Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/AherSHwq6MMg3c4JEpsUfJlpSXs.roa
File:                     AherSHwq6MMg3c4JEpsUfJlpSXs.roa (raw, json)
Hash identifier:          RBhYnEbi3u8JjMHKD5LlWEOaGfI3ZmcF0Unl8nxMjgU=
Subject key identifier:   02:17:AB:48:7C:2A:E8:C3:20:DD:CE:09:12:9B:14:7C:99:69:49:7B
Certificate issuer:       /CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Certificate serial:       018CC3B6971DDB152997A4C1974AA7F44807
Authority key identifier: EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/AherSHwq6MMg3c4JEpsUfJlpSXs.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64452
IP address blocks:        89.44.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:97:1d:db:15:29:97:a4:c1:97:4a:a7:f4:48:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0217ab487c2ae8c320ddce09129b147c9969497b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a1:41:58:bd:38:4e:64:99:3b:5c:1c:79:91:
                    85:f0:c5:3b:28:fd:17:79:ec:74:38:6f:40:4c:7b:
                    0d:b9:bc:03:3b:f5:47:36:75:33:bf:e1:fc:08:5b:
                    dc:b1:70:57:a4:bd:e6:6f:86:bf:b2:33:0f:96:ba:
                    10:42:7d:08:16:64:c9:4a:de:db:11:78:c4:ff:ad:
                    d4:d0:94:93:2b:07:0a:56:6a:83:97:a0:42:c4:be:
                    c7:49:e4:9b:c5:ea:97:48:cb:d9:2c:5e:d0:e9:f0:
                    26:46:67:7d:42:91:bb:ff:0a:bb:2c:44:f2:37:35:
                    cf:03:cd:f1:dc:3e:6b:db:3b:5c:ba:71:de:bb:90:
                    44:46:fd:4d:09:4b:00:e2:ce:ff:24:08:5b:b7:eb:
                    e0:30:dc:07:e5:03:13:86:07:5d:04:bb:5c:76:ed:
                    c7:71:93:55:36:7c:8c:e2:b3:ee:a3:13:d9:cc:03:
                    fa:33:65:a5:fc:3c:d5:bd:0f:9f:93:cd:78:3f:05:
                    50:28:81:c1:ac:9d:32:03:bb:e3:fb:1c:25:61:c0:
                    02:6c:47:0a:d8:0f:f3:9d:4e:61:32:da:fb:12:75:
                    83:10:61:32:2d:13:30:f1:8d:97:c7:95:01:24:e6:
                    42:e1:69:ed:7c:4f:22:d2:36:c3:25:05:2c:90:0a:
                    29:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:17:AB:48:7C:2A:E8:C3:20:DD:CE:09:12:9B:14:7C:99:69:49:7B
            X509v3 Authority Key Identifier:
                keyid:EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/AherSHwq6MMg3c4JEpsUfJlpSXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:05:47:ac:2b:f3:ea:d9:2c:72:26:5e:12:19:97:e7:c6:16:
         40:52:81:d7:15:af:a9:75:0f:18:b9:25:9d:85:6a:16:2b:99:
         69:c6:d5:1b:08:e5:3c:c3:92:19:64:09:d2:2e:77:35:19:0e:
         4d:24:47:b6:5c:01:fc:59:f5:90:ae:78:86:db:4c:ad:6d:a1:
         ca:2d:e6:a6:19:37:90:0a:be:1f:0a:6c:69:1f:ec:61:d4:52:
         ef:b8:4c:dd:13:9a:8e:42:10:44:f6:4e:c8:f0:8c:d9:1c:0c:
         8b:6f:69:c0:81:33:ca:d4:a2:22:98:bf:5f:2c:17:99:e4:05:
         1b:79:aa:75:4e:6f:41:41:f6:aa:17:45:92:58:19:09:12:0d:
         b1:75:a7:9e:d3:46:00:a0:56:33:52:93:c3:f8:ab:71:17:67:
         4a:26:93:0e:96:9f:14:f4:8e:be:2b:6b:bd:b7:9f:99:d5:80:
         d8:b2:2e:2c:84:4a:74:a8:2f:b0:da:a1:21:ec:d5:56:a8:20:
         9b:58:88:c8:be:d8:ed:93:0f:51:71:7b:9f:71:da:01:5e:8a:
         e6:da:af:21:79:2b:21:cd:4e:64:5a:f0:fd:4c:9e:4d:58:15:
         ec:57:b6:86:7c:65:15:f9:1f:f6:b7:49:b2:b4:bb:a9:df:b8:
         ba:8c:18:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpcd2xUpl6TBl0qn9EgHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjQyZTgwNjAyYWVkZjU4YTNjN2E4MTg4M2MxYTM0ZjY5
ZDJmYjQwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjE3YWI0ODdjMmFlOGMzMjBkZGNlMDkxMjliMTQ3Yzk5Njk0OTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKFBWL04TmSZO1wceZGF8MU7KP0X
eex0OG9ATHsNubwDO/VHNnUzv+H8CFvcsXBXpL3mb4a/sjMPlroQQn0IFmTJSt7b
EXjE/63U0JSTKwcKVmqDl6BCxL7HSeSbxeqXSMvZLF7Q6fAmRmd9QpG7/wq7LETy
NzXPA83x3D5r2ztcunHeu5BERv1NCUsA4s7/JAhbt+vgMNwH5QMThgddBLtcdu3H
cZNVNnyM4rPuoxPZzAP6M2Wl/DzVvQ+fk814PwVQKIHBrJ0yA7vj+xwlYcACbEcK
2A/znU5hMtr7EnWDEGEyLRMw8Y2Xx5UBJOZC4WntfE8i0jbDJQUskAopTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIXq0h8KujDIN3OCRKbFHyZaUl7MB8GA1UdIwQY
MBaAFOv0LoBgKu31ijx6gYg8GjT2nS+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2Mt
MTkwM2VkYWZhOGJmLzEvQWhlclNId3E2TU1nM2M0SkVwc1VmSmxwU1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2MtMTkwM2VkYWZhOGJm
LzEvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSxXMA0G
CSqGSIb3DQEBCwUAA4IBAQBcBUesK/Pq2SxyJl4SGZfnxhZAUoHXFa+pdQ8YuSWd
hWoWK5lpxtUbCOU8w5IZZAnSLnc1GQ5NJEe2XAH8WfWQrniG20ytbaHKLeamGTeQ
Cr4fCmxpH+xh1FLvuEzdE5qOQhBE9k7I8IzZHAyLb2nAgTPK1KIimL9fLBeZ5AUb
eap1Tm9BQfaqF0WSWBkJEg2xdaee00YAoFYzUpPD+KtxF2dKJpMOlp8U9I6+K2u9
t5+Z1YDYsi4shEp0qC+w2qEh7NVWqCCbWIjIvtjtkw9RcXufcdoBXorm2q8heSsh
zU5kWvD9TJ5NWBXsV7aGfGUV+R/2t0mytLup37i6jBiN
-----END CERTIFICATE-----