Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/SCaD2SqaWfN--N6DsF994_fc3Mg.roa
File:                     SCaD2SqaWfN--N6DsF994_fc3Mg.roa (raw, json)
Hash identifier:          +mVgiw0WyQXJZ5mj5zvKT11Ag+lyI+ehWbsz6ALMHpM=
Subject key identifier:   48:26:83:D9:2A:9A:59:F3:7E:F8:DE:83:B0:5F:7D:E3:F7:DC:DC:C8
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0191058D1E353DC73F2380E2C497CCAE098D
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/SCaD2SqaWfN--N6DsF994_fc3Mg.roa
Signing time:             Tue 30 Jul 2024 21:30:19 +0000
ROA not before:           Tue 30 Jul 2024 21:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        213.182.199.0/24 maxlen: 24
                          213.182.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:05:8d:1e:35:3d:c7:3f:23:80:e2:c4:97:cc:ae:09:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Jul 30 21:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=482683d92a9a59f37ef8de83b05f7de3f7dcdcc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4a:ae:72:f4:e1:d0:d9:da:12:92:37:26:26:
                    f3:1e:71:36:0c:a8:33:dd:e7:4d:a8:16:87:40:a9:
                    a3:30:49:75:78:d6:21:44:e0:48:4f:42:09:eb:52:
                    8c:3b:3d:8f:71:3e:6a:56:09:d9:01:90:7e:77:91:
                    b0:c5:4f:4d:ad:5d:55:75:be:75:5e:09:3c:93:b5:
                    76:1b:c5:b8:86:f6:7f:e6:94:85:df:11:63:25:df:
                    e1:fd:8c:26:80:fe:4b:a2:9e:18:30:9f:0d:55:18:
                    96:cc:fd:01:e3:4a:0a:06:53:92:1e:e9:ab:7d:b0:
                    a2:f5:5f:5d:e6:cb:09:af:74:07:4f:46:55:cb:21:
                    d4:ff:9f:da:d4:ef:b9:b3:d3:bf:d0:bd:cb:81:e5:
                    a2:53:56:71:df:50:a0:52:5c:8b:5f:57:f0:c2:07:
                    97:af:b7:44:26:83:54:06:ef:05:c6:e3:7e:25:00:
                    d3:b1:bc:34:40:c0:9f:37:81:f4:6b:b9:e4:2c:70:
                    61:ed:c5:df:88:de:c1:45:5a:15:3a:e4:ef:d8:88:
                    bd:c6:d6:63:f6:cb:6b:18:2f:fe:d3:a5:86:a4:bc:
                    73:d9:f5:7d:78:99:48:af:21:1f:e2:4f:c1:33:3a:
                    d1:26:a2:54:2c:7c:b0:5f:94:45:49:3b:d5:a6:a3:
                    15:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:26:83:D9:2A:9A:59:F3:7E:F8:DE:83:B0:5F:7D:E3:F7:DC:DC:C8
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/SCaD2SqaWfN--N6DsF994_fc3Mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.199.0/24
                  213.182.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:48:53:a6:b5:32:41:a0:8e:7a:be:67:64:7e:08:d4:2a:19:
         46:a0:20:2f:71:72:f0:bb:04:02:4c:5a:aa:3b:aa:8f:f6:e8:
         87:cd:69:f1:3a:b2:a1:50:2d:fb:0c:ac:e4:84:18:a6:56:e3:
         6a:c1:2f:82:05:05:d5:1b:63:97:40:07:57:5c:fd:bd:a9:4c:
         25:1f:08:fd:ad:22:28:81:fe:c4:81:f7:01:c7:72:ac:43:2d:
         0d:05:4b:13:c6:64:44:f3:13:6e:80:60:1b:b8:19:b9:1d:e3:
         83:cc:f0:7d:60:e4:eb:ba:00:e2:c4:34:04:cb:dc:e6:fe:aa:
         07:c7:33:c3:71:18:5d:05:4f:c0:57:93:72:31:25:9b:69:be:
         90:67:38:3c:41:a3:6e:d7:90:b6:e5:a2:5b:07:0e:7c:b7:d4:
         5a:c5:81:f7:fc:6a:6d:5a:a2:5b:06:e4:6f:57:52:98:9b:9f:
         a5:8d:8b:6f:3c:bc:28:2e:82:29:d9:85:cc:9e:db:4a:f6:f4:
         22:cf:91:ee:6d:64:e4:09:91:92:46:5c:b1:08:07:4c:69:b5:
         82:49:a9:99:7d:d7:31:cb:88:72:65:0e:85:86:43:c7:0b:38:
         2f:75:59:66:24:ff:5f:40:ef:26:3f:ea:78:b3:8c:70:12:64:
         72:33:85:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZEFjR41Pcc/I4DixJfMrgmNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwNzMwMjEzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODI2ODNkOTJhOWE1OWYzN2VmOGRlODNiMDVmN2RlM2Y3ZGNkY2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUqucvTh0NnaEpI3JibzHnE2DKgz
3edNqBaHQKmjMEl1eNYhROBIT0IJ61KMOz2PcT5qVgnZAZB+d5GwxU9NrV1Vdb51
Xgk8k7V2G8W4hvZ/5pSF3xFjJd/h/YwmgP5Lop4YMJ8NVRiWzP0B40oKBlOSHumr
fbCi9V9d5ssJr3QHT0ZVyyHU/5/a1O+5s9O/0L3LgeWiU1Zx31CgUlyLX1fwwgeX
r7dEJoNUBu8FxuN+JQDTsbw0QMCfN4H0a7nkLHBh7cXfiN7BRVoVOuTv2Ii9xtZj
9strGC/+06WGpLxz2fV9eJlIryEf4k/BMzrRJqJULHywX5RFSTvVpqMVDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEgmg9kqmlnzfvjeg7BffeP33NzIMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvU0NhRDJTcWFXZk4tLU42RHNGOTk0X2ZjM01nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1bbHAwQA
1bbSMA0GCSqGSIb3DQEBCwUAA4IBAQCGSFOmtTJBoI56vmdkfgjUKhlGoCAvcXLw
uwQCTFqqO6qP9uiHzWnxOrKhUC37DKzkhBimVuNqwS+CBQXVG2OXQAdXXP29qUwl
Hwj9rSIogf7EgfcBx3KsQy0NBUsTxmRE8xNugGAbuBm5HeODzPB9YOTrugDixDQE
y9zm/qoHxzPDcRhdBU/AV5NyMSWbab6QZzg8QaNu15C25aJbBw58t9RaxYH3/Gpt
WqJbBuRvV1KYm5+ljYtvPLwoLoIp2YXMnttK9vQiz5HubWTkCZGSRlyxCAdMabWC
SamZfdcxy4hyZQ6FhkPHCzgvdVlmJP9fQO8mP+p4s4xwEmRyM4Wr
-----END CERTIFICATE-----