Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/41rmP0fRaJ_Rp04VkDrnen4Ff9k.roa
File:                     41rmP0fRaJ_Rp04VkDrnen4Ff9k.roa (raw, json)
Hash identifier:          hIEQZsD1Luj1wzFwd6Ncf1xZemUGDUraVaNuYs6VnsA=
Subject key identifier:   E3:5A:E6:3F:47:D1:68:9F:D1:A7:4E:15:90:3A:E7:7A:7E:05:7F:D9
Certificate issuer:       /CN=af05d4291cae8185c6c342e25dee9b7e920f76dd
Certificate serial:       0194236A3E3C888BB31678A26C4FC922115A
Authority key identifier: AF:05:D4:29:1C:AE:81:85:C6:C3:42:E2:5D:EE:9B:7E:92:0F:76:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwXUKRyugYXGw0LiXe6bfpIPdt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/41rmP0fRaJ_Rp04VkDrnen4Ff9k.roa
Signing time:             Wed 01 Jan 2025 19:49:12 +0000
ROA not before:           Wed 01 Jan 2025 19:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203971
IP address blocks:        185.93.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/rwXUKRyugYXGw0LiXe6bfpIPdt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/rwXUKRyugYXGw0LiXe6bfpIPdt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwXUKRyugYXGw0LiXe6bfpIPdt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3e:3c:88:8b:b3:16:78:a2:6c:4f:c9:22:11:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af05d4291cae8185c6c342e25dee9b7e920f76dd
        Validity
            Not Before: Jan  1 19:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e35ae63f47d1689fd1a74e15903ae77a7e057fd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:be:b1:b1:69:15:dc:ae:83:38:87:79:7d:dd:
                    92:13:a5:b1:07:0f:b2:bd:37:7a:83:05:7c:d0:0f:
                    54:fb:79:cb:c9:84:0f:10:e8:9d:d4:48:0e:ae:ce:
                    82:ca:06:c7:c9:46:31:be:33:3f:30:f2:5e:a7:d1:
                    9b:cd:13:19:4c:ca:c0:53:20:7f:9c:15:6e:bc:27:
                    6b:a7:1b:ca:0e:75:7d:79:1c:60:01:c3:ff:eb:dd:
                    c3:13:38:8e:e7:51:35:54:99:42:38:56:61:84:9b:
                    bb:1b:4f:88:ca:f0:83:44:35:e3:b0:21:86:7a:ec:
                    a3:7b:98:30:b4:ba:69:f5:91:82:fd:15:82:f9:c0:
                    c5:c5:1e:41:8a:4d:66:56:df:31:06:fa:48:eb:88:
                    30:7c:3d:d8:60:50:43:19:52:48:c4:0f:b1:9d:93:
                    b7:21:7b:1c:91:97:00:58:ee:81:bd:05:2a:9a:9a:
                    8b:49:1d:18:78:b9:c0:6d:11:34:33:68:ee:50:dd:
                    5a:18:ee:d3:45:4b:70:1e:12:27:e7:f3:90:f1:45:
                    84:7a:cb:4a:29:75:aa:42:18:73:06:58:7e:67:34:
                    ed:67:0f:92:a6:c8:b7:35:84:e3:6b:94:9f:aa:7c:
                    12:a4:79:df:59:27:22:9d:cd:ba:47:5e:43:1b:ee:
                    de:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:5A:E6:3F:47:D1:68:9F:D1:A7:4E:15:90:3A:E7:7A:7E:05:7F:D9
            X509v3 Authority Key Identifier:
