Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/95a02c-df3b-40ba-bde5-262438e859e4/1/6CJuWYcvaw-acDsC8fypVGv6nZs.roa
File:                     6CJuWYcvaw-acDsC8fypVGv6nZs.roa (raw, json)
Hash identifier:          wT9pXkMIK5iq/Fr3VYtO4ReEPTUzPvr9i2oggz8Pizc=
Subject key identifier:   E8:22:6E:59:87:2F:6B:0F:9A:70:3B:02:F1:FC:A9:54:6B:FA:9D:9B
Certificate issuer:       /CN=47bbb74d41b298f59edd4da23d18b6bb5143f644
Certificate serial:       019424B38B4C3B22B543B0D0FDABDB960F4F
Authority key identifier: 47:BB:B7:4D:41:B2:98:F5:9E:DD:4D:A2:3D:18:B6:BB:51:43:F6:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R7u3TUGymPWe3U2iPRi2u1FD9kQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/95a02c-df3b-40ba-bde5-262438e859e4/1/6CJuWYcvaw-acDsC8fypVGv6nZs.roa
Signing time:             Thu 02 Jan 2025 01:48:53 +0000
ROA not before:           Thu 02 Jan 2025 01:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198635
IP address blocks:        91.199.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/95a02c-df3b-40ba-bde5-262438e859e4/1/R7u3TUGymPWe3U2iPRi2u1FD9kQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/95a02c-df3b-40ba-bde5-262438e859e4/1/R7u3TUGymPWe3U2iPRi2u1FD9kQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R7u3TUGymPWe3U2iPRi2u1FD9kQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 07:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:8b:4c:3b:22:b5:43:b0:d0:fd:ab:db:96:0f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47bbb74d41b298f59edd4da23d18b6bb5143f644
        Validity
            Not Before: Jan  2 01:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8226e59872f6b0f9a703b02f1fca9546bfa9d9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e4:be:10:3e:5b:4c:4e:9d:d2:88:de:ff:e9:
                    5c:e0:61:f1:5e:3f:f1:ec:0d:9f:79:18:0e:2e:74:
                    ad:e7:0c:78:ee:53:5f:56:08:28:a8:9e:a5:c9:29:
                    08:3e:f4:91:93:54:c4:bc:e3:e0:d1:cb:3a:3e:08:
                    61:4d:ed:e3:61:6a:70:2d:57:c1:95:65:5d:e0:c3:
                    ef:ac:28:1b:4c:6f:5f:cc:f2:db:36:78:ae:62:2e:
                    e7:aa:1f:95:fa:fc:d5:44:88:80:30:17:4e:47:08:
                    e6:38:83:c9:16:fa:37:83:e8:91:30:3e:6b:51:05:
                    a7:ba:2e:63:74:23:23:eb:da:60:a4:ca:98:06:57:
                    9b:23:84:60:75:b4:5d:c8:47:fd:ea:6b:a8:8b:d3:
                    c0:58:c4:e7:56:d2:63:94:a4:68:68:59:2d:31:4c:
                    87:5f:0b:f2:83:cf:99:fc:3d:39:17:2a:60:e8:6c:
                    ea:9f:97:42:a0:ef:2c:45:67:8e:a7:78:3d:5b:35:
                    a2:7f:bd:80:53:8a:94:0b:27:0f:bc:9f:73:7c:be:
                    d9:eb:13:cd:26:41:d4:6b:39:13:7d:da:07:db:10:
                    4a:fa:8e:e6:db:45:6b:4c:ee:87:fc:cc:25:01:53:
                    35:cf:97:49:bd:38:4b:c1:67:73:8f:0b:3a:9f:53:
                    99:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:22:6E:59:87:2F:6B:0F:9A:70:3B:02:F1:FC:A9:54:6B:FA:9D:9B
            X509v3 Authority Key Identifier:
