Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/9Z1MbiRMYxp2gP8MxCFrNvXKHOQ.roa
File:                     9Z1MbiRMYxp2gP8MxCFrNvXKHOQ.roa (raw, json)
Hash identifier:          VEHI4wOUfy63wDjHbpWMSX4O+o3FhB3BTr504lTLiwE=
Subject key identifier:   F5:9D:4C:6E:24:4C:63:1A:76:80:FF:0C:C4:21:6B:36:F5:CA:1C:E4
Certificate issuer:       /CN=13b9b21c0081d23c4a21f60a084a75cb5f95bea2
Certificate serial:       01942143ABCCC75DB01365099F1457747E45
Authority key identifier: 13:B9:B2:1C:00:81:D2:3C:4A:21:F6:0A:08:4A:75:CB:5F:95:BE:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E7myHACB0jxKIfYKCEp1y1-VvqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/9Z1MbiRMYxp2gP8MxCFrNvXKHOQ.roa
Signing time:             Wed 01 Jan 2025 09:47:50 +0000
ROA not before:           Wed 01 Jan 2025 09:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        91.222.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/E7myHACB0jxKIfYKCEp1y1-VvqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/E7myHACB0jxKIfYKCEp1y1-VvqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E7myHACB0jxKIfYKCEp1y1-VvqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ab:cc:c7:5d:b0:13:65:09:9f:14:57:74:7e:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13b9b21c0081d23c4a21f60a084a75cb5f95bea2
        Validity
            Not Before: Jan  1 09:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f59d4c6e244c631a7680ff0cc4216b36f5ca1ce4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:16:fc:ca:0e:49:59:94:a6:f0:30:72:c9:6f:
                    11:f1:03:73:01:17:79:fa:3e:95:0f:0a:c1:22:28:
                    ae:73:7b:93:cb:c3:8d:8e:ca:6d:62:00:dd:14:b6:
                    45:f3:1f:ad:dd:08:cd:50:44:23:e4:f7:6c:95:53:
                    97:57:68:d6:59:bf:ba:36:23:01:bb:d5:ab:d5:c7:
                    89:cb:77:62:2c:e4:a5:87:e7:c3:af:02:22:f8:7a:
                    e8:0c:3c:a4:2e:35:0a:38:21:78:3b:cc:8a:89:6c:
                    53:ca:49:a8:a1:74:bb:76:22:97:ad:87:d6:07:28:
                    bd:88:be:12:3d:a1:4e:5e:02:88:5e:d9:de:99:6a:
                    72:a4:b4:9b:d8:49:fb:c1:8f:17:dd:93:32:e5:7b:
                    44:36:4e:0d:25:0a:ba:eb:1a:7c:14:ee:1c:2d:79:
                    75:a6:e1:76:e5:bb:27:89:7a:c3:f9:d6:0e:d7:6e:
                    db:31:0d:c0:1d:a4:7a:a2:4c:c6:59:ea:df:5f:33:
                    ae:3f:0f:fc:76:d5:bc:13:25:bf:03:d2:77:8b:eb:
                    18:3d:47:30:da:75:50:b4:14:10:0e:fd:fe:64:ce:
                    9b:11:b4:a9:13:13:dd:c5:68:4b:9a:ec:62:9e:89:
                    ef:49:69:81:a8:28:8d:54:cf:77:4b:d4:b1:43:c8:
                    99:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:9D:4C:6E:24:4C:63:1A:76:80:FF:0C:C4:21:6B:36:F5:CA:1C:E4
            X509v3 Authority Key Identifier:
