Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ulUXrUDPWH1jBF3XUvGFq6u9UBA.roa
File:                     ulUXrUDPWH1jBF3XUvGFq6u9UBA.roa (raw, json)
Hash identifier:          JO8Wuf/EekqDvWZVFwjNa4p80lEXLhg9dIYBQ3yRrjk=
Subject key identifier:   BA:55:17:AD:40:CF:58:7D:63:04:5D:D7:52:F1:85:AB:AB:BD:50:10
Certificate issuer:       /CN=2793bde946ae936d3cacc136a5f3239edf2431f4
Certificate serial:       019428243BA2EC7EE8FF3E8818107E44880E
Authority key identifier: 27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ulUXrUDPWH1jBF3XUvGFq6u9UBA.roa
Signing time:             Thu 02 Jan 2025 17:50:50 +0000
ROA not before:           Thu 02 Jan 2025 17:50:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15440
IP address blocks:        91.188.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:3b:a2:ec:7e:e8:ff:3e:88:18:10:7e:44:88:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2793bde946ae936d3cacc136a5f3239edf2431f4
        Validity
            Not Before: Jan  2 17:50:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba5517ad40cf587d63045dd752f185ababbd5010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c8:62:3e:44:b4:58:6d:d5:d7:d1:1a:22:2f:
                    93:a9:3d:76:fa:fc:db:d6:58:e5:e7:7c:fa:cf:cc:
                    6c:db:d5:6a:c5:4c:54:87:da:e9:da:b5:8f:0b:72:
                    0d:7b:3b:0d:b4:eb:d7:8b:09:c4:cd:07:e1:b5:fa:
                    ec:56:60:65:ce:57:67:0c:3b:37:f2:98:30:1f:2c:
                    59:d0:78:01:de:22:ad:9c:ca:46:88:29:3b:33:e9:
                    27:e2:a4:f7:e3:aa:07:11:83:39:3d:ee:c2:c4:39:
                    6d:a6:c6:dd:22:cb:f6:84:83:40:f6:7c:11:f4:b2:
                    38:e3:8c:37:9a:14:6e:a1:07:d9:cd:12:27:9d:b5:
                    be:b2:9c:81:b8:c3:c7:57:c1:bd:f3:9b:1d:6b:28:
                    31:0b:94:4b:62:d5:8c:78:32:27:19:ee:fe:44:42:
                    fc:af:07:b9:1a:fe:d3:45:71:21:17:92:30:7d:94:
                    fe:2b:df:fc:7f:6c:7c:70:4a:b5:6d:b8:b6:29:5a:
                    02:a6:d6:3b:2b:3d:02:9f:2c:f1:db:67:da:98:7d:
                    f6:c5:7f:a5:fc:18:26:e4:e8:44:d5:26:73:36:fd:
                    db:ee:73:4f:56:70:e4:58:15:1d:b8:f0:23:70:d4:
                    22:9b:e8:d2:7d:75:d7:cf:96:c8:85:a2:6e:a7:b4:
                    60:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:55:17:AD:40:CF:58:7D:63:04:5D:D7:52:F1:85:AB:AB:BD:50:10
            X509v3 Authority Key Identifier:
                keyid:27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ulUXrUDPWH1jBF3XUvGFq6u9UBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:ae:9e:4e:45:b0:b2:f0:8b:96:89:3d:55:7f:27:75:67:08:
         22:58:cc:bc:e2:d6:8d:a1:23:9a:da:56:f5:56:a5:4d:7e:97:
         c8:bc:d5:45:0b:0a:6f:c3:c9:ff:db:09:7e:83:af:68:17:28:
         6d:6d:8b:d2:9a:e2:20:ad:65:59:ce:7c:35:e2:83:82:b4:7f:
         2c:95:13:c7:68:5f:b0:d2:5e:ef:ae:b1:f0:41:5a:8c:35:74:
         e2:9e:1b:d1:ce:24:18:d0:28:bc:54:e0:50:ea:96:0b:c9:dd:
         67:fc:ce:ee:60:81:6a:38:0d:55:12:b6:75:34:61:26:37:e9:
         bd:f6:84:c0:79:f8:f3:5b:93:c1:2c:25:3c:b3:c6:db:9a:78:
         88:46:8a:28:0a:be:3e:c3:8f:0a:16:f7:57:aa:63:1a:a5:b2:
         2e:44:fa:6b:21:8b:13:66:42:60:ed:2b:b1:35:44:79:56:60:
         a0:7a:0e:27:98:16:ef:cd:36:bb:6e:3f:ca:0b:cb:e2:33:13:
         f4:2f:6e:e7:64:24:1d:0d:bf:ec:9d:a5:d7:7d:79:15:14:c4:
         61:ec:a2:7c:af:b8:fe:4e:2e:11:ac:d9:05:ad:62:a1:45:48:
         5a:b7:0e:38:d8:ff:df:82:3c:bb:5e:fe:e0:3d:8a:cd:f0:e0:
         38:97:8d:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJDui7H7o/z6IGBB+RIgOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTNiZGU5NDZhZTkzNmQzY2FjYzEzNmE1ZjMyMzllZGYy
NDMxZjQwHhcNMjUwMTAyMTc1MDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTU1MTdhZDQwY2Y1ODdkNjMwNDVkZDc1MmYxODVhYmFiYmQ1MDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MhiPkS0WG3V19EaIi+TqT12+vzb
1ljl53z6z8xs29VqxUxUh9rp2rWPC3INezsNtOvXiwnEzQfhtfrsVmBlzldnDDs3
8pgwHyxZ0HgB3iKtnMpGiCk7M+kn4qT346oHEYM5Pe7CxDltpsbdIsv2hINA9nwR
9LI444w3mhRuoQfZzRInnbW+spyBuMPHV8G985sdaygxC5RLYtWMeDInGe7+REL8
rwe5Gv7TRXEhF5IwfZT+K9/8f2x8cEq1bbi2KVoCptY7Kz0Cnyzx22famH32xX+l
/Bgm5OhE1SZzNv3b7nNPVnDkWBUduPAjcNQim+jSfXXXz5bIhaJup7RgjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpVF61Az1h9YwRd11LxhaurvVAQMB8GA1UdIwQY
MBaAFCeTvelGrpNtPKzBNqXzI57fJDH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2Et
OTJjM2JmNzRhOTdiLzEvdWxVWHJVRFBXSDFqQkYzWFV2R0ZxNnU5VUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2EtOTJjM2JmNzRhOTdi
LzEvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7z+MA0G
CSqGSIb3DQEBCwUAA4IBAQCtrp5ORbCy8IuWiT1Vfyd1ZwgiWMy84taNoSOa2lb1
VqVNfpfIvNVFCwpvw8n/2wl+g69oFyhtbYvSmuIgrWVZznw14oOCtH8slRPHaF+w
0l7vrrHwQVqMNXTinhvRziQY0Ci8VOBQ6pYLyd1n/M7uYIFqOA1VErZ1NGEmN+m9
9oTAefjzW5PBLCU8s8bbmniIRoooCr4+w48KFvdXqmMapbIuRPprIYsTZkJg7Sux
NUR5VmCgeg4nmBbvzTa7bj/KC8viMxP0L27nZCQdDb/snaXXfXkVFMRh7KJ8r7j+
Ti4RrNkFrWKhRUhatw442P/fgjy7Xv7gPYrN8OA4l40C
-----END CERTIFICATE-----