Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/b3d0d7-e10a-486f-885d-41ab7c872fea/1/98pSG03PsWjsaovooO14-BTQ9Vo.roa
File:                     98pSG03PsWjsaovooO14-BTQ9Vo.roa (raw, json)
Hash identifier:          Nos0vMcOhKzLe90FJjKrPfa+9LXdDpzz5DlngxI3jBk=
Subject key identifier:   F7:CA:52:1B:4D:CF:B1:68:EC:6A:8B:E8:A0:ED:78:F8:14:D0:F5:5A
Certificate issuer:       /CN=b2d0a0c68a2039ff0ca514024115271c8a046608
Certificate serial:       019422FC4E24BBAB191C45FB9D441789C60A
Authority key identifier: B2:D0:A0:C6:8A:20:39:FF:0C:A5:14:02:41:15:27:1C:8A:04:66:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/stCgxoogOf8MpRQCQRUnHIoEZgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/b3d0d7-e10a-486f-885d-41ab7c872fea/1/98pSG03PsWjsaovooO14-BTQ9Vo.roa
Signing time:             Wed 01 Jan 2025 17:49:07 +0000
ROA not before:           Wed 01 Jan 2025 17:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15557
IP address blocks:        91.240.78.0/24 maxlen: 24
                          91.240.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/b3d0d7-e10a-486f-885d-41ab7c872fea/1/stCgxoogOf8MpRQCQRUnHIoEZgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/b3d0d7-e10a-486f-885d-41ab7c872fea/1/stCgxoogOf8MpRQCQRUnHIoEZgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/stCgxoogOf8MpRQCQRUnHIoEZgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:4e:24:bb:ab:19:1c:45:fb:9d:44:17:89:c6:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2d0a0c68a2039ff0ca514024115271c8a046608
        Validity
            Not Before: Jan  1 17:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7ca521b4dcfb168ec6a8be8a0ed78f814d0f55a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:01:40:8a:58:a8:ab:4a:7c:0f:04:29:67:d5:
                    5d:45:82:47:2d:2b:1e:b6:75:e6:01:f2:ab:57:0b:
                    8a:1c:72:c8:7e:99:05:ea:1c:bd:1b:e4:38:46:1c:
                    89:e2:15:ea:68:10:1f:77:50:1e:aa:aa:60:67:4d:
                    40:93:6d:37:89:6d:c3:a5:bd:46:77:4c:08:2c:22:
                    40:67:8a:f4:9e:c1:91:e2:8c:72:41:95:7f:d4:bb:
                    aa:86:fe:cc:5c:df:95:3b:13:05:1c:cc:10:f0:98:
                    04:53:92:ff:83:0e:ec:cd:c5:9f:37:18:dc:47:e3:
                    57:5b:83:3c:8d:e8:74:75:fa:54:1d:f4:7d:62:1c:
                    c0:07:67:de:15:14:a0:87:7f:08:09:a4:ee:94:c2:
                    22:dc:7a:fe:50:41:e8:b8:13:c6:89:03:80:d5:30:
                    bd:7c:12:b2:92:6b:15:cf:58:67:21:e5:98:1e:61:
                    c7:f4:4e:42:93:3b:07:37:f3:f5:b4:71:f4:a3:08:
                    14:6e:76:fe:b0:80:59:06:0d:66:10:2c:7d:54:2d:
                    73:f2:98:06:77:17:56:08:19:00:8e:13:aa:2a:c2:
                    51:a3:97:14:c9:86:56:9f:6a:fd:26:9c:dd:23:0f:
                    16:c0:14:bf:ff:b5:05:6b:54:95:2f:3e:67:93:04:
                    6e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:CA:52:1B:4D:CF:B1:68:EC:6A:8B:E8:A0:ED:78:F8:14:D0:F5:5A
            X509v3 Authority Key Identifier:
                keyid:B2:D0:A0:C6:8A:20:39:FF:0C:A5:14:02:41:15:27:1C:8A:04:66:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/stCgxoogOf8MpRQCQRUnHIoEZgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/b3d0d7-e10a-486f-885d-41ab7c872fea/1/98pSG03PsWjsaovooO14-BTQ9Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/b3d0d7-e10a-486f-885d-41ab7c872fea/1/stCgxoogOf8MpRQCQRUnHIoEZgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:f8:12:85:23:77:2d:0d:b4:cc:ae:9a:7b:4d:f3:54:f7:78:
         dc:fd:e3:16:2d:9f:26:07:69:7f:e8:02:48:61:25:f6:c7:44:
         c3:9e:7b:c9:aa:99:d0:d2:11:30:c2:22:e0:0f:45:76:d0:7d:
         f7:0e:85:1b:06:d3:92:d1:2c:cd:9e:58:c3:ef:f2:2c:3c:d0:
         d3:31:a6:36:9f:eb:df:e1:93:ee:bb:c6:7c:db:7a:d9:eb:1f:
         4b:4b:c8:00:39:e9:09:6a:ae:25:6d:a7:5f:61:ff:d8:df:96:
         48:26:f7:a0:bb:a9:74:75:94:8e:a1:b2:69:ef:76:72:55:8e:
         e5:9d:85:f3:b5:59:8f:e1:0c:e7:a4:58:28:8a:e5:80:bf:aa:
         0a:2d:9f:0e:fa:60:0c:11:98:95:3a:45:13:c8:60:9f:c0:3a:
         0c:a9:c9:58:c0:9a:c7:a4:00:cb:24:53:19:a6:58:ac:17:df:
         e7:44:8e:54:3a:61:d5:ba:36:bd:e5:4d:b5:07:fe:73:90:1e:
         4d:67:b9:12:6b:4e:de:eb:b4:55:f5:73:fa:a2:93:a7:68:71:
         4e:b3:0d:99:a4:08:62:6b:9c:60:63:7e:a3:09:1b:fd:08:45:
         b6:c8:78:91:9c:5c:3a:db:95:9e:4e:de:cf:4d:4d:4a:b5:6d:
         07:a7:8c:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/E4ku6sZHEX7nUQXicYKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZDBhMGM2OGEyMDM5ZmYwY2E1MTQwMjQxMTUyNzFjOGEw
NDY2MDgwHhcNMjUwMTAxMTc0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2NhNTIxYjRkY2ZiMTY4ZWM2YThiZThhMGVkNzhmODE0ZDBmNTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigFAilioq0p8DwQpZ9VdRYJHLSse
tnXmAfKrVwuKHHLIfpkF6hy9G+Q4RhyJ4hXqaBAfd1AeqqpgZ01Ak203iW3Dpb1G
d0wILCJAZ4r0nsGR4oxyQZV/1Luqhv7MXN+VOxMFHMwQ8JgEU5L/gw7szcWfNxjc
R+NXW4M8jeh0dfpUHfR9YhzAB2feFRSgh38ICaTulMIi3Hr+UEHouBPGiQOA1TC9
fBKykmsVz1hnIeWYHmHH9E5CkzsHN/P1tHH0owgUbnb+sIBZBg1mECx9VC1z8pgG
dxdWCBkAjhOqKsJRo5cUyYZWn2r9JpzdIw8WwBS//7UFa1SVLz5nkwRuAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfKUhtNz7Fo7GqL6KDtePgU0PVaMB8GA1UdIwQY
MBaAFLLQoMaKIDn/DKUUAkEVJxyKBGYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3RDZ3hvb2dPZjhNcFJRQ1FSVW5ISW9FWmdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9iM2QwZDctZTEwYS00ODZmLTg4NWQt
NDFhYjdjODcyZmVhLzEvOThwU0cwM1BzV2pzYW92b29PMTQtQlRROVZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9iM2QwZDctZTEwYS00ODZmLTg4NWQtNDFhYjdjODcyZmVh
LzEvc3RDZ3hvb2dPZjhNcFJRQ1FSVW5ISW9FWmdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW/BOMA0G
CSqGSIb3DQEBCwUAA4IBAQBW+BKFI3ctDbTMrpp7TfNU93jc/eMWLZ8mB2l/6AJI
YSX2x0TDnnvJqpnQ0hEwwiLgD0V20H33DoUbBtOS0SzNnljD7/IsPNDTMaY2n+vf
4ZPuu8Z823rZ6x9LS8gAOekJaq4lbadfYf/Y35ZIJvegu6l0dZSOobJp73ZyVY7l
nYXztVmP4QznpFgoiuWAv6oKLZ8O+mAMEZiVOkUTyGCfwDoMqclYwJrHpADLJFMZ
plisF9/nRI5UOmHVuja95U21B/5zkB5NZ7kSa07e67RV9XP6opOnaHFOsw2ZpAhi
a5xgY36jCRv9CEW2yHiRnFw625WeTt7PTU1KtW0Hp4yx
-----END CERTIFICATE-----