:3a:f7:e4:b7:5f:c0:f3:9c:9b:55:69:43:c9:
         91:45:67:33:5c:5a:a2:a7:3a:2a:38:a0:11:a6:bf:a1:56:b8:
         91:75:e3:70:7e:18:a8:28:01:39:3d:09:64:3d:f3:15:12:29:
         ef:3b:fb:56:50:51:cf:75:45:6c:a8:ee:08:47:32:59:c5:15:
         cd:9b:e0:e7:25:ba:b3:54:06:90:97:73:00:dd:35:5e:22:eb:
         c2:2d:d0:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQljzzLErg3QXzCWUwVdRWIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZDBmOGI0MjA0NWM3Mzg3MDIxNmNlMDM2OWNiZDFhODBi
Yzg5OTUwHhcNMjUwMTAyMDU0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTBjMWY2NzQ4YTZiNTc1Y2Y4NDkxMWIzNjlhOWVlMTJjZTIzYTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zq/1by7tVq2t9b89t5jk2qG7H1r
qDPiFVus3c/ZqnU4UAA6RMNnVQ5PPO+0yx2AuhMrrsw57K9Yc20kqSREbekJVM7v
uX7tRGdvX9WxS16GSO63JLjTBnEJuiAHuk9/rT0FTjpaNdu0XjPpBdi3cdN0lcrT
dwWgGZLIZhN940zQXh1ZiOVpzsu8KV6SLom26a0e861bva252IWfy588z3ywetlJ
yui/5pqsmA7aG1UDC2ZWyAJRDkks5U4IXcZL+ZySSEQ8+AXN8iDK+PLire1lSea8
76YVtgpOT599H2m0+Uyx5ozF8X/xuVtmSOX4ZWu0N0Zg3GZyKQrP0oqYIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOoMH2dIprV1z4SRGzaanuEs4jpxMB8GA1UdIwQY
MBaAFJvQ+LQgRcc4cCFs4DacvRqAvImVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTlENHRDQkZ4emh3SVd6Z05weTlHb0M4aVpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8wZjk2MzItOGMzZC00ZjdjLWIyMmEt
OTJmMWQ3ZGZjODE3LzEvNmd3ZlowaW10WFhQaEpFYk5wcWU0U3ppT25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8wZjk2MzItOGMzZC00ZjdjLWIyMmEtOTJmMWQ3ZGZjODE3
LzEvbTlENHRDQkZ4emh3SVd6Z05weTlHb0M4aVpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8IAAwQB
W8IOMA0GCSqGSIb3DQEBCwUAA4IBAQAR7QBlsP5JevAm7nHNYnSnDoG6knbGbwEA
BtsPAxSBYbz8BQJhhV5cTt151ckPWXv16HLA3cDdM+CvQhowvRZeHWQOs/vRao0D
hM88maRumGu7Ht2Fkt4ry/KTxJ5Hh14xXUteQZ1Y1Gq9bkj2kvQOxzGqln8iocOA
DBkIwk+6qIelkDcLcpEnjYooZ9RAySNR1z3fBgc9b41Iz4ANrVys294sJ+xQWDr3
5LdfwPOcm1VpQ8mRRWczXFqipzoqOKARpr+hVriRdeNwfhioKAE5PQlkPfMVEinv
O/tWUFHPdUVsqO4IRzJZxRXNm+DnJbqzVAaQl3MA3TVeIuvCLdCQ
-----END CERTIFICATE-----