Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/a4cca1-6512-4660-8735-787aaa444cda/1/sxOFH4MOBGXtcvWAh6J2OV0WdEw.roa
File:                     sxOFH4MOBGXtcvWAh6J2OV0WdEw.roa (raw, json)
Hash identifier:          aKN6bay7mqmSDZAiQTj84pTwFHi4EARHsCazqSfnyHg=
Subject key identifier:   B3:13:85:1F:83:0E:04:65:ED:72:F5:80:87:A2:76:39:5D:16:74:4C
Certificate issuer:       /CN=25f3fb2b1cb50a3fcc642608633f512375226d1f
Certificate serial:       018CC9BCC15CE2281914E683EF6176A26B43
Authority key identifier: 25:F3:FB:2B:1C:B5:0A:3F:CC:64:26:08:63:3F:51:23:75:22:6D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JfP7Kxy1Cj_MZCYIYz9RI3UibR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/a4cca1-6512-4660-8735-787aaa444cda/1/sxOFH4MOBGXtcvWAh6J2OV0WdEw.roa
Signing time:             Tue 02 Jan 2024 10:33:59 +0000
ROA not before:           Tue 02 Jan 2024 10:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197730
IP address blocks:        91.193.25.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/a4cca1-6512-4660-8735-787aaa444cda/1/JfP7Kxy1Cj_MZCYIYz9RI3UibR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/a4cca1-6512-4660-8735-787aaa444cda/1/JfP7Kxy1Cj_MZCYIYz9RI3UibR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JfP7Kxy1Cj_MZCYIYz9RI3UibR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c1:5c:e2:28:19:14:e6:83:ef:61:76:a2:6b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25f3fb2b1cb50a3fcc642608633f512375226d1f
        Validity
            Not Before: Jan  2 10:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b313851f830e0465ed72f58087a276395d16744c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c4:b9:8e:4e:92:93:e3:93:9b:f7:7f:73:7d:
                    83:54:78:b0:85:cf:f2:0b:4a:34:31:63:e7:ef:77:
                    11:66:a1:41:5f:1d:70:7e:56:aa:5b:0e:54:6e:11:
                    ec:00:79:fc:34:7d:64:9a:4d:c3:1e:ee:81:b5:02:
                    19:bc:fa:3e:b5:b8:18:d7:d6:7e:b6:d6:e9:8f:83:
                    19:30:4d:a8:e7:c7:84:7e:98:51:71:9d:43:06:fb:
                    95:b6:3a:89:ea:27:45:66:df:92:57:fc:77:6e:e3:
                    76:c0:50:17:0e:c1:49:57:a4:18:aa:36:0f:f4:87:
                    60:4e:a3:3f:c3:4a:b1:a2:85:8f:16:18:e7:f7:74:
                    46:09:57:a4:38:78:de:c3:d0:79:26:90:3e:b2:06:
                    04:1d:15:39:58:87:b0:29:87:e1:a6:d5:93:4f:be:
                    79:13:99:c3:14:49:35:79:ad:ee:0d:12:d0:f2:3a:
                    69:9b:bf:a1:c7:d9:a4:3c:ae:ff:fb:ef:d2:08:66:
                    72:33:7c:71:e0:68:87:99:c5:5d:61:14:d7:f9:78:
                    a0:7a:9a:fe:d3:05:af:b1:fd:97:7b:91:5f:21:59:
                    83:e0:4e:ce:7a:82:1a:19:2e:51:ff:a3:43:82:18:
                    d1:ce:60:96:4e:ed:5f:b3:cb:13:42:0c:56:dd:b5:
                    d3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:13:85:1F:83:0E:04:65:ED:72:F5:80:87:A2:76:39:5D:16:74:4C
            X509v3 Authority Key Identifier:
