Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/4NKKaipkT34nKtWhfa19D74f25c.roa
File:                     4NKKaipkT34nKtWhfa19D74f25c.roa (raw, json)
Hash identifier:          YTaiys0RSHABRCWEassKEE2Fqko+03tYIMHlBHkZyig=
Subject key identifier:   E0:D2:8A:6A:2A:64:4F:7E:27:2A:D5:A1:7D:AD:7D:0F:BE:1F:DB:97
Certificate issuer:       /CN=8504ebf9db1710a47bae4508cdaf8131e1674a54
Certificate serial:       019422FBCBD5C134226DB12A200F2035D87A
Authority key identifier: 85:04:EB:F9:DB:17:10:A4:7B:AE:45:08:CD:AF:81:31:E1:67:4A:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hQTr-dsXEKR7rkUIza-BMeFnSlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/4NKKaipkT34nKtWhfa19D74f25c.roa
Signing time:             Wed 01 Jan 2025 17:48:34 +0000
ROA not before:           Wed 01 Jan 2025 17:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2119
IP address blocks:        91.229.21.0/24 maxlen: 24
                          193.160.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/hQTr-dsXEKR7rkUIza-BMeFnSlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/hQTr-dsXEKR7rkUIza-BMeFnSlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hQTr-dsXEKR7rkUIza-BMeFnSlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 23:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:cb:d5:c1:34:22:6d:b1:2a:20:0f:20:35:d8:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8504ebf9db1710a47bae4508cdaf8131e1674a54
        Validity
            Not Before: Jan  1 17:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0d28a6a2a644f7e272ad5a17dad7d0fbe1fdb97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:12:4e:d9:aa:89:00:22:0d:c6:1a:8c:cb:ae:
                    f0:9c:fd:6e:17:ae:4b:c9:28:e7:d0:d6:20:06:cf:
                    92:ce:75:35:53:9a:5e:4b:20:87:ff:90:a2:d3:38:
                    c5:dd:03:9b:23:ef:87:a2:15:09:99:cf:fa:e8:ff:
                    1f:da:f4:70:d5:08:27:91:f4:ab:e7:30:35:4e:c7:
                    aa:30:50:22:50:be:f2:8f:31:7f:63:c3:05:41:02:
                    5c:01:cf:a3:a0:66:87:c6:df:d4:52:99:73:23:e1:
                    7b:a7:4c:c7:9e:fc:22:61:59:39:eb:59:e7:8d:83:
                    3d:b8:5b:be:a2:73:bc:00:75:ac:ec:be:e6:68:e8:
                    a4:94:25:15:bf:f6:8b:e1:6f:94:ee:45:df:16:ea:
                    12:62:32:d4:97:9e:49:2b:66:37:d5:41:75:ee:cc:
                    a6:18:56:0a:10:c1:12:eb:1c:7d:3a:47:1f:51:cd:
                    3e:f3:4c:13:30:d2:60:a7:d1:35:54:52:0f:a4:69:
                    13:2c:d6:f7:e8:4c:fd:fe:a6:7e:a3:79:d8:4e:32:
                    0a:5f:0a:be:a7:0c:db:8e:5a:19:c3:47:4c:d6:e7:
                    35:92:82:49:ff:6c:ea:fe:63:7f:bd:c5:37:c1:47:
                    93:7d:4e:80:a6:5c:ea:65:b0:83:30:24:34:b2:86:
                    9e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:D2:8A:6A:2A:64:4F:7E:27:2A:D5:A1:7D:AD:7D:0F:BE:1F:DB:97
            X509v3 Authority Key Identifier:
                keyid:85:04:EB:F9:DB:17:10:A4:7B:AE:45:08:CD:AF:81:31:E1:67:4A:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hQTr-dsXEKR7rkUIza-BMeFnSlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/4NKKaipkT34nKtWhfa19D74f25c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/7efe01-ec74-40ac-a238-a9b1df44ce2f/1/hQTr-dsXEKR7rkUIza-BMeFnSlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.21.0/24
                  193.160.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a3:20:bf:2f:15:73:06:78:c3:1e:48:3e:02:97:79:74:f5:
         b5:26:e1:31:37:f6:0d:6e:5f:ba:52:f2:6d:6e:be:06:7b:c1:
         bd:b7:ab:31:fd:22:49:7d:af:d8:21:5a:30:33:af:3c:c2:2c:
         9e:00:a2:ac:87:0f:d0:f7:11:92:76:ed:e0:72:4e:2b:d4:bb:
         a8:69:dd:5e:13:5a:5f:f2:1a:9f:5c:e5:30:ae:59:06:29:f9:
         91:f5:7b:99:31:41:18:73:63:16:35:78:23:56:24:c5:a3:e3:
         3a:d3:16:b2:37:90:e8:62:3c:62:ef:fe:6b:69:0b:e0:7a:23:
         9f:2e:fd:20:f5:0a:8f:6e:9f:92:d2:11:0f:84:90:74:1c:6f:
         19:ea:11:d9:aa:61:4e:e3:1c:3d:15:38:26:73:0d:c7:01:b0:
         1c:b7:26:f6:22:b3:7e:be:f1:ad:c6:75:ae:a2:37:4f:61:fd:
         d8:eb:12:fe:f7:b8:3a:b7:ee:39:1c:db:e5:be:3d:22:e0:21:
         a3:65:c6:8d:98:b1:f8:a2:ca:61:9d:cf:5e:67:24:52:db:7d:
         2a:ed:94:4d:74:e2:a8:fe:be:b6:62:c8:5f:a1:7d:91:d3:cf:
         4c:06:fb:61:e8:c3:24:5f:0d:fe:42:14:76:bd:a7:1b:d6:7c:
         f4:a4:cf:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+8vVwTQibbEqIA8gNdh6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MDRlYmY5ZGIxNzEwYTQ3YmFlNDUwOGNkYWY4MTMxZTE2
NzRhNTQwHhcNMjUwMTAxMTc0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGQyOGE2YTJhNjQ0ZjdlMjcyYWQ1YTE3ZGFkN2QwZmJlMWZkYjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRJO2aqJACINxhqMy67wnP1uF65L
ySjn0NYgBs+SznU1U5peSyCH/5Ci0zjF3QObI++HohUJmc/66P8f2vRw1QgnkfSr
5zA1TseqMFAiUL7yjzF/Y8MFQQJcAc+joGaHxt/UUplzI+F7p0zHnvwiYVk561nn
jYM9uFu+onO8AHWs7L7maOiklCUVv/aL4W+U7kXfFuoSYjLUl55JK2Y31UF17sym
GFYKEMES6xx9OkcfUc0+80wTMNJgp9E1VFIPpGkTLNb36Ez9/qZ+o3nYTjIKXwq+
pwzbjloZw0dM1uc1koJJ/2zq/mN/vcU3wUeTfU6AplzqZbCDMCQ0soaepQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFODSimoqZE9+JyrVoX2tfQ++H9uXMB8GA1UdIwQY
MBaAFIUE6/nbFxCke65FCM2vgTHhZ0pUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFFUci1kc1hFS1I3cmtVSXphLUJNZUZuU2xRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi83ZWZlMDEtZWM3NC00MGFjLWEyMzgt
YTliMWRmNDRjZTJmLzEvNE5LS2FpcGtUMzRuS3RXaGZhMTlENzRmMjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi83ZWZlMDEtZWM3NC00MGFjLWEyMzgtYTliMWRmNDRjZTJm
LzEvaFFUci1kc1hFS1I3cmtVSXphLUJNZUZuU2xRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+UVAwQA
waAJMA0GCSqGSIb3DQEBCwUAA4IBAQBBoyC/LxVzBnjDHkg+Apd5dPW1JuExN/YN
bl+6UvJtbr4Ge8G9t6sx/SJJfa/YIVowM688wiyeAKKshw/Q9xGSdu3gck4r1Luo
ad1eE1pf8hqfXOUwrlkGKfmR9XuZMUEYc2MWNXgjViTFo+M60xayN5DoYjxi7/5r
aQvgeiOfLv0g9QqPbp+S0hEPhJB0HG8Z6hHZqmFO4xw9FTgmcw3HAbActyb2IrN+
vvGtxnWuojdPYf3Y6xL+97g6t+45HNvlvj0i4CGjZcaNmLH4osphnc9eZyRS230q
7ZRNdOKo/r62YshfoX2R089MBvth6MMkXw3+QhR2vacb1nz0pM+q
-----END CERTIFICATE-----