                keyid:AF:05:D4:29:1C:AE:81:85:C6:C3:42:E2:5D:EE:9B:7E:92:0F:76:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwXUKRyugYXGw0LiXe6bfpIPdt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/41rmP0fRaJ_Rp04VkDrnen4Ff9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/rwXUKRyugYXGw0LiXe6bfpIPdt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:66:4e:19:12:15:8d:3e:f9:c6:e7:db:f2:99:06:d7:18:03:
         b2:c3:08:e5:da:2f:82:2c:db:7c:ca:6b:e7:e2:a3:bd:05:15:
         35:fa:08:bd:8c:be:4b:81:55:8a:13:4d:2f:35:31:8f:58:45:
         a4:53:34:90:96:4e:6c:60:41:80:5b:1d:30:83:3b:ed:d7:cb:
         b8:60:6b:97:60:9e:7e:6f:20:64:9a:ce:89:59:9f:e3:59:a2:
         1c:56:41:be:8f:00:b2:1b:07:5e:1b:f5:0b:8a:cd:d1:e4:fc:
         8d:1c:a1:aa:46:e4:c2:e1:b6:a8:5b:a9:ed:f5:1d:85:fb:ac:
         57:14:80:45:02:a9:b3:2a:c8:d7:bd:93:08:e1:60:70:12:34:
         1a:a1:d4:45:cf:e8:ba:3d:d9:4b:39:a5:92:3a:67:c4:21:32:
         95:2c:73:e5:05:00:fd:88:e8:85:4f:1f:9b:09:48:77:77:93:
         78:17:af:50:73:a9:77:76:b3:19:76:cf:16:2a:50:c9:59:96:
         3d:97:92:e1:f6:29:c1:f5:23:8b:4a:f3:b7:7d:fe:12:c1:4c:
         db:29:52:20:58:25:1a:34:bf:b5:fb:26:14:5b:5f:26:9d:19:
         06:08:e5:0f:87:f0:b0:0b:67:0f:9b:be:6a:11:70:7b:d1:35:
         89:69:3a:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaj48iIuzFniibE/JIhFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDVkNDI5MWNhZTgxODVjNmMzNDJlMjVkZWU5YjdlOTIw
Zjc2ZGQwHhcNMjUwMTAxMTk0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzVhZTYzZjQ3ZDE2ODlmZDFhNzRlMTU5MDNhZTc3YTdlMDU3ZmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+r6xsWkV3K6DOId5fd2SE6WxBw+y
vTd6gwV80A9U+3nLyYQPEOid1EgOrs6CygbHyUYxvjM/MPJep9GbzRMZTMrAUyB/
nBVuvCdrpxvKDnV9eRxgAcP/693DEziO51E1VJlCOFZhhJu7G0+IyvCDRDXjsCGG
euyje5gwtLpp9ZGC/RWC+cDFxR5Bik1mVt8xBvpI64gwfD3YYFBDGVJIxA+xnZO3
IXsckZcAWO6BvQUqmpqLSR0YeLnAbRE0M2juUN1aGO7TRUtwHhIn5/OQ8UWEestK
KXWqQhhzBlh+ZzTtZw+Spsi3NYTja5SfqnwSpHnfWScinc26R15DG+7e7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONa5j9H0Wif0adOFZA653p+BX/ZMB8GA1UdIwQY
MBaAFK8F1CkcroGFxsNC4l3um36SD3bdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndYVUtSeXVnWVhHdzBMaVhlNmJmcElQZHQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy83NTYwZTQtZmM3ZC00YTY0LWI1MDAt
ZTdmMDVmMDI5YTQ4LzEvNDFybVAwZlJhSl9ScDA0VmtEcm5lbjRGZjlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy83NTYwZTQtZmM3ZC00YTY0LWI1MDAtZTdmMDVmMDI5YTQ4
LzEvcndYVUtSeXVnWVhHdzBMaVhlNmJmcElQZHQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1bMA0G
CSqGSIb3DQEBCwUAA4IBAQAoZk4ZEhWNPvnG59vymQbXGAOywwjl2i+CLNt8ymvn
4qO9BRU1+gi9jL5LgVWKE00vNTGPWEWkUzSQlk5sYEGAWx0wgzvt18u4YGuXYJ5+
byBkms6JWZ/jWaIcVkG+jwCyGwdeG/ULis3R5PyNHKGqRuTC4baoW6nt9R2F+6xX
FIBFAqmzKsjXvZMI4WBwEjQaodRFz+i6PdlLOaWSOmfEITKVLHPlBQD9iOiFTx+b
CUh3d5N4F69Qc6l3drMZds8WKlDJWZY9l5Lh9inB9SOLSvO3ff4SwUzbKVIgWCUa
NL+1+yYUW18mnRkGCOUPh/CwC2cPm75qEXB70TWJaTq0
-----END CERTIFICATE-----