Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/PY2GKalpJxh0rVeN3SNnaDuGcN8.roa
File:                     PY2GKalpJxh0rVeN3SNnaDuGcN8.roa (raw, json)
Hash identifier:          SriQyHP0WB/8fwiUvKAdnNLXQ0snarIjG0cxw/V7C/w=
Subject key identifier:   3D:8D:86:29:A9:69:27:18:74:AD:57:8D:DD:23:67:68:3B:86:70:DF
Certificate issuer:       /CN=798e0da4f91007b224768acb4d131f12517d2b7a
Certificate serial:       01942521B779742D23B599D4AB1DD2331530
Authority key identifier: 79:8E:0D:A4:F9:10:07:B2:24:76:8A:CB:4D:13:1F:12:51:7D:2B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/PY2GKalpJxh0rVeN3SNnaDuGcN8.roa
Signing time:             Thu 02 Jan 2025 03:49:14 +0000
ROA not before:           Thu 02 Jan 2025 03:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13110
IP address blocks:        91.202.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b7:79:74:2d:23:b5:99:d4:ab:1d:d2:33:15:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798e0da4f91007b224768acb4d131f12517d2b7a
        Validity
            Not Before: Jan  2 03:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d8d8629a969271874ad578ddd2367683b8670df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e2:35:b6:a9:23:9c:08:4a:4f:4c:27:0a:98:
                    4a:c9:fb:6c:5f:f1:7b:14:af:e0:24:20:25:51:86:
                    3d:c6:65:ce:8b:3e:3f:cb:e9:84:ba:b6:6d:f6:75:
                    7a:a4:0f:0d:58:7d:b5:0d:80:e5:f5:12:6a:f9:e5:
                    41:a1:5c:3f:44:d1:80:76:cd:ac:1f:88:46:66:0a:
                    8e:a6:72:e0:a6:75:df:2d:20:bb:4e:4f:bf:ff:be:
                    c3:a6:ec:8c:fc:0e:2d:00:7a:01:a2:de:c5:6e:d6:
                    a0:26:75:df:62:39:bf:6d:bc:a3:61:ff:9d:1a:31:
                    56:75:a6:7d:23:30:f6:23:5b:68:62:d1:c8:8f:f2:
                    ee:96:6a:1e:2b:1a:27:f2:fc:f1:b7:61:06:42:e5:
                    3e:c3:b0:bc:8f:d4:96:c5:b2:c1:4b:c3:5b:33:5c:
                    1f:b5:29:83:88:f1:7f:ef:d9:50:a6:e1:53:22:63:
                    b2:cf:3a:0a:1c:19:a7:5e:32:01:b0:55:7c:dc:17:
                    fd:27:b4:c9:a7:60:30:d1:a8:4a:32:ac:c4:85:74:
                    6c:98:3e:02:31:cd:2c:90:70:55:80:a5:64:d1:0e:
                    45:53:91:08:f8:d6:39:46:cc:11:96:fe:19:59:47:
                    81:eb:bc:ac:74:52:e4:fa:33:22:43:aa:f5:3b:ba:
                    eb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:8D:86:29:A9:69:27:18:74:AD:57:8D:DD:23:67:68:3B:86:70:DF
            X509v3 Authority Key Identifier:
                keyid:79:8E:0D:A4:F9:10:07:B2:24:76:8A:CB:4D:13:1F:12:51:7D:2B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/PY2GKalpJxh0rVeN3SNnaDuGcN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:46:16:f1:52:77:a7:13:31:ff:b6:d2:c5:d8:80:47:eb:44:
         27:ae:44:0a:bb:f9:47:86:58:92:d9:17:f9:8c:39:92:59:b4:
         8c:47:d2:03:69:e8:be:ba:ae:0b:67:e5:ad:a5:69:ce:36:6f:
         98:7f:3e:e9:55:5d:f0:1c:f8:bb:ac:40:fa:49:89:4b:c3:d0:
         82:67:32:23:7d:67:80:41:7a:bc:b0:bb:f8:51:fa:6a:f6:57:
         2a:09:42:37:58:19:83:a0:be:5b:10:ac:5d:2f:24:58:59:2f:
         c8:16:b2:93:24:c8:09:c4:d0:d5:67:b4:de:9f:bd:d7:f0:b0:
         2e:5e:49:97:54:05:78:b1:15:11:a0:14:62:de:35:44:5d:e0:
         1b:fe:ee:ba:84:3a:bc:fd:a6:5e:49:a5:a8:08:16:51:f4:d3:
         65:fa:e2:b7:74:23:9a:5b:5b:17:8d:79:bd:3e:49:6d:85:57:
         e2:9a:72:57:36:6d:ec:d1:64:4f:53:b3:9a:8a:56:61:5d:a1:
         e3:62:d0:0b:b5:19:1b:54:89:12:ff:e5:02:94:dc:1e:75:69:
         45:85:b7:69:85:15:69:72:67:8a:26:b9:47:28:14:57:86:f2:
         04:66:36:da:65:eb:82:ef:9f:4c:7d:0f:17:6e:80:86:ad:f0:
         e1:39:2d:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbd5dC0jtZnUqx3SMxUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGUwZGE0ZjkxMDA3YjIyNDc2OGFjYjRkMTMxZjEyNTE3
ZDJiN2EwHhcNMjUwMTAyMDM0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDhkODYyOWE5NjkyNzE4NzRhZDU3OGRkZDIzNjc2ODNiODY3MGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuI1tqkjnAhKT0wnCphKyftsX/F7
FK/gJCAlUYY9xmXOiz4/y+mEurZt9nV6pA8NWH21DYDl9RJq+eVBoVw/RNGAds2s
H4hGZgqOpnLgpnXfLSC7Tk+//77DpuyM/A4tAHoBot7FbtagJnXfYjm/bbyjYf+d
GjFWdaZ9IzD2I1toYtHIj/LulmoeKxon8vzxt2EGQuU+w7C8j9SWxbLBS8NbM1wf
tSmDiPF/79lQpuFTImOyzzoKHBmnXjIBsFV83Bf9J7TJp2Aw0ahKMqzEhXRsmD4C
Mc0skHBVgKVk0Q5FU5EI+NY5RswRlv4ZWUeB67ysdFLk+jMiQ6r1O7rrBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD2NhimpaScYdK1Xjd0jZ2g7hnDfMB8GA1UdIwQY
MBaAFHmODaT5EAeyJHaKy00THxJRfSt6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk0TnBQa1FCN0lrZG9yTFRSTWZFbEY5SzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MDRlNjQtZjk4MS00NWI1LTljYWUt
NGZiNGVmOTFhODJmLzEvUFkyR0thbHBKeGgwclZlTjNTTm5hRHVHY044LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MDRlNjQtZjk4MS00NWI1LTljYWUtNGZiNGVmOTFhODJm
LzEvZVk0TnBQa1FCN0lrZG9yTFRSTWZFbEY5SzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8pmMA0G
CSqGSIb3DQEBCwUAA4IBAQBoRhbxUnenEzH/ttLF2IBH60QnrkQKu/lHhliS2Rf5
jDmSWbSMR9IDaei+uq4LZ+WtpWnONm+Yfz7pVV3wHPi7rED6SYlLw9CCZzIjfWeA
QXq8sLv4Ufpq9lcqCUI3WBmDoL5bEKxdLyRYWS/IFrKTJMgJxNDVZ7Ten73X8LAu
XkmXVAV4sRURoBRi3jVEXeAb/u66hDq8/aZeSaWoCBZR9NNl+uK3dCOaW1sXjXm9
PklthVfimnJXNm3s0WRPU7OailZhXaHjYtALtRkbVIkS/+UClNwedWlFhbdphRVp
cmeKJrlHKBRXhvIEZjbaZeuC759MfQ8XboCGrfDhOS22
-----END CERTIFICATE-----