Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/542250-ba0b-4a10-8bdd-45794924cb53/1/v0kVKV7zgFySWfJ-lGmi8aljQUA.roa
File:                     v0kVKV7zgFySWfJ-lGmi8aljQUA.roa (raw, json)
Hash identifier:          QFeJpmHiChV7sVzkjOtXP/zd/9P3djdIsqxjZcryjik=
Subject key identifier:   BF:49:15:29:5E:F3:80:5C:92:59:F2:7E:94:69:A2:F1:A9:63:41:40
Certificate issuer:       /CN=8f54fc81e5153386cb42c17333050da831ada9e5
Certificate serial:       019422FB1734DF23DF21A7253286E27DE0D1
Authority key identifier: 8F:54:FC:81:E5:15:33:86:CB:42:C1:73:33:05:0D:A8:31:AD:A9:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j1T8geUVM4bLQsFzMwUNqDGtqeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/542250-ba0b-4a10-8bdd-45794924cb53/1/v0kVKV7zgFySWfJ-lGmi8aljQUA.roa
Signing time:             Wed 01 Jan 2025 17:47:48 +0000
ROA not before:           Wed 01 Jan 2025 17:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48746
IP address blocks:        91.212.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/542250-ba0b-4a10-8bdd-45794924cb53/1/j1T8geUVM4bLQsFzMwUNqDGtqeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/542250-ba0b-4a10-8bdd-45794924cb53/1/j1T8geUVM4bLQsFzMwUNqDGtqeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j1T8geUVM4bLQsFzMwUNqDGtqeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 08:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:17:34:df:23:df:21:a7:25:32:86:e2:7d:e0:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f54fc81e5153386cb42c17333050da831ada9e5
        Validity
            Not Before: Jan  1 17:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf4915295ef3805c9259f27e9469a2f1a9634140
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:42:a6:bb:04:c7:f6:a9:ef:aa:e9:ee:eb:78:
                    cf:2e:22:ba:2a:a0:82:8a:c4:08:9d:01:a9:1e:fc:
                    3a:a9:2f:ff:50:41:9d:ed:02:39:cb:72:cb:b6:05:
                    41:0d:18:82:79:58:b0:74:f5:fb:ba:c3:17:50:25:
                    0c:f0:ed:73:63:dc:e8:64:2a:b0:e7:3e:f5:7e:b0:
                    68:e5:40:6b:64:e7:ee:3d:71:3c:fe:91:65:a3:66:
                    3b:f2:ec:2d:3a:53:e5:b4:40:2c:6d:f3:1a:f8:ff:
                    0c:64:f3:b2:34:12:2b:b9:15:7a:53:e2:34:0a:47:
                    e3:fb:98:ee:16:ac:b8:d2:81:af:96:b9:90:40:13:
                    24:d2:30:de:37:7e:13:f2:02:51:37:33:88:22:27:
                    72:bd:46:d3:0f:1e:9f:79:c1:37:3e:b6:be:10:d5:
                    92:bd:c5:0b:72:6b:87:52:61:f9:8a:30:24:04:77:
                    38:11:da:c7:37:2f:7e:90:de:7b:14:f5:f7:da:7a:
                    3c:35:4d:4f:ea:af:25:d1:c1:2f:dd:87:b3:74:20:
                    f0:b2:a6:da:95:f4:77:45:6d:ee:d2:55:2a:c4:f6:
                    ac:bd:49:ce:ef:7d:a4:73:e5:d8:a9:6e:7e:16:a9:
                    4f:a6:b8:1b:e1:ba:cc:55:28:ff:24:b2:c6:f5:10:
                    22:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:49:15:29:5E:F3:80:5C:92:59:F2:7E:94:69:A2:F1:A9:63:41:40
            X509v3 Authority Key Identifier:
