Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/B7k9SyHbU6oZ20c_PwPv7OFTRd0.roa
File:                     B7k9SyHbU6oZ20c_PwPv7OFTRd0.roa (raw, json)
Hash identifier:          Z6jG2Ngbf5VHZaSPoAOXgP3PUwN/9sHJgxw/+Eng21k=
Subject key identifier:   07:B9:3D:4B:21:DB:53:AA:19:DB:47:3F:3F:03:EF:EC:E1:53:45:DD
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       01934B560ABF67394B93813229C14283FA62
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/B7k9SyHbU6oZ20c_PwPv7OFTRd0.roa
Signing time:             Wed 20 Nov 2024 20:49:10 +0000
ROA not before:           Wed 20 Nov 2024 20:49:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        213.145.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4b:56:0a:bf:67:39:4b:93:81:32:29:c1:42:83:fa:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Nov 20 20:49:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07b93d4b21db53aa19db473f3f03efece15345dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f0:2c:c6:9e:e6:56:7d:50:67:43:c0:99:e2:
                    5e:71:f5:ce:53:04:8b:7c:1a:94:b5:ec:3c:dd:7b:
                    0a:4b:ca:0c:71:dc:2b:2a:70:c5:33:91:26:1f:f5:
                    59:12:62:9d:d7:0e:8b:e6:d2:c8:fc:54:af:f1:6e:
                    9f:2a:a3:e6:3f:cc:cd:c5:79:78:4c:fa:74:5c:13:
                    db:6d:34:67:05:f7:09:f6:ef:19:42:e6:30:46:3f:
                    9f:4d:04:66:a4:b4:6a:22:55:d5:2b:14:33:0d:b7:
                    82:41:71:5b:b5:96:c9:de:df:fc:e2:c8:10:4d:65:
                    e2:a6:31:46:8f:f5:f2:76:b6:13:97:3e:a7:9a:09:
                    50:3f:c4:eb:8c:fb:05:91:39:3c:59:d1:8a:2b:67:
                    e0:d3:7a:33:84:cb:7e:cd:94:54:a1:2e:bc:8a:c5:
                    6e:d4:97:c9:3a:dd:8e:50:18:dc:ec:c7:2c:2c:24:
                    f9:5a:87:c2:23:73:60:eb:88:c4:f2:b2:96:cd:3a:
                    bf:24:be:fc:f7:0f:c6:d9:5d:c2:16:bc:92:79:e4:
                    b7:e2:63:89:08:00:e5:bc:f8:7f:67:cc:4e:8d:fe:
                    37:10:0f:e9:0e:b6:79:2d:48:e9:51:e9:4b:4c:ac:
                    e6:f4:f5:03:05:a4:cb:70:0d:23:11:15:d4:3c:4e:
                    40:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:B9:3D:4B:21:DB:53:AA:19:DB:47:3F:3F:03:EF:EC:E1:53:45:DD
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/B7k9SyHbU6oZ20c_PwPv7OFTRd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:27:90:6d:55:77:b2:33:81:96:2c:e3:61:38:55:27:38:54:
         ea:5e:12:e7:87:f9:ed:bf:5a:1d:52:45:19:73:e5:94:97:b0:
         4a:9a:75:9c:d5:d2:7a:c1:c4:d2:f1:a0:c1:a7:2b:06:f2:db:
         ed:0d:0c:b5:3b:a4:ca:d5:45:95:21:13:83:17:4b:68:85:36:
         36:ef:21:ae:4e:d7:49:49:20:49:cb:92:91:d7:ae:71:03:16:
         91:5b:eb:46:0c:d3:51:6a:6b:7f:8b:19:bc:d5:69:d7:e2:3d:
         63:2c:92:0b:75:ee:7d:9f:77:a8:d4:68:3f:0c:83:15:1f:cc:
         6e:c3:b1:ce:c2:c9:af:1b:d3:ce:c3:54:4f:cc:40:a7:8b:a8:
         92:f2:f6:24:f9:c7:99:5b:53:cd:1f:a8:fa:72:51:f3:68:f5:
         bc:f5:48:03:88:a4:94:90:53:38:ff:bd:1c:23:f6:75:45:01:
         55:fb:f2:3d:d3:18:d9:87:00:ea:aa:ff:70:b5:bd:cb:41:e2:
         4e:a6:62:6f:7f:db:26:b7:91:82:ea:03:02:60:c4:e6:19:28:
         4a:5b:92:72:86:8b:44:20:a6:66:f1:3c:69:da:88:42:65:68:
         11:35:11:1c:5e:80:0a:da:46:5b:50:fa:76:18:19:8f:c9:70:
         c7:24:4a:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNLVgq/ZzlLk4EyKcFCg/piMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjQxMTIwMjA0OTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2I5M2Q0YjIxZGI1M2FhMTlkYjQ3M2YzZjAzZWZlY2UxNTM0NWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifAsxp7mVn1QZ0PAmeJecfXOUwSL
fBqUtew83XsKS8oMcdwrKnDFM5EmH/VZEmKd1w6L5tLI/FSv8W6fKqPmP8zNxXl4
TPp0XBPbbTRnBfcJ9u8ZQuYwRj+fTQRmpLRqIlXVKxQzDbeCQXFbtZbJ3t/84sgQ
TWXipjFGj/XydrYTlz6nmglQP8TrjPsFkTk8WdGKK2fg03ozhMt+zZRUoS68isVu
1JfJOt2OUBjc7McsLCT5WofCI3Ng64jE8rKWzTq/JL789w/G2V3CFrySeeS34mOJ
CADlvPh/Z8xOjf43EA/pDrZ5LUjpUelLTKzm9PUDBaTLcA0jERXUPE5AqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAe5PUsh21OqGdtHPz8D7+zhU0XdMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvQjdrOVN5SGJVNm9aMjBjX1B3UHY3T0ZUUmQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFZMA0G
CSqGSIb3DQEBCwUAA4IBAQBtJ5BtVXeyM4GWLONhOFUnOFTqXhLnh/ntv1odUkUZ
c+WUl7BKmnWc1dJ6wcTS8aDBpysG8tvtDQy1O6TK1UWVIRODF0tohTY27yGuTtdJ
SSBJy5KR165xAxaRW+tGDNNRamt/ixm81WnX4j1jLJILde59n3eo1Gg/DIMVH8xu
w7HOwsmvG9POw1RPzECni6iS8vYk+ceZW1PNH6j6clHzaPW89UgDiKSUkFM4/70c
I/Z1RQFV+/I90xjZhwDqqv9wtb3LQeJOpmJvf9smt5GC6gMCYMTmGShKW5JyhotE
IKZm8Txp2ohCZWgRNREcXoAK2kZbUPp2GBmPyXDHJEoA
-----END CERTIFICATE-----