Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/I1x-TmbNwkGkjTehAJPdkJLqpFk.roa
File:                     I1x-TmbNwkGkjTehAJPdkJLqpFk.roa (raw, json)
Hash identifier:          slJPTpNQ4Yzug64TIdLUM132n8HKPPB0sa1+rPANXT0=
Subject key identifier:   23:5C:7E:4E:66:CD:C2:41:A4:8D:37:A1:00:93:DD:90:92:EA:A4:59
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018DD50C961DF9C7FCE04398EE4F39FD6616
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/I1x-TmbNwkGkjTehAJPdkJLqpFk.roa
Signing time:             Fri 23 Feb 2024 08:19:48 +0000
ROA not before:           Fri 23 Feb 2024 08:19:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49434
IP address blocks:        89.251.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:0c:96:1d:f9:c7:fc:e0:43:98:ee:4f:39:fd:66:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Feb 23 08:19:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=235c7e4e66cdc241a48d37a10093dd9092eaa459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e2:c0:da:b6:c1:97:c9:b4:2a:3a:10:08:94:
                    1d:77:7a:c2:95:49:0e:11:9e:28:29:fb:bd:fc:e2:
                    80:1e:ba:19:c1:80:20:dd:73:93:9d:6a:34:79:21:
                    13:13:91:dc:fd:d1:2f:7f:32:2a:b3:aa:d0:b8:ed:
                    90:6e:bd:ce:f6:db:1b:fd:f7:12:2f:e9:9a:eb:42:
                    eb:5d:d9:2d:e1:dc:2d:77:af:2f:e8:09:e2:a6:be:
                    73:28:fa:99:5f:fe:e8:de:07:34:86:99:07:61:9d:
                    08:21:d3:2e:08:4d:c3:9f:59:cc:79:7d:81:db:33:
                    e5:01:a4:1a:5b:b7:bc:f4:3c:30:ea:66:71:e8:7e:
                    0f:a9:e2:cf:db:b6:24:8f:5d:5f:b6:2a:fb:4a:07:
                    43:97:ea:87:32:0e:3c:3a:8a:bc:0c:6f:66:d8:20:
                    51:d7:5f:81:a0:06:dd:63:4a:67:20:19:b8:14:27:
                    d7:7d:7a:6c:0f:9d:2a:83:cb:38:b7:9c:dd:6b:f4:
                    8f:50:c5:17:0b:de:b6:f2:52:22:57:d4:44:ac:7c:
                    54:54:01:95:53:33:8a:d2:45:d9:94:94:4f:f6:84:
                    c8:15:8d:52:db:b1:33:54:45:b2:a7:af:b9:fa:0a:
                    e2:64:a5:6e:53:21:8c:1f:ac:11:1c:ad:21:b8:c9:
                    51:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:5C:7E:4E:66:CD:C2:41:A4:8D:37:A1:00:93:DD:90:92:EA:A4:59
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/I1x-TmbNwkGkjTehAJPdkJLqpFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:15:70:fa:6c:14:ca:d8:77:97:a2:bc:cd:fa:74:e3:fc:95:
         f9:d5:73:35:af:40:4f:4c:c6:d7:09:70:22:7c:85:74:34:12:
         82:1c:06:d4:b6:82:38:df:a8:9d:af:23:44:0a:23:63:97:a8:
         4c:ac:a6:46:3a:1a:29:2e:d3:44:9a:db:6b:91:c2:20:67:06:
         c8:45:35:58:68:6e:62:51:05:95:b1:90:9e:96:50:5a:bf:57:
         ba:0e:a6:98:13:35:fb:ba:6e:0b:2e:6d:8b:fa:d7:65:45:dd:
         77:7c:5d:a2:6c:ce:9f:de:f0:cb:ed:28:af:9f:0a:ef:b6:69:
         4c:49:a3:31:6c:87:fd:53:0d:46:14:ef:88:a8:0d:71:a0:86:
         33:db:6b:38:5f:fe:b6:af:f8:cb:cc:93:c1:85:1d:4d:a7:ca:
         20:c5:dc:62:28:b1:74:65:f3:38:92:62:52:d7:4e:12:ba:67:
         54:a1:e5:0a:bc:19:de:6b:9d:8f:80:93:e8:a1:80:ad:a4:a2:
         75:90:ab:cd:0b:29:bb:12:da:d4:48:40:f3:e7:85:93:c9:05:
         c0:10:56:b4:8e:59:27:71:38:46:77:06:8e:4d:4f:73:81:dd:
         8b:67:09:fd:21:15:85:7c:89:ed:b5:43:6c:a3:cd:b5:70:c3:
         05:21:51:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3VDJYd+cf84EOY7k85/WYWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMjIzMDgxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzVjN2U0ZTY2Y2RjMjQxYTQ4ZDM3YTEwMDkzZGQ5MDkyZWFhNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuLA2rbBl8m0KjoQCJQdd3rClUkO
EZ4oKfu9/OKAHroZwYAg3XOTnWo0eSETE5Hc/dEvfzIqs6rQuO2Qbr3O9tsb/fcS
L+ma60LrXdkt4dwtd68v6Anipr5zKPqZX/7o3gc0hpkHYZ0IIdMuCE3Dn1nMeX2B
2zPlAaQaW7e89Dww6mZx6H4PqeLP27Ykj11ftir7SgdDl+qHMg48Ooq8DG9m2CBR
11+BoAbdY0pnIBm4FCfXfXpsD50qg8s4t5zda/SPUMUXC9628lIiV9RErHxUVAGV
UzOK0kXZlJRP9oTIFY1S27EzVEWyp6+5+griZKVuUyGMH6wRHK0huMlRyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNcfk5mzcJBpI03oQCT3ZCS6qRZMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvSTF4LVRtYk53a0dralRlaEFKUGRrSkxxcEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsXMA0G
CSqGSIb3DQEBCwUAA4IBAQA+FXD6bBTK2HeXorzN+nTj/JX51XM1r0BPTMbXCXAi
fIV0NBKCHAbUtoI436idryNECiNjl6hMrKZGOhopLtNEmttrkcIgZwbIRTVYaG5i
UQWVsZCellBav1e6DqaYEzX7um4LLm2L+tdlRd13fF2ibM6f3vDL7SivnwrvtmlM
SaMxbIf9Uw1GFO+IqA1xoIYz22s4X/62r/jLzJPBhR1Np8ogxdxiKLF0ZfM4kmJS
104SumdUoeUKvBnea52PgJPooYCtpKJ1kKvNCym7EtrUSEDz54WTyQXAEFa0jlkn
cThGdwaOTU9zgd2LZwn9IRWFfInttUNso821cMMFIVFU
-----END CERTIFICATE-----