Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/qXg0g6JWJFUTa4ITe68QnDBems4.roa
File:                     qXg0g6JWJFUTa4ITe68QnDBems4.roa (raw, json)
Hash identifier:          VFELCVX9FCfoFoaHGPn4AFPAsZrkyRGyX1yNueP/trs=
Subject key identifier:   A9:78:34:83:A2:56:24:55:13:6B:82:13:7B:AF:10:9C:30:5E:9A:CE
Certificate issuer:       /CN=c0e549fdceeb02912c8a8741c816806bbe19c448
Certificate serial:       0190366829B506F165D57454CC42E16A990E
Authority key identifier: C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/qXg0g6JWJFUTa4ITe68QnDBems4.roa
Signing time:             Thu 20 Jun 2024 16:08:34 +0000
ROA not before:           Thu 20 Jun 2024 16:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214678
IP address blocks:        89.34.76.0/24 maxlen: 24
                          185.240.90.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:36:68:29:b5:06:f1:65:d5:74:54:cc:42:e1:6a:99:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e549fdceeb02912c8a8741c816806bbe19c448
        Validity
            Not Before: Jun 20 16:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9783483a2562455136b82137baf109c305e9ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f4:84:f6:96:f5:d8:ba:b8:c6:d0:65:db:b2:
                    cb:00:65:60:ee:ac:be:e7:c9:66:de:29:01:91:26:
                    b5:65:83:0e:df:cf:8d:fa:52:63:ea:59:e8:db:3b:
                    b7:da:c1:ad:80:2c:ea:ab:5f:3c:05:96:a9:78:37:
                    f4:24:72:f9:59:5c:06:dc:cf:61:18:65:5f:4e:0a:
                    93:9b:0a:f8:ed:bd:e9:9f:cf:c9:a3:0c:82:a8:56:
                    bd:63:88:31:3d:37:ab:5a:d0:ba:9f:6c:58:28:b6:
                    b0:87:8c:b5:3a:bb:ab:88:09:0d:d8:b2:a3:0f:7d:
                    e1:d4:32:00:52:68:12:0b:4f:0e:3c:37:d6:df:3e:
                    46:06:9e:bd:bc:c9:7a:29:09:0b:29:5d:c8:01:e2:
                    39:ce:8e:d9:21:60:ab:39:ca:8c:ae:95:7b:2f:70:
                    60:fe:50:01:32:5f:53:f2:2a:08:14:90:a5:02:fc:
                    55:23:6e:bd:46:5f:3c:6c:b9:40:fb:5a:36:f4:e5:
                    06:2a:09:c0:cf:b1:95:cf:ea:7c:c3:29:5f:d0:17:
                    02:a4:67:62:ba:15:4a:3a:c2:8e:74:1c:33:84:94:
                    60:ce:09:2c:4f:23:7c:28:bd:ab:4c:ae:48:60:58:
                    ef:e6:1e:50:fe:5e:8c:3c:87:44:74:95:dd:0c:50:
                    c2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:78:34:83:A2:56:24:55:13:6B:82:13:7B:AF:10:9C:30:5E:9A:CE
            X509v3 Authority Key Identifier:
                keyid:C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/qXg0g6JWJFUTa4ITe68QnDBems4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.76.0/24
                  185.240.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:a4:91:bb:a9:8a:1c:ba:ad:3f:8f:49:07:55:30:8e:59:83:
         22:17:78:ed:72:b3:7b:6a:d9:cf:0e:aa:c2:a8:23:00:bf:fc:
         ae:3c:72:9f:67:dd:2d:3a:75:71:66:7c:aa:12:90:35:6b:3c:
         37:89:35:48:55:f5:93:5c:cf:d1:b3:bc:5c:36:49:dc:9a:ed:
         52:0b:f3:bd:11:86:e0:64:9e:6d:01:d4:94:53:98:52:8a:b5:
         13:ce:52:0f:d0:24:6f:47:af:0a:3d:c9:a3:ef:82:86:cb:69:
         27:b2:ab:82:1e:22:29:5b:6f:c7:b2:4b:43:c9:cc:71:52:07:
         07:2a:be:57:94:a0:04:87:a5:41:c1:c6:46:5b:5c:f4:e0:ce:
         16:ff:8d:c5:ea:d7:f4:f6:2c:7a:1c:cd:3e:6c:f2:03:69:c2:
         4d:60:fe:3d:16:79:3e:ad:dc:43:ed:63:e6:cd:15:f7:ed:03:
         97:a3:5f:b5:51:fa:c3:d5:65:ce:9e:3c:0e:7d:38:17:09:e2:
         84:4a:00:69:31:1e:04:ad:58:63:b9:0b:19:8d:23:7d:97:3d:
         c6:4f:46:c2:09:20:6f:9d:88:e5:a4:64:e3:2a:16:bd:22:1e:
         eb:45:c3:71:5f:7c:6a:95:40:51:3b:90:a5:9f:53:ce:f3:59:
         5e:53:1c:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZA2aCm1BvFl1XRUzELhapkOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZTU0OWZkY2VlYjAyOTEyYzhhODc0MWM4MTY4MDZiYmUx
OWM0NDgwHhcNMjQwNjIwMTYwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTc4MzQ4M2EyNTYyNDU1MTM2YjgyMTM3YmFmMTA5YzMwNWU5YWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPSE9pb12Lq4xtBl27LLAGVg7qy+
58lm3ikBkSa1ZYMO38+N+lJj6lno2zu32sGtgCzqq188BZapeDf0JHL5WVwG3M9h
GGVfTgqTmwr47b3pn8/JowyCqFa9Y4gxPTerWtC6n2xYKLawh4y1OruriAkN2LKj
D33h1DIAUmgSC08OPDfW3z5GBp69vMl6KQkLKV3IAeI5zo7ZIWCrOcqMrpV7L3Bg
/lABMl9T8ioIFJClAvxVI269Rl88bLlA+1o29OUGKgnAz7GVz+p8wylf0BcCpGdi
uhVKOsKOdBwzhJRgzgksTyN8KL2rTK5IYFjv5h5Q/l6MPIdEdJXdDFDCCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKl4NIOiViRVE2uCE3uvEJwwXprOMB8GA1UdIwQY
MBaAFMDlSf3O6wKRLIqHQcgWgGu+GcRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMt
YWQyZmRhNDc5ODhlLzEvcVhnMGc2SldKRlVUYTRJVGU2OFFuREJlbXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMtYWQyZmRhNDc5ODhl
LzEvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSJMAwQB
ufBaMA0GCSqGSIb3DQEBCwUAA4IBAQB2pJG7qYocuq0/j0kHVTCOWYMiF3jtcrN7
atnPDqrCqCMAv/yuPHKfZ90tOnVxZnyqEpA1azw3iTVIVfWTXM/Rs7xcNkncmu1S
C/O9EYbgZJ5tAdSUU5hSirUTzlIP0CRvR68KPcmj74KGy2knsquCHiIpW2/HsktD
ycxxUgcHKr5XlKAEh6VBwcZGW1z04M4W/43F6tf09ix6HM0+bPIDacJNYP49Fnk+
rdxD7WPmzRX37QOXo1+1UfrD1WXOnjwOfTgXCeKESgBpMR4ErVhjuQsZjSN9lz3G
T0bCCSBvnYjlpGTjKha9Ih7rRcNxX3xqlUBRO5Cln1PO81leUxxs
-----END CERTIFICATE-----