Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/11FmABaoNqTlsRZU0kIYGObtGWo.roa
File:                     11FmABaoNqTlsRZU0kIYGObtGWo.roa (raw, json)
Hash identifier:          u2d/8zeZsevrkiHRld46txgh5/gWCr6A0ms7AVGeNqo=
Subject key identifier:   D7:51:66:00:16:A8:36:A4:E5:B1:16:54:D2:42:18:18:E6:ED:19:6A
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019007EDF8A6418F2B2348C389D8B05123FA
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/11FmABaoNqTlsRZU0kIYGObtGWo.roa
Signing time:             Tue 11 Jun 2024 15:32:34 +0000
ROA not before:           Tue 11 Jun 2024 15:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        213.209.145.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:07:ed:f8:a6:41:8f:2b:23:48:c3:89:d8:b0:51:23:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jun 11 15:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d751660016a836a4e5b11654d2421818e6ed196a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b5:5e:f4:53:84:db:23:3e:32:cf:da:75:cc:
                    1c:ca:66:52:4c:36:c1:1e:5e:11:a3:5a:25:00:bb:
                    7d:d0:8c:c5:e5:78:82:e7:d4:5a:2b:1f:ea:91:70:
                    19:f1:f5:28:64:b1:68:36:1b:16:8f:f3:4b:0c:81:
                    4c:8d:90:eb:bb:70:4d:cc:4a:46:4e:70:ee:7f:5c:
                    69:dd:1a:89:91:ca:44:a4:74:aa:56:d1:76:d2:da:
                    dc:54:00:2b:f8:52:f3:f4:f2:03:61:4b:90:e5:7b:
                    a0:31:97:bd:fc:0b:aa:70:cf:ae:73:0e:fb:57:d5:
                    d1:63:d2:3f:b6:f9:ec:54:15:44:74:b7:69:0b:86:
                    d4:d4:e3:4d:cf:9f:a3:af:7d:c4:ba:3a:55:c0:17:
                    10:50:cf:3b:6a:ad:7a:0f:54:6a:4f:69:e2:af:3e:
                    1b:3e:cc:3c:25:6b:c4:21:b2:ac:31:09:ed:b0:9d:
                    f9:74:03:d6:4d:b3:15:76:98:b9:83:f7:63:2a:e2:
                    81:fd:e0:5c:a8:34:be:55:df:06:be:9c:9c:8f:0c:
                    a9:97:55:e4:5f:4d:f0:80:b5:6b:9d:71:8a:77:23:
                    2d:38:49:de:f9:4b:eb:ff:4e:a6:c6:d4:c3:75:1a:
                    d5:a3:9c:a1:d2:a0:48:0e:8a:b9:70:8c:ee:ab:dc:
                    bd:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:51:66:00:16:A8:36:A4:E5:B1:16:54:D2:42:18:18:E6:ED:19:6A
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/11FmABaoNqTlsRZU0kIYGObtGWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.145.0-213.209.146.255
                  213.209.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:2e:60:b1:0d:b9:4f:f9:68:d6:83:b9:71:d8:98:5f:e2:e2:
         aa:e7:66:fc:62:cd:ca:98:69:e5:f7:28:29:20:e6:53:e0:ef:
         83:7d:08:3e:53:e5:6c:43:24:72:d8:9f:ba:0d:5b:95:06:12:
         84:5f:cf:63:55:cb:44:a1:6e:ba:a6:f6:15:b0:03:92:40:62:
         80:ae:f2:79:3c:9a:ca:71:4b:21:67:91:0d:cc:7e:72:46:81:
         3c:90:ce:fc:04:48:34:f2:4a:9a:37:af:9f:53:83:70:b3:ed:
         32:24:f4:0a:cf:cc:ea:e0:b1:54:c6:42:c3:39:8f:19:cf:70:
         09:08:bd:b2:65:48:32:10:56:60:55:dc:78:0e:56:d3:6c:1f:
         5f:2a:3f:a0:49:75:ea:a2:94:a4:27:f4:aa:63:d3:97:c4:db:
         e5:86:a2:81:da:00:4c:c8:e0:ff:ed:c6:e8:7d:29:d8:f2:98:
         db:9c:d2:ed:f8:eb:22:96:95:88:bf:fd:dd:06:df:d5:9f:4a:
         26:e5:09:b6:56:dc:29:58:b5:c8:28:f0:30:3b:4f:ce:58:bb:
         95:ef:d9:6e:ff:65:c5:f5:2d:2e:2d:19:57:eb:4c:ef:84:ae:
         c9:50:2e:06:64:de:6e:c0:5e:fc:2c:f2:aa:5e:ef:ef:fb:4d:
         e9:31:d9:5c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZAH7fimQY8rI0jDidiwUSP6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwNjExMTUzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzUxNjYwMDE2YTgzNmE0ZTViMTE2NTRkMjQyMTgxOGU2ZWQxOTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrVe9FOE2yM+Ms/adcwcymZSTDbB
Hl4Ro1olALt90IzF5XiC59RaKx/qkXAZ8fUoZLFoNhsWj/NLDIFMjZDru3BNzEpG
TnDuf1xp3RqJkcpEpHSqVtF20trcVAAr+FLz9PIDYUuQ5XugMZe9/AuqcM+ucw77
V9XRY9I/tvnsVBVEdLdpC4bU1ONNz5+jr33EujpVwBcQUM87aq16D1RqT2nirz4b
Psw8JWvEIbKsMQntsJ35dAPWTbMVdpi5g/djKuKB/eBcqDS+Vd8Gvpycjwypl1Xk
X03wgLVrnXGKdyMtOEne+Uvr/06mxtTDdRrVo5yh0qBIDoq5cIzuq9y9VQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNdRZgAWqDak5bEWVNJCGBjm7RlqMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvMTFGbUFCYW9OcVRsc1JaVTBrSVlHT2J0R1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADV0ZED
BADV0ZIDBADV0Z0wDQYJKoZIhvcNAQELBQADggEBAIsuYLENuU/5aNaDuXHYmF/i
4qrnZvxizcqYaeX3KCkg5lPg74N9CD5T5WxDJHLYn7oNW5UGEoRfz2NVy0Shbrqm
9hWwA5JAYoCu8nk8mspxSyFnkQ3MfnJGgTyQzvwESDTySpo3r59Tg3Cz7TIk9ArP
zOrgsVTGQsM5jxnPcAkIvbJlSDIQVmBV3HgOVtNsH18qP6BJdeqilKQn9Kpj05fE
2+WGooHaAEzI4P/txuh9KdjymNuc0u346yKWlYi//d0G39WfSiblCbZW3ClYtcgo
8DA7T85Yu5Xv2W7/ZcX1LS4tGVfrTO+ErslQLgZk3m7AXvws8qpe7+/7Tekx2Vw=
-----END CERTIFICATE-----