Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/FciP2xwcV3xPRtnXfSiCoZ9ZeYM.roa
File:                     FciP2xwcV3xPRtnXfSiCoZ9ZeYM.roa (raw, json)
Hash identifier:          qFj6Ki0fNJUUk7+HsdPDeunKpSbjzg1RQIOCqYO9NpQ=
Subject key identifier:   15:C8:8F:DB:1C:1C:57:7C:4F:46:D9:D7:7D:28:82:A1:9F:59:79:83
Certificate issuer:       /CN=79c7ea4d39f5cb5f45860a09ea3833ef8add6828
Certificate serial:       019427B55FE7AAE94C04FD425DB400AA66B3
Authority key identifier: 79:C7:EA:4D:39:F5:CB:5F:45:86:0A:09:EA:38:33:EF:8A:DD:68:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ecfqTTn1y19FhgoJ6jgz74rdaCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/FciP2xwcV3xPRtnXfSiCoZ9ZeYM.roa
Signing time:             Thu 02 Jan 2025 15:49:45 +0000
ROA not before:           Thu 02 Jan 2025 15:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197391
IP address blocks:        91.220.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/ecfqTTn1y19FhgoJ6jgz74rdaCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/ecfqTTn1y19FhgoJ6jgz74rdaCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ecfqTTn1y19FhgoJ6jgz74rdaCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:5f:e7:aa:e9:4c:04:fd:42:5d:b4:00:aa:66:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79c7ea4d39f5cb5f45860a09ea3833ef8add6828
        Validity
            Not Before: Jan  2 15:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15c88fdb1c1c577c4f46d9d77d2882a19f597983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ce:e9:4e:9a:2c:58:15:a4:28:54:92:43:7e:
                    e3:b1:22:04:87:73:37:6d:fe:68:7c:b5:6a:27:9e:
                    7c:f9:c8:d6:49:83:cc:d3:21:31:7c:e4:8e:68:23:
                    3e:e6:27:79:b5:23:3b:b9:ec:0c:d8:89:2e:ca:ef:
                    ba:70:5a:88:c7:c0:6c:52:cd:0d:05:88:a9:c8:69:
                    72:8e:4f:05:d3:56:a5:6a:61:29:86:c6:f5:be:7d:
                    47:03:2f:86:4a:38:3b:c1:b9:a4:f2:43:6d:50:a2:
                    ed:67:d8:ca:ee:eb:a5:a6:c7:30:b1:1f:05:9c:e2:
                    f0:5e:da:89:e3:2b:7c:94:9f:aa:80:84:bf:44:c6:
                    94:5e:79:bf:4e:42:15:1e:b1:2f:64:65:71:7a:e1:
                    91:96:1a:27:80:ff:87:43:d7:2c:9c:24:30:dc:56:
                    57:9a:fc:20:cc:84:83:42:3c:47:4e:1c:7f:4c:8b:
                    24:dd:3d:65:1f:6c:3e:98:e1:dd:73:a4:0e:5b:f5:
                    af:e3:c2:d1:dd:f6:17:55:3d:15:0d:72:be:c3:0f:
                    99:f5:0a:f5:34:59:b1:4b:46:ca:a4:dc:f8:29:f4:
                    2a:06:71:8e:ad:25:8f:ed:74:c7:99:cc:97:69:49:
                    6f:6a:94:88:71:93:62:36:14:c5:fd:38:21:d4:a2:
                    02:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:C8:8F:DB:1C:1C:57:7C:4F:46:D9:D7:7D:28:82:A1:9F:59:79:83
            X509v3 Authority Key Identifier:
                keyid:79:C7:EA:4D:39:F5:CB:5F:45:86:0A:09:EA:38:33:EF:8A:DD:68:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ecfqTTn1y19FhgoJ6jgz74rdaCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/FciP2xwcV3xPRtnXfSiCoZ9ZeYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/beed93-4170-4f68-a392-28bf3d90bd7b/1/ecfqTTn1y19FhgoJ6jgz74rdaCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:91:52:c3:07:a0:de:13:f2:b4:7f:1c:aa:3a:fd:9f:b8:d2:
         53:70:57:0a:c8:98:1d:2d:0e:94:2b:36:79:cb:28:a5:6d:eb:
         5f:59:eb:e5:7b:59:13:21:ab:c1:b4:ec:18:b6:ed:4c:4d:e7:
         db:a0:bd:51:47:c5:de:2f:aa:0b:68:53:9a:7a:8b:d2:43:4c:
         76:ce:50:33:f0:e3:3d:b5:21:3b:5d:17:7e:2f:71:c5:f1:a8:
         67:e2:54:7d:ed:e4:e0:31:f2:76:03:a9:62:82:0e:14:4d:00:
         b5:3c:f1:c9:a9:ce:1d:67:f8:e8:f0:2a:b2:04:7c:34:66:a9:
         06:bb:9b:bc:43:7d:22:9e:fb:80:ab:18:02:71:de:0e:85:51:
         c6:8b:4e:87:7f:45:c9:41:78:ba:c6:fe:df:29:82:81:52:79:
         fa:8f:7d:61:19:7c:bc:7c:31:b3:cc:67:76:02:d2:34:94:41:
         70:41:12:4e:f5:be:98:0a:c1:e3:b0:95:f9:b6:5f:25:51:36:
         f3:bc:d5:93:d7:98:36:46:94:71:3f:28:5a:ce:a9:7b:9d:b2:
         54:f4:c9:47:a9:74:80:ca:95:1c:aa:03:85:ac:d1:57:09:dd:
         a5:8f:ae:7c:42:ba:53:a0:a8:bf:f0:f3:54:5c:85:43:62:18:
         73:c9:6b:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntV/nqulMBP1CXbQAqmazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YzdlYTRkMzlmNWNiNWY0NTg2MGEwOWVhMzgzM2VmOGFk
ZDY4MjgwHhcNMjUwMTAyMTU0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWM4OGZkYjFjMWM1NzdjNGY0NmQ5ZDc3ZDI4ODJhMTlmNTk3OTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts7pTposWBWkKFSSQ37jsSIEh3M3
bf5ofLVqJ558+cjWSYPM0yExfOSOaCM+5id5tSM7uewM2Ikuyu+6cFqIx8BsUs0N
BYipyGlyjk8F01alamEphsb1vn1HAy+GSjg7wbmk8kNtUKLtZ9jK7uulpscwsR8F
nOLwXtqJ4yt8lJ+qgIS/RMaUXnm/TkIVHrEvZGVxeuGRlhongP+HQ9csnCQw3FZX
mvwgzISDQjxHThx/TIsk3T1lH2w+mOHdc6QOW/Wv48LR3fYXVT0VDXK+ww+Z9Qr1
NFmxS0bKpNz4KfQqBnGOrSWP7XTHmcyXaUlvapSIcZNiNhTF/Tgh1KIC3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXIj9scHFd8T0bZ130ogqGfWXmDMB8GA1UdIwQY
MBaAFHnH6k059ctfRYYKCeo4M++K3WgoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWNmcVRUbjF5MTlGaGdvSjZqZ3o3NHJkYUNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iZWVkOTMtNDE3MC00ZjY4LWEzOTIt
MjhiZjNkOTBiZDdiLzEvRmNpUDJ4d2NWM3hQUnRuWGZTaUNvWjlaZVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iZWVkOTMtNDE3MC00ZjY4LWEzOTItMjhiZjNkOTBiZDdi
LzEvZWNmcVRUbjF5MTlGaGdvSjZqZ3o3NHJkYUNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9x3MA0G
CSqGSIb3DQEBCwUAA4IBAQABkVLDB6DeE/K0fxyqOv2fuNJTcFcKyJgdLQ6UKzZ5
yyilbetfWevle1kTIavBtOwYtu1MTefboL1RR8XeL6oLaFOaeovSQ0x2zlAz8OM9
tSE7XRd+L3HF8ahn4lR97eTgMfJ2A6ligg4UTQC1PPHJqc4dZ/jo8CqyBHw0ZqkG
u5u8Q30invuAqxgCcd4OhVHGi06Hf0XJQXi6xv7fKYKBUnn6j31hGXy8fDGzzGd2
AtI0lEFwQRJO9b6YCsHjsJX5tl8lUTbzvNWT15g2RpRxPyhazql7nbJU9MlHqXSA
ypUcqgOFrNFXCd2lj658QrpToKi/8PNUXIVDYhhzyWva
-----END CERTIFICATE-----