Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K7EaxVGE6Pt9SgZ5M6Mll4xYW7I.roa
File:                     K7EaxVGE6Pt9SgZ5M6Mll4xYW7I.roa (raw, json)
Hash identifier:          O4K1Bc/6fl4QzHnD2+4A05I9D1Btsw51feAw257mucA=
Subject key identifier:   2B:B1:1A:C5:51:84:E8:FB:7D:4A:06:79:33:A3:25:97:8C:58:5B:B2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01910E021C437F26376C44262095D57619F2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K7EaxVGE6Pt9SgZ5M6Mll4xYW7I.roa
Signing time:             Thu 01 Aug 2024 12:55:04 +0000
ROA not before:           Thu 01 Aug 2024 12:55:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205749
IP address blocks:        213.152.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0e:02:1c:43:7f:26:37:6c:44:26:20:95:d5:76:19:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  1 12:55:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bb11ac55184e8fb7d4a067933a325978c585bb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7e:25:a4:7e:b4:a4:74:33:63:e9:82:06:f1:
                    1c:83:ef:1f:6c:1a:1b:cf:01:b7:73:e8:77:31:5c:
                    f1:72:ed:d5:0c:8c:78:4f:8b:19:ae:22:e2:77:19:
                    b8:e9:a8:4a:40:3a:40:06:1e:18:ff:d6:da:27:b5:
                    06:db:fd:9b:81:2a:d8:ce:67:06:6e:f5:83:2b:1d:
                    08:ae:99:ff:8d:e4:7c:85:69:bf:41:81:6d:d6:02:
                    43:57:51:b4:04:f8:c7:32:db:64:0e:28:3b:68:66:
                    cd:92:aa:a3:f9:a2:ac:35:cd:e7:60:85:f8:a7:74:
                    b4:93:c1:81:9f:ee:1a:4c:65:1d:ca:6c:50:c6:59:
                    10:ef:e9:6a:ba:7e:9f:b0:0a:86:7b:c3:bd:c0:b3:
                    cb:ec:2e:31:0b:1b:e0:bb:f7:47:8d:78:58:09:7e:
                    23:c8:f5:d9:75:02:8a:12:2c:e2:b5:f4:04:fc:81:
                    66:f2:62:b9:a7:03:4f:e6:cb:5f:61:67:47:cc:06:
                    31:29:ad:22:eb:18:62:8f:63:c3:2d:70:19:68:60:
                    ca:70:15:1c:33:ae:8e:87:70:bf:5f:7a:d7:70:15:
                    8c:18:67:f8:84:4e:59:b5:9e:00:e4:af:52:a5:5b:
                    6d:bb:08:37:36:7a:7f:35:45:ba:ee:75:90:3d:90:
                    76:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:B1:1A:C5:51:84:E8:FB:7D:4A:06:79:33:A3:25:97:8C:58:5B:B2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K7EaxVGE6Pt9SgZ5M6Mll4xYW7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.152.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:3f:04:0e:a6:10:09:bc:3e:7e:d6:40:1b:b4:20:cf:42:8e:
         5f:b1:44:c1:04:a6:0e:47:56:25:b8:5b:7c:6c:17:8b:24:40:
         12:44:eb:ad:1a:61:3f:b1:7f:ab:19:d2:13:f1:b3:10:2d:ae:
         64:46:fe:ab:8b:23:4a:ef:a7:d1:f3:51:67:d3:24:d9:1a:e7:
         58:5a:30:a9:15:bd:38:77:9b:16:06:2c:f8:70:fd:41:4e:cb:
         23:0d:55:46:31:d8:4b:ac:ea:47:5e:05:8c:cb:9f:18:44:4f:
         ce:b7:fc:42:2e:73:ba:f6:f5:84:cb:dd:f1:a9:20:87:47:d5:
         00:63:9f:c3:a4:f7:2f:47:da:5b:37:45:a6:5e:10:d9:f0:b9:
         27:93:a0:0c:f2:d5:2a:4a:f8:d3:ba:44:38:c6:35:d4:27:6e:
         a3:9d:56:35:a1:32:6e:f5:1d:bb:d4:7a:89:40:c2:5f:dc:08:
         4c:d5:1e:47:af:bd:08:49:ff:9b:46:a9:30:59:59:e2:85:79:
         86:f6:78:55:06:d6:68:ea:ef:eb:24:4b:48:7f:b3:72:e8:a4:
         f7:cc:d0:c8:04:4e:47:3f:34:72:bb:f4:9a:f7:df:d8:7f:46:
         3d:54:64:96:b0:e7:68:d8:1a:d2:e7:71:c9:07:1b:54:09:6c:
         c2:ed:ef:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEOAhxDfyY3bEQmIJXVdhnyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwODAxMTI1NTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmIxMWFjNTUxODRlOGZiN2Q0YTA2NzkzM2EzMjU5NzhjNTg1YmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp34lpH60pHQzY+mCBvEcg+8fbBob
zwG3c+h3MVzxcu3VDIx4T4sZriLidxm46ahKQDpABh4Y/9baJ7UG2/2bgSrYzmcG
bvWDKx0Irpn/jeR8hWm/QYFt1gJDV1G0BPjHMttkDig7aGbNkqqj+aKsNc3nYIX4
p3S0k8GBn+4aTGUdymxQxlkQ7+lqun6fsAqGe8O9wLPL7C4xCxvgu/dHjXhYCX4j
yPXZdQKKEizitfQE/IFm8mK5pwNP5stfYWdHzAYxKa0i6xhij2PDLXAZaGDKcBUc
M66Oh3C/X3rXcBWMGGf4hE5ZtZ4A5K9SpVttuwg3Nnp/NUW67nWQPZB2FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCuxGsVRhOj7fUoGeTOjJZeMWFuyMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSzdFYXhWR0U2UHQ5U2daNU02TWxsNHhZVzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZgrMA0G
CSqGSIb3DQEBCwUAA4IBAQBAPwQOphAJvD5+1kAbtCDPQo5fsUTBBKYOR1YluFt8
bBeLJEASROutGmE/sX+rGdIT8bMQLa5kRv6riyNK76fR81Fn0yTZGudYWjCpFb04
d5sWBiz4cP1BTssjDVVGMdhLrOpHXgWMy58YRE/Ot/xCLnO69vWEy93xqSCHR9UA
Y5/DpPcvR9pbN0WmXhDZ8Lknk6AM8tUqSvjTukQ4xjXUJ26jnVY1oTJu9R271HqJ
QMJf3AhM1R5Hr70ISf+bRqkwWVnihXmG9nhVBtZo6u/rJEtIf7Ny6KT3zNDIBE5H
PzRyu/Sa99/Yf0Y9VGSWsOdo2BrS53HJBxtUCWzC7e98
-----END CERTIFICATE-----