Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/STwukEnkRihcV8jAb4Y1MuknRGM.roa
File:                     STwukEnkRihcV8jAb4Y1MuknRGM.roa (raw, json)
Hash identifier:          rNUzEz8HGVKJ04bleT4a2KUgLgzS8Vb2/t6dMS0rB/o=
Subject key identifier:   49:3C:2E:90:49:E4:46:28:5C:57:C8:C0:6F:86:35:32:E9:27:44:63
Certificate issuer:       /CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
Certificate serial:       018CC801D85EF4BD0269F921940A52A838A4
Authority key identifier: A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/STwukEnkRihcV8jAb4Y1MuknRGM.roa
Signing time:             Tue 02 Jan 2024 02:30:13 +0000
ROA not before:           Tue 02 Jan 2024 02:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12463
IP address blocks:        213.215.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d8:5e:f4:bd:02:69:f9:21:94:0a:52:a8:38:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
        Validity
            Not Before: Jan  2 02:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=493c2e9049e446285c57c8c06f863532e9274463
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:52:b2:e3:a2:14:f3:e3:1d:22:d3:f0:6b:40:
                    c5:5c:46:bc:c3:f5:31:d3:a0:e5:b3:e3:1a:a7:83:
                    32:b8:17:78:ee:08:84:5d:89:ab:48:62:77:83:9d:
                    c2:6e:3d:47:a0:3e:68:4f:03:9f:17:7a:16:fd:fe:
                    53:81:23:28:a5:2b:d4:02:2c:a4:ce:4f:58:3a:d6:
                    91:d3:31:fe:b6:dc:39:97:a5:1c:8a:39:51:e3:99:
                    05:1d:07:ab:b1:9c:5d:13:6b:80:65:bc:45:bf:40:
                    de:04:e3:f1:a5:10:93:d9:b4:10:9f:c8:94:8a:39:
                    79:53:ce:9c:17:eb:ad:67:65:71:fa:8c:a9:06:53:
                    98:d3:90:cc:f5:c5:4a:c8:6e:6a:f0:c2:2c:ba:70:
                    e8:b4:87:01:6f:e5:3c:54:7f:3a:8c:65:a6:1e:c5:
                    47:2a:a9:e6:72:d2:7c:fe:5d:25:c9:55:cb:34:06:
                    52:29:16:79:a0:0d:43:de:6b:2b:13:72:97:06:fd:
                    09:40:41:94:a3:74:a9:a9:1d:27:75:4b:62:c8:6f:
                    7c:da:a1:a3:f9:42:d2:02:a1:5a:0b:03:a7:3e:09:
                    b1:fd:32:90:99:52:40:c2:78:3f:e7:40:3e:df:40:
                    6d:2c:83:25:61:88:57:38:c9:61:a2:d5:d2:cd:33:
                    76:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:3C:2E:90:49:E4:46:28:5C:57:C8:C0:6F:86:35:32:E9:27:44:63
            X509v3 Authority Key Identifier:
                keyid:A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/STwukEnkRihcV8jAb4Y1MuknRGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.215.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ab:4c:2c:79:ca:d6:6a:3a:54:c1:a8:b2:87:c9:4a:d7:ab:
         95:8b:f3:ba:b7:06:99:68:e1:d9:d0:f3:b9:19:f5:34:00:ce:
         3e:eb:a0:71:0a:4a:9d:2e:dc:30:ab:e1:0a:79:d4:16:6e:5a:
         0c:dd:04:0b:01:ee:2f:47:04:ea:bb:63:d0:ab:8e:be:8b:82:
         f9:94:a8:bb:39:00:ee:b9:52:d6:6c:04:ec:38:5f:49:2d:e2:
         51:b8:60:43:5f:c4:a8:e3:7c:23:9b:d8:00:b3:e4:86:4e:c7:
         85:ea:26:33:b5:35:79:08:52:82:b3:74:e0:fb:37:45:13:f6:
         ce:71:34:6a:99:f7:86:ae:80:ba:ab:73:22:c2:79:21:d2:55:
         6b:c4:90:8e:9b:d4:87:bc:38:46:04:31:19:c8:cd:68:54:56:
         58:7f:82:75:11:b9:3f:bc:7e:4a:7a:a7:35:dc:49:18:98:62:
         d2:cf:20:22:26:e3:46:3f:30:9a:70:6a:3d:29:c3:f0:b9:44:
         4b:0a:1d:91:9e:59:27:13:2b:69:ee:77:18:7a:1a:9d:ae:81:
         2f:b5:d6:af:01:cf:d6:b4:86:33:06:43:db:94:bc:db:d1:4c:
         9a:e6:39:d5:bb:bf:72:2f:53:c0:f9:35:7d:b4:39:44:df:c8:
         24:cc:22:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAdhe9L0CafkhlApSqDikMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZTJjZTMxMDk0ODBhZWU3YjNmZDI4NDZlYzhmODY0Njg4
NWNkYmEwHhcNMjQwMTAyMDIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTNjMmU5MDQ5ZTQ0NjI4NWM1N2M4YzA2Zjg2MzUzMmU5Mjc0NDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlKy46IU8+MdItPwa0DFXEa8w/Ux
06Dls+Map4MyuBd47giEXYmrSGJ3g53Cbj1HoD5oTwOfF3oW/f5TgSMopSvUAiyk
zk9YOtaR0zH+ttw5l6UcijlR45kFHQersZxdE2uAZbxFv0DeBOPxpRCT2bQQn8iU
ijl5U86cF+utZ2Vx+oypBlOY05DM9cVKyG5q8MIsunDotIcBb+U8VH86jGWmHsVH
KqnmctJ8/l0lyVXLNAZSKRZ5oA1D3msrE3KXBv0JQEGUo3SpqR0ndUtiyG982qGj
+ULSAqFaCwOnPgmx/TKQmVJAwng/50A+30BtLIMlYYhXOMlhotXSzTN2sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEk8LpBJ5EYoXFfIwG+GNTLpJ0RjMB8GA1UdIwQY
MBaAFKfizjEJSAruez/ShG7I+GRohc26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEt
NzgxOGE4OTQ1NmNiLzEvU1R3dWtFbmtSaWhjVjhqQWI0WTFNdWtuUkdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEtNzgxOGE4OTQ1NmNi
LzEvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dcmMA0G
CSqGSIb3DQEBCwUAA4IBAQBoq0wsecrWajpUwaiyh8lK16uVi/O6twaZaOHZ0PO5
GfU0AM4+66BxCkqdLtwwq+EKedQWbloM3QQLAe4vRwTqu2PQq46+i4L5lKi7OQDu
uVLWbATsOF9JLeJRuGBDX8So43wjm9gAs+SGTseF6iYztTV5CFKCs3Tg+zdFE/bO
cTRqmfeGroC6q3Miwnkh0lVrxJCOm9SHvDhGBDEZyM1oVFZYf4J1Ebk/vH5Keqc1
3EkYmGLSzyAiJuNGPzCacGo9KcPwuURLCh2RnlknEytp7ncYehqdroEvtdavAc/W
tIYzBkPblLzb0Uya5jnVu79yL1PA+TV9tDlE38gkzCKK
-----END CERTIFICATE-----