Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/P8rZJGJLA3F1EGlDFUFKmZMNPro.roa
File:                     P8rZJGJLA3F1EGlDFUFKmZMNPro.roa (raw, json)
Hash identifier:          cH5D51w3jnQM/X4UFqorD3ulIKj6gJ2rY6Zk5plkeo0=
Subject key identifier:   3F:CA:D9:24:62:4B:03:71:75:10:69:43:15:41:4A:99:93:0D:3E:BA
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01934EE3296869540C4DF82C3E335600BFA1
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/P8rZJGJLA3F1EGlDFUFKmZMNPro.roa
Signing time:             Thu 21 Nov 2024 13:22:10 +0000
ROA not before:           Thu 21 Nov 2024 13:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398465
IP address blocks:        207.244.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:e3:29:68:69:54:0c:4d:f8:2c:3e:33:56:00:bf:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Nov 21 13:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fcad924624b03717510694315414a99930d3eba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:87:2e:9d:31:49:46:d8:1d:62:74:b0:3e:66:
                    02:fc:e0:f9:76:7b:67:f6:2a:50:98:4c:cf:b8:de:
                    24:c1:4f:83:e9:e5:d6:c7:13:f2:d4:6f:32:76:a0:
                    b6:d5:57:3e:df:bc:99:65:a0:a3:1a:42:ca:59:b2:
                    06:43:51:c3:f4:8a:5d:a4:d0:9f:c6:1a:2e:1a:4d:
                    a2:fa:5e:b9:71:9c:e9:34:cd:2c:85:53:db:30:bd:
                    85:41:17:c8:43:8a:dd:bd:b2:1f:df:35:58:5b:5c:
                    3d:eb:d7:56:45:5b:70:da:58:da:ed:49:88:01:3d:
                    f3:f5:d5:88:ee:c7:c9:b8:25:f4:44:90:f6:3d:96:
                    0c:d0:ca:08:5e:80:f5:56:02:83:f3:3b:26:35:41:
                    a7:2f:ad:29:70:84:f6:9e:8f:b9:db:86:41:38:8e:
                    3b:db:94:8f:13:dc:b2:7b:b8:fe:44:bd:2d:3c:9c:
                    5b:fe:59:b4:f9:c3:7a:b1:f2:8c:85:e2:88:57:2e:
                    08:ba:75:1d:e8:2f:f1:39:30:a9:29:cb:70:5f:6a:
                    8f:98:3f:eb:77:a5:04:2d:a8:d9:a5:13:ad:ae:25:
                    65:cc:bc:2b:7d:ca:a6:0c:6d:7f:ec:06:34:82:b3:
                    96:90:7d:e5:ce:30:de:ff:ef:8d:e7:ee:85:44:0b:
                    7b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:CA:D9:24:62:4B:03:71:75:10:69:43:15:41:4A:99:93:0D:3E:BA
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/P8rZJGJLA3F1EGlDFUFKmZMNPro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.244.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:2b:3e:74:70:0c:d9:e6:7e:2d:6f:26:e2:01:dc:53:93:a5:
         fb:19:40:cd:ca:df:ca:9e:c5:da:e6:e2:99:5f:50:2d:25:93:
         cd:15:d8:ab:87:c4:28:3e:6c:2f:2f:0b:38:78:a1:a2:8c:74:
         e6:e5:d2:7c:38:84:3d:2d:39:33:cf:d7:ad:07:ee:d8:65:a2:
         4c:31:80:62:9c:88:76:95:68:39:62:d3:e0:0f:1c:aa:f5:0f:
         c1:7c:cb:d2:48:78:29:c8:cf:71:cc:ea:c3:32:a9:13:fe:49:
         57:d2:7f:e7:6c:6c:b1:1c:b3:7b:9c:f4:f9:fe:92:92:9b:f9:
         33:dc:eb:1a:23:2e:b1:d8:4b:76:75:7c:be:9a:5a:23:01:9a:
         4e:52:ee:63:91:4b:21:85:bc:68:73:78:bf:be:b2:66:70:ce:
         8a:e6:ff:84:67:12:74:43:78:df:a4:4f:0b:a1:e0:ee:5d:57:
         42:88:d1:92:22:17:58:b5:77:fe:83:b5:f0:69:f5:76:dd:e0:
         26:a2:ac:cb:42:b3:c1:a7:6d:4e:6d:d5:ca:78:00:32:32:86:
         4b:46:5c:6a:29:e9:2c:3d:f0:58:28:85:70:48:d6:c5:7b:e2:
         ba:3d:bd:80:41:a0:30:38:d1:54:47:d2:77:f1:9c:b7:aa:56:
         ee:86:0d:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNO4yloaVQMTfgsPjNWAL+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjQxMTIxMTMyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmNhZDkyNDYyNGIwMzcxNzUxMDY5NDMxNTQxNGE5OTkzMGQzZWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ocunTFJRtgdYnSwPmYC/OD5dntn
9ipQmEzPuN4kwU+D6eXWxxPy1G8ydqC21Vc+37yZZaCjGkLKWbIGQ1HD9IpdpNCf
xhouGk2i+l65cZzpNM0shVPbML2FQRfIQ4rdvbIf3zVYW1w969dWRVtw2lja7UmI
AT3z9dWI7sfJuCX0RJD2PZYM0MoIXoD1VgKD8zsmNUGnL60pcIT2no+524ZBOI47
25SPE9yye7j+RL0tPJxb/lm0+cN6sfKMheKIVy4IunUd6C/xOTCpKctwX2qPmD/r
d6UELajZpROtriVlzLwrfcqmDG1/7AY0grOWkH3lzjDe/++N5+6FRAt7GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/K2SRiSwNxdRBpQxVBSpmTDT66MB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvUDhyWkpHSkxBM0YxRUdsREZVRkttWk1OUHJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAz/TEMA0G
CSqGSIb3DQEBCwUAA4IBAQA6Kz50cAzZ5n4tbybiAdxTk6X7GUDNyt/KnsXa5uKZ
X1AtJZPNFdirh8QoPmwvLws4eKGijHTm5dJ8OIQ9LTkzz9etB+7YZaJMMYBinIh2
lWg5YtPgDxyq9Q/BfMvSSHgpyM9xzOrDMqkT/klX0n/nbGyxHLN7nPT5/pKSm/kz
3OsaIy6x2Et2dXy+mlojAZpOUu5jkUshhbxoc3i/vrJmcM6K5v+EZxJ0Q3jfpE8L
oeDuXVdCiNGSIhdYtXf+g7XwafV23eAmoqzLQrPBp21ObdXKeAAyMoZLRlxqKeks
PfBYKIVwSNbFe+K6Pb2AQaAwONFUR9J38Zy3qlbuhg0z
-----END CERTIFICATE-----