Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/itPEMbOZFFR8e5L5AvpBnlFEedQ.roa
File:                     itPEMbOZFFR8e5L5AvpBnlFEedQ.roa (raw, json)
Hash identifier:          pIQ9iWRr1eE7BBGNob9EZxPiOkZPJVC3FeL7vrrHIjo=
Subject key identifier:   8A:D3:C4:31:B3:99:14:54:7C:7B:92:F9:02:FA:41:9E:51:44:79:D4
Certificate issuer:       /CN=3dc410e3f09bea6abc9dd8c6ff4185651b0ab867
Certificate serial:       019421B19F954D3B938C990A5DE07669B2D3
Authority key identifier: 3D:C4:10:E3:F0:9B:EA:6A:BC:9D:D8:C6:FF:41:85:65:1B:0A:B8:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/itPEMbOZFFR8e5L5AvpBnlFEedQ.roa
Signing time:             Wed 01 Jan 2025 11:47:56 +0000
ROA not before:           Wed 01 Jan 2025 11:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        134.30.0.0/16 maxlen: 16
                          193.149.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:9f:95:4d:3b:93:8c:99:0a:5d:e0:76:69:b2:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3dc410e3f09bea6abc9dd8c6ff4185651b0ab867
        Validity
            Not Before: Jan  1 11:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ad3c431b39914547c7b92f902fa419e514479d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:fa:74:d3:89:48:6f:95:73:84:97:c6:f7:ce:
                    bb:8d:61:9c:28:ee:37:19:62:18:4a:8c:9c:6d:ae:
                    68:f0:c2:a3:c7:33:e6:6f:63:fb:6e:f2:15:ac:be:
                    d6:c0:c7:72:3d:3b:8c:97:c9:bb:3a:e6:c9:97:48:
                    ba:c8:8d:5f:a9:d7:71:bb:ed:43:8e:67:3b:36:43:
                    5a:ac:7d:28:36:0e:3d:0b:af:9e:13:ff:25:bd:00:
                    eb:d4:0c:96:45:c8:17:3d:e5:18:6e:34:02:ac:4f:
                    b0:60:2e:f1:78:36:d5:82:e3:00:5a:ab:d4:52:0d:
                    b5:38:6a:69:aa:3c:1c:eb:e1:bc:31:73:b6:fa:7e:
                    c2:12:fe:26:a0:73:05:68:e4:40:de:78:bf:81:37:
                    2c:26:f8:1e:88:59:ba:8b:d2:8e:e3:ff:82:9c:71:
                    c8:a7:96:42:34:da:07:b9:99:b2:33:72:07:a4:a0:
                    94:91:77:9d:ab:19:45:e0:72:fb:85:77:02:c4:26:
                    bb:d6:3a:8e:41:e4:a4:01:56:a2:97:ce:3a:1f:f2:
                    9f:91:98:57:7d:f1:98:68:5f:c2:fe:70:e6:d0:79:
                    1d:73:8d:d3:bd:08:6a:45:d2:19:f6:a9:83:b5:8f:
                    f7:27:4e:87:b6:c2:df:5d:56:5a:25:f8:86:d6:66:
                    08:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:D3:C4:31:B3:99:14:54:7C:7B:92:F9:02:FA:41:9E:51:44:79:D4
            X509v3 Authority Key Identifier:
                keyid:3D:C4:10:E3:F0:9B:EA:6A:BC:9D:D8:C6:FF:41:85:65:1B:0A:B8:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/itPEMbOZFFR8e5L5AvpBnlFEedQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/042951-54d8-469c-bba1-a6546cd9da94/1/PcQQ4_Cb6mq8ndjG_0GFZRsKuGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.30.0.0/16
