Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/b378a1-5b1b-4c89-8bc5-1c19949b96b6/1/eNa9shPNfJuzCCd26UNFwFr7enQ.roa
File:                     eNa9shPNfJuzCCd26UNFwFr7enQ.roa (raw, json)
Hash identifier:          Pk/A2JGNB1YeZQ3WAmhEqcfQTtjVI6QLZ8AAQbj5fY4=
Subject key identifier:   78:D6:BD:B2:13:CD:7C:9B:B3:08:27:76:E9:43:45:C0:5A:FB:7A:74
Certificate issuer:       /CN=fff604dc7892ba99f535296b9102d8d7a1844388
Certificate serial:       0194228E2F4837D39C1500CB4540B17CCA32
Authority key identifier: FF:F6:04:DC:78:92:BA:99:F5:35:29:6B:91:02:D8:D7:A1:84:43:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/__YE3HiSupn1NSlrkQLY16GEQ4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/b378a1-5b1b-4c89-8bc5-1c19949b96b6/1/eNa9shPNfJuzCCd26UNFwFr7enQ.roa
Signing time:             Wed 01 Jan 2025 15:48:50 +0000
ROA not before:           Wed 01 Jan 2025 15:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49435
IP address blocks:        91.220.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/b378a1-5b1b-4c89-8bc5-1c19949b96b6/1/__YE3HiSupn1NSlrkQLY16GEQ4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/b378a1-5b1b-4c89-8bc5-1c19949b96b6/1/__YE3HiSupn1NSlrkQLY16GEQ4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/__YE3HiSupn1NSlrkQLY16GEQ4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:2f:48:37:d3:9c:15:00:cb:45:40:b1:7c:ca:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fff604dc7892ba99f535296b9102d8d7a1844388
        Validity
            Not Before: Jan  1 15:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78d6bdb213cd7c9bb3082776e94345c05afb7a74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ec:ce:30:be:c0:97:6e:7e:43:bd:52:8e:fe:
                    3e:00:59:8b:36:37:80:8f:20:ae:dd:2e:f0:3b:7f:
                    71:69:60:e3:4f:44:ae:30:36:20:9a:ed:2e:26:9a:
                    38:81:9e:1a:b8:90:ff:58:7f:26:7d:6c:88:f5:cd:
                    2e:51:e5:ba:74:2f:ea:8d:c0:9e:eb:91:14:4c:71:
                    ea:a8:16:f8:86:74:e2:5f:12:8d:e8:e9:46:82:5c:
                    17:b0:01:f8:64:fe:a3:b2:fd:42:02:c0:3f:9e:5a:
                    00:66:e7:c8:0d:34:f6:80:ba:29:5c:73:b9:cf:3c:
                    d8:cf:66:9a:29:e3:29:f3:d5:ea:37:e5:5c:14:a9:
                    88:82:5a:1d:38:d1:ab:af:0c:75:59:b9:f1:95:6a:
                    16:d4:d9:29:33:01:70:0a:59:64:7e:6a:01:07:a2:
                    53:18:81:8e:c6:2c:01:94:b2:1b:4e:47:2a:8f:d5:
                    f0:f5:ee:6c:a5:c7:fe:b2:fe:01:e0:c1:4c:46:c5:
                    f4:91:be:27:b1:c2:12:d1:0e:0a:54:aa:18:00:8a:
                    a5:f3:71:63:d3:83:08:07:b6:fd:09:83:64:e3:43:
                    28:24:65:da:36:34:e9:21:33:c1:a6:c1:66:89:30:
                    6c:74:9d:87:43:0c:23:82:db:4a:7c:a8:33:cf:61:
                    c2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:D6:BD:B2:13:CD:7C:9B:B3:08:27:76:E9:43:45:C0:5A:FB:7A:74
            X509v3 Authority Key Identifier:
                keyid:FF:F6:04:DC:78:92:BA:99:F5:35:29:6B:91:02:D8:D7:A1:84:43:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/__YE3HiSupn1NSlrkQLY16GEQ4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b378a1-5b1b-4c89-8bc5-1c19949b96b6/1/eNa9shPNfJuzCCd26UNFwFr7enQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b378a1-5b1b-4c89-8bc5-1c19949b96b6/1/__YE3HiSupn1NSlrkQLY16GEQ4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:97:5e:34:16:72:9d:5d:c3:99:a2:63:2e:9d:a5:01:61:59:
         e5:01:b7:7c:d7:91:ac:aa:e2:27:40:b2:84:6f:82:80:50:f4:
         ec:fe:5e:0e:bd:98:ef:a7:83:a9:56:66:70:a5:da:ab:d0:1e:
         90:35:cc:98:22:6b:69:31:13:2d:23:86:8c:41:8d:bc:c9:43:
         ba:36:c6:b0:29:fd:aa:ae:e9:69:00:af:5e:e1:08:1a:bd:4b:
         55:ee:14:41:6a:b8:56:1b:9d:e6:fc:bf:43:16:22:09:5f:d6:
         f3:b1:b6:7e:8a:a7:ce:bc:36:34:65:71:50:60:38:4b:65:20:
         72:b6:f2:be:28:70:05:20:b4:b5:6c:23:f8:75:9a:8a:80:79:
         1e:4b:f8:b3:28:94:c5:da:75:18:ac:37:f8:cf:d5:df:00:d7:
         a8:87:b0:a3:09:53:dd:8b:68:e6:64:ad:75:78:0e:39:53:03:
         3e:82:7f:64:e3:36:bb:81:77:32:29:24:cd:91:3c:fc:2e:74:
         80:d2:ac:6d:eb:0d:bf:2b:19:b5:f6:22:61:68:d7:5d:d7:c6:
         7b:0f:2b:04:b9:be:5e:16:48:ca:0e:d8:c8:4a:d2:34:5e:a0:
         9e:93:7d:88:16:0f:50:51:36:b8:18:8f:f2:7a:3f:27:5c:ac:
         88:9e:93:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiji9IN9OcFQDLRUCxfMoyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZjYwNGRjNzg5MmJhOTlmNTM1Mjk2YjkxMDJkOGQ3YTE4
NDQzODgwHhcNMjUwMTAxMTU0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGQ2YmRiMjEzY2Q3YzliYjMwODI3NzZlOTQzNDVjMDVhZmI3YTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuzOML7Al25+Q71Sjv4+AFmLNjeA
jyCu3S7wO39xaWDjT0SuMDYgmu0uJpo4gZ4auJD/WH8mfWyI9c0uUeW6dC/qjcCe
65EUTHHqqBb4hnTiXxKN6OlGglwXsAH4ZP6jsv1CAsA/nloAZufIDTT2gLopXHO5
zzzYz2aaKeMp89XqN+VcFKmIglodONGrrwx1WbnxlWoW1NkpMwFwCllkfmoBB6JT
GIGOxiwBlLIbTkcqj9Xw9e5spcf+sv4B4MFMRsX0kb4nscIS0Q4KVKoYAIql83Fj
04MIB7b9CYNk40MoJGXaNjTpITPBpsFmiTBsdJ2HQwwjgttKfKgzz2HCmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHjWvbITzXybswgndulDRcBa+3p0MB8GA1UdIwQY
MBaAFP/2BNx4krqZ9TUpa5EC2NehhEOIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX19ZRTNIaVN1cG4xTlNscmtRTFkxNkdFUTRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9iMzc4YTEtNWIxYi00Yzg5LThiYzUt
MWMxOTk0OWI5NmI2LzEvZU5hOXNoUE5mSnV6Q0NkMjZVTkZ3RnI3ZW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9iMzc4YTEtNWIxYi00Yzg5LThiYzUtMWMxOTk0OWI5NmI2
LzEvX19ZRTNIaVN1cG4xTlNscmtRTFkxNkdFUTRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wiMA0G
CSqGSIb3DQEBCwUAA4IBAQA/l140FnKdXcOZomMunaUBYVnlAbd815GsquInQLKE
b4KAUPTs/l4OvZjvp4OpVmZwpdqr0B6QNcyYImtpMRMtI4aMQY28yUO6NsawKf2q
rulpAK9e4QgavUtV7hRBarhWG53m/L9DFiIJX9bzsbZ+iqfOvDY0ZXFQYDhLZSBy
tvK+KHAFILS1bCP4dZqKgHkeS/izKJTF2nUYrDf4z9XfANeoh7CjCVPdi2jmZK11
eA45UwM+gn9k4za7gXcyKSTNkTz8LnSA0qxt6w2/Kxm19iJhaNdd18Z7DysEub5e
FkjKDtjIStI0XqCek32IFg9QUTa4GI/yej8nXKyInpN2
-----END CERTIFICATE-----