Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/ZzzCKQYXEyyoRJqn08ir4qRnYoY.roa
File:                     ZzzCKQYXEyyoRJqn08ir4qRnYoY.roa (raw, json)
Hash identifier:          v3CMJYaM4YjhgyRlCZi9VHNC9/ejVg1WlIGKxQSHOFU=
Subject key identifier:   67:3C:C2:29:06:17:13:2C:A8:44:9A:A7:D3:C8:AB:E2:A4:67:62:86
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       0196157AA9900EFCDF0C2EB0B285D47AC4B2
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/ZzzCKQYXEyyoRJqn08ir4qRnYoY.roa
Signing time:             Tue 08 Apr 2025 12:58:02 +0000
ROA not before:           Tue 08 Apr 2025 12:58:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215678
IP address blocks:        91.195.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:15:7a:a9:90:0e:fc:df:0c:2e:b0:b2:85:d4:7a:c4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Apr  8 12:58:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=673cc2290617132ca8449aa7d3c8abe2a4676286
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:39:73:7d:42:30:36:4f:6e:49:6a:35:bb:fd:
                    29:5b:d1:24:09:a6:69:06:c0:b1:1d:e3:c8:c2:f5:
                    f2:9d:ba:09:fa:f3:b2:ca:8a:57:e1:f7:f3:80:88:
                    bc:fe:4a:0d:1b:59:9a:85:12:5a:4b:bf:c7:1f:a3:
                    b0:10:fd:02:60:5e:c0:94:76:0b:9e:76:f0:c5:92:
                    c7:65:87:f8:ef:67:fb:0d:6a:a6:a4:85:06:27:08:
                    4f:a6:6e:c3:9b:c6:32:10:de:35:c1:c8:2d:6c:b2:
                    34:f3:65:9f:b9:03:7f:c9:48:f1:ff:5c:20:28:22:
                    ae:f7:70:79:a5:d7:48:9a:d6:3c:e2:cc:cb:fa:87:
                    3d:4f:9f:af:03:5f:26:3c:26:42:e4:13:44:54:62:
                    d9:b0:f5:21:98:7a:0d:59:9a:2e:0d:54:60:c4:39:
                    b5:bf:ff:4e:51:b0:cb:7c:4e:78:2b:3f:ab:4a:ec:
                    5c:f2:4c:44:f4:3b:eb:39:b6:2c:8d:84:c4:16:2d:
                    59:f1:30:90:28:23:c4:98:c6:39:f8:a1:8d:af:8a:
                    81:73:30:ae:b9:0d:b2:6e:f2:3e:da:39:54:71:5e:
                    a4:35:40:1e:17:52:52:5c:9b:a2:83:4d:d5:d0:08:
                    04:10:0f:a1:db:0f:c5:06:31:ef:4f:9b:c5:d0:de:
                    c5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:3C:C2:29:06:17:13:2C:A8:44:9A:A7:D3:C8:AB:E2:A4:67:62:86
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/ZzzCKQYXEyyoRJqn08ir4qRnYoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:10:f8:e8:b0:52:c1:4b:b1:64:03:ee:cf:e3:88:17:85:59:
         31:62:27:93:9a:27:44:03:78:9e:7c:15:72:34:7c:be:4a:f8:
         87:77:dc:ea:45:35:ad:f7:a1:90:23:8a:6a:f4:e5:95:72:a2:
         b8:7a:a3:65:4b:97:a6:ae:83:cc:00:85:55:67:72:be:e5:72:
         82:79:1b:2a:fa:4e:32:7f:01:6b:34:44:fe:d4:69:b7:90:62:
         d3:32:87:29:91:66:6c:ad:9b:9a:7a:80:bb:f2:c4:62:79:40:
         ca:a9:1c:67:d5:ee:56:3f:c5:41:7c:5d:d2:7a:43:09:69:f6:
         6e:cc:6c:f3:c4:50:0b:04:fa:be:1b:3d:1a:d0:63:49:70:37:
         9f:7a:4c:c3:67:d1:fc:28:3d:e0:80:eb:1e:ec:01:0f:31:d5:
         71:65:72:75:ee:9f:dc:65:60:07:b8:14:d2:f4:d0:36:e4:f4:
         b4:2b:f1:a2:d3:0b:03:3f:88:e7:de:4c:28:c0:4a:90:ab:a8:
         3d:55:82:46:b4:0b:64:5d:8b:4f:82:bc:16:bf:b4:2b:5f:f0:
         31:02:5c:05:07:99:f5:79:cc:53:1d:2d:0f:ad:75:71:68:04:
         41:28:c1:7b:c9:6e:6a:43:f7:06:1c:4c:14:66:84:83:be:6e:
         41:b0:da:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYVeqmQDvzfDC6wsoXUesSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUwNDA4MTI1ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzNjYzIyOTA2MTcxMzJjYTg0NDlhYTdkM2M4YWJlMmE0Njc2Mjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjlzfUIwNk9uSWo1u/0pW9EkCaZp
BsCxHePIwvXynboJ+vOyyopX4ffzgIi8/koNG1mahRJaS7/HH6OwEP0CYF7AlHYL
nnbwxZLHZYf472f7DWqmpIUGJwhPpm7Dm8YyEN41wcgtbLI082WfuQN/yUjx/1wg
KCKu93B5pddImtY84szL+oc9T5+vA18mPCZC5BNEVGLZsPUhmHoNWZouDVRgxDm1
v/9OUbDLfE54Kz+rSuxc8kxE9DvrObYsjYTEFi1Z8TCQKCPEmMY5+KGNr4qBczCu
uQ2ybvI+2jlUcV6kNUAeF1JSXJuig03V0AgEEA+h2w/FBjHvT5vF0N7FQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGc8wikGFxMsqESap9PIq+KkZ2KGMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvWnp6Q0tRWVhFeXlvUkpxbjA4aXI0cVJuWW9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8N8MA0G
CSqGSIb3DQEBCwUAA4IBAQCWEPjosFLBS7FkA+7P44gXhVkxYieTmidEA3iefBVy
NHy+SviHd9zqRTWt96GQI4pq9OWVcqK4eqNlS5emroPMAIVVZ3K+5XKCeRsq+k4y
fwFrNET+1Gm3kGLTMocpkWZsrZuaeoC78sRieUDKqRxn1e5WP8VBfF3SekMJafZu
zGzzxFALBPq+Gz0a0GNJcDefekzDZ9H8KD3ggOse7AEPMdVxZXJ17p/cZWAHuBTS
9NA25PS0K/Gi0wsDP4jn3kwowEqQq6g9VYJGtAtkXYtPgrwWv7QrX/AxAlwFB5n1
ecxTHS0PrXVxaARBKMF7yW5qQ/cGHEwUZoSDvm5BsNol
-----END CERTIFICATE-----