Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/B--_8Vg01ar8UiyDrrOjUsBXE4s.roa
File:                     B--_8Vg01ar8UiyDrrOjUsBXE4s.roa (raw, json)
Hash identifier:          rqHaVdSJhXbtv9Max6YtG+G2tjswoRTxEFffB8nyo3Y=
Subject key identifier:   07:EF:BF:F1:58:34:D5:AA:FC:52:2C:83:AE:B3:A3:52:C0:57:13:8B
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258F861C8A00BBCD8A4AB57310722914
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/B--_8Vg01ar8UiyDrrOjUsBXE4s.roa
Signing time:             Thu 02 Jan 2025 05:49:10 +0000
ROA not before:           Thu 02 Jan 2025 05:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29226
IP address blocks:        91.229.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:86:1c:8a:00:bb:cd:8a:4a:b5:73:10:72:29:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07efbff15834d5aafc522c83aeb3a352c057138b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:bd:57:c5:72:ba:8d:97:a9:aa:62:c8:34:17:
                    b0:16:9d:83:c1:46:d1:ff:64:b0:98:b0:68:a7:a4:
                    f0:0d:7d:0c:b1:bf:63:b6:8a:6e:ee:aa:db:f8:26:
                    00:d1:5c:03:93:ab:35:2b:ff:c2:de:8c:06:2f:6c:
                    36:51:cf:d0:6b:9a:d4:64:a1:78:9d:01:d9:74:e3:
                    b5:72:c8:e5:6c:85:9f:9f:3f:6e:72:c4:c9:44:0a:
                    db:fe:72:4c:8e:6e:10:a0:78:77:9d:b1:32:e8:84:
                    b9:d1:c0:f1:42:1f:ac:aa:4e:86:e9:7e:31:f5:b8:
                    c1:59:e8:cc:e4:de:bb:9d:e0:43:04:c4:b0:87:dc:
                    76:f6:19:ff:10:25:b8:e0:bb:6f:ab:c4:98:88:73:
                    05:70:96:bb:19:2c:05:ae:8e:fb:a4:f5:f1:a6:8b:
                    60:50:53:3a:96:95:24:88:d7:25:34:98:79:ff:f7:
                    16:e6:f9:40:35:d0:16:a7:44:80:75:c6:4a:92:62:
                    8e:6a:53:53:2a:5b:98:2c:d9:1e:a3:0f:52:62:e2:
                    e6:48:ac:2e:20:4e:fd:4b:41:df:c6:ac:96:94:ab:
                    cd:67:9f:9c:2c:f1:ff:ab:d1:c6:39:1d:c5:1d:6e:
                    9a:20:e0:84:6b:b2:a0:89:bf:05:aa:5d:e6:9c:65:
                    28:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:EF:BF:F1:58:34:D5:AA:FC:52:2C:83:AE:B3:A3:52:C0:57:13:8B
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/B--_8Vg01ar8UiyDrrOjUsBXE4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:6e:44:36:34:80:8a:52:19:e0:8a:59:e8:91:80:0d:b2:7e:
         d2:3a:f4:45:28:61:e0:b3:72:53:9c:01:c4:ec:ea:f0:2f:71:
         13:5a:14:d7:0d:8e:b1:cb:a4:b3:6c:89:bb:3d:0a:c2:ba:4d:
         c5:3b:de:4e:06:68:0a:d3:72:21:8e:91:3f:4b:88:59:71:34:
         4b:d6:f3:d7:75:59:fa:ec:86:21:f6:9b:77:3c:1c:a4:f3:16:
         b7:06:5b:87:dc:0e:2c:b4:11:40:8d:c9:9a:1e:dd:79:54:08:
         69:a5:26:38:49:c0:bf:a4:e4:c8:5a:c5:40:70:aa:00:f7:dc:
         f3:d0:eb:cc:05:d0:7f:a3:b3:8d:8b:7c:a3:e2:54:6d:2d:cf:
         3f:6d:85:eb:27:2e:5c:35:a9:da:01:7b:5f:e8:95:10:74:f5:
         74:2d:a1:90:b0:6c:f1:44:0d:71:fb:7e:d8:9d:15:be:63:49:
         c7:d5:c2:bc:0c:d6:9d:98:ba:01:db:3a:23:84:06:00:32:8b:
         38:3c:18:9f:f0:e7:41:5c:bc:40:45:b6:76:11:b1:0f:38:80:
         20:22:40:8d:ab:c1:87:5c:6d:a5:6d:f3:38:d4:61:a0:17:69:
         23:e1:e7:06:84:e2:ad:85:04:ef:ce:48:b6:cf:ea:33:c8:fb:
         c2:08:cc:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4YcigC7zYpKtXMQcikUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2VmYmZmMTU4MzRkNWFhZmM1MjJjODNhZWIzYTM1MmMwNTcxMzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA471XxXK6jZepqmLINBewFp2DwUbR
/2SwmLBop6TwDX0Msb9jtopu7qrb+CYA0VwDk6s1K//C3owGL2w2Uc/Qa5rUZKF4
nQHZdOO1csjlbIWfnz9ucsTJRArb/nJMjm4QoHh3nbEy6IS50cDxQh+sqk6G6X4x
9bjBWejM5N67neBDBMSwh9x29hn/ECW44Ltvq8SYiHMFcJa7GSwFro77pPXxpotg
UFM6lpUkiNclNJh5//cW5vlANdAWp0SAdcZKkmKOalNTKluYLNkeow9SYuLmSKwu
IE79S0HfxqyWlKvNZ5+cLPH/q9HGOR3FHW6aIOCEa7Kgib8Fql3mnGUocwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfvv/FYNNWq/FIsg66zo1LAVxOLMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvQi0tXzhWZzAxYXI4VWl5RHJyT2pVc0JYRTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+V1MA0G
CSqGSIb3DQEBCwUAA4IBAQB6bkQ2NICKUhngilnokYANsn7SOvRFKGHgs3JTnAHE
7OrwL3ETWhTXDY6xy6SzbIm7PQrCuk3FO95OBmgK03IhjpE/S4hZcTRL1vPXdVn6
7IYh9pt3PByk8xa3BluH3A4stBFAjcmaHt15VAhppSY4ScC/pOTIWsVAcKoA99zz
0OvMBdB/o7ONi3yj4lRtLc8/bYXrJy5cNanaAXtf6JUQdPV0LaGQsGzxRA1x+37Y
nRW+Y0nH1cK8DNadmLoB2zojhAYAMos4PBif8OdBXLxARbZ2EbEPOIAgIkCNq8GH
XG2lbfM41GGgF2kj4ecGhOKthQTvzki2z+ozyPvCCMwc
-----END CERTIFICATE-----