Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/b06197-68d2-429e-ace5-e015bf3f33d7/1/cvTvlJFXIrx4LNBKFN32BnQowu0.roa
File:                     cvTvlJFXIrx4LNBKFN32BnQowu0.roa (raw, json)
Hash identifier:          2SQfqAvlePWceYDa/Gr4IqsSS7uQeMq3g8yyqM6DnK8=
Subject key identifier:   72:F4:EF:94:91:57:22:BC:78:2C:D0:4A:14:DD:F6:06:74:28:C2:ED
Certificate issuer:       /CN=3866f7385005d5be6101727388e1b3271f644de4
Certificate serial:       01965306189743233C0ED26D1C5EA70FAAD2
Authority key identifier: 38:66:F7:38:50:05:D5:BE:61:01:72:73:88:E1:B3:27:1F:64:4D:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OGb3OFAF1b5hAXJziOGzJx9kTeQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/b06197-68d2-429e-ace5-e015bf3f33d7/1/cvTvlJFXIrx4LNBKFN32BnQowu0.roa
Signing time:             Sun 20 Apr 2025 11:47:10 +0000
ROA not before:           Sun 20 Apr 2025 11:47:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        91.199.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/b06197-68d2-429e-ace5-e015bf3f33d7/1/OGb3OFAF1b5hAXJziOGzJx9kTeQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/b06197-68d2-429e-ace5-e015bf3f33d7/1/OGb3OFAF1b5hAXJziOGzJx9kTeQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OGb3OFAF1b5hAXJziOGzJx9kTeQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:53:06:18:97:43:23:3c:0e:d2:6d:1c:5e:a7:0f:aa:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3866f7385005d5be6101727388e1b3271f644de4
        Validity
            Not Before: Apr 20 11:47:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72f4ef94915722bc782cd04a14ddf6067428c2ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:fa:5c:d4:0f:15:ae:23:56:57:8f:3e:dc:5a:
                    8a:0d:fe:e4:6a:1f:60:43:df:38:04:bd:e2:d1:a0:
                    47:6b:9f:af:3e:ad:54:35:e7:2c:27:19:6a:42:44:
                    aa:51:0c:e8:ac:85:af:35:13:a1:01:c6:7f:a8:e4:
                    b3:24:16:3d:f6:de:83:a5:65:01:fe:db:c4:a9:02:
                    70:51:d3:cf:f2:c1:44:21:8e:76:e2:4b:52:5c:3d:
                    1d:b1:0e:33:cc:1d:d2:c7:ac:25:f1:1a:80:0c:ef:
                    e7:17:be:ee:65:d2:d3:b9:17:0e:84:6e:b0:7b:ab:
                    6c:01:02:e5:c8:1e:c6:44:af:2f:02:07:73:d5:5c:
                    60:30:3b:b4:98:3c:59:05:fc:db:99:89:7a:de:a1:
                    0b:ea:c9:bf:cc:0a:87:11:44:6c:e4:68:e1:ff:20:
                    0e:44:17:2c:a2:68:f1:88:65:04:a3:40:27:57:4b:
                    d3:91:ec:48:7a:5c:d1:18:5a:c8:9b:d7:3b:05:80:
                    cc:04:6a:3e:7e:bf:ac:44:1d:68:13:a6:06:f1:d9:
                    b1:70:5b:dd:2d:ca:e1:d1:2d:fc:42:2c:c0:ff:25:
                    5f:2e:1b:9f:c1:e0:0a:d6:73:57:e6:f8:2e:c2:15:
                    be:19:0b:16:75:68:03:c7:bc:30:47:05:03:06:d7:
                    ff:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F4:EF:94:91:57:22:BC:78:2C:D0:4A:14:DD:F6:06:74:28:C2:ED
            X509v3 Authority Key Identifier:
                keyid:38:66:F7:38:50:05:D5:BE:61:01:72:73:88:E1:B3:27:1F:64:4D:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OGb3OFAF1b5hAXJziOGzJx9kTeQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/b06197-68d2-429e-ace5-e015bf3f33d7/1/cvTvlJFXIrx4LNBKFN32BnQowu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/b06197-68d2-429e-ace5-e015bf3f33d7/1/OGb3OFAF1b5hAXJziOGzJx9kTeQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:24:db:e7:d0:7f:47:af:94:4f:7a:f4:eb:55:df:e8:65:78:
         b2:40:8d:73:f1:2d:0f:bd:3d:77:4c:1e:52:14:ba:0c:10:3d:
         13:62:6c:0e:64:17:fa:3e:10:e0:d4:9c:f5:ce:21:6f:b6:60:
         0d:89:d1:e2:cc:e3:96:2d:12:f1:7a:fc:f7:ad:22:1a:da:d8:
         5a:0d:06:95:e4:4c:86:10:4a:a7:55:69:93:56:c2:a7:f7:b6:
         cb:f0:42:c9:d0:0b:03:49:91:c8:6d:42:e4:d2:70:21:60:9d:
         b3:c5:43:4f:87:08:ef:9a:14:4c:02:db:2a:7f:5b:dc:c4:d5:
         df:04:ec:57:64:d1:d3:f8:22:49:de:57:f9:67:75:28:b0:2c:
         50:96:12:44:7e:e3:57:94:9c:54:8f:9f:32:6c:51:de:45:bf:
         80:49:35:8f:e4:76:a6:df:af:e0:5e:c8:d8:1d:e0:1c:16:9a:
         a1:21:13:b7:c0:a4:9c:59:7d:d4:0b:08:33:2b:c3:9f:20:f6:
         50:cd:25:a5:a2:30:1c:07:0a:6a:58:34:61:9a:9c:d4:08:07:
         54:31:5e:38:6f:b2:07:52:f0:16:81:64:4d:a2:bf:ae:5d:3f:
         45:e1:24:8d:bf:40:3e:ca:1e:2b:e2:72:0d:b2:ff:c3:dc:60:
         12:2a:f2:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZTBhiXQyM8DtJtHF6nD6rSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NjZmNzM4NTAwNWQ1YmU2MTAxNzI3Mzg4ZTFiMzI3MWY2
NDRkZTQwHhcNMjUwNDIwMTE0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmY0ZWY5NDkxNTcyMmJjNzgyY2QwNGExNGRkZjYwNjc0MjhjMmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvpc1A8VriNWV48+3FqKDf7kah9g
Q984BL3i0aBHa5+vPq1UNecsJxlqQkSqUQzorIWvNROhAcZ/qOSzJBY99t6DpWUB
/tvEqQJwUdPP8sFEIY524ktSXD0dsQ4zzB3Sx6wl8RqADO/nF77uZdLTuRcOhG6w
e6tsAQLlyB7GRK8vAgdz1VxgMDu0mDxZBfzbmYl63qEL6sm/zAqHEURs5Gjh/yAO
RBcsomjxiGUEo0AnV0vTkexIelzRGFrIm9c7BYDMBGo+fr+sRB1oE6YG8dmxcFvd
Lcrh0S38QizA/yVfLhufweAK1nNX5vguwhW+GQsWdWgDx7wwRwUDBtf//QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHL075SRVyK8eCzQShTd9gZ0KMLtMB8GA1UdIwQY
MBaAFDhm9zhQBdW+YQFyc4jhsycfZE3kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0diM09GQUYxYjVoQVhKemlPR3pKeDlrVGVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9iMDYxOTctNjhkMi00MjllLWFjZTUt
ZTAxNWJmM2YzM2Q3LzEvY3ZUdmxKRlhJcng0TE5CS0ZOMzJCblFvd3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9iMDYxOTctNjhkMi00MjllLWFjZTUtZTAxNWJmM2YzM2Q3
LzEvT0diM09GQUYxYjVoQVhKemlPR3pKeDlrVGVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8crMA0G
CSqGSIb3DQEBCwUAA4IBAQAgJNvn0H9Hr5RPevTrVd/oZXiyQI1z8S0PvT13TB5S
FLoMED0TYmwOZBf6PhDg1Jz1ziFvtmANidHizOOWLRLxevz3rSIa2thaDQaV5EyG
EEqnVWmTVsKn97bL8ELJ0AsDSZHIbULk0nAhYJ2zxUNPhwjvmhRMAtsqf1vcxNXf
BOxXZNHT+CJJ3lf5Z3UosCxQlhJEfuNXlJxUj58ybFHeRb+ASTWP5Ham36/gXsjY
HeAcFpqhIRO3wKScWX3UCwgzK8OfIPZQzSWlojAcBwpqWDRhmpzUCAdUMV44b7IH
UvAWgWRNor+uXT9F4SSNv0A+yh4r4nINsv/D3GASKvJq
-----END CERTIFICATE-----