Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/k4dE6GVK9WXXHG3YD6YqaU59DBE.roa
File:                     k4dE6GVK9WXXHG3YD6YqaU59DBE.roa (raw, json)
Hash identifier:          gfljlL3cqgD/q79IzT5OLmzpfKZUJCewNF1J+kEHTmM=
Subject key identifier:   93:87:44:E8:65:4A:F5:65:D7:1C:6D:D8:0F:A6:2A:69:4E:7D:0C:11
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       019424456F3BC37BD65D89F4020C1DF134B1
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/k4dE6GVK9WXXHG3YD6YqaU59DBE.roa
Signing time:             Wed 01 Jan 2025 23:48:37 +0000
ROA not before:           Wed 01 Jan 2025 23:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212230
IP address blocks:        213.0.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:6f:3b:c3:7b:d6:5d:89:f4:02:0c:1d:f1:34:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  1 23:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=938744e8654af565d71c6dd80fa62a694e7d0c11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bf:86:fc:5d:37:b2:d4:08:d0:08:29:c7:d2:
                    cd:84:f7:69:a5:ca:ee:da:69:3b:47:ad:9c:a8:88:
                    f6:45:82:3c:61:e9:f6:65:80:2f:d6:68:4b:a5:d9:
                    39:bd:86:6d:38:db:6f:81:38:6f:4a:d9:47:12:6c:
                    18:32:4c:6a:54:2c:08:e3:34:41:d9:8c:cd:78:47:
                    65:a3:63:0e:a6:89:a6:7b:6f:3a:bb:2e:55:0d:7d:
                    0d:0a:52:f3:1a:5b:52:a6:ed:4a:ad:7f:a1:72:dc:
                    2b:9e:b9:0c:83:9e:ce:49:4e:84:14:76:bd:22:06:
                    d5:90:76:cd:93:73:1f:7f:aa:4d:b6:09:d2:03:1c:
                    cb:d1:62:e6:be:17:fc:70:65:aa:72:8e:73:3a:18:
                    90:1c:6a:63:8f:67:bb:d8:a9:4c:01:c2:41:75:ce:
                    a2:9f:78:3e:d2:f6:b3:ca:8f:5b:cf:53:57:22:73:
                    ce:32:26:19:c0:5c:be:19:3e:50:86:4d:84:07:12:
                    c7:86:e5:77:af:e4:39:09:f1:13:f1:46:ae:08:c3:
                    10:56:61:b0:a0:b3:4c:74:d7:25:f3:7b:0c:19:6c:
                    ea:a8:db:61:6d:a3:26:c6:ea:10:1c:ae:44:63:56:
                    6c:e8:cf:35:eb:76:f8:33:40:2c:01:d2:2e:74:d0:
                    64:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:87:44:E8:65:4A:F5:65:D7:1C:6D:D8:0F:A6:2A:69:4E:7D:0C:11
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/k4dE6GVK9WXXHG3YD6YqaU59DBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.0.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:80:8b:16:e5:be:a8:26:48:94:b4:45:79:ba:e3:06:a0:05:
         6d:3b:2f:98:27:e4:ee:62:50:a4:40:dd:0d:ea:d4:b7:88:98:
         33:20:af:03:c3:13:3c:e6:b6:54:b9:97:56:c5:44:68:25:04:
         1e:e1:19:ed:f1:7f:eb:d7:32:35:dc:a1:4e:d8:dc:d3:9a:9e:
         b9:50:88:e8:ce:d6:d8:8b:c3:a7:86:cb:1f:47:05:82:a6:6a:
         da:c0:a2:34:17:d4:8a:5f:5b:8d:de:e9:fd:3b:13:93:b0:8b:
         2b:8e:46:5c:92:0c:37:4e:a3:5f:1c:a0:dd:a6:30:56:a1:fa:
         30:4f:cc:9f:39:08:78:10:ef:eb:22:c2:bd:21:f5:1c:05:cc:
         00:54:96:f7:c6:1c:f2:87:ba:30:53:da:13:6d:de:4f:3f:45:
         9c:ca:33:22:46:51:4d:41:68:8b:eb:82:83:d9:73:f3:50:08:
         fa:6e:35:7e:43:f7:d2:88:50:db:0e:dc:0f:b5:8a:9b:60:9f:
         2c:79:3b:31:ca:c0:c9:c5:ed:7f:1d:18:f0:11:5c:5f:f5:c5:
         62:2a:05:b3:76:05:36:72:26:a5:13:95:93:18:e7:73:e4:e9:
         fd:8a:0e:eb:b2:5c:8d:1a:23:9c:35:56:8d:dc:4f:ff:45:68:
         11:db:d8:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRW87w3vWXYn0Agwd8TSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjUwMTAxMjM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzg3NDRlODY1NGFmNTY1ZDcxYzZkZDgwZmE2MmE2OTRlN2QwYzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAor+G/F03stQI0Agpx9LNhPdppcru
2mk7R62cqIj2RYI8Yen2ZYAv1mhLpdk5vYZtONtvgThvStlHEmwYMkxqVCwI4zRB
2YzNeEdlo2MOpomme286uy5VDX0NClLzGltSpu1KrX+hctwrnrkMg57OSU6EFHa9
IgbVkHbNk3Mff6pNtgnSAxzL0WLmvhf8cGWqco5zOhiQHGpjj2e72KlMAcJBdc6i
n3g+0vazyo9bz1NXInPOMiYZwFy+GT5Qhk2EBxLHhuV3r+Q5CfET8UauCMMQVmGw
oLNMdNcl83sMGWzqqNthbaMmxuoQHK5EY1Zs6M8163b4M0AsAdIudNBkqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOHROhlSvVl1xxt2A+mKmlOfQwRMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvazRkRTZHVks5V1hYSEczWUQ2WXFhVTU5REJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1QAVMA0G
CSqGSIb3DQEBCwUAA4IBAQBcgIsW5b6oJkiUtEV5uuMGoAVtOy+YJ+TuYlCkQN0N
6tS3iJgzIK8DwxM85rZUuZdWxURoJQQe4Rnt8X/r1zI13KFO2NzTmp65UIjoztbY
i8OnhssfRwWCpmrawKI0F9SKX1uN3un9OxOTsIsrjkZckgw3TqNfHKDdpjBWofow
T8yfOQh4EO/rIsK9IfUcBcwAVJb3xhzyh7owU9oTbd5PP0WcyjMiRlFNQWiL64KD
2XPzUAj6bjV+Q/fSiFDbDtwPtYqbYJ8seTsxysDJxe1/HRjwEVxf9cViKgWzdgU2
cialE5WTGOdz5On9ig7rslyNGiOcNVaN3E//RWgR29iu
-----END CERTIFICATE-----