Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/XkrKIOtQqCeiM_ipqUgw2hNkGLU.roa
File:                     XkrKIOtQqCeiM_ipqUgw2hNkGLU.roa (raw, json)
Hash identifier:          GxsKuox0XYSdof8GUNg9cNag/aibNxME/1NCfApWjHU=
Subject key identifier:   5E:4A:CA:20:EB:50:A8:27:A2:33:F8:A9:A9:48:30:DA:13:64:18:B5
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       0192DE01526339FEFE172DD3BB680EB7032C
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/XkrKIOtQqCeiM_ipqUgw2hNkGLU.roa
Signing time:             Wed 30 Oct 2024 15:18:01 +0000
ROA not before:           Wed 30 Oct 2024 15:18:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216334
IP address blocks:        212.22.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:de:01:52:63:39:fe:fe:17:2d:d3:bb:68:0e:b7:03:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Oct 30 15:18:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e4aca20eb50a827a233f8a9a94830da136418b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:63:fc:1b:cd:de:14:14:cf:9a:42:a8:e8:09:
                    19:2f:5e:08:26:db:57:7c:3c:b8:60:f7:00:44:51:
                    5c:17:1e:c3:27:5a:73:29:c8:07:05:4d:15:8f:80:
                    bc:62:d9:e6:ee:07:59:6c:25:95:d2:c6:af:28:41:
                    8d:60:0e:17:33:15:c5:63:db:58:d1:ef:86:d2:d3:
                    a2:da:9f:a1:a8:16:6e:32:c3:4d:d7:e0:b2:7f:6a:
                    23:81:a2:05:ae:30:f5:2c:4d:2a:4d:b5:e2:c4:ca:
                    c1:93:a6:07:ff:c9:a1:66:45:d0:20:48:0f:0b:e0:
                    6c:0c:e7:fb:96:2a:cf:ff:bf:95:cd:21:45:b9:d7:
                    df:f3:77:12:dd:e3:d6:b5:44:8b:f6:73:15:c4:ca:
                    b6:c1:59:f4:10:d0:56:71:c6:b6:b5:60:fd:53:07:
                    20:98:44:bb:7b:ba:be:b3:d0:fb:9a:20:5f:95:28:
                    9c:f7:e4:1c:b1:5e:09:56:cf:33:d0:f4:14:47:1b:
                    20:42:1b:82:74:17:a7:7b:7d:75:50:55:bc:83:d3:
                    55:6d:2c:78:20:0b:23:00:c3:60:a2:72:2d:a6:5b:
                    6e:71:d7:63:bb:d0:ce:e9:40:2e:96:fb:d8:02:2c:
                    36:17:8b:54:29:f6:1e:ed:f3:3d:34:b0:ec:9c:1b:
                    a1:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:4A:CA:20:EB:50:A8:27:A2:33:F8:A9:A9:48:30:DA:13:64:18:B5
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/XkrKIOtQqCeiM_ipqUgw2hNkGLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:32:69:b4:8d:4f:ce:42:79:c5:96:12:b7:17:e0:db:a2:7b:
         94:8d:f6:e8:6a:ca:be:2f:9f:e1:3b:7b:1d:6c:0f:d9:9a:23:
         05:c2:85:46:d9:97:c4:03:94:a0:22:73:94:28:f1:d3:63:80:
         76:82:3d:1b:19:e5:25:72:37:04:fa:3c:82:22:99:98:d8:40:
         4f:e8:09:09:1b:84:0e:98:c4:d8:5e:2c:f5:f2:e4:19:6e:6e:
         1b:3f:55:b6:8b:89:a0:95:39:48:5c:f4:b5:e9:70:98:47:ad:
         ba:90:ae:8b:5c:e7:26:6f:1a:4d:67:57:f4:90:71:cd:a4:99:
         73:83:50:70:0b:a8:96:04:f8:3e:c3:94:70:4a:1c:07:f3:0f:
         42:b7:9e:b0:12:25:e8:2e:f6:b7:8f:33:85:9e:12:a0:86:77:
         10:49:c4:83:f0:56:42:06:45:4f:bd:8b:ac:bb:46:6a:eb:ea:
         55:62:c8:05:a6:37:29:4c:81:e7:f9:da:5a:ac:dc:8d:82:da:
         df:c0:24:30:33:0e:35:f3:d3:de:bb:0e:ef:55:7b:b5:8e:e8:
         75:01:a4:0d:0d:11:ba:31:53:3f:63:81:7c:d6:d7:c3:67:fe:
         d9:4f:5f:07:2c:c4:85:26:33:71:82:b9:dc:1b:24:97:bd:4d:
         d3:b1:fc:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLeAVJjOf7+Fy3Tu2gOtwMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQxMDMwMTUxODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTRhY2EyMGViNTBhODI3YTIzM2Y4YTlhOTQ4MzBkYTEzNjQxOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2P8G83eFBTPmkKo6AkZL14IJttX
fDy4YPcARFFcFx7DJ1pzKcgHBU0Vj4C8Ytnm7gdZbCWV0savKEGNYA4XMxXFY9tY
0e+G0tOi2p+hqBZuMsNN1+Cyf2ojgaIFrjD1LE0qTbXixMrBk6YH/8mhZkXQIEgP
C+BsDOf7lirP/7+VzSFFudff83cS3ePWtUSL9nMVxMq2wVn0ENBWcca2tWD9Uwcg
mES7e7q+s9D7miBflSic9+QcsV4JVs8z0PQURxsgQhuCdBene311UFW8g9NVbSx4
IAsjAMNgonItpltucddju9DO6UAulvvYAiw2F4tUKfYe7fM9NLDsnBuhWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5KyiDrUKgnojP4qalIMNoTZBi1MB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvWGtyS0lPdFFxQ2VpTV9pcHFVZ3cyaE5rR0xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZaMA0G
CSqGSIb3DQEBCwUAA4IBAQCeMmm0jU/OQnnFlhK3F+DbonuUjfboasq+L5/hO3sd
bA/ZmiMFwoVG2ZfEA5SgInOUKPHTY4B2gj0bGeUlcjcE+jyCIpmY2EBP6AkJG4QO
mMTYXiz18uQZbm4bP1W2i4mglTlIXPS16XCYR626kK6LXOcmbxpNZ1f0kHHNpJlz
g1BwC6iWBPg+w5RwShwH8w9Ct56wEiXoLva3jzOFnhKghncQScSD8FZCBkVPvYus
u0Zq6+pVYsgFpjcpTIHn+dparNyNgtrfwCQwMw4189Peuw7vVXu1juh1AaQNDRG6
MVM/Y4F81tfDZ/7ZT18HLMSFJjNxgrncGySXvU3Tsfx2
-----END CERTIFICATE-----