                keyid:47:BB:B7:4D:41:B2:98:F5:9E:DD:4D:A2:3D:18:B6:BB:51:43:F6:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R7u3TUGymPWe3U2iPRi2u1FD9kQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/95a02c-df3b-40ba-bde5-262438e859e4/1/6CJuWYcvaw-acDsC8fypVGv6nZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/95a02c-df3b-40ba-bde5-262438e859e4/1/R7u3TUGymPWe3U2iPRi2u1FD9kQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:89:e7:f8:ae:95:f2:d5:56:52:d1:32:55:58:5c:ea:ce:b9:
         b3:51:fc:f3:f4:93:0d:c9:a7:31:75:f6:2e:bb:14:4e:87:2a:
         95:29:54:b3:f6:75:3c:8c:50:6e:ea:4e:fb:94:d6:44:f8:97:
         5b:e2:f6:a0:1f:50:1c:b8:3b:8c:88:54:20:86:2f:d7:20:8e:
         84:49:2d:9f:e4:cb:b9:f4:1a:ef:40:d0:a7:14:95:ec:22:c3:
         f3:24:de:42:3f:ab:96:f4:1d:ef:c1:4c:8b:73:88:e1:d9:08:
         3a:e8:c7:db:06:a0:8f:f3:58:a2:06:90:6d:41:06:bf:f9:18:
         a0:17:e9:d6:56:23:41:e9:2d:66:d8:9c:ff:a7:76:01:41:16:
         a9:34:dc:e1:7a:fb:ae:3b:9c:fc:2b:fe:c8:01:2c:48:99:34:
         cf:eb:24:5e:87:c9:2d:1d:b4:66:bc:8e:99:71:30:27:a8:cc:
         78:4a:c4:69:a0:9a:3a:2c:55:80:43:bf:04:f4:92:e1:ba:de:
         f7:31:85:c2:29:f2:25:53:b6:8d:8d:c8:17:a1:e6:2e:8d:37:
         eb:76:4d:90:98:8a:83:30:1e:2f:b8:5b:36:f5:4a:c0:e8:8a:
         70:ee:76:ce:66:65:ec:e6:49:4b:94:cb:94:e7:3a:1e:83:c3:
         04:c7:e5:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks4tMOyK1Q7DQ/avblg9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YmJiNzRkNDFiMjk4ZjU5ZWRkNGRhMjNkMThiNmJiNTE0
M2Y2NDQwHhcNMjUwMTAyMDE0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODIyNmU1OTg3MmY2YjBmOWE3MDNiMDJmMWZjYTk1NDZiZmE5ZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeS+ED5bTE6d0oje/+lc4GHxXj/x
7A2feRgOLnSt5wx47lNfVggoqJ6lySkIPvSRk1TEvOPg0cs6PghhTe3jYWpwLVfB
lWVd4MPvrCgbTG9fzPLbNniuYi7nqh+V+vzVRIiAMBdORwjmOIPJFvo3g+iRMD5r
UQWnui5jdCMj69pgpMqYBlebI4RgdbRdyEf96muoi9PAWMTnVtJjlKRoaFktMUyH
Xwvyg8+Z/D05Fypg6Gzqn5dCoO8sRWeOp3g9WzWif72AU4qUCycPvJ9zfL7Z6xPN
JkHUazkTfdoH2xBK+o7m20VrTO6H/MwlAVM1z5dJvThLwWdzjws6n1OZQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOgiblmHL2sPmnA7AvH8qVRr+p2bMB8GA1UdIwQY
MBaAFEe7t01Bspj1nt1Noj0YtrtRQ/ZEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjd1M1RVR3ltUFdlM1UyaVBSaTJ1MUZEOWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS85NWEwMmMtZGYzYi00MGJhLWJkZTUt
MjYyNDM4ZTg1OWU0LzEvNkNKdVdZY3Zhdy1hY0RzQzhmeXBWR3Y2blpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS85NWEwMmMtZGYzYi00MGJhLWJkZTUtMjYyNDM4ZTg1OWU0
LzEvUjd1M1RVR3ltUFdlM1UyaVBSaTJ1MUZEOWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8dCMA0G
CSqGSIb3DQEBCwUAA4IBAQBEief4rpXy1VZS0TJVWFzqzrmzUfzz9JMNyacxdfYu
uxROhyqVKVSz9nU8jFBu6k77lNZE+Jdb4vagH1AcuDuMiFQghi/XII6ESS2f5Mu5
9BrvQNCnFJXsIsPzJN5CP6uW9B3vwUyLc4jh2Qg66MfbBqCP81iiBpBtQQa/+Rig
F+nWViNB6S1m2Jz/p3YBQRapNNzhevuuO5z8K/7IASxImTTP6yReh8ktHbRmvI6Z
cTAnqMx4SsRpoJo6LFWAQ78E9JLhut73MYXCKfIlU7aNjcgXoeYujTfrdk2QmIqD
MB4vuFs29UrA6Ipw7nbOZmXs5klLlMuU5zoeg8MEx+UU
-----END CERTIFICATE-----