Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/XjB6lBgveCNEJh63xEo1lg4t5cc.roa
File:                     XjB6lBgveCNEJh63xEo1lg4t5cc.roa (raw, json)
Hash identifier:          7Slf8ckKdF3IXLpe+MDn9rERxZkQDcLyLNPvZmeYLBM=
Subject key identifier:   5E:30:7A:94:18:2F:78:23:44:26:1E:B7:C4:4A:35:96:0E:2D:E5:C7
Certificate issuer:       /CN=a24b48edc7a325d7f1ae0f257c0e2835171bc9ae
Certificate serial:       0192294D317BDD7E357462E711C601743C40
Authority key identifier: A2:4B:48:ED:C7:A3:25:D7:F1:AE:0F:25:7C:0E:28:35:17:1B:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oktI7cejJdfxrg8lfA4oNRcbya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/XjB6lBgveCNEJh63xEo1lg4t5cc.roa
Signing time:             Wed 25 Sep 2024 13:09:37 +0000
ROA not before:           Wed 25 Sep 2024 13:09:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210882
IP address blocks:        213.132.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/oktI7cejJdfxrg8lfA4oNRcbya4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/oktI7cejJdfxrg8lfA4oNRcbya4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oktI7cejJdfxrg8lfA4oNRcbya4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:29:4d:31:7b:dd:7e:35:74:62:e7:11:c6:01:74:3c:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a24b48edc7a325d7f1ae0f257c0e2835171bc9ae
        Validity
            Not Before: Sep 25 13:09:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e307a94182f782344261eb7c44a35960e2de5c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ae:c9:e4:db:0a:17:93:0b:85:41:65:49:3c:
                    90:5d:fe:33:58:2b:37:e5:9f:17:96:fe:d1:a7:86:
                    01:07:05:c0:2f:67:61:3c:b4:43:a3:f1:4b:9c:3c:
                    a5:6f:01:b7:8a:cd:7a:98:80:db:82:ec:5e:b5:5c:
                    cb:a7:5b:ce:c3:e1:9e:f0:46:e3:88:e7:8c:00:8c:
                    e2:10:3a:a2:22:97:d3:33:b1:ce:0f:9e:92:cc:90:
                    97:c4:8d:eb:9a:a4:fc:ac:ac:7a:d0:85:17:83:53:
                    ce:66:05:cc:e6:2f:c3:db:28:87:81:65:fc:fb:44:
                    e2:07:25:c7:18:d8:01:9e:9f:fd:bd:3a:75:48:bd:
                    4c:af:0b:a2:90:90:da:1b:5b:e2:3b:5f:0d:d9:b0:
                    a1:bf:58:09:af:ab:2e:49:61:b8:fe:af:1d:72:f6:
                    db:ef:eb:74:5a:63:95:23:35:af:34:26:2d:f2:8b:
                    23:88:ec:bd:80:15:0f:8e:55:ef:ca:ad:8b:97:e4:
                    e4:a2:8e:fc:47:18:ac:60:7e:a8:42:87:54:d6:4a:
                    fb:cd:c8:3a:99:60:4f:3d:bd:36:b3:74:d5:27:e7:
                    b2:21:d5:25:95:98:72:7e:28:4e:cb:a3:42:80:8c:
                    8d:6b:07:6f:61:d0:b4:00:d0:d6:ee:c2:3e:cd:f0:
                    75:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:30:7A:94:18:2F:78:23:44:26:1E:B7:C4:4A:35:96:0E:2D:E5:C7
            X509v3 Authority Key Identifier:
