Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/H7yrNUT75yVv09M5UBmNbZIqcoA.roa
File:                     H7yrNUT75yVv09M5UBmNbZIqcoA.roa (raw, json)
Hash identifier:          CZfSBGRpxyxAFQpjENd+v0cJ93DJ7YkMpWAIc48uiNM=
Subject key identifier:   1F:BC:AB:35:44:FB:E7:25:6F:D3:D3:39:50:19:8D:6D:92:2A:72:80
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01942747ACC8104E81FD2EA5E07C14AD2AB6
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/H7yrNUT75yVv09M5UBmNbZIqcoA.roa
Signing time:             Thu 02 Jan 2025 13:49:56 +0000
ROA not before:           Thu 02 Jan 2025 13:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        213.209.145.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ac:c8:10:4e:81:fd:2e:a5:e0:7c:14:ad:2a:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 13:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fbcab3544fbe7256fd3d33950198d6d922a7280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:39:94:bc:96:1b:4b:bc:f0:22:80:8d:ec:a4:
                    06:e1:10:0e:6f:cf:83:94:02:f7:96:57:f0:d4:b3:
                    8a:2f:88:17:1c:59:28:2a:8a:0f:ce:51:1d:22:ab:
                    e7:88:f1:b2:f9:42:e9:05:1a:87:28:95:a7:6c:e6:
                    50:84:b6:0f:88:7c:ea:b3:0b:72:21:22:84:00:b9:
                    72:9b:6e:7a:f7:32:ba:bd:bc:f3:02:75:34:ba:da:
                    90:2c:c9:77:be:c7:2d:87:82:67:c2:b5:24:e8:a0:
                    7a:e8:31:0b:12:0f:79:b5:1b:4c:f1:45:bf:1d:a0:
                    cb:b1:5e:b8:7a:2c:5a:14:1c:9b:52:e2:31:29:cd:
                    09:2e:2a:0d:b3:fc:99:be:d0:c9:c5:7c:4d:14:88:
                    48:c1:54:3d:d0:62:14:06:e3:b3:83:65:80:04:0d:
                    dc:9d:ad:0f:d8:cb:cc:f0:23:91:e1:9d:78:40:cd:
                    50:72:14:eb:e5:7b:cc:1d:98:ac:11:d2:8a:75:08:
                    63:92:aa:b3:47:dd:da:5e:a8:9c:e8:f7:3f:16:37:
                    6b:b2:70:2f:75:b7:13:04:d7:37:00:90:9a:94:04:
                    d9:0f:66:7f:5c:c7:59:0d:9f:4b:99:4f:48:a1:9e:
                    09:09:ef:db:54:fc:8e:14:aa:fc:df:0c:83:be:b9:
                    e0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:BC:AB:35:44:FB:E7:25:6F:D3:D3:39:50:19:8D:6D:92:2A:72:80
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/H7yrNUT75yVv09M5UBmNbZIqcoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.145.0-213.209.146.255
                  213.209.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:9d:b8:fb:0c:b3:ec:b5:b3:e2:4e:f3:52:6f:62:d7:df:2b:
         99:ab:58:55:8c:97:5d:ff:e9:dc:f1:a3:ff:4a:60:30:5f:d5:
         8e:27:a2:36:3f:c4:80:da:df:86:6d:08:bc:cf:3b:3f:1c:92:
         f0:7a:d7:f3:d6:07:69:e9:8a:03:cd:8f:b1:11:6a:4d:f7:f1:
         26:da:45:8c:04:0f:fa:dd:ff:83:29:c6:3a:08:a6:cd:21:c4:
         cd:82:fc:a2:5f:f5:dd:ca:0b:2d:5f:af:c1:62:46:8e:3f:a4:
         88:10:b3:a4:1a:3f:4c:ec:9f:37:6d:49:9c:e9:4f:b6:a8:9e:
         46:d0:e3:24:9a:62:a9:e0:87:6e:4d:74:2f:f4:d5:3f:78:17:
         cd:d5:6f:fc:59:24:ee:31:c3:8c:75:60:d9:e9:1d:ea:3f:04:
         c6:60:b9:22:dc:3e:48:b1:91:37:d6:af:e2:fb:a0:d8:bc:d3:
         ee:39:27:27:6d:aa:c7:cf:fc:82:2a:1a:8b:a3:d1:ad:46:7d:
         ef:4e:70:5b:e4:7b:4c:7f:55:e6:5e:dc:0a:bb:20:78:50:cf:
         25:22:ce:62:a5:e5:3a:ed:d7:0a:3f:8d:88:c9:19:ce:9a:9d:
         e3:4a:a8:5b:53:5f:6b:83:20:82:14:93:bf:d1:85:4c:a5:a4:
         8c:c6:c6:9c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQnR6zIEE6B/S6l4HwUrSq2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUwMTAyMTM0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmJjYWIzNTQ0ZmJlNzI1NmZkM2QzMzk1MDE5OGQ2ZDkyMmE3MjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTmUvJYbS7zwIoCN7KQG4RAOb8+D
lAL3llfw1LOKL4gXHFkoKooPzlEdIqvniPGy+ULpBRqHKJWnbOZQhLYPiHzqswty
ISKEALlym2569zK6vbzzAnU0utqQLMl3vscth4JnwrUk6KB66DELEg95tRtM8UW/
HaDLsV64eixaFBybUuIxKc0JLioNs/yZvtDJxXxNFIhIwVQ90GIUBuOzg2WABA3c
na0P2MvM8COR4Z14QM1QchTr5XvMHZisEdKKdQhjkqqzR93aXqic6Pc/FjdrsnAv
dbcTBNc3AJCalATZD2Z/XMdZDZ9LmU9IoZ4JCe/bVPyOFKr83wyDvrnghQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFB+8qzVE++clb9PTOVAZjW2SKnKAMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvSDd5ck5VVDc1eVZ2MDlNNVVCbU5iWklxY29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADV0ZED
BADV0ZIDBADV0Z0wDQYJKoZIhvcNAQELBQADggEBALaduPsMs+y1s+JO81JvYtff
K5mrWFWMl13/6dzxo/9KYDBf1Y4nojY/xIDa34ZtCLzPOz8ckvB61/PWB2npigPN
j7ERak338SbaRYwED/rd/4MpxjoIps0hxM2C/KJf9d3KCy1fr8FiRo4/pIgQs6Qa
P0zsnzdtSZzpT7aonkbQ4ySaYqngh25NdC/01T94F83Vb/xZJO4xw4x1YNnpHeo/
BMZguSLcPkixkTfWr+L7oNi80+45JydtqsfP/IIqGouj0a1Gfe9OcFvke0x/VeZe
3Aq7IHhQzyUizmKl5Trt1wo/jYjJGc6aneNKqFtTX2uDIIIUk7/RhUylpIzGxpw=
-----END CERTIFICATE-----