Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/d9d664-b018-4896-8cbd-aeccb632d288/1/mVbUdqr9oEcPiZysELwHzge0y8g.roa
File:                     mVbUdqr9oEcPiZysELwHzge0y8g.roa (raw, json)
Hash identifier:          Y+aQue+b7f/IHLBZfZa5SygpKDtfepbI9i9idjcQ+mQ=
Subject key identifier:   99:56:D4:76:AA:FD:A0:47:0F:89:9C:AC:10:BC:07:CE:07:B4:CB:C8
Certificate issuer:       /CN=67bb39cf24a674248f694f6d1c3bfb5c8267eefa
Certificate serial:       01942067C6A9AB55DEB438C9C11E426D8AFB
Authority key identifier: 67:BB:39:CF:24:A6:74:24:8F:69:4F:6D:1C:3B:FB:5C:82:67:EE:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7s5zySmdCSPaU9tHDv7XIJn7vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/d9d664-b018-4896-8cbd-aeccb632d288/1/mVbUdqr9oEcPiZysELwHzge0y8g.roa
Signing time:             Wed 01 Jan 2025 05:47:39 +0000
ROA not before:           Wed 01 Jan 2025 05:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212974
IP address blocks:        91.216.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/d9d664-b018-4896-8cbd-aeccb632d288/1/Z7s5zySmdCSPaU9tHDv7XIJn7vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/d9d664-b018-4896-8cbd-aeccb632d288/1/Z7s5zySmdCSPaU9tHDv7XIJn7vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7s5zySmdCSPaU9tHDv7XIJn7vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:c6:a9:ab:55:de:b4:38:c9:c1:1e:42:6d:8a:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67bb39cf24a674248f694f6d1c3bfb5c8267eefa
        Validity
            Not Before: Jan  1 05:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9956d476aafda0470f899cac10bc07ce07b4cbc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b2:2a:39:79:4b:e2:2c:58:14:b9:f7:b5:fc:
                    7d:a4:46:e1:38:88:21:c8:85:35:88:b5:03:ea:f2:
                    92:68:30:ab:3e:df:fe:f9:d1:17:9d:cd:9a:fd:00:
                    c0:42:19:a3:d6:9e:64:08:36:df:50:6b:85:63:0b:
                    0d:eb:9d:e7:84:14:f3:82:b1:97:6c:58:8d:09:91:
                    97:c7:5c:20:6d:84:db:0a:c4:a2:0e:0d:3f:3a:99:
                    34:c0:e3:9a:f7:e2:6a:32:2c:9f:88:0e:33:60:b7:
                    e6:65:41:94:bb:b6:4e:c9:86:47:49:8a:11:21:c0:
                    3e:1f:dd:71:21:c6:b3:a6:74:b5:8d:a4:2d:e3:63:
                    61:36:5b:c2:64:69:7d:f5:d4:0c:f6:98:32:ee:d8:
                    df:c0:da:0a:9e:59:ba:1c:9e:a5:87:78:a5:d8:c0:
                    df:34:e1:12:6e:d9:ee:6d:7d:4f:6e:5d:63:ec:b9:
                    ea:75:7b:44:d7:13:48:0a:07:32:40:6c:e1:aa:68:
                    ee:16:61:b9:bc:bb:17:d3:db:55:eb:93:af:92:fa:
                    d4:f3:64:93:67:47:f7:db:19:98:7e:af:35:2d:d3:
                    23:a2:bc:88:af:ff:8a:a7:09:5b:7b:c0:5b:91:f8:
                    78:95:25:27:20:03:5a:56:72:a8:3e:cb:96:77:a5:
                    21:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:56:D4:76:AA:FD:A0:47:0F:89:9C:AC:10:BC:07:CE:07:B4:CB:C8
            X509v3 Authority Key Identifier:
                keyid:67:BB:39:CF:24:A6:74:24:8F:69:4F:6D:1C:3B:FB:5C:82:67:EE:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7s5zySmdCSPaU9tHDv7XIJn7vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/d9d664-b018-4896-8cbd-aeccb632d288/1/mVbUdqr9oEcPiZysELwHzge0y8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/d9d664-b018-4896-8cbd-aeccb632d288/1/Z7s5zySmdCSPaU9tHDv7XIJn7vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:58:3a:03:67:73:cb:a8:0e:01:ee:1e:ee:c8:81:b3:14:94:
         ef:0e:66:06:6b:78:c5:27:f5:5e:c9:84:cc:c9:a3:98:74:87:
         c5:e6:bb:85:bd:cb:96:75:1a:b5:4f:c0:d8:35:08:80:03:69:
         fe:a0:be:ec:e3:b1:13:f9:cb:46:d3:b8:df:c4:a1:c3:e3:aa:
         19:e1:5a:6d:61:88:25:09:4b:6f:ff:87:ed:57:b9:7f:0e:51:
         ab:9a:f8:52:a1:e8:be:4d:a1:3d:0b:e9:07:38:55:98:86:73:
         ca:97:2e:a2:25:12:bd:d9:3a:34:61:01:1d:c0:4c:27:65:96:
         43:8b:67:bf:54:3d:c7:d3:5d:28:a4:cb:be:01:09:4c:a0:42:
         2f:e1:e0:b1:10:3f:11:24:a8:a5:46:e3:03:68:e5:f6:76:ad:
         5c:16:b0:a3:fd:a3:b4:84:d1:34:1c:94:3f:34:03:29:33:68:
         04:ce:20:49:e5:2e:f0:e2:8d:27:62:72:d2:bc:ea:71:fb:4f:
         ed:cd:10:88:4e:f0:4d:40:28:97:6c:a3:02:79:ed:e6:d7:f7:
         c0:ab:ba:ae:99:0b:7c:73:73:d2:ea:10:3f:85:ff:35:4b:5c:
         67:f8:5c:81:dc:4c:a9:1a:7d:13:15:3a:a4:6a:cd:a4:ab:3d:
         24:bd:4b:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ8apq1XetDjJwR5CbYr7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YmIzOWNmMjRhNjc0MjQ4ZjY5NGY2ZDFjM2JmYjVjODI2
N2VlZmEwHhcNMjUwMTAxMDU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTU2ZDQ3NmFhZmRhMDQ3MGY4OTljYWMxMGJjMDdjZTA3YjRjYmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7IqOXlL4ixYFLn3tfx9pEbhOIgh
yIU1iLUD6vKSaDCrPt/++dEXnc2a/QDAQhmj1p5kCDbfUGuFYwsN653nhBTzgrGX
bFiNCZGXx1wgbYTbCsSiDg0/Opk0wOOa9+JqMiyfiA4zYLfmZUGUu7ZOyYZHSYoR
IcA+H91xIcazpnS1jaQt42NhNlvCZGl99dQM9pgy7tjfwNoKnlm6HJ6lh3il2MDf
NOESbtnubX1Pbl1j7LnqdXtE1xNICgcyQGzhqmjuFmG5vLsX09tV65OvkvrU82ST
Z0f32xmYfq81LdMjoryIr/+Kpwlbe8Bbkfh4lSUnIANaVnKoPsuWd6UhZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlW1Haq/aBHD4mcrBC8B84HtMvIMB8GA1UdIwQY
MBaAFGe7Oc8kpnQkj2lPbRw7+1yCZ+76MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdzNXp5U21kQ1NQYVU5dEhEdjdYSUpuN3ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9kOWQ2NjQtYjAxOC00ODk2LThjYmQt
YWVjY2I2MzJkMjg4LzEvbVZiVWRxcjlvRWNQaVp5c0VMd0h6Z2UweThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9kOWQ2NjQtYjAxOC00ODk2LThjYmQtYWVjY2I2MzJkMjg4
LzEvWjdzNXp5U21kQ1NQYVU5dEhEdjdYSUpuN3ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9iSMA0G
CSqGSIb3DQEBCwUAA4IBAQASWDoDZ3PLqA4B7h7uyIGzFJTvDmYGa3jFJ/VeyYTM
yaOYdIfF5ruFvcuWdRq1T8DYNQiAA2n+oL7s47ET+ctG07jfxKHD46oZ4VptYYgl
CUtv/4ftV7l/DlGrmvhSoei+TaE9C+kHOFWYhnPKly6iJRK92To0YQEdwEwnZZZD
i2e/VD3H010opMu+AQlMoEIv4eCxED8RJKilRuMDaOX2dq1cFrCj/aO0hNE0HJQ/
NAMpM2gEziBJ5S7w4o0nYnLSvOpx+0/tzRCITvBNQCiXbKMCee3m1/fAq7qumQt8
c3PS6hA/hf81S1xn+FyB3EypGn0TFTqkas2kqz0kvUuz
-----END CERTIFICATE-----