Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Eorxe8nz5mHz1saZply_vmYSIKY.roa
File:                     Eorxe8nz5mHz1saZply_vmYSIKY.roa (raw, json)
Hash identifier:          8nqW3KntEv2j15sB18I6VKWyJhD7HD4aMM0YLebaF6E=
Subject key identifier:   12:8A:F1:7B:C9:F3:E6:61:F3:D6:C6:99:A6:5C:BF:BE:66:12:20:A6
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747E3EBD8B05BB5A9F527A4E6AF1B1A
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Eorxe8nz5mHz1saZply_vmYSIKY.roa
Signing time:             Thu 02 Jan 2025 13:50:10 +0000
ROA not before:           Thu 02 Jan 2025 13:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25407
IP address blocks:        213.91.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e3:eb:d8:b0:5b:b5:a9:f5:27:a4:e6:af:1b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=128af17bc9f3e661f3d6c699a65cbfbe661220a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9a:f1:4d:21:c3:bf:72:8f:8a:36:cc:fe:95:
                    bb:33:77:ce:df:92:86:22:11:ea:be:31:6b:25:45:
                    19:5c:fb:f7:ab:50:e9:81:42:5a:77:ca:d7:0f:bb:
                    95:e5:0b:67:3a:cd:79:9d:d3:ae:ef:91:37:ad:ef:
                    2a:68:00:f9:ec:43:a8:8c:61:c3:26:ec:50:ea:8a:
                    c1:0e:4b:9f:5c:d7:93:85:70:35:d3:f9:ba:c7:5c:
                    41:46:b7:4e:08:1e:4a:c9:cf:5b:90:cc:2d:31:fd:
                    6b:8d:36:3b:be:bb:5c:95:74:38:ca:c3:32:bd:d8:
                    8f:b1:aa:33:ba:f7:36:4d:98:63:a1:3d:55:20:98:
                    51:61:b2:2e:56:54:6a:1a:dc:8c:c6:41:92:bc:fb:
                    83:f4:ed:a3:72:67:ff:41:6f:16:01:bb:32:b3:0a:
                    5f:07:ad:85:73:0f:d7:bc:fa:66:bc:6e:61:7c:26:
                    3a:87:1c:83:5f:4a:63:03:38:b2:ff:90:73:fb:1c:
                    0f:5d:5f:49:ca:5c:cb:42:6d:f3:d9:6e:00:83:35:
                    35:03:60:6d:ad:75:e9:c9:1e:00:39:81:7f:bb:79:
                    2b:28:bd:da:52:f0:9e:49:cb:0b:ad:39:0c:3c:3d:
                    cb:49:f9:9d:d3:a8:d0:8e:b2:ac:0b:f7:14:63:a5:
                    e8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:8A:F1:7B:C9:F3:E6:61:F3:D6:C6:99:A6:5C:BF:BE:66:12:20:A6
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Eorxe8nz5mHz1saZply_vmYSIKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:95:9c:d4:97:c4:77:02:c4:f5:a4:a0:d2:c4:a6:17:1e:48:
         2c:97:83:4f:e2:02:7d:7d:84:37:af:29:96:63:d5:b3:7a:3f:
         9a:27:c6:84:99:36:68:bd:8f:92:a3:4a:7e:f2:80:38:68:49:
         6c:ce:20:12:bf:bf:92:37:83:d4:52:3f:75:d3:8a:1b:f0:3d:
         13:5b:be:a7:2a:14:63:28:d8:fb:09:25:a6:94:38:9f:d4:3b:
         01:a3:b1:7a:93:06:ee:7f:b1:a0:7c:03:5f:53:22:07:9d:5d:
         23:e1:1b:c9:1f:a7:77:f6:80:cc:17:df:ed:5e:a5:21:e6:71:
         82:b1:61:9d:06:96:ef:0e:76:64:29:1d:34:b7:9b:42:d6:57:
         f4:8d:e4:3c:9f:b3:9b:dd:30:10:34:e4:24:40:2d:23:4f:3b:
         e9:e9:cb:96:02:4d:1c:1b:e4:d3:e5:d5:cc:b9:ee:05:ea:23:
         07:46:b2:cd:b4:2a:b7:36:2f:6d:de:61:c6:90:5a:00:a8:48:
         87:ff:1a:3a:09:8d:6f:4f:e5:28:e6:4e:df:ee:15:d9:fd:6e:
         39:f3:79:f2:6e:50:da:d6:b2:50:9a:e4:ed:62:fe:26:d2:4b:
         d2:80:68:5f:7f:e6:87:91:c2:3d:07:1d:1d:88:cf:46:50:42:
         f6:76:4e:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+Pr2LBbtan1J6TmrxsaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjhhZjE3YmM5ZjNlNjYxZjNkNmM2OTlhNjVjYmZiZTY2MTIyMGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZrxTSHDv3KPijbM/pW7M3fO35KG
IhHqvjFrJUUZXPv3q1DpgUJad8rXD7uV5QtnOs15ndOu75E3re8qaAD57EOojGHD
JuxQ6orBDkufXNeThXA10/m6x1xBRrdOCB5Kyc9bkMwtMf1rjTY7vrtclXQ4ysMy
vdiPsaozuvc2TZhjoT1VIJhRYbIuVlRqGtyMxkGSvPuD9O2jcmf/QW8WAbsyswpf
B62Fcw/XvPpmvG5hfCY6hxyDX0pjAziy/5Bz+xwPXV9JylzLQm3z2W4AgzU1A2Bt
rXXpyR4AOYF/u3krKL3aUvCeScsLrTkMPD3LSfmd06jQjrKsC/cUY6XoPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKK8XvJ8+Zh89bGmaZcv75mEiCmMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvRW9yeGU4bno1bUh6MXNhWnBseV92bVlTSUtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VujMA0G
CSqGSIb3DQEBCwUAA4IBAQCxlZzUl8R3AsT1pKDSxKYXHkgsl4NP4gJ9fYQ3rymW
Y9Wzej+aJ8aEmTZovY+So0p+8oA4aElsziASv7+SN4PUUj9104ob8D0TW76nKhRj
KNj7CSWmlDif1DsBo7F6kwbuf7GgfANfUyIHnV0j4RvJH6d39oDMF9/tXqUh5nGC
sWGdBpbvDnZkKR00t5tC1lf0jeQ8n7Ob3TAQNOQkQC0jTzvp6cuWAk0cG+TT5dXM
ue4F6iMHRrLNtCq3Ni9t3mHGkFoAqEiH/xo6CY1vT+Uo5k7f7hXZ/W4583nyblDa
1rJQmuTtYv4m0kvSgGhff+aHkcI9Bx0diM9GUEL2dk5o
-----END CERTIFICATE-----