Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/SIN-EqwjuVJ_uVTDZcaFfYV-2y0.roa
File:                     SIN-EqwjuVJ_uVTDZcaFfYV-2y0.roa (raw, json)
Hash identifier:          69ilVtRvoLW9898G/5j1Gs/FnTheitxDGDBUUK5AC2s=
Subject key identifier:   48:83:7E:12:AC:23:B9:52:7F:B9:54:C3:65:C6:85:7D:85:7E:DB:2D
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019420D62952A8B46CE0845CFCF39359FB25
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/SIN-EqwjuVJ_uVTDZcaFfYV-2y0.roa
Signing time:             Wed 01 Jan 2025 07:48:13 +0000
ROA not before:           Wed 01 Jan 2025 07:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        91.234.202.0/24 maxlen: 24
                          176.105.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:29:52:a8:b4:6c:e0:84:5c:fc:f3:93:59:fb:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 07:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48837e12ac23b9527fb954c365c6857d857edb2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f4:52:c3:f9:bc:79:9d:f1:dd:15:59:ca:32:
                    48:06:e0:a3:32:46:31:3b:84:aa:ee:4e:94:70:51:
                    a3:2f:32:4e:76:e8:4f:df:f3:0b:b3:48:b1:0f:01:
                    16:32:bd:a5:21:30:3b:73:e2:76:a6:0e:14:32:8b:
                    f3:be:21:0f:8c:67:10:b0:0b:b3:3b:44:91:af:7a:
                    50:f2:9f:24:26:6a:e6:46:c4:07:c7:51:3e:43:1a:
                    70:6b:2a:64:0e:a5:e1:0f:e0:a3:05:9c:f5:55:48:
                    c5:21:50:fe:56:46:09:38:d2:59:54:b7:2a:eb:60:
                    98:b1:2f:cd:1b:f8:93:58:21:5d:a3:80:5c:59:f4:
                    a8:56:cb:85:24:e8:0a:09:76:91:8a:41:fe:3d:a7:
                    3c:5a:88:d9:05:f6:97:22:5c:ff:a0:cf:de:1e:1d:
                    86:29:00:e6:1b:f1:e0:74:b5:40:06:29:25:55:13:
                    55:58:66:73:25:da:d3:d5:b0:36:90:d1:77:7a:e2:
                    ad:23:c2:34:ac:70:4c:98:76:71:66:40:fe:8c:c6:
                    d7:e8:f6:67:66:b8:55:76:41:93:da:98:cc:1b:da:
                    ad:65:d6:69:11:49:78:55:1d:6e:a0:db:44:0f:59:
                    6d:e8:27:c1:41:2b:f9:cd:b6:6e:07:e7:a0:35:1d:
                    4e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:83:7E:12:AC:23:B9:52:7F:B9:54:C3:65:C6:85:7D:85:7E:DB:2D
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/SIN-EqwjuVJ_uVTDZcaFfYV-2y0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.202.0/24
                  176.105.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:d2:24:82:da:a5:41:7f:1d:80:77:15:e4:7d:7b:d9:0f:a8:
         c8:a0:81:ef:54:7c:cb:fc:8d:5f:0e:e5:64:08:ec:95:05:15:
         f0:49:3a:89:b9:29:c7:f7:4b:d8:eb:d0:ca:2f:76:c3:7a:9a:
         97:6b:c0:0e:6e:10:88:c0:5e:c6:29:ad:4c:2e:92:9c:06:33:
         47:09:96:c6:76:c0:af:69:a2:a4:3a:ca:de:b0:c3:35:fb:fa:
         1a:e0:4c:c3:23:0f:ab:c8:13:2a:60:81:1f:d3:fa:f0:2c:e0:
         74:2e:57:18:68:84:f0:f2:3b:f4:5c:5d:c9:12:1f:b9:ee:ce:
         60:4e:71:bf:8c:11:e8:8a:12:31:bb:30:2b:8d:c6:99:2d:28:
         66:67:eb:88:7c:7e:59:74:d3:f0:28:3a:da:b5:0a:d8:0d:aa:
         29:93:c7:ea:ac:eb:57:18:34:02:05:aa:3d:c5:aa:30:09:05:
         93:81:52:d8:da:40:dd:06:ca:74:5e:79:56:54:3d:fa:39:61:
         25:ab:35:90:67:4b:4e:dc:20:f7:98:ab:8d:5a:c6:89:d8:7a:
         34:ae:d2:ba:63:f0:62:b4:04:51:51:11:fd:1f:4f:9b:44:97:
         f6:0b:85:ac:44:99:cc:8a:1e:c3:f4:ea:2e:8d:4e:12:d5:bf:
         a3:d1:85:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1ilSqLRs4IRc/POTWfslMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwMTAxMDc0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODgzN2UxMmFjMjNiOTUyN2ZiOTU0YzM2NWM2ODU3ZDg1N2VkYjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvRSw/m8eZ3x3RVZyjJIBuCjMkYx
O4Sq7k6UcFGjLzJOduhP3/MLs0ixDwEWMr2lITA7c+J2pg4UMovzviEPjGcQsAuz
O0SRr3pQ8p8kJmrmRsQHx1E+QxpwaypkDqXhD+CjBZz1VUjFIVD+VkYJONJZVLcq
62CYsS/NG/iTWCFdo4BcWfSoVsuFJOgKCXaRikH+Pac8WojZBfaXIlz/oM/eHh2G
KQDmG/HgdLVABiklVRNVWGZzJdrT1bA2kNF3euKtI8I0rHBMmHZxZkD+jMbX6PZn
ZrhVdkGT2pjMG9qtZdZpEUl4VR1uoNtED1lt6CfBQSv5zbZuB+egNR1OYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEiDfhKsI7lSf7lUw2XGhX2FftstMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvU0lOLUVxd2p1VkpfdVZURFpjYUZmWVYtMnkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+rKAwQA
sGn0MA0GCSqGSIb3DQEBCwUAA4IBAQAh0iSC2qVBfx2AdxXkfXvZD6jIoIHvVHzL
/I1fDuVkCOyVBRXwSTqJuSnH90vY69DKL3bDepqXa8AObhCIwF7GKa1MLpKcBjNH
CZbGdsCvaaKkOsresMM1+/oa4EzDIw+ryBMqYIEf0/rwLOB0LlcYaITw8jv0XF3J
Eh+57s5gTnG/jBHoihIxuzArjcaZLShmZ+uIfH5ZdNPwKDratQrYDaopk8fqrOtX
GDQCBao9xaowCQWTgVLY2kDdBsp0XnlWVD36OWElqzWQZ0tO3CD3mKuNWsaJ2Ho0
rtK6Y/BitARRURH9H0+bRJf2C4WsRJnMih7D9OoujU4S1b+j0YV+
-----END CERTIFICATE-----