                  193.149.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ca:fe:4c:01:d8:f7:d5:53:46:c9:f5:66:25:40:47:2e:18:a0:
         a8:04:c3:17:f0:04:c1:f9:e1:9c:fe:52:18:13:82:c3:d1:67:
         29:71:da:80:3e:4a:05:17:51:6f:d6:b9:f5:0a:3c:17:65:13:
         68:16:df:0c:95:18:b4:34:a6:05:d3:5b:a4:05:93:96:5c:24:
         dc:b5:2b:33:4b:83:e8:0c:79:dd:b9:41:57:e0:ee:d5:36:bb:
         a2:ad:b7:9f:7d:0b:98:9d:96:82:9a:8a:1f:a1:ab:2f:ed:6a:
         d8:60:6b:f7:c5:f8:1b:cd:b1:48:e5:bf:43:d5:ef:01:6a:60:
         aa:37:4e:63:56:93:1b:89:ad:99:d9:c7:29:e9:ed:15:b6:fa:
         a5:ec:cc:67:f6:0c:42:35:5b:08:da:e7:08:5f:db:80:17:9c:
         1b:df:38:c7:c9:ab:cc:55:ac:0c:69:21:60:0d:e9:1b:c7:0b:
         c5:91:01:52:af:76:8c:0c:28:d6:7f:7d:32:38:20:a6:6f:66:
         70:be:7c:bf:24:6e:4a:45:67:0e:43:5c:f1:43:b2:b1:c0:5e:
         1b:95:3f:ea:1c:51:6b:58:e2:b5:a4:f5:79:e1:95:cc:4f:db:
         57:c2:51:61:e3:f8:43:7b:55:c5:c2:13:a3:9e:72:bf:44:63:
         3a:2e:94:db
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQhsZ+VTTuTjJkKXeB2abLTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkYzQxMGUzZjA5YmVhNmFiYzlkZDhjNmZmNDE4NTY1MWIw
YWI4NjcwHhcNMjUwMTAxMTE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWQzYzQzMWIzOTkxNDU0N2M3YjkyZjkwMmZhNDE5ZTUxNDQ3OWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/p004lIb5VzhJfG9867jWGcKO43
GWIYSoycba5o8MKjxzPmb2P7bvIVrL7WwMdyPTuMl8m7OubJl0i6yI1fqddxu+1D
jmc7NkNarH0oNg49C6+eE/8lvQDr1AyWRcgXPeUYbjQCrE+wYC7xeDbVguMAWqvU
Ug21OGppqjwc6+G8MXO2+n7CEv4moHMFaORA3ni/gTcsJvgeiFm6i9KO4/+CnHHI
p5ZCNNoHuZmyM3IHpKCUkXedqxlF4HL7hXcCxCa71jqOQeSkAVail846H/KfkZhX
ffGYaF/C/nDm0Hkdc43TvQhqRdIZ9qmDtY/3J06HtsLfXVZaJfiG1mYIAwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFIrTxDGzmRRUfHuS+QL6QZ5RRHnUMB8GA1UdIwQY
MBaAFD3EEOPwm+pqvJ3Yxv9BhWUbCrhnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGNRUTRfQ2I2bXE4bmRqR18wR0ZaUnNLdUdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8wNDI5NTEtNTRkOC00NjljLWJiYTEt
YTY1NDZjZDlkYTk0LzEvaXRQRU1iT1pGRlI4ZTVMNUF2cEJubEZFZWRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8wNDI5NTEtNTRkOC00NjljLWJiYTEtYTY1NDZjZDlkYTk0
LzEvUGNRUTRfQ2I2bXE4bmRqR18wR0ZaUnNLdUdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAhh4DBAPB
lQgwDQYJKoZIhvcNAQELBQADggEBAMr+TAHY99VTRsn1ZiVARy4YoKgEwxfwBMH5
4Zz+UhgTgsPRZylx2oA+SgUXUW/WufUKPBdlE2gW3wyVGLQ0pgXTW6QFk5ZcJNy1
KzNLg+gMed25QVfg7tU2u6Ktt599C5idloKaih+hqy/tathga/fF+BvNsUjlv0PV
7wFqYKo3TmNWkxuJrZnZxynp7RW2+qXszGf2DEI1Wwja5whf24AXnBvfOMfJq8xV
rAxpIWAN6RvHC8WRAVKvdowMKNZ/fTI4IKZvZnC+fL8kbkpFZw5DXPFDsrHAXhuV
P+ocUWtY4rWk9XnhlcxP21fCUWHj+EN7VcXCE6Oecr9EYzoulNs=
-----END CERTIFICATE-----