Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/kn2UeFfc3MT_V3TGmONjpBGO3qQ.roa
File:                     kn2UeFfc3MT_V3TGmONjpBGO3qQ.roa (raw, json)
Hash identifier:          DhqpVFso1fSlnhBYcMU6CrNsnuVBcuf1CQd2JX9x9Yc=
Subject key identifier:   92:7D:94:78:57:DC:DC:C4:FF:57:74:C6:98:E3:63:A4:11:8E:DE:A4
Certificate issuer:       /CN=cccdf6516237d425e9ae3817ecb141f481773c12
Certificate serial:       018CC72775D22EEBF29DA2D6ED3124242055
Authority key identifier: CC:CD:F6:51:62:37:D4:25:E9:AE:38:17:EC:B1:41:F4:81:77:3C:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zM32UWI31CXprjgX7LFB9IF3PBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/kn2UeFfc3MT_V3TGmONjpBGO3qQ.roa
Signing time:             Mon 01 Jan 2024 22:31:41 +0000
ROA not before:           Mon 01 Jan 2024 22:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211031
IP address blocks:        37.140.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/zM32UWI31CXprjgX7LFB9IF3PBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/zM32UWI31CXprjgX7LFB9IF3PBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zM32UWI31CXprjgX7LFB9IF3PBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:75:d2:2e:eb:f2:9d:a2:d6:ed:31:24:24:20:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cccdf6516237d425e9ae3817ecb141f481773c12
        Validity
            Not Before: Jan  1 22:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=927d947857dcdcc4ff5774c698e363a4118edea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:16:77:55:44:af:38:b4:55:59:ef:e0:93:da:
                    6b:9f:82:2d:8e:98:75:45:3b:d4:9b:c4:89:ce:f0:
                    6c:09:04:da:a1:ac:8e:7d:6b:6d:60:df:dd:9e:b0:
                    9e:51:65:06:17:e4:de:8a:ee:d5:a5:d0:32:cc:21:
                    d7:91:84:50:ea:3c:05:fe:48:db:24:60:da:f7:68:
                    fc:a8:d5:9d:6a:f3:ff:18:71:16:aa:f8:2c:89:14:
                    35:d8:7e:f2:df:24:16:e8:cd:cb:09:95:d6:29:1c:
                    1f:22:e6:74:cb:96:42:d0:61:c0:1f:00:50:e2:53:
                    46:ee:0e:68:67:7e:c8:4c:ed:29:27:47:b7:98:e0:
                    71:77:e4:b1:98:d1:b8:f6:da:aa:5c:6d:68:62:e0:
                    bf:63:ab:c2:c1:c9:a3:6f:95:33:01:28:7c:0a:28:
                    53:61:92:9c:ae:bb:f5:78:f9:cc:6e:0e:4b:cd:c9:
                    e9:b0:f5:7a:6b:b5:ea:0d:01:bd:87:0c:19:af:31:
                    5c:71:d6:f7:9e:b1:6b:44:eb:5d:f1:57:86:01:fd:
                    93:a3:59:76:ae:26:93:42:99:a7:5c:b7:21:3f:56:
                    7b:cc:6d:ec:7a:82:09:50:2e:fb:9a:49:79:86:4b:
                    94:d1:57:68:9e:f2:e3:60:eb:a0:c4:10:77:48:59:
                    37:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:7D:94:78:57:DC:DC:C4:FF:57:74:C6:98:E3:63:A4:11:8E:DE:A4
            X509v3 Authority Key Identifier:
                keyid:CC:CD:F6:51:62:37:D4:25:E9:AE:38:17:EC:B1:41:F4:81:77:3C:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zM32UWI31CXprjgX7LFB9IF3PBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/kn2UeFfc3MT_V3TGmONjpBGO3qQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/zM32UWI31CXprjgX7LFB9IF3PBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:4a:66:1f:0f:23:21:08:a0:a9:46:95:e6:48:cf:26:9c:8e:
         1d:67:3a:3f:a8:49:9c:66:85:85:83:b3:4c:6a:31:b1:ce:5e:
         f1:52:9a:6f:61:07:5f:39:d2:4b:4d:31:0b:df:d8:3a:dd:4f:
         fe:c9:f6:df:5b:61:4c:81:2f:a6:b1:f2:69:96:16:86:40:48:
         96:d8:4f:64:86:ae:5d:9a:70:ff:b6:2c:ae:b3:ab:ee:f2:34:
         63:e5:93:4a:e1:97:37:49:e5:42:24:28:c8:15:b5:eb:74:0a:
         ef:77:b6:06:25:83:7a:39:c7:9d:5f:ef:8d:ed:c3:c8:b5:9d:
         8d:80:b5:2b:3c:3c:08:21:ed:fa:2d:76:73:7c:eb:56:70:c1:
         85:00:ba:72:f9:91:61:c8:e4:04:e3:8e:0c:c1:65:a5:2e:ff:
         75:45:29:d6:2e:ee:87:fb:72:95:f7:cc:0e:7f:c2:8c:d6:3b:
         78:1c:5b:66:66:d9:5f:f9:fd:3e:89:67:04:39:78:73:f0:8d:
         ad:d8:7e:8c:32:0f:0c:86:83:b3:1d:03:d7:87:80:28:74:0a:
         b2:59:e5:44:31:1f:ca:2d:d0:33:74:38:9b:12:02:ad:3c:8d:
         65:f1:f8:c5:ae:34:c0:ee:53:f1:43:e5:58:39:d2:70:a9:72:
         ac:08:53:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3XSLuvynaLW7TEkJCBVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjY2RmNjUxNjIzN2Q0MjVlOWFlMzgxN2VjYjE0MWY0ODE3
NzNjMTIwHhcNMjQwMTAxMjIzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjdkOTQ3ODU3ZGNkY2M0ZmY1Nzc0YzY5OGUzNjNhNDExOGVkZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9hZ3VUSvOLRVWe/gk9prn4Itjph1
RTvUm8SJzvBsCQTaoayOfWttYN/dnrCeUWUGF+Teiu7VpdAyzCHXkYRQ6jwF/kjb
JGDa92j8qNWdavP/GHEWqvgsiRQ12H7y3yQW6M3LCZXWKRwfIuZ0y5ZC0GHAHwBQ
4lNG7g5oZ37ITO0pJ0e3mOBxd+SxmNG49tqqXG1oYuC/Y6vCwcmjb5UzASh8CihT
YZKcrrv1ePnMbg5LzcnpsPV6a7XqDQG9hwwZrzFccdb3nrFrROtd8VeGAf2To1l2
riaTQpmnXLchP1Z7zG3seoIJUC77mkl5hkuU0VdonvLjYOugxBB3SFk3ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJ9lHhX3NzE/1d0xpjjY6QRjt6kMB8GA1UdIwQY
MBaAFMzN9lFiN9Ql6a44F+yxQfSBdzwSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek0zMlVXSTMxQ1hwcmpnWDdMRkI5SUYzUEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zYjc0ODUtOGI3NC00ZDUwLTk3NGEt
MWI1MDE1MjA1MzJiLzEva24yVWVGZmMzTVRfVjNUR21PTmpwQkdPM3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zYjc0ODUtOGI3NC00ZDUwLTk3NGEtMWI1MDE1MjA1MzJi
LzEvek0zMlVXSTMxQ1hwcmpnWDdMRkI5SUYzUEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYz5MA0G
CSqGSIb3DQEBCwUAA4IBAQA/SmYfDyMhCKCpRpXmSM8mnI4dZzo/qEmcZoWFg7NM
ajGxzl7xUppvYQdfOdJLTTEL39g63U/+yfbfW2FMgS+msfJplhaGQEiW2E9khq5d
mnD/tiyus6vu8jRj5ZNK4Zc3SeVCJCjIFbXrdArvd7YGJYN6OcedX++N7cPItZ2N
gLUrPDwIIe36LXZzfOtWcMGFALpy+ZFhyOQE444MwWWlLv91RSnWLu6H+3KV98wO
f8KM1jt4HFtmZtlf+f0+iWcEOXhz8I2t2H6MMg8MhoOzHQPXh4AodAqyWeVEMR/K
LdAzdDibEgKtPI1l8fjFrjTA7lPxQ+VYOdJwqXKsCFM/
-----END CERTIFICATE-----