Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/jkAKv2ay5R_x1Memdp-BSwGTEMk.roa
File:                     jkAKv2ay5R_x1Memdp-BSwGTEMk.roa (raw, json)
Hash identifier:          OE3pqlrUFfr68hna3ooZLOZAkseRm85rE1BaC50O/ig=
Subject key identifier:   8E:40:0A:BF:66:B2:E5:1F:F1:D4:C7:A6:76:9F:81:4B:01:93:10:C9
Certificate issuer:       /CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
Certificate serial:       018CC72748D826DBDFDCF014E31FA0052C05
Authority key identifier: E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/jkAKv2ay5R_x1Memdp-BSwGTEMk.roa
Signing time:             Mon 01 Jan 2024 22:31:29 +0000
ROA not before:           Mon 01 Jan 2024 22:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204242
IP address blocks:        213.152.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:48:d8:26:db:df:dc:f0:14:e3:1f:a0:05:2c:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e400abf66b2e51ff1d4c7a6769f814b019310c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6d:cf:26:33:44:9b:22:86:ac:e0:59:ec:07:
                    82:ee:23:81:fb:13:17:37:14:87:90:d8:d3:70:bd:
                    d2:a3:40:6f:cd:28:55:ab:3d:11:e4:07:0c:b1:df:
                    2d:34:2e:23:a9:fb:73:46:c5:d0:39:cd:96:85:93:
                    cb:75:ef:0a:dd:4f:13:c0:93:5b:eb:ed:66:9e:c8:
                    cd:de:00:41:90:3d:50:20:01:d4:a2:86:03:50:48:
                    78:89:4a:3a:17:19:fc:78:be:f4:2e:f5:12:af:c4:
                    70:3d:0c:56:ca:b8:e3:34:99:de:ef:fa:c0:30:c8:
                    a6:4b:3a:62:a5:d8:c5:7d:08:87:db:55:02:a7:73:
                    de:ec:d4:7f:5f:41:d1:00:db:f9:81:f0:4a:8b:ed:
                    f7:c2:68:ff:b7:28:a2:d9:38:85:c5:3a:b5:07:ad:
                    b6:7b:3a:08:44:4e:87:00:5c:50:43:04:f8:5c:9a:
                    58:88:bd:6c:99:dd:1a:28:f8:3b:10:45:ef:19:a7:
                    e8:71:30:a1:e5:bc:1e:33:ca:c3:d0:1d:89:8e:41:
                    49:a6:43:30:cc:45:eb:e2:24:66:9f:2e:76:8b:f7:
                    3e:59:d8:21:72:70:d2:96:43:56:9c:c5:ad:03:8f:
                    74:38:31:6f:b7:50:8c:22:b2:e4:7d:c0:61:94:f4:
                    13:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:40:0A:BF:66:B2:E5:1F:F1:D4:C7:A6:76:9F:81:4B:01:93:10:C9
            X509v3 Authority Key Identifier:
                keyid:E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/jkAKv2ay5R_x1Memdp-BSwGTEMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.152.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:0a:df:18:cf:72:3e:2f:af:47:6b:57:fa:7b:cc:b2:37:15:
         c8:11:5e:91:20:58:ca:8c:73:7c:08:cc:82:ca:9a:3b:6b:6a:
         7a:a9:1f:b6:eb:37:b0:4c:ff:84:70:92:3b:46:22:85:c0:07:
         54:94:2b:ae:d7:80:eb:7d:15:4f:81:fd:cd:fc:83:8d:b9:1d:
         ac:50:14:58:80:9e:96:60:c6:5a:e1:41:e9:82:ef:11:c0:d5:
         29:38:cf:43:8b:0d:d6:51:e5:35:e8:cc:f7:df:67:cf:69:39:
         60:8e:30:92:c9:fa:df:08:6b:08:cc:1c:5b:1c:80:60:1e:b9:
         b0:bd:a2:00:1c:89:b4:15:9a:9f:54:87:ab:ad:c4:d1:5a:24:
         ed:cf:f2:bc:0e:2a:c1:a5:f3:90:b4:c9:11:a0:d7:a7:46:50:
         61:19:10:29:77:6c:0f:5b:52:4d:0e:cd:00:ad:bc:8e:a3:4d:
         28:3f:5c:31:f6:e4:08:e4:89:ec:70:72:89:46:8e:b0:f1:6e:
         59:d2:a8:30:ad:d6:43:c4:c6:c5:2a:53:53:de:11:f2:04:fc:
         b4:69:3c:7f:b7:15:93:5d:89:d5:7f:85:8e:2c:96:c4:c1:07:
         95:f2:9d:4d:86:a6:d4:f6:4b:da:2f:4a:8d:a4:dd:28:e5:85:
         5f:c3:c7:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0jYJtvf3PAU4x+gBSwFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGNjOTQyOWI2MzM4MmU5YjE3MTRkMjFiM2M5NmQyZTVl
YmUyNTcwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTQwMGFiZjY2YjJlNTFmZjFkNGM3YTY3NjlmODE0YjAxOTMxMGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnm3PJjNEmyKGrOBZ7AeC7iOB+xMX
NxSHkNjTcL3So0BvzShVqz0R5AcMsd8tNC4jqftzRsXQOc2WhZPLde8K3U8TwJNb
6+1mnsjN3gBBkD1QIAHUooYDUEh4iUo6Fxn8eL70LvUSr8RwPQxWyrjjNJne7/rA
MMimSzpipdjFfQiH21UCp3Pe7NR/X0HRANv5gfBKi+33wmj/tyii2TiFxTq1B622
ezoIRE6HAFxQQwT4XJpYiL1smd0aKPg7EEXvGafocTCh5bweM8rD0B2JjkFJpkMw
zEXr4iRmny52i/c+WdghcnDSlkNWnMWtA490ODFvt1CMIrLkfcBhlPQTbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5ACr9msuUf8dTHpnafgUsBkxDJMB8GA1UdIwQY
MBaAFOMMyUKbYzgumxcU0hs8ltLl6+JXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUt
ZGI0ZjM1MmU5YWQzLzEvamtBS3YyYXk1Ul94MU1lbWRwLUJTd0dURU1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUtZGI0ZjM1MmU5YWQz
LzEvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZjxMA0G
CSqGSIb3DQEBCwUAA4IBAQB9Ct8Yz3I+L69Ha1f6e8yyNxXIEV6RIFjKjHN8CMyC
ypo7a2p6qR+26zewTP+EcJI7RiKFwAdUlCuu14DrfRVPgf3N/IONuR2sUBRYgJ6W
YMZa4UHpgu8RwNUpOM9Diw3WUeU16Mz332fPaTlgjjCSyfrfCGsIzBxbHIBgHrmw
vaIAHIm0FZqfVIerrcTRWiTtz/K8DirBpfOQtMkRoNenRlBhGRApd2wPW1JNDs0A
rbyOo00oP1wx9uQI5InscHKJRo6w8W5Z0qgwrdZDxMbFKlNT3hHyBPy0aTx/txWT
XYnVf4WOLJbEwQeV8p1NhqbU9kvaL0qNpN0o5YVfw8dA
-----END CERTIFICATE-----