Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/mkSPPHw07SsGbO4WGCEOd19dZWo.roa
File:                     mkSPPHw07SsGbO4WGCEOd19dZWo.roa (raw, json)
Hash identifier:          NI0rjJ3cWmxjoc/+hkUjD0/gAj9xLMFCdbwnEnmT2Hk=
Subject key identifier:   9A:44:8F:3C:7C:34:ED:2B:06:6C:EE:16:18:21:0E:77:5F:5D:65:6A
Certificate issuer:       /CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
Certificate serial:       018CC5DBEDB799D1B4B87725A0F31695421E
Authority key identifier: 14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/mkSPPHw07SsGbO4WGCEOd19dZWo.roa
Signing time:             Mon 01 Jan 2024 16:29:33 +0000
ROA not before:           Mon 01 Jan 2024 16:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200020
IP address blocks:        213.249.72.0/24 maxlen: 24
                          2a01:448:72::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ed:b7:99:d1:b4:b8:77:25:a0:f3:16:95:42:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
        Validity
            Not Before: Jan  1 16:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a448f3c7c34ed2b066cee1618210e775f5d656a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b4:1a:bf:46:14:cd:b3:93:6f:dc:31:8c:3d:
                    31:a0:19:e3:0b:86:1c:ec:96:b0:b9:17:a5:3a:29:
                    ef:41:8d:25:cd:f3:87:2d:d7:29:f9:35:b0:80:66:
                    56:6f:40:23:35:29:71:69:12:11:89:50:30:af:ec:
                    90:c0:29:94:75:1d:ce:42:84:6b:46:7f:57:59:95:
                    9d:40:4f:6f:21:2a:f4:20:51:d6:6b:e1:ad:e2:1f:
                    2f:9a:0e:4e:4f:a8:c5:ce:9b:1f:a1:00:ac:80:5a:
                    59:c8:f9:0c:b0:3a:5b:e0:12:43:ba:d4:40:fc:94:
                    65:ef:26:21:36:0b:ab:4d:00:b2:7a:9c:d1:70:e2:
                    83:ee:08:64:43:9e:63:c2:71:ed:7e:5d:ba:01:ef:
                    0e:d8:fc:f5:49:6f:fb:61:58:48:7e:6b:1f:91:6a:
                    e8:f4:a4:22:b1:3d:c6:06:ef:04:a2:0e:6e:99:d7:
                    ee:79:36:cd:d8:8d:7d:e1:39:61:77:01:c1:a3:c9:
                    d3:1e:ea:58:de:14:3d:f8:46:c6:95:d0:68:6c:37:
                    82:61:ad:eb:db:5c:c4:e7:73:5b:5c:94:dd:9c:db:
                    44:16:8d:95:80:df:1a:a3:b2:cb:1d:22:64:ff:36:
                    5e:20:73:0c:84:45:4f:7c:de:16:15:1b:04:40:60:
                    27:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:44:8F:3C:7C:34:ED:2B:06:6C:EE:16:18:21:0E:77:5F:5D:65:6A
            X509v3 Authority Key Identifier:
                keyid:14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/mkSPPHw07SsGbO4WGCEOd19dZWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.249.72.0/24
                IPv6:
                  2a01:448:72::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:cb:6d:d0:31:46:2d:b5:d7:e1:ce:bf:76:ee:c4:52:ae:4a:
         6e:81:98:35:fa:a4:60:32:10:3e:d1:0d:c5:f7:d5:3b:c6:be:
         d8:da:7e:4c:e7:f2:dd:4f:d7:80:7f:d6:1a:f5:d0:1a:c0:49:
         b8:ea:6b:6e:4a:dd:ce:ed:66:11:08:03:84:ad:98:eb:72:86:
         c0:8e:32:92:4a:95:76:a8:4d:c7:e4:37:ee:79:90:a2:b8:bc:
         b9:6f:53:ed:e5:46:83:d0:e5:66:36:30:4a:4c:92:0f:ce:27:
         67:e9:c5:96:82:65:f0:4c:2a:9b:6e:3e:bb:14:7e:8d:e4:59:
         8b:04:0e:cc:8e:5c:41:2a:8a:fc:2b:65:9a:e6:7b:98:43:7e:
         cf:09:7f:48:e6:fd:cc:e6:15:a3:49:e7:43:31:d7:0c:b2:9f:
         1f:32:2d:4f:5b:27:a2:60:22:2b:eb:c9:61:81:05:bc:24:00:
         49:7c:f4:6f:89:08:43:e9:de:5e:e9:6d:37:dc:ac:35:46:0b:
         e2:0a:7f:b3:c2:d2:29:40:7a:2e:06:a5:c5:b7:6a:f8:1e:b9:
         85:dd:1f:14:0c:82:5c:90:95:3a:1a:c1:5a:f2:cc:dd:38:20:
         e7:5a:e4:45:31:15:d6:1b:22:6a:88:e0:8c:ba:d4:03:0e:03:
         6a:c6:45:9c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF2+23mdG0uHcloPMWlUIeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YmVlMGViZDA2YjRiODEyZjllMTM3MTZlMjVmMWMzYzNk
MTRjYzYwHhcNMjQwMTAxMTYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQ0OGYzYzdjMzRlZDJiMDY2Y2VlMTYxODIxMGU3NzVmNWQ2NTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLQav0YUzbOTb9wxjD0xoBnjC4Yc
7JawuRelOinvQY0lzfOHLdcp+TWwgGZWb0AjNSlxaRIRiVAwr+yQwCmUdR3OQoRr
Rn9XWZWdQE9vISr0IFHWa+Gt4h8vmg5OT6jFzpsfoQCsgFpZyPkMsDpb4BJDutRA
/JRl7yYhNgurTQCyepzRcOKD7ghkQ55jwnHtfl26Ae8O2Pz1SW/7YVhIfmsfkWro
9KQisT3GBu8Eog5umdfueTbN2I194TlhdwHBo8nTHupY3hQ9+EbGldBobDeCYa3r
21zE53NbXJTdnNtEFo2VgN8ao7LLHSJk/zZeIHMMhEVPfN4WFRsEQGAnLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJpEjzx8NO0rBmzuFhghDndfXWVqMB8GA1UdIwQY
MBaAFBS+4OvQa0uBL54TcW4l8cPD0UzGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUt
ZDFiYjZiNGRkNzAxLzEvbWtTUFBIdzA3U3NHYk80V0dDRU9kMTlkWldvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUtZDFiYjZiNGRkNzAx
LzEvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1flIMA8E
AgACMAkDBwAqAQRIAHIwDQYJKoZIhvcNAQELBQADggEBADDLbdAxRi211+HOv3bu
xFKuSm6BmDX6pGAyED7RDcX31TvGvtjafkzn8t1P14B/1hr10BrASbjqa25K3c7t
ZhEIA4StmOtyhsCOMpJKlXaoTcfkN+55kKK4vLlvU+3lRoPQ5WY2MEpMkg/OJ2fp
xZaCZfBMKptuPrsUfo3kWYsEDsyOXEEqivwrZZrme5hDfs8Jf0jm/czmFaNJ50Mx
1wyynx8yLU9bJ6JgIivryWGBBbwkAEl89G+JCEPp3l7pbTfcrDVGC+IKf7PC0ilA
ei4GpcW3avgeuYXdHxQMglyQlToawVryzN04IOda5EUxFdYbImqI4Iy61AMOA2rG
RZw=
-----END CERTIFICATE-----