Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/iel61PDpfL_mVSL8N4tCjy6_BKc.roa
File:                     iel61PDpfL_mVSL8N4tCjy6_BKc.roa (raw, json)
Hash identifier:          1UWG48Am0icDBgZh7TjOXmvz4lUUHHBxa1OJktKcSDE=
Subject key identifier:   89:E9:7A:D4:F0:E9:7C:BF:E6:55:22:FC:37:8B:42:8F:2E:BF:04:A7
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       018E80C9FDB7B71CE41A50F9A6BFFA44E421
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/iel61PDpfL_mVSL8N4tCjy6_BKc.roa
Signing time:             Wed 27 Mar 2024 16:41:45 +0000
ROA not before:           Wed 27 Mar 2024 16:41:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        213.164.96.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:c9:fd:b7:b7:1c:e4:1a:50:f9:a6:bf:fa:44:e4:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Mar 27 16:41:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89e97ad4f0e97cbfe65522fc378b428f2ebf04a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e3:a1:c5:63:b3:00:0a:f0:a3:c0:8e:69:7a:
                    82:3b:9b:6e:6e:a7:94:8f:20:78:f7:86:94:55:a8:
                    92:e8:9b:72:a8:5d:8e:ff:93:ca:59:17:75:56:79:
                    4a:80:d6:4e:16:57:c0:34:64:ba:15:f3:14:da:4f:
                    66:8e:fe:d9:06:35:16:99:2d:6f:0a:7b:69:c8:77:
                    1a:ba:41:7c:d5:99:0f:fb:a9:ec:65:1d:33:2c:65:
                    06:83:dd:95:44:10:3a:d4:66:c5:c1:0e:b8:11:44:
                    52:9a:d4:c5:06:a1:2e:88:9b:65:5f:c3:13:71:27:
                    d9:e5:24:d5:76:83:dc:ed:b3:a1:f6:3e:3e:fa:b2:
                    45:b8:d8:4c:ba:80:4f:4c:3c:a4:68:b4:bc:05:5b:
                    19:80:9d:d4:7f:c4:05:0f:c7:a2:95:2f:56:50:56:
                    ca:fe:e5:c9:f2:7d:cf:c0:ae:26:36:1a:62:22:fe:
                    1a:5e:8b:6f:a8:c0:c1:46:0c:2f:04:cd:4a:ae:54:
                    7d:59:ef:8d:63:b5:bf:28:57:8a:4b:a7:53:ed:e0:
                    f3:61:7c:b9:4b:09:f8:e5:09:38:67:c6:63:0c:70:
                    ab:5d:66:15:de:30:ef:6b:a6:60:6f:4d:b4:f9:a4:
                    84:eb:8b:b9:f2:71:29:7d:14:f2:f9:88:b8:44:e4:
                    84:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E9:7A:D4:F0:E9:7C:BF:E6:55:22:FC:37:8B:42:8F:2E:BF:04:A7
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/iel61PDpfL_mVSL8N4tCjy6_BKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.164.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         69:54:c2:0e:af:17:a9:61:44:c2:02:15:37:81:b0:ae:61:4f:
         ab:8c:57:d4:c9:76:47:16:e5:38:c1:e6:0a:50:c7:da:20:b9:
         c7:67:24:28:98:90:b8:49:d6:fc:0a:5a:2e:03:87:14:c8:75:
         bc:e3:c8:f7:61:fa:89:7a:66:84:a1:dd:11:6f:05:54:a9:45:
         30:fd:5f:d0:d8:9a:53:7d:01:3c:f2:50:f6:29:34:7f:4e:32:
         2b:e7:48:79:91:98:96:60:b3:f1:79:59:e6:b6:8e:4d:4f:e4:
         d0:08:1a:2c:1d:8b:ec:e5:db:e2:9a:01:51:91:9a:f9:f5:87:
         67:f9:98:77:66:29:3f:37:f6:84:21:8b:69:41:94:7a:10:5a:
         af:eb:dc:3e:51:d3:a4:a3:a8:6b:5a:f9:d0:09:04:e1:ba:b7:
         d7:9d:b5:17:67:b8:21:13:37:01:f7:fd:c8:52:e7:72:30:17:
         ed:0a:49:76:64:55:2a:5c:21:01:a8:1d:0c:50:3c:70:f3:35:
         61:05:99:78:10:b9:cd:60:05:69:dd:0f:04:05:89:a0:68:f8:
         39:82:c1:14:2a:a4:81:84:68:d7:0d:82:03:9b:fb:8c:e2:a4:
         45:64:b9:ee:99:b1:63:ee:7f:f2:8e:36:c9:72:12:26:ca:bb:
         11:ec:0f:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6Ayf23txzkGlD5pr/6ROQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjQwMzI3MTY0MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWU5N2FkNGYwZTk3Y2JmZTY1NTIyZmMzNzhiNDI4ZjJlYmYwNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOOhxWOzAArwo8COaXqCO5tubqeU
jyB494aUVaiS6JtyqF2O/5PKWRd1VnlKgNZOFlfANGS6FfMU2k9mjv7ZBjUWmS1v
CntpyHcaukF81ZkP+6nsZR0zLGUGg92VRBA61GbFwQ64EURSmtTFBqEuiJtlX8MT
cSfZ5STVdoPc7bOh9j4++rJFuNhMuoBPTDykaLS8BVsZgJ3Uf8QFD8eilS9WUFbK
/uXJ8n3PwK4mNhpiIv4aXotvqMDBRgwvBM1KrlR9We+NY7W/KFeKS6dT7eDzYXy5
Swn45Qk4Z8ZjDHCrXWYV3jDva6Zgb020+aSE64u58nEpfRTy+Yi4ROSEaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInpetTw6Xy/5lUi/DeLQo8uvwSnMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvaWVsNjFQRHBmTF9tVlNMOE40dENqeTZfQktjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1aRgMA0G
CSqGSIb3DQEBCwUAA4IBAQBpVMIOrxepYUTCAhU3gbCuYU+rjFfUyXZHFuU4weYK
UMfaILnHZyQomJC4Sdb8ClouA4cUyHW848j3YfqJemaEod0RbwVUqUUw/V/Q2JpT
fQE88lD2KTR/TjIr50h5kZiWYLPxeVnmto5NT+TQCBosHYvs5dvimgFRkZr59Ydn
+Zh3Zik/N/aEIYtpQZR6EFqv69w+UdOko6hrWvnQCQThurfXnbUXZ7ghEzcB9/3I
UudyMBftCkl2ZFUqXCEBqB0MUDxw8zVhBZl4ELnNYAVp3Q8EBYmgaPg5gsEUKqSB
hGjXDYIDm/uM4qRFZLnumbFj7n/yjjbJchImyrsR7A9+
-----END CERTIFICATE-----