Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/c580f6-f0a6-4c85-b7d3-d10bebea37d0/1/qel6ufOI0K0P6RzF02UdBRZmZOs.roa
File:                     qel6ufOI0K0P6RzF02UdBRZmZOs.roa (raw, json)
Hash identifier:          0w6Fd2wQlTNYoLFBh1jxH0G1R4nWQ+6pOgjLnjgYDIc=
Subject key identifier:   A9:E9:7A:B9:F3:88:D0:AD:0F:E9:1C:C5:D3:65:1D:05:16:66:64:EB
Certificate issuer:       /CN=c3cce1655f3f71e4effea4de73a1aec822829d61
Certificate serial:       019519050F1D8A2640C0FA4D011E91620267
Authority key identifier: C3:CC:E1:65:5F:3F:71:E4:EF:FE:A4:DE:73:A1:AE:C8:22:82:9D:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8zhZV8_ceTv_qTec6GuyCKCnWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/c580f6-f0a6-4c85-b7d3-d10bebea37d0/1/qel6ufOI0K0P6RzF02UdBRZmZOs.roa
Signing time:             Tue 18 Feb 2025 12:25:16 +0000
ROA not before:           Tue 18 Feb 2025 12:25:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197497
IP address blocks:        91.221.228.0/23 maxlen: 23
                          91.221.228.0/24 maxlen: 24
                          91.221.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/c580f6-f0a6-4c85-b7d3-d10bebea37d0/1/w8zhZV8_ceTv_qTec6GuyCKCnWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/c580f6-f0a6-4c85-b7d3-d10bebea37d0/1/w8zhZV8_ceTv_qTec6GuyCKCnWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8zhZV8_ceTv_qTec6GuyCKCnWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:19:05:0f:1d:8a:26:40:c0:fa:4d:01:1e:91:62:02:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3cce1655f3f71e4effea4de73a1aec822829d61
        Validity
            Not Before: Feb 18 12:25:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9e97ab9f388d0ad0fe91cc5d3651d05166664eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4f:15:3f:bc:8b:f9:56:42:18:7f:94:52:55:
                    21:70:58:c5:c1:a9:1e:f5:d3:93:af:d2:b6:78:26:
                    07:df:a8:68:82:ab:0b:f9:af:c7:25:86:77:28:1d:
                    fe:e6:ae:03:de:12:1f:bb:f8:03:2b:36:56:56:15:
                    18:21:7c:be:05:59:ca:64:c4:95:ef:68:f1:21:ee:
                    24:9e:ac:c3:c2:bc:50:74:a5:51:52:c5:0e:0a:60:
                    ce:7e:59:84:04:7e:c4:59:3d:23:22:d4:7e:69:8d:
                    78:aa:a8:18:39:9f:a6:a9:cc:9f:c1:4b:52:d3:8b:
                    0c:36:9a:54:d3:7f:81:5f:7b:0c:66:42:75:4f:a5:
                    1c:9e:97:d4:1b:5c:0c:1c:b4:bf:58:34:ca:99:81:
                    31:76:1d:46:18:1c:35:bf:3f:80:de:af:b9:99:d2:
                    e7:c8:95:79:cb:37:96:ee:c3:df:43:98:93:32:d7:
                    68:ee:0b:07:ab:30:3d:fa:a1:d5:e9:8d:02:db:d3:
                    a4:08:b4:05:a0:3c:0c:77:dc:ea:af:dc:58:0c:8b:
                    c7:26:74:35:29:6b:12:0a:b6:3a:47:12:ba:46:c1:
                    5b:f2:15:50:31:bf:b2:a8:1a:19:20:a3:d6:eb:08:
                    12:16:7d:53:8f:0f:22:9f:6b:e0:af:fb:3b:fb:1b:
                    90:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:E9:7A:B9:F3:88:D0:AD:0F:E9:1C:C5:D3:65:1D:05:16:66:64:EB
