Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/kWDWjqe6TZr6mC7ltV_s9RWulPo.roa
File:                     kWDWjqe6TZr6mC7ltV_s9RWulPo.roa (raw, json)
Hash identifier:          bcSFd8fA4CBZw26EsSnoa8atz2hu0JECgA4N1l1gYhw=
Subject key identifier:   91:60:D6:8E:A7:BA:4D:9A:FA:98:2E:E5:B5:5F:EC:F5:15:AE:94:FA
Certificate issuer:       /CN=65a665b90069bd71850602e7400c529793269e39
Certificate serial:       01921E8162A359559CC683097DC650350A35
Authority key identifier: 65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/kWDWjqe6TZr6mC7ltV_s9RWulPo.roa
Signing time:             Mon 23 Sep 2024 10:50:48 +0000
ROA not before:           Mon 23 Sep 2024 10:50:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215708
IP address blocks:        80.75.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1e:81:62:a3:59:55:9c:c6:83:09:7d:c6:50:35:0a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65a665b90069bd71850602e7400c529793269e39
        Validity
            Not Before: Sep 23 10:50:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9160d68ea7ba4d9afa982ee5b55fecf515ae94fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a0:2a:fb:6c:3f:4c:58:29:be:b7:a0:b9:e1:
                    24:a2:c6:8b:e2:98:ab:c1:49:ac:fd:cf:f5:9b:23:
                    11:f6:b7:c1:70:00:6f:d3:7c:9b:0e:4f:02:16:f0:
                    ed:cf:0d:c7:8c:d8:45:57:b5:13:32:68:41:6f:5a:
                    5d:00:5e:95:c3:18:96:04:46:53:90:26:8e:63:27:
                    68:2c:92:7f:19:ff:d7:0d:9c:c0:cc:c6:e0:f9:91:
                    ef:24:56:47:3e:fd:b7:ae:d6:60:4f:17:3f:9d:2f:
                    6d:6c:2e:6c:d8:0b:ca:48:7b:2e:30:03:86:2f:6a:
                    4e:2a:ff:bb:a9:78:94:18:1b:fe:f4:9b:a2:69:aa:
                    d3:1b:7f:93:b5:26:93:a7:40:cf:f3:45:4e:88:f7:
                    0a:13:2f:bd:b5:54:52:d7:15:4b:74:f7:0b:29:5b:
                    69:b2:d0:82:93:60:56:44:c5:54:58:50:bf:d4:31:
                    08:31:10:53:8b:9e:86:be:3b:45:48:ec:28:9b:17:
                    ef:a5:47:3d:24:26:7c:b2:ee:da:25:ba:aa:9a:d8:
                    45:d4:7d:68:95:fa:43:32:a3:fd:50:61:66:0b:56:
                    22:d2:00:08:88:85:9a:43:15:82:2c:5e:4c:e3:f3:
                    5e:22:21:b0:42:37:12:b9:ea:c8:92:9e:15:40:de:
                    58:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:60:D6:8E:A7:BA:4D:9A:FA:98:2E:E5:B5:5F:EC:F5:15:AE:94:FA
            X509v3 Authority Key Identifier:
                keyid:65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/kWDWjqe6TZr6mC7ltV_s9RWulPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:f7:63:b7:3e:e5:19:f6:2c:e2:36:62:0b:28:df:f2:b9:a2:
         fc:47:8a:11:de:89:04:ff:1f:14:d1:fe:9a:5c:4d:98:0b:ac:
         ca:3c:4c:f3:a5:27:1d:e2:29:7a:3d:ef:d5:de:cd:6d:a8:69:
         8a:e3:1a:9c:5e:50:d4:8c:d5:ff:c5:c4:63:20:6b:9d:80:1a:
         7a:aa:10:d1:c7:4b:e3:aa:b4:fa:2f:01:11:7b:25:f6:62:72:
         4d:00:49:f8:22:47:00:5d:65:d8:fa:c5:76:8e:3f:a8:45:d4:
         92:7a:65:ff:f0:57:02:46:94:55:4d:c4:47:3d:e2:5a:61:d2:
         79:8e:93:04:2c:f5:dc:0b:19:6c:ac:17:f4:91:ad:11:29:b2:
         38:25:bc:be:42:db:55:d7:66:47:7f:07:bb:af:80:93:13:01:
         61:56:e6:a1:22:25:70:30:4a:0c:31:cc:ae:bd:8e:02:cc:26:
         48:ee:69:e4:51:59:3e:d6:a8:d8:78:f9:05:98:a4:36:3f:f5:
         13:12:0d:7f:9c:fe:ea:4f:de:34:38:4e:22:1a:ff:7c:9f:55:
         17:1f:2b:1d:e4:f3:f0:7c:94:67:99:37:ef:ea:a7:4d:ee:f1:
         f5:0a:54:57:5c:2a:16:12:56:42:5a:6e:c6:4e:f6:f5:30:c3:
         9d:fb:a2:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIegWKjWVWcxoMJfcZQNQo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YTY2NWI5MDA2OWJkNzE4NTA2MDJlNzQwMGM1Mjk3OTMy
NjllMzkwHhcNMjQwOTIzMTA1MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTYwZDY4ZWE3YmE0ZDlhZmE5ODJlZTViNTVmZWNmNTE1YWU5NGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqAq+2w/TFgpvregueEkosaL4pir
wUms/c/1myMR9rfBcABv03ybDk8CFvDtzw3HjNhFV7UTMmhBb1pdAF6VwxiWBEZT
kCaOYydoLJJ/Gf/XDZzAzMbg+ZHvJFZHPv23rtZgTxc/nS9tbC5s2AvKSHsuMAOG
L2pOKv+7qXiUGBv+9JuiaarTG3+TtSaTp0DP80VOiPcKEy+9tVRS1xVLdPcLKVtp
stCCk2BWRMVUWFC/1DEIMRBTi56GvjtFSOwomxfvpUc9JCZ8su7aJbqqmthF1H1o
lfpDMqP9UGFmC1Yi0gAIiIWaQxWCLF5M4/NeIiGwQjcSuerIkp4VQN5YQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFg1o6nuk2a+pgu5bVf7PUVrpT6MB8GA1UdIwQY
MBaAFGWmZbkAab1xhQYC50AMUpeTJp45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjct
Yzk0NTdlYzgxMTUxLzEva1dEV2pxZTZUWnI2bUM3bHRWX3M5Uld1bFBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjctYzk0NTdlYzgxMTUx
LzEvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEvVMA0G
CSqGSIb3DQEBCwUAA4IBAQCI92O3PuUZ9iziNmILKN/yuaL8R4oR3okE/x8U0f6a
XE2YC6zKPEzzpScd4il6Pe/V3s1tqGmK4xqcXlDUjNX/xcRjIGudgBp6qhDRx0vj
qrT6LwEReyX2YnJNAEn4IkcAXWXY+sV2jj+oRdSSemX/8FcCRpRVTcRHPeJaYdJ5
jpMELPXcCxlsrBf0ka0RKbI4Jby+QttV12ZHfwe7r4CTEwFhVuahIiVwMEoMMcyu
vY4CzCZI7mnkUVk+1qjYePkFmKQ2P/UTEg1/nP7qT940OE4iGv98n1UXHysd5PPw
fJRnmTfv6qdN7vH1ClRXXCoWElZCWm7GTvb1MMOd+6I0
-----END CERTIFICATE-----