Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/46d1d2-a6c0-47be-8771-c3ab6b3466c0/1/PoSRG2SCk0o9YHcoZsTi1Wp1Kt4.roa
File:                     PoSRG2SCk0o9YHcoZsTi1Wp1Kt4.roa (raw, json)
Hash identifier:          Wj0XNr++6ShIA3CYnIA1jQoIRgvQVornb6dLnGBLqAc=
Subject key identifier:   3E:84:91:1B:64:82:93:4A:3D:60:77:28:66:C4:E2:D5:6A:75:2A:DE
Certificate issuer:       /CN=aba835d060176ee8160c7930f87e693559090d78
Certificate serial:       018CC6B92AE750C0DA7D97A994D600AF232F
Authority key identifier: AB:A8:35:D0:60:17:6E:E8:16:0C:79:30:F8:7E:69:35:59:09:0D:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q6g10GAXbugWDHkw-H5pNVkJDXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/46d1d2-a6c0-47be-8771-c3ab6b3466c0/1/PoSRG2SCk0o9YHcoZsTi1Wp1Kt4.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9135
IP address blocks:        213.164.128.0/19 maxlen: 19
                          213.164.137.0/24 maxlen: 24
                          213.164.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/46d1d2-a6c0-47be-8771-c3ab6b3466c0/1/q6g10GAXbugWDHkw-H5pNVkJDXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/46d1d2-a6c0-47be-8771-c3ab6b3466c0/1/q6g10GAXbugWDHkw-H5pNVkJDXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q6g10GAXbugWDHkw-H5pNVkJDXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2a:e7:50:c0:da:7d:97:a9:94:d6:00:af:23:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aba835d060176ee8160c7930f87e693559090d78
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e84911b6482934a3d60772866c4e2d56a752ade
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:77:66:e8:fb:ff:95:81:59:82:4a:0e:e3:7f:
                    ef:f0:97:57:bd:02:a9:3e:bc:2b:d7:fb:e6:03:18:
                    6c:cf:d1:10:ff:7c:51:01:0e:87:a1:d8:e0:07:71:
                    e3:85:ee:a3:7f:48:d4:86:7d:47:cb:df:d0:37:83:
                    2c:6f:6a:66:81:f4:be:fe:99:d4:22:c2:d8:1d:9b:
                    f5:79:f5:c5:6a:40:02:6d:1c:59:38:7c:8e:2b:1a:
                    08:40:42:a0:fd:e5:61:bd:ea:60:a6:1c:1f:da:9e:
                    db:68:cc:b9:60:7b:e7:36:b6:82:48:74:c2:65:7f:
                    52:71:23:21:e2:04:9e:2a:a2:74:4b:9a:06:d0:64:
                    7b:89:45:db:f0:1c:e8:9f:9c:7c:64:c7:6c:f8:7a:
                    15:b0:85:65:7f:e5:b4:b0:9b:91:60:c4:c2:c6:21:
                    8d:53:aa:37:41:69:7e:2a:d9:18:81:1b:15:b0:70:
                    8d:c4:62:69:44:61:be:1b:4c:2e:b2:81:6a:3f:61:
                    0b:06:db:d1:e5:8b:eb:d9:1b:06:b6:c8:03:3d:19:
                    92:db:8f:e6:d7:94:a4:e9:1a:76:9d:32:bc:8d:90:
                    07:66:f0:f6:51:c6:2d:1e:7d:b5:a2:01:d2:bb:ce:
                    99:bd:14:81:fc:81:f7:8c:f1:83:60:f0:ea:09:be:
                    72:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:84:91:1B:64:82:93:4A:3D:60:77:28:66:C4:E2:D5:6A:75:2A:DE
            X509v3 Authority Key Identifier:
                keyid:AB:A8:35:D0:60:17:6E:E8:16:0C:79:30:F8:7E:69:35:59:09:0D:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q6g10GAXbugWDHkw-H5pNVkJDXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/46d1d2-a6c0-47be-8771-c3ab6b3466c0/1/PoSRG2SCk0o9YHcoZsTi1Wp1Kt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/46d1d2-a6c0-47be-8771-c3ab6b3466c0/1/q6g10GAXbugWDHkw-H5pNVkJDXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.164.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         28:0d:b5:ac:9a:63:1e:aa:3b:00:d7:5f:e0:88:88:e8:46:95:
         d5:0e:e1:16:b6:7d:e8:46:88:a2:7f:0d:cb:f4:80:99:10:56:
         ad:9f:01:aa:aa:6a:6d:14:a2:64:d8:58:ca:f6:97:d1:e7:28:
         c8:6c:49:12:3a:e3:4e:30:57:b4:ac:5b:96:a1:f2:c3:9a:54:
         b2:eb:7d:aa:fc:d5:b7:b4:30:13:97:c4:52:52:a2:90:2c:2e:
         bb:6c:6f:43:30:f6:90:84:3e:45:7b:8b:ea:af:49:d1:e0:01:
         7b:c0:fc:cb:f8:53:3c:8d:b2:90:9b:84:b7:4e:8a:6a:9f:64:
         49:6d:4a:1d:37:f3:88:28:20:34:a2:76:08:c8:52:b5:f6:98:
         1a:59:53:be:47:ed:c3:f4:dd:21:f9:56:4c:43:06:3f:a8:8d:
         66:4a:8a:08:ee:b1:6e:45:df:07:4f:f7:69:3d:74:43:91:7e:
         e6:b2:dc:72:cd:c3:ed:35:40:a3:9c:3d:3d:3a:8b:6f:18:95:
         5d:f9:0e:35:1c:50:29:e3:57:95:0f:cb:71:51:28:ad:4f:80:
         d5:07:eb:7a:a4:10:3d:02:ff:94:58:4c:74:ac:5a:cf:2b:93:
         ac:48:83:cc:d9:ea:34:aa:c3:28:58:9e:5a:a7:52:e6:a1:8d:
         5c:c2:85:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSrnUMDafZeplNYAryMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYTgzNWQwNjAxNzZlZTgxNjBjNzkzMGY4N2U2OTM1NTkw
OTBkNzgwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTg0OTExYjY0ODI5MzRhM2Q2MDc3Mjg2NmM0ZTJkNTZhNzUyYWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3dm6Pv/lYFZgkoO43/v8JdXvQKp
Prwr1/vmAxhsz9EQ/3xRAQ6HodjgB3Hjhe6jf0jUhn1Hy9/QN4Msb2pmgfS+/pnU
IsLYHZv1efXFakACbRxZOHyOKxoIQEKg/eVhvepgphwf2p7baMy5YHvnNraCSHTC
ZX9ScSMh4gSeKqJ0S5oG0GR7iUXb8Bzon5x8ZMds+HoVsIVlf+W0sJuRYMTCxiGN
U6o3QWl+KtkYgRsVsHCNxGJpRGG+G0wusoFqP2ELBtvR5Yvr2RsGtsgDPRmS24/m
15Sk6Rp2nTK8jZAHZvD2UcYtHn21ogHSu86ZvRSB/IH3jPGDYPDqCb5yFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6EkRtkgpNKPWB3KGbE4tVqdSreMB8GA1UdIwQY
MBaAFKuoNdBgF27oFgx5MPh+aTVZCQ14MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTZnMTBHQVhidWdXREhrdy1INXBOVmtKRFhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NmQxZDItYTZjMC00N2JlLTg3NzEt
YzNhYjZiMzQ2NmMwLzEvUG9TUkcyU0NrMG85WUhjb1pzVGkxV3AxS3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NmQxZDItYTZjMC00N2JlLTg3NzEtYzNhYjZiMzQ2NmMw
LzEvcTZnMTBHQVhidWdXREhrdy1INXBOVmtKRFhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1aSAMA0G
CSqGSIb3DQEBCwUAA4IBAQAoDbWsmmMeqjsA11/giIjoRpXVDuEWtn3oRoiifw3L
9ICZEFatnwGqqmptFKJk2FjK9pfR5yjIbEkSOuNOMFe0rFuWofLDmlSy632q/NW3
tDATl8RSUqKQLC67bG9DMPaQhD5Fe4vqr0nR4AF7wPzL+FM8jbKQm4S3Topqn2RJ
bUodN/OIKCA0onYIyFK19pgaWVO+R+3D9N0h+VZMQwY/qI1mSooI7rFuRd8HT/dp
PXRDkX7mstxyzcPtNUCjnD09OotvGJVd+Q41HFAp41eVD8txUSitT4DVB+t6pBA9
Av+UWEx0rFrPK5OsSIPM2eo0qsMoWJ5ap1LmoY1cwoVZ
-----END CERTIFICATE-----