            X509v3 Authority Key Identifier:
                keyid:C3:CC:E1:65:5F:3F:71:E4:EF:FE:A4:DE:73:A1:AE:C8:22:82:9D:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8zhZV8_ceTv_qTec6GuyCKCnWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/c580f6-f0a6-4c85-b7d3-d10bebea37d0/1/qel6ufOI0K0P6RzF02UdBRZmZOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/c580f6-f0a6-4c85-b7d3-d10bebea37d0/1/w8zhZV8_ceTv_qTec6GuyCKCnWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:ff:17:16:d8:a9:3a:1c:89:28:41:e0:32:ce:3a:70:cf:48:
         64:37:7f:3f:1e:12:b2:bf:21:d0:8c:56:4d:ed:81:56:94:6c:
         10:a1:94:21:1c:43:10:e3:8c:39:91:54:f2:f5:36:08:c0:70:
         52:66:d7:95:18:96:42:b9:9c:fd:41:0d:13:5c:8f:a1:93:ae:
         3e:e6:c9:e3:91:0d:51:56:de:b7:32:7e:a4:c9:da:d9:38:89:
         af:02:bc:55:13:c6:04:33:fc:6a:89:33:12:c3:2b:71:58:20:
         68:a1:e1:eb:f2:93:27:fb:e1:52:c3:41:a2:5a:58:5e:15:04:
         64:68:a0:a4:e8:91:27:c1:c4:c0:94:14:ab:92:b2:cd:fa:e8:
         47:e0:a6:54:f5:9a:bd:94:1e:27:f7:6c:86:eb:9a:49:1c:67:
         da:18:57:5b:22:f6:8f:0f:ba:e4:66:b0:6f:0f:4e:8b:2e:12:
         d8:cf:bf:a0:56:6d:e6:e0:06:57:3c:68:30:b7:d7:2f:5a:aa:
         64:14:cf:cb:4b:b3:84:24:71:f0:64:a6:d4:88:b7:0d:95:47:
         25:c0:b4:e8:ca:68:bb:0f:be:9d:26:e5:29:7b:b8:0a:31:b6:
         77:55:08:c0:2f:12:44:26:ce:4d:a1:cd:c4:b5:f6:b3:47:1f:
         0e:4b:9f:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUZBQ8diiZAwPpNAR6RYgJnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzY2NlMTY1NWYzZjcxZTRlZmZlYTRkZTczYTFhZWM4MjI4
MjlkNjEwHhcNMjUwMjE4MTIyNTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWU5N2FiOWYzODhkMGFkMGZlOTFjYzVkMzY1MWQwNTE2NjY2NGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE8VP7yL+VZCGH+UUlUhcFjFwake
9dOTr9K2eCYH36hogqsL+a/HJYZ3KB3+5q4D3hIfu/gDKzZWVhUYIXy+BVnKZMSV
72jxIe4knqzDwrxQdKVRUsUOCmDOflmEBH7EWT0jItR+aY14qqgYOZ+mqcyfwUtS
04sMNppU03+BX3sMZkJ1T6UcnpfUG1wMHLS/WDTKmYExdh1GGBw1vz+A3q+5mdLn
yJV5yzeW7sPfQ5iTMtdo7gsHqzA9+qHV6Y0C29OkCLQFoDwMd9zqr9xYDIvHJnQ1
KWsSCrY6RxK6RsFb8hVQMb+yqBoZIKPW6wgSFn1Tjw8in2vgr/s7+xuQowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnpernziNCtD+kcxdNlHQUWZmTrMB8GA1UdIwQY
MBaAFMPM4WVfP3Hk7/6k3nOhrsgigp1hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzh6aFpWOF9jZVR2X3FUZWM2R3V5Q0tDbldFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9jNTgwZjYtZjBhNi00Yzg1LWI3ZDMt
ZDEwYmViZWEzN2QwLzEvcWVsNnVmT0kwSzBQNlJ6RjAyVWRCUlptWk9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9jNTgwZjYtZjBhNi00Yzg1LWI3ZDMtZDEwYmViZWEzN2Qw
LzEvdzh6aFpWOF9jZVR2X3FUZWM2R3V5Q0tDbldFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW93kMA0G
CSqGSIb3DQEBCwUAA4IBAQBl/xcW2Kk6HIkoQeAyzjpwz0hkN38/HhKyvyHQjFZN
7YFWlGwQoZQhHEMQ44w5kVTy9TYIwHBSZteVGJZCuZz9QQ0TXI+hk64+5snjkQ1R
Vt63Mn6kydrZOImvArxVE8YEM/xqiTMSwytxWCBooeHr8pMn++FSw0GiWlheFQRk
aKCk6JEnwcTAlBSrkrLN+uhH4KZU9Zq9lB4n92yG65pJHGfaGFdbIvaPD7rkZrBv
D06LLhLYz7+gVm3m4AZXPGgwt9cvWqpkFM/LS7OEJHHwZKbUiLcNlUclwLToymi7
D76dJuUpe7gKMbZ3VQjALxJEJs5Noc3EtfazRx8OS5+/
-----END CERTIFICATE-----