                keyid:8F:54:FC:81:E5:15:33:86:CB:42:C1:73:33:05:0D:A8:31:AD:A9:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j1T8geUVM4bLQsFzMwUNqDGtqeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/542250-ba0b-4a10-8bdd-45794924cb53/1/v0kVKV7zgFySWfJ-lGmi8aljQUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/542250-ba0b-4a10-8bdd-45794924cb53/1/j1T8geUVM4bLQsFzMwUNqDGtqeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:f1:5d:d2:2a:73:9d:85:83:aa:c0:67:cd:2a:77:47:64:8a:
         77:48:96:74:4b:ff:ab:dd:c2:de:6e:8a:fd:3f:e7:49:21:81:
         a1:49:36:46:69:85:97:b1:50:f9:d6:a6:14:67:76:b3:56:a5:
         76:26:fd:6e:c0:1d:d7:83:7c:a5:dc:63:ff:7a:e7:8c:2b:4c:
         f4:e0:56:6e:a2:04:06:9a:6a:0c:f4:e5:24:33:ef:08:f0:5d:
         63:00:e4:aa:c3:7f:62:8d:bc:63:65:c0:94:eb:64:9f:54:6a:
         8b:69:a7:e6:a0:4c:7a:2b:96:08:a5:b9:7e:b1:0a:4e:d5:29:
         f9:07:81:2a:84:18:60:3a:67:ea:71:ed:56:4a:4d:43:b3:ac:
         e4:e1:26:3d:35:ad:9e:09:80:55:44:1e:13:33:54:e4:2e:5c:
         c5:96:1a:e7:16:d4:d7:be:77:25:4e:4c:b3:d0:0c:05:76:bf:
         73:95:ae:94:f1:58:66:28:73:3e:0b:b1:d7:c2:e0:12:8b:ad:
         99:9c:10:95:3e:b1:c2:fb:e2:b3:a8:a5:b8:c1:25:cf:21:30:
         4f:26:a1:35:64:06:92:dd:95:e2:1d:0b:39:0c:4d:6b:8a:cd:
         ea:f3:fc:37:32:5d:dd:81:42:3d:49:3e:ff:08:76:4e:34:9f:
         c5:5c:ce:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+xc03yPfIaclMobifeDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNTRmYzgxZTUxNTMzODZjYjQyYzE3MzMzMDUwZGE4MzFh
ZGE5ZTUwHhcNMjUwMTAxMTc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjQ5MTUyOTVlZjM4MDVjOTI1OWYyN2U5NDY5YTJmMWE5NjM0MTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEKmuwTH9qnvqunu63jPLiK6KqCC
isQInQGpHvw6qS//UEGd7QI5y3LLtgVBDRiCeViwdPX7usMXUCUM8O1zY9zoZCqw
5z71frBo5UBrZOfuPXE8/pFlo2Y78uwtOlPltEAsbfMa+P8MZPOyNBIruRV6U+I0
Ckfj+5juFqy40oGvlrmQQBMk0jDeN34T8gJRNzOIIidyvUbTDx6fecE3Pra+ENWS
vcULcmuHUmH5ijAkBHc4EdrHNy9+kN57FPX32no8NU1P6q8l0cEv3YezdCDwsqba
lfR3RW3u0lUqxPasvUnO732kc+XYqW5+FqlPprgb4brMVSj/JLLG9RAiBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9JFSle84BcklnyfpRpovGpY0FAMB8GA1UdIwQY
MBaAFI9U/IHlFTOGy0LBczMFDagxranlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajFUOGdlVVZNNGJMUXNGek13VU5xREd0cWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81NDIyNTAtYmEwYi00YTEwLThiZGQt
NDU3OTQ5MjRjYjUzLzEvdjBrVktWN3pnRnlTV2ZKLWxHbWk4YWxqUVVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81NDIyNTAtYmEwYi00YTEwLThiZGQtNDU3OTQ5MjRjYjUz
LzEvajFUOGdlVVZNNGJMUXNGek13VU5xREd0cWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9QlMA0G
CSqGSIb3DQEBCwUAA4IBAQAf8V3SKnOdhYOqwGfNKndHZIp3SJZ0S/+r3cLebor9
P+dJIYGhSTZGaYWXsVD51qYUZ3azVqV2Jv1uwB3Xg3yl3GP/eueMK0z04FZuogQG
mmoM9OUkM+8I8F1jAOSqw39ijbxjZcCU62SfVGqLaafmoEx6K5YIpbl+sQpO1Sn5
B4EqhBhgOmfqce1WSk1Ds6zk4SY9Na2eCYBVRB4TM1TkLlzFlhrnFtTXvnclTkyz
0AwFdr9zla6U8VhmKHM+C7HXwuASi62ZnBCVPrHC++KzqKW4wSXPITBPJqE1ZAaS
3ZXiHQs5DE1ris3q8/w3Ml3dgUI9ST7/CHZONJ/FXM6Y
-----END CERTIFICATE-----