Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/66kzBEPGA8EvN3wUvFTc9gooHXE.roa
File:                     66kzBEPGA8EvN3wUvFTc9gooHXE.roa (raw, json)
Hash identifier:          kI4ds2D+ghdc/DjkbgEwVWnVDyR8LSTeag4QL8ikMSA=
Subject key identifier:   EB:A9:33:04:43:C6:03:C1:2F:37:7C:14:BC:54:DC:F6:0A:28:1D:71
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B737914FB6A14346C87DD2DA5F603B
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/66kzBEPGA8EvN3wUvFTc9gooHXE.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38926
IP address blocks:        212.234.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:37:91:4f:b6:a1:43:46:c8:7d:d2:da:5f:60:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eba9330443c603c12f377c14bc54dcf60a281d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1d:db:23:60:29:5f:d9:93:83:84:9d:c3:a8:
                    4a:fc:35:b5:b0:c9:cc:99:08:16:bc:02:a0:30:bd:
                    b4:68:a7:85:4d:3c:24:d8:d4:b6:5e:ed:03:8c:18:
                    3b:c5:e6:29:3e:be:3f:c6:f3:78:44:73:6f:b5:24:
                    15:9a:14:1f:fe:10:9f:7e:43:00:6d:8b:b8:05:73:
                    8a:88:51:21:a3:5a:50:b8:46:0d:b8:68:c8:1d:da:
                    c4:83:2f:40:fc:6c:a9:18:08:93:a7:5d:9a:75:0d:
                    e3:f9:d8:47:cc:0e:1c:80:d5:d3:7b:73:02:db:a8:
                    bd:ee:51:b6:33:5b:39:7d:28:63:dc:aa:34:7f:f0:
                    43:3e:a1:8a:60:03:40:ee:f7:18:1a:9a:8e:85:08:
                    76:93:fc:51:bb:91:c2:3f:ac:cf:4d:4f:35:6a:40:
                    bb:aa:5d:38:d5:dd:ef:49:8f:ed:9d:3e:d6:f0:6a:
                    dd:b4:f5:d4:69:02:55:7c:a1:9f:9f:52:c7:d5:9a:
                    cf:ea:55:19:c1:b2:b1:23:39:e0:95:5a:89:2d:ab:
                    f5:18:58:38:6c:ed:9a:83:40:41:dd:f6:f4:71:13:
                    ed:34:2a:f7:65:5d:f8:44:df:9f:67:a2:04:44:bb:
                    bb:d8:a3:6d:0a:f2:fd:12:d1:b6:f6:5a:ec:f3:d4:
                    b8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:A9:33:04:43:C6:03:C1:2F:37:7C:14:BC:54:DC:F6:0A:28:1D:71
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/66kzBEPGA8EvN3wUvFTc9gooHXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.234.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:45:f7:31:ab:5e:2d:ac:9f:63:be:33:6d:10:01:32:3a:58:
         eb:91:ad:63:da:a9:ae:ba:98:12:20:29:a5:07:3c:d9:54:3e:
         66:5d:b2:95:28:92:2d:87:c7:d9:13:75:b8:86:79:cc:fa:f4:
         4b:99:e1:b2:cf:8b:b8:c6:0f:06:c1:a7:c1:67:b0:b3:f6:da:
         ca:18:c2:e0:46:90:1d:a8:3c:6b:0f:1d:f9:21:8c:36:0b:3f:
         1a:a9:8d:15:f6:b8:f8:2a:99:81:a8:48:d3:16:bf:fc:3e:43:
         d9:a2:33:ba:b0:45:ab:1f:19:d1:82:b7:cf:af:ca:b0:75:5f:
         72:c6:31:69:ca:a0:b0:43:90:24:ce:63:d3:f5:2c:ca:9b:b6:
         22:3c:e7:d7:ac:7c:fa:66:96:f5:19:83:6e:2f:c5:df:c1:bb:
         8a:55:7f:f7:28:68:8d:5b:a7:55:f8:8f:93:cd:75:ab:14:c4:
         e2:51:e7:c1:d3:14:03:4e:85:83:7a:4f:78:89:ef:fe:46:a7:
         ce:cf:7c:00:8e:19:ec:30:8e:8a:0f:dd:ba:bf:97:3e:03:98:
         d5:9f:e0:95:33:4b:cd:cc:28:48:05:b7:01:b6:f6:7a:49:21:
         48:c8:81:c6:a2:74:8c:aa:5d:ac:86:25:d1:e4:88:51:d2:76:
         b1:77:c9:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzeRT7ahQ0bIfdLaX2A7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmE5MzMwNDQzYzYwM2MxMmYzNzdjMTRiYzU0ZGNmNjBhMjgxZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAux3bI2ApX9mTg4Sdw6hK/DW1sMnM
mQgWvAKgML20aKeFTTwk2NS2Xu0DjBg7xeYpPr4/xvN4RHNvtSQVmhQf/hCffkMA
bYu4BXOKiFEho1pQuEYNuGjIHdrEgy9A/GypGAiTp12adQ3j+dhHzA4cgNXTe3MC
26i97lG2M1s5fShj3Ko0f/BDPqGKYANA7vcYGpqOhQh2k/xRu5HCP6zPTU81akC7
ql041d3vSY/tnT7W8GrdtPXUaQJVfKGfn1LH1ZrP6lUZwbKxIznglVqJLav1GFg4
bO2ag0BB3fb0cRPtNCr3ZV34RN+fZ6IERLu72KNtCvL9EtG29lrs89S4+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOupMwRDxgPBLzd8FLxU3PYKKB1xMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvNjZrekJFUEdBOEV2TjN3VXZGVGM5Z29vSFhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1OonMA0G
CSqGSIb3DQEBCwUAA4IBAQB3Rfcxq14trJ9jvjNtEAEyOljrka1j2qmuupgSICml
BzzZVD5mXbKVKJIth8fZE3W4hnnM+vRLmeGyz4u4xg8GwafBZ7Cz9trKGMLgRpAd
qDxrDx35IYw2Cz8aqY0V9rj4KpmBqEjTFr/8PkPZojO6sEWrHxnRgrfPr8qwdV9y
xjFpyqCwQ5AkzmPT9SzKm7YiPOfXrHz6Zpb1GYNuL8XfwbuKVX/3KGiNW6dV+I+T
zXWrFMTiUefB0xQDToWDek94ie/+RqfOz3wAjhnsMI6KD926v5c+A5jVn+CVM0vN
zChIBbcBtvZ6SSFIyIHGonSMql2shiXR5IhR0naxd8l1
-----END CERTIFICATE-----