Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/1Jgk2Ma7t4jH5NI92mRYa0IDcN0.roa
File:                     1Jgk2Ma7t4jH5NI92mRYa0IDcN0.roa (raw, json)
Hash identifier:          0MzpHk0kWmZnzi6dCcSQVjFlrTxNuOiF1OL/hdADftM=
Subject key identifier:   D4:98:24:D8:C6:BB:B7:88:C7:E4:D2:3D:DA:64:58:6B:42:03:70:DD
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42558455B4ECFE6C239F5AF868C742A
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/1Jgk2Ma7t4jH5NI92mRYa0IDcN0.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26548
IP address blocks:        89.190.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 11:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:58:45:5b:4e:cf:e6:c2:39:f5:af:86:8c:74:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d49824d8c6bbb788c7e4d23dda64586b420370dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ad:b0:2e:1c:16:e9:01:aa:2b:69:4a:8e:b0:
                    91:3f:dc:6c:e7:68:00:d0:79:58:e1:e0:ff:eb:ee:
                    bd:b1:5f:89:83:29:c4:e5:54:4e:6c:64:36:b3:af:
                    42:8d:c6:dd:05:14:51:75:f7:8a:10:b2:71:31:1c:
                    e1:f9:67:c8:12:bf:b5:99:8a:06:a3:5d:5c:67:d2:
                    1b:b1:11:ea:a7:a3:95:a7:0b:e3:2c:9a:ba:85:b1:
                    79:b5:e5:96:ee:fc:55:0e:9c:5f:70:fc:41:5f:85:
                    8b:2d:ae:91:e5:a9:d5:f0:16:70:3a:04:b3:a6:1f:
                    16:ef:58:3a:17:ed:db:cb:5e:76:91:a2:c6:48:03:
                    d6:79:9f:8a:74:32:d1:21:36:2d:a6:57:05:64:11:
                    91:cf:30:4e:4a:dd:b5:63:66:ce:7e:a8:13:e7:85:
                    80:10:07:b9:a4:2c:bb:e6:d5:42:be:1c:df:49:af:
                    b0:c6:94:9c:4e:2f:03:66:de:22:2e:5a:3d:b4:da:
                    3a:bd:f1:9c:46:c3:c5:08:4b:4a:ef:5c:5c:ee:08:
                    c9:7e:04:48:42:e3:03:0c:57:48:64:15:a2:fa:fe:
                    98:f9:1a:bc:0c:e4:f7:53:07:9c:94:18:ae:da:2c:
                    35:b6:2c:89:7d:a4:c0:14:66:74:b1:fe:32:20:a0:
                    2a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:98:24:D8:C6:BB:B7:88:C7:E4:D2:3D:DA:64:58:6B:42:03:70:DD
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/1Jgk2Ma7t4jH5NI92mRYa0IDcN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.190.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:76:c4:b1:de:f2:18:3b:ab:7e:98:2f:de:36:6f:1f:ea:e3:
         13:2d:5c:eb:e0:1f:65:f1:09:cf:e2:67:6c:aa:50:d2:cd:5a:
         b7:85:84:ba:11:1d:7b:02:29:fd:c8:51:56:bf:5e:35:4e:60:
         47:2c:ab:77:0d:e2:d3:0c:b8:53:b3:24:44:c4:af:2c:57:b6:
         24:56:fd:da:a7:f3:12:fe:8a:c1:9f:da:d2:84:cc:64:4b:17:
         01:72:48:43:c1:15:1e:20:9f:50:8d:64:10:49:f0:12:ec:75:
         4d:43:d0:06:69:93:94:68:63:a2:a3:14:6b:d4:38:f7:5d:ee:
         55:d1:6b:78:b0:7e:b4:1a:2b:3a:88:0f:a4:1b:98:56:36:44:
         a0:54:e3:ad:28:28:70:fa:05:a9:4b:ff:f0:d1:e3:0b:4e:3f:
         9f:c3:4b:11:f2:26:79:33:f0:93:2f:9d:57:29:a8:c6:1b:76:
         34:10:48:be:f1:ee:bf:9c:7d:04:90:9a:1b:a1:eb:01:06:6c:
         4d:d9:81:c6:9b:f6:65:34:5c:b9:eb:72:93:05:51:10:33:47:
         f6:13:2d:04:10:06:8b:59:22:e5:bd:13:65:dc:aa:d9:74:b4:
         6f:8f:39:a0:ce:96:39:3d:ff:8e:e4:2c:e7:dd:d3:a7:26:9f:
         a5:b6:24:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVhFW07P5sI59a+GjHQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDk4MjRkOGM2YmJiNzg4YzdlNGQyM2RkYTY0NTg2YjQyMDM3MGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjq2wLhwW6QGqK2lKjrCRP9xs52gA
0HlY4eD/6+69sV+JgynE5VRObGQ2s69CjcbdBRRRdfeKELJxMRzh+WfIEr+1mYoG
o11cZ9IbsRHqp6OVpwvjLJq6hbF5teWW7vxVDpxfcPxBX4WLLa6R5anV8BZwOgSz
ph8W71g6F+3by152kaLGSAPWeZ+KdDLRITYtplcFZBGRzzBOSt21Y2bOfqgT54WA
EAe5pCy75tVCvhzfSa+wxpScTi8DZt4iLlo9tNo6vfGcRsPFCEtK71xc7gjJfgRI
QuMDDFdIZBWi+v6Y+Rq8DOT3UweclBiu2iw1tiyJfaTAFGZ0sf4yIKAq5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSYJNjGu7eIx+TSPdpkWGtCA3DdMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvMUpnazJNYTd0NGpINU5JOTJtUllhMElEY04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWb6dMA0G
CSqGSIb3DQEBCwUAA4IBAQB3dsSx3vIYO6t+mC/eNm8f6uMTLVzr4B9l8QnP4mds
qlDSzVq3hYS6ER17Ain9yFFWv141TmBHLKt3DeLTDLhTsyRExK8sV7YkVv3ap/MS
/orBn9rShMxkSxcBckhDwRUeIJ9QjWQQSfAS7HVNQ9AGaZOUaGOioxRr1Dj3Xe5V
0Wt4sH60Gis6iA+kG5hWNkSgVOOtKChw+gWpS//w0eMLTj+fw0sR8iZ5M/CTL51X
KajGG3Y0EEi+8e6/nH0EkJoboesBBmxN2YHGm/ZlNFy563KTBVEQM0f2Ey0EEAaL
WSLlvRNl3KrZdLRvjzmgzpY5Pf+O5Czn3dOnJp+ltiSE
-----END CERTIFICATE-----