Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/gMAN3v03uAddPu9H4UyvEE9OaL4.roa
File:                     gMAN3v03uAddPu9H4UyvEE9OaL4.roa (raw, json)
Hash identifier:          wpVmJrhPOGtID7FbjO+SJT/k3IVxP28J+1YCanP25FQ=
Subject key identifier:   80:C0:0D:DE:FD:37:B8:07:5D:3E:EF:47:E1:4C:AF:10:4F:4E:68:BE
Certificate issuer:       /CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
Certificate serial:       0194214404FE40465E462162A0C79CF89128
Authority key identifier: DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/gMAN3v03uAddPu9H4UyvEE9OaL4.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        91.239.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:04:fe:40:46:5e:46:21:62:a0:c7:9c:f8:91:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80c00ddefd37b8075d3eef47e14caf104f4e68be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:48:9b:09:81:fb:9b:7e:1b:51:8f:22:d9:7f:
                    ee:d1:2e:48:1e:12:b1:fb:70:7b:a6:87:9f:ec:d9:
                    95:47:b0:07:b7:45:44:a1:af:38:9e:5c:f9:5c:d3:
                    e6:a9:e7:e9:80:6c:3d:9c:d9:2c:91:88:c2:bf:25:
                    a9:79:f3:66:f3:24:e3:5e:94:22:7c:06:a2:e6:67:
                    d2:3e:bd:15:66:b0:ff:2e:37:5b:9c:51:17:16:b6:
                    ba:27:1d:51:e9:0b:7f:67:37:67:a1:1b:16:90:45:
                    b7:86:39:82:20:f7:c5:35:d1:17:6f:97:c7:c3:3b:
                    95:42:46:33:41:33:82:27:79:70:f6:5f:26:24:4e:
                    b1:1b:cc:42:3a:4c:86:e2:d5:d6:67:98:05:da:3c:
                    b0:81:25:42:fd:40:cd:0c:dc:cf:59:1b:e3:3f:10:
                    f8:62:33:65:61:de:5f:55:ca:9c:d8:80:76:48:41:
                    71:26:2c:a7:1e:18:0d:76:66:cc:01:3d:e6:5a:8c:
                    13:73:7f:ff:fe:c5:08:60:55:16:66:ba:7a:11:0d:
                    57:10:f9:d3:c9:bc:e4:0b:a2:29:aa:7a:df:f8:96:
                    b0:0d:21:1b:1f:5e:da:30:83:12:57:19:7d:67:13:
                    db:c8:fc:34:e0:95:3d:11:08:76:e9:59:7b:fa:75:
                    c8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C0:0D:DE:FD:37:B8:07:5D:3E:EF:47:E1:4C:AF:10:4F:4E:68:BE
            X509v3 Authority Key Identifier:
                keyid:DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/gMAN3v03uAddPu9H4UyvEE9OaL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:37:f9:e3:8d:a7:b4:8d:1d:4c:11:d7:60:ca:2c:37:00:17:
         cc:d7:10:b4:08:05:cc:95:28:83:2c:df:e1:cd:80:45:a6:e0:
         c8:45:d6:85:e3:dd:bd:e7:f1:0e:c3:c1:28:40:8d:e2:5b:73:
         ad:a0:c3:f9:35:ca:c1:18:b0:74:72:f9:90:70:d5:e5:5f:16:
         55:2c:7d:db:aa:5a:09:56:ba:c4:c1:48:7f:25:0f:42:b8:8e:
         f5:7d:12:ca:2b:3a:6c:ed:2a:16:8d:d4:a7:39:e5:5b:ca:92:
         e6:ba:d1:0c:61:fd:e3:90:de:a3:27:40:0e:3a:74:e2:49:fc:
         0c:23:12:7f:db:a8:4c:99:86:c1:94:8f:bb:dd:61:ef:21:6c:
         d3:ca:c8:43:cf:8b:21:22:d7:90:8b:ea:07:fe:6c:71:ad:db:
         8c:d9:d1:74:51:dc:de:3c:44:db:37:41:f9:e2:11:f8:0c:86:
         fa:a4:00:d4:0d:0b:d2:82:78:69:30:aa:8e:82:34:ca:82:25:
         71:88:c2:db:cb:08:08:89:d4:51:f7:d8:43:25:ac:3a:d0:53:
         b3:55:a3:7d:41:25:a2:b7:c6:5e:3b:8a:89:22:4e:dc:e7:ea:
         7c:b1:a7:85:f0:c8:0f:51:81:a2:f8:29:35:5f:d7:53:b2:95:
         b4:47:7e:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAT+QEZeRiFioMec+JEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOGY5NjFjNmVmYmI3ZjljZTc0MjE3YjFkNWRiYjU0ZTk4
MWM2ZjIwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGMwMGRkZWZkMzdiODA3NWQzZWVmNDdlMTRjYWYxMDRmNGU2OGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUibCYH7m34bUY8i2X/u0S5IHhKx
+3B7poef7NmVR7AHt0VEoa84nlz5XNPmqefpgGw9nNkskYjCvyWpefNm8yTjXpQi
fAai5mfSPr0VZrD/LjdbnFEXFra6Jx1R6Qt/ZzdnoRsWkEW3hjmCIPfFNdEXb5fH
wzuVQkYzQTOCJ3lw9l8mJE6xG8xCOkyG4tXWZ5gF2jywgSVC/UDNDNzPWRvjPxD4
YjNlYd5fVcqc2IB2SEFxJiynHhgNdmbMAT3mWowTc3///sUIYFUWZrp6EQ1XEPnT
ybzkC6Ipqnrf+JawDSEbH17aMIMSVxl9ZxPbyPw04JU9EQh26Vl7+nXIGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDADd79N7gHXT7vR+FMrxBPTmi+MB8GA1UdIwQY
MBaAFN+Plhxu+7f5znQhex1du1TpgcbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMt
MjdmMmJjMTYyYTA3LzEvZ01BTjN2MDN1QWRkUHU5SDRVeXZFRTlPYUw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMtMjdmMmJjMTYyYTA3
LzEvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+86MA0G
CSqGSIb3DQEBCwUAA4IBAQBnN/njjae0jR1MEddgyiw3ABfM1xC0CAXMlSiDLN/h
zYBFpuDIRdaF49295/EOw8EoQI3iW3OtoMP5NcrBGLB0cvmQcNXlXxZVLH3bqloJ
VrrEwUh/JQ9CuI71fRLKKzps7SoWjdSnOeVbypLmutEMYf3jkN6jJ0AOOnTiSfwM
IxJ/26hMmYbBlI+73WHvIWzTyshDz4shIteQi+oH/mxxrduM2dF0UdzePETbN0H5
4hH4DIb6pADUDQvSgnhpMKqOgjTKgiVxiMLbywgIidRR99hDJaw60FOzVaN9QSWi
t8ZeO4qJIk7c5+p8saeF8MgPUYGi+Ck1X9dTspW0R35H
-----END CERTIFICATE-----