                keyid:A2:4B:48:ED:C7:A3:25:D7:F1:AE:0F:25:7C:0E:28:35:17:1B:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oktI7cejJdfxrg8lfA4oNRcbya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/XjB6lBgveCNEJh63xEo1lg4t5cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/oktI7cejJdfxrg8lfA4oNRcbya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.132.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:f0:61:30:d1:d9:a8:5a:a2:05:ce:8d:9a:3e:54:92:16:be:
         42:f6:69:ed:19:b9:de:ad:4d:7d:d3:bf:cd:36:87:86:58:63:
         1d:ba:78:d0:88:1b:21:13:5f:94:8e:b9:75:f5:38:26:e2:78:
         64:d0:8e:4e:c8:5e:72:3e:6e:e1:33:bc:58:a5:cf:0b:56:ff:
         77:18:7c:84:f5:6d:47:10:e4:87:81:8d:af:46:98:d8:5c:f7:
         be:ae:b0:3a:db:a1:78:6b:0c:78:23:3c:10:81:cf:24:e7:6d:
         1f:3f:f5:68:f5:6f:9b:b9:f6:c5:c4:f3:e6:5c:0d:14:88:c7:
         c3:97:c6:76:3e:e1:b8:ce:e5:4b:e9:6d:dc:20:65:14:17:b0:
         b3:21:bc:31:6b:00:42:b8:ea:4f:84:bc:12:3c:2f:55:1d:88:
         59:92:4c:93:d9:5d:e8:7a:eb:c4:5f:16:3b:2d:83:a5:88:57:
         73:a7:d6:84:69:91:44:eb:16:f1:e4:f8:e8:db:9a:2f:a2:aa:
         ea:b8:e9:42:62:0d:1c:ff:3d:ae:b1:27:d0:0f:6f:c5:7c:09:
         f0:f9:2c:70:7f:da:1e:85:f9:c6:54:e8:00:11:73:3e:e3:f3:
         77:0f:f3:58:2e:fd:68:f2:ab:16:38:f8:87:36:f3:29:9b:d8:
         05:68:f6:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIpTTF73X41dGLnEcYBdDxAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNGI0OGVkYzdhMzI1ZDdmMWFlMGYyNTdjMGUyODM1MTcx
YmM5YWUwHhcNMjQwOTI1MTMwOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTMwN2E5NDE4MmY3ODIzNDQyNjFlYjdjNDRhMzU5NjBlMmRlNWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAma7J5NsKF5MLhUFlSTyQXf4zWCs3
5Z8Xlv7Rp4YBBwXAL2dhPLRDo/FLnDylbwG3is16mIDbguxetVzLp1vOw+Ge8Ebj
iOeMAIziEDqiIpfTM7HOD56SzJCXxI3rmqT8rKx60IUXg1POZgXM5i/D2yiHgWX8
+0TiByXHGNgBnp/9vTp1SL1MrwuikJDaG1viO18N2bChv1gJr6suSWG4/q8dcvbb
7+t0WmOVIzWvNCYt8osjiOy9gBUPjlXvyq2Ll+Tkoo78RxisYH6oQodU1kr7zcg6
mWBPPb02s3TVJ+eyIdUllZhyfihOy6NCgIyNawdvYdC0ANDW7sI+zfB1nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4wepQYL3gjRCYet8RKNZYOLeXHMB8GA1UdIwQY
MBaAFKJLSO3HoyXX8a4PJXwOKDUXG8muMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2t0STdjZWpKZGZ4cmc4bGZBNG9OUmNieWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni82MmFmZWYtNzBkMS00ZmUyLTllZGYt
N2YxZTU3NDg3YzFhLzEvWGpCNmxCZ3ZlQ05FSmg2M3hFbzFsZzR0NWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni82MmFmZWYtNzBkMS00ZmUyLTllZGYtN2YxZTU3NDg3YzFh
LzEvb2t0STdjZWpKZGZ4cmc4bGZBNG9OUmNieWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YTdMA0G
CSqGSIb3DQEBCwUAA4IBAQBs8GEw0dmoWqIFzo2aPlSSFr5C9mntGbnerU1907/N
NoeGWGMdunjQiBshE1+Ujrl19Tgm4nhk0I5OyF5yPm7hM7xYpc8LVv93GHyE9W1H
EOSHgY2vRpjYXPe+rrA626F4awx4IzwQgc8k520fP/Vo9W+bufbFxPPmXA0UiMfD
l8Z2PuG4zuVL6W3cIGUUF7CzIbwxawBCuOpPhLwSPC9VHYhZkkyT2V3oeuvEXxY7
LYOliFdzp9aEaZFE6xbx5Pjo25ovoqrquOlCYg0c/z2usSfQD2/FfAnw+Sxwf9oe
hfnGVOgAEXM+4/N3D/NYLv1o8qsWOPiHNvMpm9gFaPaB
-----END CERTIFICATE-----