Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/ImNZpsa6Qki4_mxVHQGlcr4kMEQ.roa
File:                     ImNZpsa6Qki4_mxVHQGlcr4kMEQ.roa (raw, json)
Hash identifier:          I3CjyfAyGoz6eUw60S189BQgoco56UfaN83Q2MGH6pc=
Subject key identifier:   22:63:59:A6:C6:BA:42:48:B8:FE:6C:55:1D:01:A5:72:BE:24:30:44
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0191D236F4DB6AAAFB97F67ED3215C63FAC3
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/ImNZpsa6Qki4_mxVHQGlcr4kMEQ.roa
Signing time:             Sun 08 Sep 2024 15:18:22 +0000
ROA not before:           Sun 08 Sep 2024 15:18:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        213.137.89.0/24 maxlen: 24
                          213.137.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d2:36:f4:db:6a:aa:fb:97:f6:7e:d3:21:5c:63:fa:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Sep  8 15:18:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=226359a6c6ba4248b8fe6c551d01a572be243044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bf:20:5e:19:c6:10:cc:cc:c1:3e:d0:7f:72:
                    01:28:4e:2e:67:36:8c:74:f7:74:51:b5:b4:f5:91:
                    1f:e7:01:98:93:10:4d:8a:b5:2b:48:2b:3b:d4:05:
                    89:a6:5a:2d:cb:59:24:28:2c:59:51:b1:75:cc:95:
                    0a:15:a9:88:8f:38:97:65:58:2c:92:b8:32:63:93:
                    d7:3d:6f:2b:9f:8e:9b:b3:61:45:88:4a:34:2f:24:
                    26:52:c1:90:5a:a8:ce:ad:c6:6d:ae:d2:21:74:ee:
                    34:c0:77:d1:66:9f:ec:b5:81:c5:8d:cc:ec:c7:0c:
                    6b:cb:ec:22:60:e1:95:58:9a:de:18:de:76:8a:4e:
                    b4:b6:4a:3f:05:be:bd:64:bc:ae:6d:ed:f2:2c:81:
                    1b:52:57:5d:7d:02:e7:57:5d:a6:18:3f:a6:e5:1a:
                    5b:dc:b0:a1:7e:6b:7f:fa:6e:a3:0d:e6:c2:64:bb:
                    34:3f:6f:7e:8f:86:12:bd:34:f7:b1:93:f1:e7:3e:
                    2b:20:6a:c5:77:a8:98:d4:04:6d:a8:b6:28:c8:c4:
                    91:57:ca:7a:52:03:88:2b:5b:3e:5b:43:28:fb:6c:
                    dc:1c:d3:62:2b:a8:66:1a:56:cc:12:39:59:c9:4d:
                    3d:91:28:2c:8f:47:44:fa:04:fd:2a:ad:d7:61:0e:
                    ee:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:63:59:A6:C6:BA:42:48:B8:FE:6C:55:1D:01:A5:72:BE:24:30:44
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/ImNZpsa6Qki4_mxVHQGlcr4kMEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.89.0/24
                  213.137.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:ad:bd:3e:6e:f9:84:53:47:e0:58:1b:ee:94:f8:cb:db:a3:
         84:6e:05:32:26:c7:eb:83:4d:49:38:89:16:86:cb:9e:de:e6:
         31:34:d7:19:a8:9e:6e:83:3a:c4:65:bb:3e:ac:50:ad:f2:3a:
         6c:e7:05:9b:30:fb:56:b4:99:96:ac:bf:f0:f3:50:18:4e:9c:
         dd:cd:33:f4:33:92:8c:87:95:70:d5:bf:29:8c:e3:9b:97:82:
         23:b8:db:af:bd:59:f8:07:ea:37:52:84:69:57:1b:18:cc:2a:
         54:d7:52:89:f8:27:81:ef:80:3f:de:14:ee:71:25:50:c2:c1:
         23:19:27:13:3e:dd:41:50:80:0d:61:d4:c1:0a:8b:3a:a9:3c:
         b7:ad:70:cf:8b:e4:3c:60:da:b5:d3:6d:79:65:dc:2f:aa:89:
         68:e9:3f:c6:e8:36:8d:e0:75:58:82:6f:61:79:ba:4e:97:8e:
         39:68:09:50:5f:d5:34:fb:0c:2d:5d:28:85:b0:e6:de:e0:4b:
         43:39:49:e8:e6:e3:41:c0:bc:aa:e0:f4:3e:27:a3:72:5c:5a:
         b2:e1:42:ff:66:69:06:d3:3c:49:3d:69:49:ce:4e:0f:f2:83:
         85:dd:d1:02:ae:22:78:fb:25:37:0d:50:69:d7:24:5a:77:c5:
         e2:87:de:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHSNvTbaqr7l/Z+0yFcY/rDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjQwOTA4MTUxODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjYzNTlhNmM2YmE0MjQ4YjhmZTZjNTUxZDAxYTU3MmJlMjQzMDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnL8gXhnGEMzMwT7Qf3IBKE4uZzaM
dPd0UbW09ZEf5wGYkxBNirUrSCs71AWJploty1kkKCxZUbF1zJUKFamIjziXZVgs
krgyY5PXPW8rn46bs2FFiEo0LyQmUsGQWqjOrcZtrtIhdO40wHfRZp/stYHFjczs
xwxry+wiYOGVWJreGN52ik60tko/Bb69ZLyube3yLIEbUlddfQLnV12mGD+m5Rpb
3LChfmt/+m6jDebCZLs0P29+j4YSvTT3sZPx5z4rIGrFd6iY1ARtqLYoyMSRV8p6
UgOIK1s+W0Mo+2zcHNNiK6hmGlbMEjlZyU09kSgsj0dE+gT9Kq3XYQ7uewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCJjWabGukJIuP5sVR0BpXK+JDBEMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvSW1OWnBzYTZRa2k0X214VkhRR2xjcjRrTUVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1YlZAwQA
1YlbMA0GCSqGSIb3DQEBCwUAA4IBAQC0rb0+bvmEU0fgWBvulPjL26OEbgUyJsfr
g01JOIkWhsue3uYxNNcZqJ5ugzrEZbs+rFCt8jps5wWbMPtWtJmWrL/w81AYTpzd
zTP0M5KMh5Vw1b8pjOObl4IjuNuvvVn4B+o3UoRpVxsYzCpU11KJ+CeB74A/3hTu
cSVQwsEjGScTPt1BUIANYdTBCos6qTy3rXDPi+Q8YNq10215Zdwvqolo6T/G6DaN
4HVYgm9hebpOl445aAlQX9U0+wwtXSiFsObe4EtDOUno5uNBwLyq4PQ+J6NyXFqy
4UL/ZmkG0zxJPWlJzk4P8oOF3dECriJ4+yU3DVBp1yRad8Xih94K
-----END CERTIFICATE-----