Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/r3Ck7fpoOKp57Mk1jJgw8XHWAxg.roa
File:                     r3Ck7fpoOKp57Mk1jJgw8XHWAxg.roa (raw, json)
Hash identifier:          jDsvxvKf5uFW/4bW6b3NOwjRJy48sDgwtQTJJofZqGM=
Subject key identifier:   AF:70:A4:ED:FA:68:38:AA:79:EC:C9:35:8C:98:30:F1:71:D6:03:18
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       0194221F74075412F4D40A43BAC68FAA853D
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/r3Ck7fpoOKp57Mk1jJgw8XHWAxg.roa
Signing time:             Wed 01 Jan 2025 13:47:54 +0000
ROA not before:           Wed 01 Jan 2025 13:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6453
IP address blocks:        89.39.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 22:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:74:07:54:12:f4:d4:0a:43:ba:c6:8f:aa:85:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  1 13:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af70a4edfa6838aa79ecc9358c9830f171d60318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:9d:14:f7:8d:ed:01:e8:db:89:8d:42:63:4c:
                    7a:2e:89:b3:a9:cb:1b:35:5c:64:b0:31:7d:db:c5:
                    e7:72:22:df:d2:55:25:00:e5:3a:72:ee:cb:e4:00:
                    0d:e0:86:d6:d4:43:fc:13:37:d5:b9:89:e0:12:fc:
                    2c:d6:a8:c0:46:9e:38:97:06:3d:99:61:37:fb:29:
                    c5:fb:48:f4:fd:3c:a5:6b:d5:f6:75:2a:ff:8f:8f:
                    f3:2d:fa:b8:55:a9:b5:64:ef:0c:f1:74:d6:b5:bf:
                    4a:1e:70:68:8e:56:cf:aa:8e:8e:2d:3f:7c:77:64:
                    40:9a:d3:e3:59:ba:8a:ef:98:ee:6b:1c:6d:2b:82:
                    26:00:a1:fd:91:3d:82:f9:b0:48:e4:40:04:a4:bd:
                    db:16:69:de:0f:5f:bc:4b:de:d0:9a:8d:36:5b:b5:
                    9c:7b:20:6f:91:c2:04:5b:7c:00:48:f8:b4:bc:0d:
                    bd:ec:6d:c4:18:eb:51:6f:29:0d:8e:3b:2d:54:8c:
                    a0:5d:46:40:3e:f2:b0:b2:a7:72:14:9d:e2:ab:9e:
                    cf:e1:97:bb:62:c2:15:8b:42:32:4a:76:4a:72:41:
                    6f:2c:c4:e8:c9:73:40:6e:5e:0c:ac:76:f4:19:a4:
                    e1:0b:6c:49:ac:2f:73:1c:fb:99:ac:c5:c7:f0:e0:
                    18:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:70:A4:ED:FA:68:38:AA:79:EC:C9:35:8C:98:30:F1:71:D6:03:18
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/r3Ck7fpoOKp57Mk1jJgw8XHWAxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:97:67:b1:bf:df:eb:40:e4:df:c3:ab:db:8a:17:6a:89:61:
         f0:9a:e4:96:d0:9f:ec:2d:c9:77:cb:8f:aa:d7:2c:0d:9f:37:
         85:8e:fe:ee:e6:20:ee:f8:42:02:97:99:71:5d:51:27:ca:67:
         e5:b3:b8:2e:6a:67:76:46:2f:50:b8:b4:49:bc:1f:8f:2b:1b:
         8b:28:d5:3c:b8:64:7b:58:fd:f5:b5:a4:bc:4b:73:95:64:8a:
         86:33:61:96:ad:5e:e4:d2:7a:f0:c3:f4:2d:93:d3:53:f9:3c:
         d1:e4:fb:d2:09:90:42:d7:ba:bc:2e:e2:ca:f6:cc:de:74:71:
         2f:cf:27:bb:f9:95:42:e4:f5:e3:4b:05:85:3a:c3:e3:60:3a:
         f2:00:5f:ed:e1:0a:bf:e7:0d:ff:89:d5:22:8d:b4:4c:fc:22:
         8a:4c:2e:48:fb:17:ed:d4:a2:a6:a7:dc:d5:5b:df:b5:56:8b:
         2c:9c:c8:7f:19:0e:fe:2c:b4:8e:90:b1:89:54:56:bd:83:d3:
         c1:57:2f:f2:36:71:49:02:4d:aa:33:10:d8:bf:88:79:76:e7:
         b3:5b:17:83:79:78:d1:07:70:c0:48:c2:01:37:f7:97:1c:f2:
         03:bb:44:5d:e2:6a:c2:a8:7c:f6:92:e4:c5:70:ea:bb:e6:65:
         b8:c2:41:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH3QHVBL01ApDusaPqoU9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjUwMTAxMTM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjcwYTRlZGZhNjgzOGFhNzllY2M5MzU4Yzk4MzBmMTcxZDYwMzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Z0U943tAejbiY1CY0x6Lomzqcsb
NVxksDF928XnciLf0lUlAOU6cu7L5AAN4IbW1EP8EzfVuYngEvws1qjARp44lwY9
mWE3+ynF+0j0/Tyla9X2dSr/j4/zLfq4Vam1ZO8M8XTWtb9KHnBojlbPqo6OLT98
d2RAmtPjWbqK75juaxxtK4ImAKH9kT2C+bBI5EAEpL3bFmneD1+8S97Qmo02W7Wc
eyBvkcIEW3wASPi0vA297G3EGOtRbykNjjstVIygXUZAPvKwsqdyFJ3iq57P4Ze7
YsIVi0IySnZKckFvLMToyXNAbl4MrHb0GaThC2xJrC9zHPuZrMXH8OAYswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9wpO36aDiqeezJNYyYMPFx1gMYMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvcjNDazdmcG9PS3A1N01rMWpKZ3c4WEhXQXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWScGMA0G
CSqGSIb3DQEBCwUAA4IBAQAnl2exv9/rQOTfw6vbihdqiWHwmuSW0J/sLcl3y4+q
1ywNnzeFjv7u5iDu+EICl5lxXVEnymfls7guamd2Ri9QuLRJvB+PKxuLKNU8uGR7
WP31taS8S3OVZIqGM2GWrV7k0nrww/Qtk9NT+TzR5PvSCZBC17q8LuLK9szedHEv
zye7+ZVC5PXjSwWFOsPjYDryAF/t4Qq/5w3/idUijbRM/CKKTC5I+xft1KKmp9zV
W9+1VossnMh/GQ7+LLSOkLGJVFa9g9PBVy/yNnFJAk2qMxDYv4h5duezWxeDeXjR
B3DASMIBN/eXHPIDu0Rd4mrCqHz2kuTFcOq75mW4wkEV
-----END CERTIFICATE-----