Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/ItOHJdS2F9X-nROeVsSNmeqqdR4.roa
File:                     ItOHJdS2F9X-nROeVsSNmeqqdR4.roa (raw, json)
Hash identifier:          kIL/dCFzJ35JTi6exfJJJrBBfrgsAsTVeLtTeAVE+Zw=
Subject key identifier:   22:D3:87:25:D4:B6:17:D5:FE:9D:13:9E:56:C4:8D:99:EA:AA:75:1E
Certificate issuer:       /CN=6f3030a4b67f95c2fed902d56657faa2494b5129
Certificate serial:       018CC4931C2BE4F1A2CA070713EA769A9D6B
Authority key identifier: 6F:30:30:A4:B6:7F:95:C2:FE:D9:02:D5:66:57:FA:A2:49:4B:51:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/ItOHJdS2F9X-nROeVsSNmeqqdR4.roa
Signing time:             Mon 01 Jan 2024 10:30:24 +0000
ROA not before:           Mon 01 Jan 2024 10:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43754
IP address blocks:        84.47.232.0/21 maxlen: 21
                          84.47.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 00:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1c:2b:e4:f1:a2:ca:07:07:13:ea:76:9a:9d:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f3030a4b67f95c2fed902d56657faa2494b5129
        Validity
            Not Before: Jan  1 10:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22d38725d4b617d5fe9d139e56c48d99eaaa751e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c3:4b:53:8b:3c:b7:d2:e6:a2:1a:dc:56:6a:
                    dc:72:25:63:9e:25:05:4b:fc:11:61:39:0b:8f:c1:
                    b5:72:79:e7:c1:fb:b3:e1:f0:2b:47:25:7e:22:d4:
                    35:dc:19:aa:1f:96:48:03:11:21:81:ff:50:4b:00:
                    75:13:3f:9c:c4:64:2e:d5:13:a9:ce:05:94:96:f9:
                    55:e3:b3:b8:3e:db:7a:ea:01:52:c6:f0:cd:61:a7:
                    e3:f0:dd:7d:96:ba:6c:13:77:5f:22:72:21:01:61:
                    d2:39:21:26:67:92:bf:9f:9f:82:7e:3e:9a:68:9e:
                    47:c2:70:3f:17:6a:f9:56:8f:fb:af:7a:25:b9:3d:
                    af:8b:09:2a:32:30:19:1f:59:a6:71:63:3f:17:90:
                    5a:ad:9b:d9:26:14:a5:c6:f1:d0:05:e0:40:a0:4c:
                    68:59:dd:91:07:02:c9:55:3d:3a:d7:d4:a5:8a:62:
                    94:0b:f3:3a:08:ce:2e:fa:da:45:92:33:3c:43:f9:
                    69:92:7f:3a:72:e9:e2:d3:61:6a:4e:97:78:a3:aa:
                    bc:28:43:67:10:39:82:f3:f4:48:af:e1:d3:71:ae:
                    41:b2:21:69:61:be:98:cf:50:11:7e:90:a9:ba:57:
                    73:aa:0d:03:3d:d0:f0:c7:b0:b6:f9:ec:a9:a9:d5:
                    a2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D3:87:25:D4:B6:17:D5:FE:9D:13:9E:56:C4:8D:99:EA:AA:75:1E
            X509v3 Authority Key Identifier:
                keyid:6F:30:30:A4:B6:7F:95:C2:FE:D9:02:D5:66:57:FA:A2:49:4B:51:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/ItOHJdS2F9X-nROeVsSNmeqqdR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.47.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         94:ca:db:a2:d6:ed:84:8c:72:dd:ff:3d:de:89:c1:58:0c:19:
         12:03:2f:1c:17:9f:1b:8c:f8:05:b0:a4:13:a0:81:1f:5f:f0:
         b3:6c:6d:0d:9a:f6:af:ba:2f:dd:89:6c:e7:61:53:f6:0c:18:
         5a:e1:b8:60:b1:fd:cb:ad:58:b4:5d:f4:5b:85:6a:ad:e2:99:
         5a:2a:86:71:43:d4:20:89:75:c7:d4:bc:18:20:73:5c:0c:48:
         ac:05:af:bb:ae:21:b1:96:11:d3:f6:5a:e1:39:06:cd:35:d2:
         1d:9a:d0:43:c5:c6:dc:83:ae:2d:a8:52:83:f4:79:f1:a2:ba:
         0e:0b:2c:ea:75:7d:e1:11:e4:1f:ed:63:e0:21:6b:6a:bf:07:
         2c:e8:78:eb:65:54:1d:00:74:65:15:3c:b5:3d:69:0a:f4:03:
         2c:11:21:47:e5:78:d2:36:d5:e9:a1:da:dd:ff:f2:d5:38:1a:
         61:b3:17:da:68:33:24:19:25:4d:c5:97:99:0d:cc:d6:ec:db:
         a7:5b:f0:da:84:bb:51:bb:8f:67:80:e4:65:f7:0e:38:6c:6b:
         ee:79:96:c0:59:1e:27:e3:28:6d:2b:49:f8:0d:10:84:ff:24:
         73:74:67:26:71:ff:80:47:97:55:70:94:15:2c:f5:37:94:f5:
         8d:e6:c5:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkxwr5PGiygcHE+p2mp1rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMzAzMGE0YjY3Zjk1YzJmZWQ5MDJkNTY2NTdmYWEyNDk0
YjUxMjkwHhcNMjQwMTAxMTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmQzODcyNWQ0YjYxN2Q1ZmU5ZDEzOWU1NmM0OGQ5OWVhYWE3NTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucNLU4s8t9LmohrcVmrcciVjniUF
S/wRYTkLj8G1cnnnwfuz4fArRyV+ItQ13BmqH5ZIAxEhgf9QSwB1Ez+cxGQu1ROp
zgWUlvlV47O4Ptt66gFSxvDNYafj8N19lrpsE3dfInIhAWHSOSEmZ5K/n5+Cfj6a
aJ5HwnA/F2r5Vo/7r3oluT2viwkqMjAZH1mmcWM/F5BarZvZJhSlxvHQBeBAoExo
Wd2RBwLJVT0619SlimKUC/M6CM4u+tpFkjM8Q/lpkn86cuni02FqTpd4o6q8KENn
EDmC8/RIr+HTca5BsiFpYb6Yz1ARfpCpuldzqg0DPdDwx7C2+eypqdWiqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLThyXUthfV/p0TnlbEjZnqqnUeMB8GA1UdIwQY
MBaAFG8wMKS2f5XC/tkC1WZX+qJJS1EpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnpBd3BMWl9sY0wtMlFMVlpsZjZva2xMVVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yYjk5YTMtZGQ1Zi00ZmZlLTgyZWYt
YmYzYjIxYTI3MGYyLzEvSXRPSEpkUzJGOVgtblJPZVZzU05tZXFxZFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yYjk5YTMtZGQ1Zi00ZmZlLTgyZWYtYmYzYjIxYTI3MGYy
LzEvYnpBd3BMWl9sY0wtMlFMVlpsZjZva2xMVVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVC/oMA0G
CSqGSIb3DQEBCwUAA4IBAQCUytui1u2EjHLd/z3eicFYDBkSAy8cF58bjPgFsKQT
oIEfX/CzbG0Nmvavui/diWznYVP2DBha4bhgsf3LrVi0XfRbhWqt4plaKoZxQ9Qg
iXXH1LwYIHNcDEisBa+7riGxlhHT9lrhOQbNNdIdmtBDxcbcg64tqFKD9HnxoroO
CyzqdX3hEeQf7WPgIWtqvwcs6HjrZVQdAHRlFTy1PWkK9AMsESFH5XjSNtXpodrd
//LVOBphsxfaaDMkGSVNxZeZDczW7NunW/DahLtRu49ngORl9w44bGvueZbAWR4n
4yhtK0n4DRCE/yRzdGcmcf+AR5dVcJQVLPU3lPWN5sWp
-----END CERTIFICATE-----