Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/7IS5sJTW-xvVxvs8MzXdivz6nxU.roa
File:                     7IS5sJTW-xvVxvs8MzXdivz6nxU.roa (raw, json)
Hash identifier:          kqSWebY0NulCwbN7VQO6jG/Nc570qofJZvW5e8IMNXQ=
Subject key identifier:   EC:84:B9:B0:94:D6:FB:1B:D5:C6:FB:3C:33:35:DD:8A:FC:FA:9F:15
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       01912CBD3F262EC9B733AC8AB86539249206
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/7IS5sJTW-xvVxvs8MzXdivz6nxU.roa
Signing time:             Wed 07 Aug 2024 12:08:05 +0000
ROA not before:           Wed 07 Aug 2024 12:08:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        89.191.96.0/20 maxlen: 20
                          89.191.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2c:bd:3f:26:2e:c9:b7:33:ac:8a:b8:65:39:24:92:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Aug  7 12:08:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec84b9b094d6fb1bd5c6fb3c3335dd8afcfa9f15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:80:7c:00:0f:6a:6a:a5:2f:f9:49:3c:0b:a6:
                    46:1c:12:14:89:66:c7:05:d3:af:22:5f:8a:bb:25:
                    6b:e7:c1:17:1e:5b:49:64:e1:8d:7a:a4:92:e8:1a:
                    2f:90:45:77:c5:c2:0b:0d:d5:10:a8:94:d0:82:18:
                    88:a6:23:c6:a1:0c:e9:84:47:fb:e4:f8:08:44:d4:
                    2e:6f:f1:d0:0c:ca:96:e7:5d:f8:aa:4d:cf:cb:7a:
                    22:f4:33:18:a2:d2:98:13:e2:f8:2d:b9:83:d9:c7:
                    e5:5b:24:d3:76:24:9b:dc:0c:d2:11:80:5f:28:02:
                    38:b4:87:5c:30:b6:4d:af:3c:14:42:18:03:80:e6:
                    a0:c4:fc:03:67:b6:f8:bd:66:b6:55:a8:d1:89:56:
                    87:40:b3:8f:27:10:c8:00:3b:fb:e5:bc:be:d6:f3:
                    34:c9:7d:37:8c:d5:bc:8e:5b:e3:29:3a:42:79:55:
                    29:b6:84:4a:b8:f4:f9:7d:ad:ce:d8:7b:01:51:b2:
                    aa:fc:05:6b:14:91:1a:73:cf:7f:62:fd:c6:d6:73:
                    ec:55:e9:13:67:5f:6f:fb:a3:bd:1c:2e:3a:cc:2d:
                    50:1f:20:fc:cc:ef:3f:a4:ae:d5:2f:76:91:3f:1f:
                    3a:0e:fa:92:28:63:c1:3d:4e:2b:84:3c:1f:59:ad:
                    f1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:84:B9:B0:94:D6:FB:1B:D5:C6:FB:3C:33:35:DD:8A:FC:FA:9F:15
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/7IS5sJTW-xvVxvs8MzXdivz6nxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.191.96.0/20
                  89.191.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:1e:3c:29:c3:91:3d:9d:8f:3e:db:0b:35:6b:8c:02:c0:01:
         b2:9d:c8:7c:94:46:ab:01:f9:3a:a0:27:64:4f:49:0b:1e:a7:
         ef:2e:ce:8d:15:81:7c:7c:c3:0c:21:d3:69:01:ab:94:71:13:
         0c:a1:eb:f2:e8:ed:ad:af:91:c5:44:af:d6:20:74:db:4e:00:
         82:d7:37:ca:42:8f:fe:6d:63:42:ba:68:44:99:f9:2e:e2:08:
         86:f7:96:f5:e9:08:4c:66:9c:ea:8b:74:83:06:75:61:49:6f:
         79:bf:64:21:5c:ee:49:40:d6:e2:26:21:c7:39:64:37:88:4e:
         51:b5:db:28:1d:26:5c:b1:53:20:34:25:45:95:3c:16:5c:f1:
         6e:66:a5:32:48:27:ff:c7:81:d4:0d:05:09:64:df:38:6d:bc:
         e6:98:1e:87:0b:70:62:e3:3b:ca:8e:55:53:e0:53:e8:a7:af:
         fa:08:dd:cc:d6:3e:96:9e:35:a9:90:a8:44:90:10:9c:bd:d4:
         3f:0b:f3:12:56:e5:4e:3c:a9:90:4b:f0:f0:e3:41:a4:ca:6a:
         d0:c4:3d:20:50:30:00:a5:70:3f:15:1d:83:e8:05:bb:67:36:
         42:f5:e2:b5:6f:0f:58:1a:db:b6:95:3e:b7:e0:3e:d9:99:84:
         0b:82:c3:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZEsvT8mLsm3M6yKuGU5JJIGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwODA3MTIwODA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzg0YjliMDk0ZDZmYjFiZDVjNmZiM2MzMzM1ZGQ4YWZjZmE5ZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4B8AA9qaqUv+Uk8C6ZGHBIUiWbH
BdOvIl+KuyVr58EXHltJZOGNeqSS6BovkEV3xcILDdUQqJTQghiIpiPGoQzphEf7
5PgIRNQub/HQDMqW5134qk3Py3oi9DMYotKYE+L4LbmD2cflWyTTdiSb3AzSEYBf
KAI4tIdcMLZNrzwUQhgDgOagxPwDZ7b4vWa2VajRiVaHQLOPJxDIADv75by+1vM0
yX03jNW8jlvjKTpCeVUptoRKuPT5fa3O2HsBUbKq/AVrFJEac89/Yv3G1nPsVekT
Z19v+6O9HC46zC1QHyD8zO8/pK7VL3aRPx86DvqSKGPBPU4rhDwfWa3x0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOyEubCU1vsb1cb7PDM13Yr8+p8VMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvN0lTNXNKVFcteHZWeHZzOE16WGRpdno2bnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEWb9gAwQC
Wb98MA0GCSqGSIb3DQEBCwUAA4IBAQAbHjwpw5E9nY8+2ws1a4wCwAGynch8lEar
Afk6oCdkT0kLHqfvLs6NFYF8fMMMIdNpAauUcRMMoevy6O2tr5HFRK/WIHTbTgCC
1zfKQo/+bWNCumhEmfku4giG95b16QhMZpzqi3SDBnVhSW95v2QhXO5JQNbiJiHH
OWQ3iE5RtdsoHSZcsVMgNCVFlTwWXPFuZqUySCf/x4HUDQUJZN84bbzmmB6HC3Bi
4zvKjlVT4FPop6/6CN3M1j6WnjWpkKhEkBCcvdQ/C/MSVuVOPKmQS/Dw40GkymrQ
xD0gUDAApXA/FR2D6AW7ZzZC9eK1bw9YGtu2lT634D7ZmYQLgsNC
-----END CERTIFICATE-----