Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sXF8bG3ZOZGkSeQhkMRssvXgRnk.roa
File:                     sXF8bG3ZOZGkSeQhkMRssvXgRnk.roa (raw, json)
Hash identifier:          j80IXZCec+R6W40yhS4EaqGM22vasgTf+zyJ05mohi4=
Subject key identifier:   B1:71:7C:6C:6D:D9:39:91:A4:49:E4:21:90:C4:6C:B2:F5:E0:46:79
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7954F1C4BF431530E9FFC8B7E60E089
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sXF8bG3ZOZGkSeQhkMRssvXgRnk.roa
Signing time:             Tue 02 Jan 2024 00:31:40 +0000
ROA not before:           Tue 02 Jan 2024 00:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48459
IP address blocks:        89.42.231.0/24 maxlen: 24
                          89.42.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4f:1c:4b:f4:31:53:0e:9f:fc:8b:7e:60:e0:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1717c6c6dd93991a449e42190c46cb2f5e04679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:9c:44:11:3a:58:c5:d7:c8:53:d0:ca:19:0e:
                    df:0e:4b:51:ec:b5:e9:a6:c4:07:5b:1c:66:92:2c:
                    66:0d:6b:92:84:ec:d9:92:63:e9:eb:6f:b5:9d:69:
                    7b:15:d2:9c:48:fc:57:a0:df:45:bf:70:1a:e4:04:
                    77:8b:c5:73:3b:d7:21:55:b0:32:dd:67:8c:a0:d5:
                    43:79:ad:ed:69:ac:3c:7e:76:4f:97:df:fa:2e:26:
                    01:32:d2:ce:0b:1e:2c:dc:90:27:b4:c8:e3:10:96:
                    f9:00:75:27:af:68:7c:d0:92:17:da:fa:1f:de:6a:
                    88:d5:9e:df:70:09:df:23:07:5c:eb:11:57:d1:75:
                    d6:c1:b3:15:e2:06:b0:9c:36:16:cc:6f:6b:d1:ef:
                    e4:90:bd:c0:40:df:b0:72:b1:27:94:a5:cf:72:de:
                    ed:eb:26:18:c3:99:1a:67:d1:bb:74:8a:3c:fb:6f:
                    49:1f:22:6f:77:54:cf:e4:97:98:84:03:0c:97:bd:
                    10:bf:e3:99:bc:39:49:c9:f6:c2:70:e2:bb:8d:78:
                    2c:05:6c:71:01:91:4c:8b:3f:4b:f4:de:45:e3:23:
                    44:0d:45:a3:d8:65:bd:89:69:1c:e7:cf:53:d8:58:
                    f8:6e:89:28:7e:6b:d8:0d:e0:6f:a3:4a:d4:12:a4:
                    00:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:71:7C:6C:6D:D9:39:91:A4:49:E4:21:90:C4:6C:B2:F5:E0:46:79
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sXF8bG3ZOZGkSeQhkMRssvXgRnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.41.0/24
                  89.42.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         f0:3b:a8:4a:f8:84:39:f4:a6:aa:59:50:03:1f:c8:29:f7:b8:
         0f:4d:2a:22:41:76:b9:6b:c1:e1:2b:3a:17:75:87:bd:7b:ca:
         43:36:f1:4f:0d:5c:15:ec:8f:01:68:9b:52:f5:26:bf:8b:b2:
         be:a5:8f:a4:8a:1c:47:dd:c3:4e:43:4e:b3:c9:73:85:39:93:
         c2:be:e5:9a:d0:5a:1d:c4:70:f6:8c:54:5b:c8:4f:cb:61:e1:
         1a:1e:4c:10:59:35:fb:a8:1d:a6:c0:32:8d:c6:df:b0:b6:45:
         42:25:22:7e:42:77:a4:10:71:5a:ec:85:75:a8:bf:c5:6b:a0:
         c7:71:49:5e:f1:9e:8e:6b:dc:f5:80:4e:c0:b1:36:04:f0:44:
         0f:aa:d5:1f:16:c8:c6:f3:94:3a:ee:a8:c3:9e:ab:87:1e:d5:
         56:86:a3:5b:aa:01:c4:29:5d:03:f0:0f:d0:03:51:87:9c:cf:
         8e:8d:b5:17:e0:6c:0a:34:73:e8:e5:5d:71:7b:e4:2a:a6:08:
         2b:26:8f:05:45:10:08:a4:65:65:4a:2c:46:7c:46:ad:57:5e:
         76:97:61:5f:b6:67:a9:0b:dd:9d:3c:3c:d0:4a:23:f5:83:ca:
         a0:9a:f4:94:09:17:1d:1e:e6:a2:15:18:24:aa:2f:ab:e9:aa:
         04:26:6f:b6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlU8cS/QxUw6f/It+YOCJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTcxN2M2YzZkZDkzOTkxYTQ0OWU0MjE5MGM0NmNiMmY1ZTA0Njc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5xEETpYxdfIU9DKGQ7fDktR7LXp
psQHWxxmkixmDWuShOzZkmPp62+1nWl7FdKcSPxXoN9Fv3Aa5AR3i8VzO9chVbAy
3WeMoNVDea3taaw8fnZPl9/6LiYBMtLOCx4s3JAntMjjEJb5AHUnr2h80JIX2vof
3mqI1Z7fcAnfIwdc6xFX0XXWwbMV4gawnDYWzG9r0e/kkL3AQN+wcrEnlKXPct7t
6yYYw5kaZ9G7dIo8+29JHyJvd1TP5JeYhAMMl70Qv+OZvDlJyfbCcOK7jXgsBWxx
AZFMiz9L9N5F4yNEDUWj2GW9iWkc589T2Fj4bokofmvYDeBvo0rUEqQAvQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLFxfGxt2TmRpEnkIZDEbLL14EZ5MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3NYRjhiRzNaT1pHa1NlUWhrTVJzc3ZYZ1Juay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABZKikD
BABZKucwDQYJKoZIhvcNAQELBQADggEBAPA7qEr4hDn0pqpZUAMfyCn3uA9NKiJB
drlrweErOhd1h717ykM28U8NXBXsjwFom1L1Jr+Lsr6lj6SKHEfdw05DTrPJc4U5
k8K+5ZrQWh3EcPaMVFvIT8th4RoeTBBZNfuoHabAMo3G37C2RUIlIn5Cd6QQcVrs
hXWov8VroMdxSV7xno5r3PWATsCxNgTwRA+q1R8WyMbzlDruqMOeq4ce1VaGo1uq
AcQpXQPwD9ADUYecz46NtRfgbAo0c+jlXXF75CqmCCsmjwVFEAikZWVKLEZ8Rq1X
XnaXYV+2Z6kL3Z08PNBKI/WDyqCa9JQJFx0e5qIVGCSqL6vpqgQmb7Y=
-----END CERTIFICATE-----