Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/fqzdX37aYnO2SV1F9xqD_VioVyk.roa
File:                     fqzdX37aYnO2SV1F9xqD_VioVyk.roa (raw, json)
Hash identifier:          9ps6eXC7/+a8ez/lv2CHZd5lkkd8E+VDpsZlRCrlf38=
Subject key identifier:   7E:AC:DD:5F:7E:DA:62:73:B6:49:5D:45:F7:1A:83:FD:58:A8:57:29
Certificate issuer:       /CN=e2d73ffc3f37c4fec4bd35ad1c595cd056baecfd
Certificate serial:       019339FF63937993ABAA11AC0C6DD01F43FB
Authority key identifier: E2:D7:3F:FC:3F:37:C4:FE:C4:BD:35:AD:1C:59:5C:D0:56:BA:EC:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/fqzdX37aYnO2SV1F9xqD_VioVyk.roa
Signing time:             Sun 17 Nov 2024 12:00:58 +0000
ROA not before:           Sun 17 Nov 2024 12:00:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44947
IP address blocks:        185.93.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:39:ff:63:93:79:93:ab:aa:11:ac:0c:6d:d0:1f:43:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d73ffc3f37c4fec4bd35ad1c595cd056baecfd
        Validity
            Not Before: Nov 17 12:00:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7eacdd5f7eda6273b6495d45f71a83fd58a85729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a9:12:a8:5d:a0:d9:59:1e:0e:b4:2d:7e:54:
                    f3:ce:8e:4d:6f:cb:c5:88:a8:da:1c:75:d9:2d:09:
                    5f:fc:3f:a4:79:5a:cd:e5:22:4a:ee:aa:a7:a1:38:
                    57:ce:1f:b2:23:9a:fc:85:2b:be:7c:9b:7c:1b:91:
                    07:36:06:b6:67:0c:1d:a6:21:ee:3f:60:62:bc:73:
                    66:9e:2c:47:1b:a8:35:3a:16:46:98:43:3a:9e:a7:
                    0a:5c:37:b5:14:48:dd:a7:dc:42:ce:1f:e4:39:75:
                    39:91:39:26:cb:62:c9:ad:6e:6e:fb:74:d3:07:ee:
                    68:4b:36:45:44:b8:06:85:af:96:b2:af:56:0d:c6:
                    ce:28:e1:81:c3:ee:fd:a1:c0:06:0b:58:6e:05:2f:
                    51:75:9d:5e:b5:3a:a3:ad:8e:b5:7a:3c:db:44:9c:
                    3b:e9:a5:c7:d5:d9:72:f7:31:6b:23:7b:12:ab:4e:
                    10:80:57:a2:78:9f:96:a5:41:fa:1d:e0:5e:2b:97:
                    af:ce:e5:fb:f5:f0:33:e9:7c:3d:37:08:0b:e5:3e:
                    5a:ac:13:c9:58:6f:4a:6b:3b:bb:88:d9:76:d3:bf:
                    57:7c:e9:00:34:de:8e:6a:80:d7:fc:ce:6f:57:5f:
                    f0:df:04:8e:a2:4d:8a:b3:f1:1b:87:cd:de:82:c7:
                    13:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:AC:DD:5F:7E:DA:62:73:B6:49:5D:45:F7:1A:83:FD:58:A8:57:29
            X509v3 Authority Key Identifier:
                keyid:E2:D7:3F:FC:3F:37:C4:FE:C4:BD:35:AD:1C:59:5C:D0:56:BA:EC:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/fqzdX37aYnO2SV1F9xqD_VioVyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:ae:eb:60:03:fa:f8:8f:aa:73:7c:76:d8:d0:de:b1:25:6e:
         8f:10:83:9e:3f:b1:98:cc:10:a3:dc:a3:90:5d:82:cb:25:4c:
         db:d3:4c:39:eb:d6:3b:9e:53:29:40:6f:4f:de:9c:c9:ae:41:
         e9:73:84:c2:fc:90:ac:a4:ea:75:5e:d4:4d:10:06:4c:b5:ed:
         34:34:43:72:ac:38:75:88:f9:df:5b:a0:52:ab:15:e3:b6:50:
         f9:8b:22:64:0f:1e:0d:aa:6a:84:31:01:d2:12:40:cd:c3:c4:
         d2:a0:51:44:c3:17:93:0e:66:77:07:48:50:6e:19:bb:4e:8b:
         ba:8f:20:9b:e2:d2:b2:b7:01:cd:ad:57:68:c9:49:c6:5f:82:
         c9:d2:9d:0d:27:ea:7a:17:f1:42:c5:c0:01:4e:72:e3:7e:68:
         c1:55:6e:b6:f8:ce:b0:aa:64:f0:41:b8:e5:18:f4:b0:71:e2:
         27:04:99:2d:80:2c:5b:9c:4b:5a:14:20:9f:fe:5f:9b:c1:5d:
         95:0f:20:d1:33:cc:c3:66:25:ca:34:79:79:73:fe:d3:a6:d8:
         9b:c3:8c:15:a8:d2:02:90:32:10:fc:5f:c1:03:b2:09:16:15:
         1e:52:f9:bf:bd:68:cc:19:19:d4:57:9f:e1:5f:4f:20:43:8e:
         e0:8f:e8:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM5/2OTeZOrqhGsDG3QH0P7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDczZmZjM2YzN2M0ZmVjNGJkMzVhZDFjNTk1Y2QwNTZi
YWVjZmQwHhcNMjQxMTE3MTIwMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWFjZGQ1ZjdlZGE2MjczYjY0OTVkNDVmNzFhODNmZDU4YTg1NzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApakSqF2g2VkeDrQtflTzzo5Nb8vF
iKjaHHXZLQlf/D+keVrN5SJK7qqnoThXzh+yI5r8hSu+fJt8G5EHNga2ZwwdpiHu
P2BivHNmnixHG6g1OhZGmEM6nqcKXDe1FEjdp9xCzh/kOXU5kTkmy2LJrW5u+3TT
B+5oSzZFRLgGha+Wsq9WDcbOKOGBw+79ocAGC1huBS9RdZ1etTqjrY61ejzbRJw7
6aXH1dly9zFrI3sSq04QgFeieJ+WpUH6HeBeK5evzuX79fAz6Xw9NwgL5T5arBPJ
WG9Kazu7iNl2079XfOkANN6OaoDX/M5vV1/w3wSOok2Ks/Ebh83egscTDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6s3V9+2mJztkldRfcag/1YqFcpMB8GA1UdIwQY
MBaAFOLXP/w/N8T+xL01rRxZXNBWuuz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRjX19EODN4UDdFdlRXdEhGbGMwRmE2N1AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9lNWNmMDAtNTViOC00MzU5LWFjMWUt
YWEwYzRkYzAzMjIyLzEvZnF6ZFgzN2FZbk8yU1YxRjl4cURfVmlvVnlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9lNWNmMDAtNTViOC00MzU5LWFjMWUtYWEwYzRkYzAzMjIy
LzEvNHRjX19EODN4UDdFdlRXdEhGbGMwRmE2N1AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1ZMA0G
CSqGSIb3DQEBCwUAA4IBAQA9rutgA/r4j6pzfHbY0N6xJW6PEIOeP7GYzBCj3KOQ
XYLLJUzb00w569Y7nlMpQG9P3pzJrkHpc4TC/JCspOp1XtRNEAZMte00NENyrDh1
iPnfW6BSqxXjtlD5iyJkDx4NqmqEMQHSEkDNw8TSoFFEwxeTDmZ3B0hQbhm7Tou6
jyCb4tKytwHNrVdoyUnGX4LJ0p0NJ+p6F/FCxcABTnLjfmjBVW62+M6wqmTwQbjl
GPSwceInBJktgCxbnEtaFCCf/l+bwV2VDyDRM8zDZiXKNHl5c/7Tptibw4wVqNIC
kDIQ/F/BA7IJFhUeUvm/vWjMGRnUV5/hX08gQ47gj+g7
-----END CERTIFICATE-----