Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/0614a6-d01c-4ff2-a993-7246457fd2b3/1/7j-hi4sWkS4zs-qNs2GmhiqZcAw.roa
File:                     7j-hi4sWkS4zs-qNs2GmhiqZcAw.roa (raw, json)
Hash identifier:          QFGr2w53kj2LfpZi4MQklCYIe0Kam+jS1I7zC28vcvo=
Subject key identifier:   EE:3F:A1:8B:8B:16:91:2E:33:B3:EA:8D:B3:61:A6:86:2A:99:70:0C
Certificate issuer:       /CN=29f5240238b828f16e60229e2633503f04846599
Certificate serial:       01929F464C220B92D7D476AD0F862F3D318D
Authority key identifier: 29:F5:24:02:38:B8:28:F1:6E:60:22:9E:26:33:50:3F:04:84:65:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KfUkAji4KPFuYCKeJjNQPwSEZZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/0614a6-d01c-4ff2-a993-7246457fd2b3/1/7j-hi4sWkS4zs-qNs2GmhiqZcAw.roa
Signing time:             Fri 18 Oct 2024 10:57:17 +0000
ROA not before:           Fri 18 Oct 2024 10:57:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61407
IP address blocks:        185.29.211.0/24 maxlen: 24
                          2a07:5240::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/0614a6-d01c-4ff2-a993-7246457fd2b3/1/KfUkAji4KPFuYCKeJjNQPwSEZZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/0614a6-d01c-4ff2-a993-7246457fd2b3/1/KfUkAji4KPFuYCKeJjNQPwSEZZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KfUkAji4KPFuYCKeJjNQPwSEZZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9f:46:4c:22:0b:92:d7:d4:76:ad:0f:86:2f:3d:31:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29f5240238b828f16e60229e2633503f04846599
        Validity
            Not Before: Oct 18 10:57:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee3fa18b8b16912e33b3ea8db361a6862a99700c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e8:a7:86:11:15:ae:ba:04:77:d5:d9:ea:78:
                    39:e9:e5:a5:39:8d:66:1e:f5:1c:08:0e:4d:27:92:
                    4a:7d:12:a5:e4:aa:46:c5:52:32:74:57:5f:52:58:
                    f4:14:ee:d9:68:83:cc:98:30:d7:2b:80:e6:24:74:
                    ba:f1:35:72:cb:ca:00:f0:b8:09:14:4a:5e:e7:6c:
                    39:66:29:73:41:75:ff:1c:45:4c:8d:6a:b3:34:7b:
                    0e:1b:e0:1f:3c:43:e6:dd:6f:3e:4a:5d:24:cb:67:
                    38:8f:1e:c6:73:ec:fc:e5:67:a7:0d:80:46:b0:68:
                    d3:d6:67:76:48:4f:96:74:0e:be:24:e1:8f:4c:bf:
                    11:6e:bc:85:e1:d3:fa:d1:18:56:b2:43:90:68:29:
                    49:bf:78:b7:e6:7d:dc:96:1f:70:72:ea:91:9b:59:
                    43:1b:1f:30:d2:4b:29:9f:dd:7b:cb:dd:10:dc:f9:
                    88:ef:60:b4:e7:56:18:e4:db:46:b6:e7:37:a8:69:
                    fa:37:e5:ce:48:b1:ab:9a:fe:8b:af:07:6c:62:b5:
                    0b:e7:6b:06:3b:3e:a9:a5:37:e2:cf:9c:25:7c:b7:
                    bf:c1:cf:b4:f6:53:c7:6a:f4:11:70:90:35:73:8f:
                    98:d3:55:6e:c2:b2:9e:86:7a:5f:27:46:79:1d:82:
                    a6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:3F:A1:8B:8B:16:91:2E:33:B3:EA:8D:B3:61:A6:86:2A:99:70:0C
            X509v3 Authority Key Identifier:
                keyid:29:F5:24:02:38:B8:28:F1:6E:60:22:9E:26:33:50:3F:04:84:65:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KfUkAji4KPFuYCKeJjNQPwSEZZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/0614a6-d01c-4ff2-a993-7246457fd2b3/1/7j-hi4sWkS4zs-qNs2GmhiqZcAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/0614a6-d01c-4ff2-a993-7246457fd2b3/1/KfUkAji4KPFuYCKeJjNQPwSEZZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.211.0/24
                IPv6:
                  2a07:5240::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:6d:dd:0a:57:7c:9f:d6:1d:2d:24:d6:4c:36:c7:77:c6:81:
         fb:c9:d6:c2:6c:77:14:8b:61:7e:2d:00:86:05:2f:2e:ed:f6:
         18:cb:54:db:d6:4c:f1:2c:d2:86:52:2b:7d:e2:42:64:95:53:
         66:32:dc:9c:43:64:65:8c:8b:0e:0b:a0:ba:a6:8a:66:ed:a3:
         d7:0f:1f:bf:f2:ca:a3:e8:cb:15:98:d9:82:d3:c6:56:0b:c0:
         16:88:76:1c:fd:f6:08:57:7c:8f:33:f8:7c:d5:85:84:9f:6b:
         6d:c3:2b:d1:c0:20:b6:e5:10:6b:e4:b7:91:aa:33:fc:b9:78:
         44:d1:e9:0d:37:a9:48:f7:cb:e4:80:52:8e:dc:ed:65:7b:64:
         cc:8a:e3:0f:f8:3b:6f:02:e9:ca:f0:cb:ab:65:00:1e:b0:ec:
         b7:ec:9f:fc:6e:54:5d:b6:38:6c:9a:f3:7f:32:d2:6a:69:47:
         41:4e:86:74:20:73:ed:34:79:52:68:9f:d1:a8:27:f5:6e:87:
         22:2c:4c:fa:6f:63:a2:51:be:84:93:e0:ee:35:92:d5:ad:08:
         2f:34:d2:25:3c:79:99:7b:c1:1e:18:01:83:39:e4:7f:8d:0c:
         4c:71:ff:34:31:cd:82:b8:dc:5d:56:57:53:ac:95:90:3b:ba:
         81:a8:38:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZKfRkwiC5LX1HatD4YvPTGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZjUyNDAyMzhiODI4ZjE2ZTYwMjI5ZTI2MzM1MDNmMDQ4
NDY1OTkwHhcNMjQxMDE4MTA1NzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTNmYTE4YjhiMTY5MTJlMzNiM2VhOGRiMzYxYTY4NjJhOTk3MDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+inhhEVrroEd9XZ6ng56eWlOY1m
HvUcCA5NJ5JKfRKl5KpGxVIydFdfUlj0FO7ZaIPMmDDXK4DmJHS68TVyy8oA8LgJ
FEpe52w5ZilzQXX/HEVMjWqzNHsOG+AfPEPm3W8+Sl0ky2c4jx7Gc+z85WenDYBG
sGjT1md2SE+WdA6+JOGPTL8RbryF4dP60RhWskOQaClJv3i35n3clh9wcuqRm1lD
Gx8w0kspn917y90Q3PmI72C051YY5NtGtuc3qGn6N+XOSLGrmv6LrwdsYrUL52sG
Oz6ppTfiz5wlfLe/wc+09lPHavQRcJA1c4+Y01VuwrKehnpfJ0Z5HYKmoQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO4/oYuLFpEuM7PqjbNhpoYqmXAMMB8GA1UdIwQY
MBaAFCn1JAI4uCjxbmAiniYzUD8EhGWZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZVa0FqaTRLUEZ1WUNLZUpqTlFQd1NFWlprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8wNjE0YTYtZDAxYy00ZmYyLWE5OTMt
NzI0NjQ1N2ZkMmIzLzEvN2otaGk0c1drUzR6cy1xTnMyR21oaXFaY0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8wNjE0YTYtZDAxYy00ZmYyLWE5OTMtNzI0NjQ1N2ZkMmIz
LzEvS2ZVa0FqaTRLUEZ1WUNLZUpqTlFQd1NFWlprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuR3TMA0E
AgACMAcDBQMqB1JAMA0GCSqGSIb3DQEBCwUAA4IBAQBVbd0KV3yf1h0tJNZMNsd3
xoH7ydbCbHcUi2F+LQCGBS8u7fYYy1Tb1kzxLNKGUit94kJklVNmMtycQ2RljIsO
C6C6popm7aPXDx+/8sqj6MsVmNmC08ZWC8AWiHYc/fYIV3yPM/h81YWEn2ttwyvR
wCC25RBr5LeRqjP8uXhE0ekNN6lI98vkgFKO3O1le2TMiuMP+DtvAunK8MurZQAe
sOy37J/8blRdtjhsmvN/MtJqaUdBToZ0IHPtNHlSaJ/RqCf1bociLEz6b2OiUb6E
k+DuNZLVrQgvNNIlPHmZe8EeGAGDOeR/jQxMcf80Mc2CuNxdVldTrJWQO7qBqDjm
-----END CERTIFICATE-----