Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/Ks2E1N23FL1JlkaeAWsDQ0VTeMA.roa
File:                     Ks2E1N23FL1JlkaeAWsDQ0VTeMA.roa (raw, json)
Hash identifier:          t0ikCKjSARWk2IVi/g7K6CXdDGiaZQEnFkAP2udGzsQ=
Subject key identifier:   2A:CD:84:D4:DD:B7:14:BD:49:96:46:9E:01:6B:03:43:45:53:78:C0
Certificate issuer:       /CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Certificate serial:       019426D9F94B7B897E3963C21DB102FE3E5C
Authority key identifier: 5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/Ks2E1N23FL1JlkaeAWsDQ0VTeMA.roa
Signing time:             Thu 02 Jan 2025 11:50:06 +0000
ROA not before:           Thu 02 Jan 2025 11:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60331
IP address blocks:        89.30.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f9:4b:7b:89:7e:39:63:c2:1d:b1:02:fe:3e:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e400ac2396ae228d2b2e56f4b06739969379e44
        Validity
            Not Before: Jan  2 11:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2acd84d4ddb714bd4996469e016b0343455378c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8b:a5:e5:ba:44:53:6b:45:8e:d9:92:d6:76:
                    19:f6:62:4e:e7:f7:2e:51:be:b7:f9:fb:e7:14:d0:
                    53:99:98:f4:0f:dc:6b:68:5f:19:fc:6b:2e:be:1f:
                    c9:28:c1:30:b4:90:29:e4:1f:40:5a:af:ef:ed:82:
                    a1:f6:6e:f0:87:5a:a7:58:2c:75:d2:d6:2e:b8:6f:
                    56:9d:62:da:bc:d1:0d:79:c7:ba:4b:89:71:34:0d:
                    00:76:81:85:e7:97:03:a0:f2:56:f9:8e:21:8e:26:
                    83:79:4b:2f:63:d7:31:bd:2f:c8:53:4b:08:fd:54:
                    fd:b0:42:e2:59:8b:b4:62:e9:60:f8:34:d9:59:27:
                    87:8a:d8:c4:a0:44:3c:dc:a3:1a:ba:2f:08:24:9f:
                    59:6d:75:62:3f:ae:47:cc:3c:4f:de:66:c1:bd:aa:
                    0e:e7:ea:cc:93:85:ef:c3:f7:a8:70:3d:64:11:b3:
                    b5:cb:8a:aa:a8:80:87:2e:36:75:f3:76:8e:f2:2a:
                    17:30:29:cd:97:b0:71:ef:e7:d2:35:b3:79:f2:99:
                    c5:d4:f6:2d:82:37:99:95:7b:83:ca:63:28:c3:b3:
                    08:f2:20:89:fd:8f:36:10:a6:82:45:80:4f:63:42:
                    07:a7:9b:37:63:83:12:57:c4:d8:aa:7b:2d:eb:c5:
                    61:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:CD:84:D4:DD:B7:14:BD:49:96:46:9E:01:6B:03:43:45:53:78:C0
            X509v3 Authority Key Identifier:
                keyid:5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/Ks2E1N23FL1JlkaeAWsDQ0VTeMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.30.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:37:0f:68:95:bf:a1:da:0e:ae:77:ba:e7:06:4c:cf:0f:2f:
         5e:93:45:76:80:2f:ac:d7:36:dc:3b:a7:86:d2:f8:50:39:e4:
         9e:99:53:12:d2:e2:f5:0f:c0:e3:eb:e1:fb:1f:69:7f:01:6e:
         d2:de:ba:e8:ac:83:f1:89:d6:cf:18:55:da:a7:fe:8e:5a:9a:
         6e:e5:54:71:82:65:b0:3a:5e:c7:33:43:d3:47:23:bf:58:f6:
         2c:92:07:81:76:2b:30:62:cb:25:16:5f:5b:b4:73:3c:2f:b0:
         93:ef:75:b8:3b:54:ab:40:8c:53:53:75:5e:4f:45:ed:c6:c1:
         7d:06:b4:3c:58:96:ad:93:d6:f8:38:a5:71:43:34:1e:c7:be:
         fe:5e:c6:8b:d5:64:36:51:34:31:2e:fe:f2:bf:17:af:aa:42:
         8e:37:6f:4d:23:96:47:ce:54:e4:ca:8e:c6:df:b6:e9:fe:f4:
         62:df:0c:6b:a9:a5:66:3a:ae:db:0b:be:df:b3:d1:dc:bb:99:
         cf:ff:54:f2:ab:9e:fb:1b:2d:aa:1b:94:5c:d5:14:4e:f4:d2:
         98:f9:8e:eb:a7:c6:99:c7:05:55:fa:94:93:eb:5f:93:1a:c7:
         9c:54:ad:e4:ae:17:23:97:ca:c8:5d:f6:14:63:3b:09:8a:43:
         61:cf:01:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2flLe4l+OWPCHbEC/j5cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNDAwYWMyMzk2YWUyMjhkMmIyZTU2ZjRiMDY3Mzk5Njkz
NzllNDQwHhcNMjUwMTAyMTE1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWNkODRkNGRkYjcxNGJkNDk5NjQ2OWUwMTZiMDM0MzQ1NTM3OGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIul5bpEU2tFjtmS1nYZ9mJO5/cu
Ub63+fvnFNBTmZj0D9xraF8Z/Gsuvh/JKMEwtJAp5B9AWq/v7YKh9m7wh1qnWCx1
0tYuuG9WnWLavNENece6S4lxNA0AdoGF55cDoPJW+Y4hjiaDeUsvY9cxvS/IU0sI
/VT9sELiWYu0Yulg+DTZWSeHitjEoEQ83KMaui8IJJ9ZbXViP65HzDxP3mbBvaoO
5+rMk4Xvw/eocD1kEbO1y4qqqICHLjZ183aO8ioXMCnNl7Bx7+fSNbN58pnF1PYt
gjeZlXuDymMow7MI8iCJ/Y82EKaCRYBPY0IHp5s3Y4MSV8TYqnst68VhnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrNhNTdtxS9SZZGngFrA0NFU3jAMB8GA1UdIwQY
MBaAFF5ACsI5auIo0rLlb0sGc5lpN55EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYt
ZGZlZDEyZjFhMDFlLzEvS3MyRTFOMjNGTDFKbGthZUFXc0RRMFZUZU1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYtZGZlZDEyZjFhMDFl
LzEvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWR5qMA0G
CSqGSIb3DQEBCwUAA4IBAQAMNw9olb+h2g6ud7rnBkzPDy9ek0V2gC+s1zbcO6eG
0vhQOeSemVMS0uL1D8Dj6+H7H2l/AW7S3rrorIPxidbPGFXap/6OWppu5VRxgmWw
Ol7HM0PTRyO/WPYskgeBdiswYsslFl9btHM8L7CT73W4O1SrQIxTU3VeT0XtxsF9
BrQ8WJatk9b4OKVxQzQex77+XsaL1WQ2UTQxLv7yvxevqkKON29NI5ZHzlTkyo7G
37bp/vRi3wxrqaVmOq7bC77fs9Hcu5nP/1Tyq577Gy2qG5Rc1RRO9NKY+Y7rp8aZ
xwVV+pST61+TGsecVK3krhcjl8rIXfYUYzsJikNhzwHn
-----END CERTIFICATE-----