                keyid:25:F3:FB:2B:1C:B5:0A:3F:CC:64:26:08:63:3F:51:23:75:22:6D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JfP7Kxy1Cj_MZCYIYz9RI3UibR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/a4cca1-6512-4660-8735-787aaa444cda/1/sxOFH4MOBGXtcvWAh6J2OV0WdEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/a4cca1-6512-4660-8735-787aaa444cda/1/JfP7Kxy1Cj_MZCYIYz9RI3UibR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:58:e8:78:64:13:d9:4b:f2:e1:00:be:b7:ae:1f:65:77:92:
         5c:27:49:db:b3:23:a5:b4:5a:b4:58:fb:eb:c6:fb:36:dd:92:
         d1:c9:8e:a3:52:6b:ad:a3:50:a1:7e:bb:f2:84:33:7d:9a:71:
         89:68:9d:13:53:68:20:26:d6:50:e2:4a:c5:e0:8e:b9:00:7a:
         11:e2:36:5d:17:51:e3:5d:77:95:53:a6:5b:2c:88:cb:f6:26:
         51:83:c4:75:a4:05:2c:b1:d0:f6:9d:3c:3e:a0:bf:a1:3a:99:
         a3:11:6d:e1:e4:b7:de:52:fb:40:63:5c:76:f0:20:90:46:b5:
         e3:c1:38:d2:f9:e6:be:60:28:92:c9:68:87:11:6e:e8:6a:4f:
         47:1d:79:fc:20:5d:40:d6:c8:c8:dc:92:19:d8:cc:3c:a5:fc:
         82:64:c5:06:8d:a3:29:b0:4e:e0:37:0d:81:2d:c2:d0:c4:a8:
         a0:e7:53:e3:b1:7b:97:0b:dc:8f:ad:c3:ad:15:a4:68:c4:fc:
         f7:d1:88:71:4d:96:e1:61:06:2d:15:14:d5:1e:a7:c1:96:81:
         2c:e9:16:33:7e:87:38:4b:75:0f:72:ff:62:85:31:9c:d3:de:
         72:cb:c3:ee:53:18:ca:94:2c:cf:c8:82:ed:d8:57:55:d6:a0:
         ba:cb:b2:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvMFc4igZFOaD72F2omtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZjNmYjJiMWNiNTBhM2ZjYzY0MjYwODYzM2Y1MTIzNzUy
MjZkMWYwHhcNMjQwMTAyMTAzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzEzODUxZjgzMGUwNDY1ZWQ3MmY1ODA4N2EyNzYzOTVkMTY3NDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMS5jk6Sk+OTm/d/c32DVHiwhc/y
C0o0MWPn73cRZqFBXx1wflaqWw5UbhHsAHn8NH1kmk3DHu6BtQIZvPo+tbgY19Z+
ttbpj4MZME2o58eEfphRcZ1DBvuVtjqJ6idFZt+SV/x3buN2wFAXDsFJV6QYqjYP
9IdgTqM/w0qxooWPFhjn93RGCVekOHjew9B5JpA+sgYEHRU5WIewKYfhptWTT755
E5nDFEk1ea3uDRLQ8jppm7+hx9mkPK7/++/SCGZyM3xx4GiHmcVdYRTX+Xigepr+
0wWvsf2Xe5FfIVmD4E7OeoIaGS5R/6NDghjRzmCWTu1fs8sTQgxW3bXT9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMThR+DDgRl7XL1gIeidjldFnRMMB8GA1UdIwQY
MBaAFCXz+ysctQo/zGQmCGM/USN1Im0fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmZQN0t4eTFDal9NWkNZSVl6OVJJM1VpYlI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9hNGNjYTEtNjUxMi00NjYwLTg3MzUt
Nzg3YWFhNDQ0Y2RhLzEvc3hPRkg0TU9CR1h0Y3ZXQWg2SjJPVjBXZEV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9hNGNjYTEtNjUxMi00NjYwLTg3MzUtNzg3YWFhNDQ0Y2Rh
LzEvSmZQN0t4eTFDal9NWkNZSVl6OVJJM1VpYlI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8EZMA0G
CSqGSIb3DQEBCwUAA4IBAQA7WOh4ZBPZS/LhAL63rh9ld5JcJ0nbsyOltFq0WPvr
xvs23ZLRyY6jUmuto1ChfrvyhDN9mnGJaJ0TU2ggJtZQ4krF4I65AHoR4jZdF1Hj
XXeVU6ZbLIjL9iZRg8R1pAUssdD2nTw+oL+hOpmjEW3h5LfeUvtAY1x28CCQRrXj
wTjS+ea+YCiSyWiHEW7oak9HHXn8IF1A1sjI3JIZ2Mw8pfyCZMUGjaMpsE7gNw2B
LcLQxKig51PjsXuXC9yPrcOtFaRoxPz30YhxTZbhYQYtFRTVHqfBloEs6RYzfoc4
S3UPcv9ihTGc095yy8PuUxjKlCzPyILt2FdV1qC6y7KR
-----END CERTIFICATE-----