Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/k0CTtxTXl1I48Yds1A8KTpGHtHs.roa
File:                     k0CTtxTXl1I48Yds1A8KTpGHtHs.roa (raw, json)
Hash identifier:          rvbxHdqMX6z0CUCjYmQxK28vPcZ3o/9PHD7dLaG7th4=
Subject key identifier:   93:40:93:B7:14:D7:97:52:38:F1:87:6C:D4:0F:0A:4E:91:87:B4:7B
Certificate issuer:       /CN=9b200d0e7ad3cef72238b5164c4b2cdde23a6a1e
Certificate serial:       0194258E618C590D83F1A50E10CCC551C123
Authority key identifier: 9B:20:0D:0E:7A:D3:CE:F7:22:38:B5:16:4C:4B:2C:DD:E2:3A:6A:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/myANDnrTzvciOLUWTEss3eI6ah4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/k0CTtxTXl1I48Yds1A8KTpGHtHs.roa
Signing time:             Thu 02 Jan 2025 05:47:55 +0000
ROA not before:           Thu 02 Jan 2025 05:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205139
IP address blocks:        89.45.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/myANDnrTzvciOLUWTEss3eI6ah4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/myANDnrTzvciOLUWTEss3eI6ah4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/myANDnrTzvciOLUWTEss3eI6ah4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:61:8c:59:0d:83:f1:a5:0e:10:cc:c5:51:c1:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b200d0e7ad3cef72238b5164c4b2cdde23a6a1e
        Validity
            Not Before: Jan  2 05:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=934093b714d7975238f1876cd40f0a4e9187b47b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:8d:b9:a4:ca:44:5f:99:f2:48:19:c5:d9:d1:
                    a1:13:f5:12:fd:bf:cc:96:e4:35:09:c1:9b:67:d0:
                    41:a0:35:e3:25:1c:e1:11:c9:4e:ec:9e:d0:c9:f7:
                    c2:35:0d:a9:f1:66:e7:d8:87:02:6b:84:0e:6c:f6:
                    ae:14:02:77:d6:7e:65:cd:d1:bb:df:8d:19:92:e2:
                    91:bb:ba:0d:32:bd:73:e9:b7:fe:ac:63:50:84:7c:
                    42:0a:ef:68:43:34:2c:8e:be:93:2e:d7:f5:64:76:
                    63:32:85:90:85:c1:95:8e:91:16:cd:ef:59:c3:5a:
                    b2:da:29:b1:6b:35:53:a2:5c:cb:76:c3:ca:d8:65:
                    c4:39:1a:67:b0:42:3f:e0:a1:8d:50:f1:3d:b1:22:
                    af:75:c0:2c:c1:a3:37:c2:d5:8c:39:1e:0f:f8:d3:
                    00:39:e6:b7:c9:fc:f1:f9:c1:6f:e1:1a:3e:c1:17:
                    dd:35:7f:6f:fb:00:9d:79:51:4f:b9:f2:55:51:b9:
                    15:48:4c:35:25:16:bd:b0:41:39:18:f7:85:91:90:
                    8a:32:ba:a6:3e:e0:91:10:ba:bd:72:c3:c6:f9:6b:
                    8f:d2:18:04:45:91:bb:5e:f6:e2:ae:86:79:a8:9a:
                    85:fc:7a:d7:41:47:48:30:36:b2:90:f6:41:49:80:
                    55:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:40:93:B7:14:D7:97:52:38:F1:87:6C:D4:0F:0A:4E:91:87:B4:7B
            X509v3 Authority Key Identifier:
                keyid:9B:20:0D:0E:7A:D3:CE:F7:22:38:B5:16:4C:4B:2C:DD:E2:3A:6A:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/myANDnrTzvciOLUWTEss3eI6ah4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/k0CTtxTXl1I48Yds1A8KTpGHtHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/myANDnrTzvciOLUWTEss3eI6ah4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:25:a8:c5:b7:98:dd:12:ed:13:70:20:46:0f:d8:40:b1:dc:
         77:86:bd:20:1f:21:4e:68:fd:1d:9c:90:82:98:8b:2b:b8:0b:
         17:3b:9a:d2:68:35:5e:be:c7:5a:fe:f8:6d:4b:9b:c2:6e:a8:
         24:d7:d6:88:a5:5d:1f:b9:eb:f8:01:c0:12:86:86:47:aa:fd:
         f9:f6:9a:e0:c6:c4:5a:c7:0d:64:53:73:87:ef:43:ce:9e:35:
         1c:15:c1:81:d6:4c:ac:39:ae:51:89:f8:dc:56:34:93:0c:02:
         28:3d:1a:a5:4e:a6:0a:7a:87:d4:ca:de:bb:2a:18:27:be:84:
         03:80:71:16:aa:df:39:53:23:60:ad:c7:5d:41:6c:91:3c:61:
         2f:07:2b:e1:7d:f6:8b:af:13:8a:08:56:29:bf:8c:d5:35:89:
         8d:6e:b4:3a:9b:42:33:24:d7:68:61:7c:07:33:1c:45:ac:6c:
         2a:e1:4b:d3:30:a4:3b:14:38:34:db:b8:68:bd:d8:88:1a:3e:
         7c:ea:b0:92:7d:ac:6f:68:b6:33:2f:dc:a4:5f:01:b1:8e:c4:
         97:27:bb:5b:88:d2:1e:a1:c6:36:c1:cb:10:2c:ee:6e:c7:75:
         e1:b8:a3:2b:34:4d:db:4f:0f:ea:40:8e:20:3e:fb:a4:16:e1:
         44:7c:3f:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljmGMWQ2D8aUOEMzFUcEjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMjAwZDBlN2FkM2NlZjcyMjM4YjUxNjRjNGIyY2RkZTIz
YTZhMWUwHhcNMjUwMTAyMDU0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzQwOTNiNzE0ZDc5NzUyMzhmMTg3NmNkNDBmMGE0ZTkxODdiNDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Y25pMpEX5nySBnF2dGhE/US/b/M
luQ1CcGbZ9BBoDXjJRzhEclO7J7QyffCNQ2p8Wbn2IcCa4QObPauFAJ31n5lzdG7
340ZkuKRu7oNMr1z6bf+rGNQhHxCCu9oQzQsjr6TLtf1ZHZjMoWQhcGVjpEWze9Z
w1qy2imxazVTolzLdsPK2GXEORpnsEI/4KGNUPE9sSKvdcAswaM3wtWMOR4P+NMA
Oea3yfzx+cFv4Ro+wRfdNX9v+wCdeVFPufJVUbkVSEw1JRa9sEE5GPeFkZCKMrqm
PuCRELq9csPG+WuP0hgERZG7XvbiroZ5qJqF/HrXQUdIMDaykPZBSYBVcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNAk7cU15dSOPGHbNQPCk6Rh7R7MB8GA1UdIwQY
MBaAFJsgDQ560873Iji1FkxLLN3iOmoeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXlBTkRuclR6dmNpT0xVV1RFc3MzZUk2YWg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9mY2JjYzYtNzM5Yi00ZjVjLWFlM2Mt
YTRmMDhkYmI4NWE1LzEvazBDVHR4VFhsMUk0OFlkczFBOEtUcEdIdEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9mY2JjYzYtNzM5Yi00ZjVjLWFlM2MtYTRmMDhkYmI4NWE1
LzEvbXlBTkRuclR6dmNpT0xVV1RFc3MzZUk2YWg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWS3YMA0G
CSqGSIb3DQEBCwUAA4IBAQBDJajFt5jdEu0TcCBGD9hAsdx3hr0gHyFOaP0dnJCC
mIsruAsXO5rSaDVevsda/vhtS5vCbqgk19aIpV0fuev4AcAShoZHqv359prgxsRa
xw1kU3OH70POnjUcFcGB1kysOa5RifjcVjSTDAIoPRqlTqYKeofUyt67KhgnvoQD
gHEWqt85UyNgrcddQWyRPGEvByvhffaLrxOKCFYpv4zVNYmNbrQ6m0IzJNdoYXwH
MxxFrGwq4UvTMKQ7FDg027hovdiIGj586rCSfaxvaLYzL9ykXwGxjsSXJ7tbiNIe
ocY2wcsQLO5ux3XhuKMrNE3bTw/qQI4gPvukFuFEfD91
-----END CERTIFICATE-----