                keyid:13:B9:B2:1C:00:81:D2:3C:4A:21:F6:0A:08:4A:75:CB:5F:95:BE:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E7myHACB0jxKIfYKCEp1y1-VvqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/9Z1MbiRMYxp2gP8MxCFrNvXKHOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/E7myHACB0jxKIfYKCEp1y1-VvqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:95:da:c3:77:85:72:71:54:aa:31:c6:da:d3:a2:cc:3a:8e:
         80:f7:18:03:a6:4b:4b:e1:b7:f1:97:78:e7:b1:1d:3c:8b:27:
         ed:e4:9a:37:8b:ab:28:8e:e7:a3:8e:b8:92:61:9e:de:a2:54:
         f3:34:e0:69:8e:de:37:eb:1a:1d:5d:fe:f7:ca:1b:4e:dc:7e:
         c6:08:ac:56:41:e2:e9:11:88:a2:e1:30:a0:38:0c:70:50:f0:
         6d:9e:06:67:e8:46:63:06:2d:b0:93:07:8a:42:eb:f2:b8:b1:
         87:70:71:0f:c0:83:c2:17:f7:20:92:1c:54:26:53:45:1b:ce:
         86:c2:1f:e3:03:e0:c2:90:91:5b:d1:3c:21:3f:83:c0:c7:b9:
         ad:b2:d9:cf:8e:e8:f0:5f:b2:cb:17:6e:4d:f2:2b:4c:95:1e:
         1b:91:65:9f:46:09:3f:85:8f:b3:c9:15:bf:6e:c6:94:8e:48:
         72:05:b0:76:27:84:d2:16:ff:da:17:e9:3f:92:5f:c1:81:2f:
         c5:95:21:24:1f:d5:0a:21:60:b2:86:d7:0c:1b:4a:84:9e:a1:
         0d:c4:b0:95:60:ca:78:59:3a:42:a9:70:c4:73:9c:83:dd:ec:
         8b:a6:b8:a3:78:94:20:42:1c:5e:40:86:a7:fe:e6:35:f9:ed:
         0a:32:bf:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ6vMx12wE2UJnxRXdH5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYjliMjFjMDA4MWQyM2M0YTIxZjYwYTA4NGE3NWNiNWY5
NWJlYTIwHhcNMjUwMTAxMDk0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTlkNGM2ZTI0NGM2MzFhNzY4MGZmMGNjNDIxNmIzNmY1Y2ExY2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxb8yg5JWZSm8DByyW8R8QNzARd5
+j6VDwrBIiiuc3uTy8ONjsptYgDdFLZF8x+t3QjNUEQj5PdslVOXV2jWWb+6NiMB
u9Wr1ceJy3diLOSlh+fDrwIi+HroDDykLjUKOCF4O8yKiWxTykmooXS7diKXrYfW
Byi9iL4SPaFOXgKIXtnemWpypLSb2En7wY8X3ZMy5XtENk4NJQq66xp8FO4cLXl1
puF25bsniXrD+dYO127bMQ3AHaR6okzGWerfXzOuPw/8dtW8EyW/A9J3i+sYPUcw
2nVQtBQQDv3+ZM6bEbSpExPdxWhLmuxinonvSWmBqCiNVM93S9SxQ8iZWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWdTG4kTGMadoD/DMQhazb1yhzkMB8GA1UdIwQY
MBaAFBO5shwAgdI8SiH2CghKdctflb6iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTdteUhBQ0IwanhLSWZZS0NFcDF5MS1WdnFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85OWEwMWYtYmI1Mi00NzEyLTk0ZDAt
YmY5MjRhODI1ZjU4LzEvOVoxTWJpUk1ZeHAyZ1A4TXhDRnJOdlhLSE9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85OWEwMWYtYmI1Mi00NzEyLTk0ZDAtYmY5MjRhODI1ZjU4
LzEvRTdteUhBQ0IwanhLSWZZS0NFcDF5MS1WdnFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW97cMA0G
CSqGSIb3DQEBCwUAA4IBAQBUldrDd4VycVSqMcba06LMOo6A9xgDpktL4bfxl3jn
sR08iyft5Jo3i6sojuejjriSYZ7eolTzNOBpjt436xodXf73yhtO3H7GCKxWQeLp
EYii4TCgOAxwUPBtngZn6EZjBi2wkweKQuvyuLGHcHEPwIPCF/cgkhxUJlNFG86G
wh/jA+DCkJFb0TwhP4PAx7mtstnPjujwX7LLF25N8itMlR4bkWWfRgk/hY+zyRW/
bsaUjkhyBbB2J4TSFv/aF+k/kl/BgS/FlSEkH9UKIWCyhtcMG0qEnqENxLCVYMp4
WTpCqXDEc5yD3eyLprijeJQgQhxeQIan/uY1+e0KMr8L
-----END CERTIFICATE-----