Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/mcf7JveA9sP5q1fzjwTXe1Y9B94.roa
File:                     mcf7JveA9sP5q1fzjwTXe1Y9B94.roa (raw, json)
Hash identifier:          vxgrGFoktHB0oWvn12RjOAHTGS54BioUpfkDuJPEQhg=
Subject key identifier:   99:C7:FB:26:F7:80:F6:C3:F9:AB:57:F3:8F:04:D7:7B:56:3D:07:DE
Certificate issuer:       /CN=667b2b1befba178f30d2a321c451b6eea5466274
Certificate serial:       019428230D24E69C02EC803664DF9644D277
Authority key identifier: 66:7B:2B:1B:EF:BA:17:8F:30:D2:A3:21:C4:51:B6:EE:A5:46:62:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZnsrG--6F48w0qMhxFG27qVGYnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/mcf7JveA9sP5q1fzjwTXe1Y9B94.roa
Signing time:             Thu 02 Jan 2025 17:49:33 +0000
ROA not before:           Thu 02 Jan 2025 17:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34312
IP address blocks:        89.200.248.0/21 maxlen: 21
                          193.111.6.0/23 maxlen: 23
                          195.95.206.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/ZnsrG--6F48w0qMhxFG27qVGYnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/ZnsrG--6F48w0qMhxFG27qVGYnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZnsrG--6F48w0qMhxFG27qVGYnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:0d:24:e6:9c:02:ec:80:36:64:df:96:44:d2:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=667b2b1befba178f30d2a321c451b6eea5466274
        Validity
            Not Before: Jan  2 17:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99c7fb26f780f6c3f9ab57f38f04d77b563d07de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d7:62:0b:f4:33:c4:32:f3:8a:26:97:1a:72:
                    f6:c9:b3:bd:3b:f5:f0:17:09:d4:f7:83:b9:62:73:
                    0e:dc:e8:2c:22:34:e6:b8:a4:fb:92:ec:18:6c:ab:
                    eb:7f:75:fa:e0:fd:2c:36:7a:49:82:c2:4d:35:ef:
                    9e:fb:e2:f8:02:b1:b6:d1:54:4c:bf:83:b0:3b:49:
                    14:66:dc:08:67:84:32:55:2e:a1:bf:df:47:6c:ce:
                    70:07:e9:42:34:81:ea:20:22:7c:89:f5:1f:03:f3:
                    38:58:1c:b0:a5:ec:27:0e:46:41:e9:d2:ee:ea:2f:
                    c8:7c:64:5c:d4:02:20:1c:f8:e4:7b:97:97:e8:63:
                    8f:ed:26:c3:f1:fc:72:39:12:db:ea:ea:40:72:0b:
                    1a:28:5b:66:15:46:f0:5b:a6:31:5f:79:36:70:70:
                    19:76:13:a3:65:e4:fe:ed:33:50:0a:e4:43:75:fb:
                    0b:7a:35:a9:f2:51:db:d1:ad:cd:9f:7e:89:2d:c4:
                    bb:48:d0:81:c1:3b:5f:d0:f5:15:3d:b9:87:42:f8:
                    0d:e0:b2:1d:47:e4:58:2f:60:91:b7:c8:59:77:39:
                    52:78:a2:09:bf:72:1d:a5:34:95:93:35:e6:59:6e:
                    d4:3f:4b:a8:1e:de:a1:9f:3a:d7:13:14:eb:e7:2c:
                    4b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:C7:FB:26:F7:80:F6:C3:F9:AB:57:F3:8F:04:D7:7B:56:3D:07:DE
            X509v3 Authority Key Identifier:
                keyid:66:7B:2B:1B:EF:BA:17:8F:30:D2:A3:21:C4:51:B6:EE:A5:46:62:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZnsrG--6F48w0qMhxFG27qVGYnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/mcf7JveA9sP5q1fzjwTXe1Y9B94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/7d07ec-2e66-477a-93c6-f8bdd2d7927d/1/ZnsrG--6F48w0qMhxFG27qVGYnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.200.248.0/21
                  193.111.6.0/23
                  195.95.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:9d:c1:4f:49:cf:56:16:4b:d5:09:a1:b4:69:a3:fd:46:2e:
         d0:bd:ea:2c:2f:a8:5f:16:cb:3d:43:17:9f:f9:7f:a8:76:e7:
         38:3a:63:77:0a:6f:c9:03:99:40:f9:f0:1e:30:94:c9:09:46:
         4f:73:3c:40:64:be:2f:e3:db:5d:74:10:76:52:14:09:44:94:
         f3:bc:6a:d8:1e:de:c3:26:1c:ef:5e:f3:3e:3e:ec:0c:31:dc:
         81:74:cb:8c:73:e5:0c:00:2f:ad:fc:9b:b2:04:ae:43:bd:7b:
         3c:b9:a0:af:75:a0:59:9d:3f:3c:c8:46:64:9e:7f:49:63:fe:
         f0:17:b0:fd:85:ac:8c:b4:08:35:03:73:37:2a:3d:03:eb:ca:
         e7:3f:af:9b:c9:a5:d9:6c:4c:9e:41:d1:be:3d:d0:40:59:e2:
         4a:3b:bb:c1:2b:30:60:e9:bf:91:0b:7b:4c:7e:de:16:18:1a:
         b4:6a:33:e6:7c:68:d7:ca:6c:56:c1:4e:7a:b1:bc:dc:ec:af:
         f1:a6:ea:f3:61:2c:7f:58:c0:0b:d0:48:40:75:58:b0:32:06:
         8e:84:7c:18:73:ed:d3:73:52:37:6f:97:1f:32:19:20:10:c0:
         48:52:0b:5a:44:fc:09:59:43:81:09:ba:c7:4b:73:d2:31:dc:
         1a:d5:6e:68
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoIw0k5pwC7IA2ZN+WRNJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2N2IyYjFiZWZiYTE3OGYzMGQyYTMyMWM0NTFiNmVlYTU0
NjYyNzQwHhcNMjUwMTAyMTc0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWM3ZmIyNmY3ODBmNmMzZjlhYjU3ZjM4ZjA0ZDc3YjU2M2QwN2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztdiC/QzxDLziiaXGnL2ybO9O/Xw
FwnU94O5YnMO3OgsIjTmuKT7kuwYbKvrf3X64P0sNnpJgsJNNe+e++L4ArG20VRM
v4OwO0kUZtwIZ4QyVS6hv99HbM5wB+lCNIHqICJ8ifUfA/M4WBywpewnDkZB6dLu
6i/IfGRc1AIgHPjke5eX6GOP7SbD8fxyORLb6upAcgsaKFtmFUbwW6YxX3k2cHAZ
dhOjZeT+7TNQCuRDdfsLejWp8lHb0a3Nn36JLcS7SNCBwTtf0PUVPbmHQvgN4LId
R+RYL2CRt8hZdzlSeKIJv3IdpTSVkzXmWW7UP0uoHt6hnzrXExTr5yxLmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJnH+yb3gPbD+atX848E13tWPQfeMB8GA1UdIwQY
MBaAFGZ7KxvvuhePMNKjIcRRtu6lRmJ0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm5zckctLTZGNDh3MHFNaHhGRzI3cVZHWW5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC83ZDA3ZWMtMmU2Ni00NzdhLTkzYzYt
ZjhiZGQyZDc5MjdkLzEvbWNmN0p2ZUE5c1A1cTFmemp3VFhlMVk5Qjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC83ZDA3ZWMtMmU2Ni00NzdhLTkzYzYtZjhiZGQyZDc5Mjdk
LzEvWm5zckctLTZGNDh3MHFNaHhGRzI3cVZHWW5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDWcj4AwQB
wW8GAwQBw1/OMA0GCSqGSIb3DQEBCwUAA4IBAQB/ncFPSc9WFkvVCaG0aaP9Ri7Q
veosL6hfFss9Qxef+X+oduc4OmN3Cm/JA5lA+fAeMJTJCUZPczxAZL4v49tddBB2
UhQJRJTzvGrYHt7DJhzvXvM+PuwMMdyBdMuMc+UMAC+t/JuyBK5DvXs8uaCvdaBZ
nT88yEZknn9JY/7wF7D9hayMtAg1A3M3Kj0D68rnP6+byaXZbEyeQdG+PdBAWeJK
O7vBKzBg6b+RC3tMft4WGBq0ajPmfGjXymxWwU56sbzc7K/xpurzYSx/WMAL0EhA
dViwMgaOhHwYc+3Tc1I3b5cfMhkgEMBIUgtaRPwJWUOBCbrHS3PSMdwa1W5o
-----END CERTIFICATE-----