Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nsjtXshwjYJed-P48r-vkBkBKrI.roa
File:                     nsjtXshwjYJed-P48r-vkBkBKrI.roa (raw, json)
Hash identifier:          34YsyovywuChglUT88L6Xf06/UWb+pDrDjreB0dCS3o=
Subject key identifier:   9E:C8:ED:5E:C8:70:8D:82:5E:77:E3:F8:F2:BF:AF:90:19:01:2A:B2
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747D80B952FD810F39FFF6B9793C5C5
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nsjtXshwjYJed-P48r-vkBkBKrI.roa
Signing time:             Thu 02 Jan 2025 13:50:07 +0000
ROA not before:           Thu 02 Jan 2025 13:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62068
IP address blocks:        89.190.159.0/24 maxlen: 24
                          194.50.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d8:0b:95:2f:d8:10:f3:9f:ff:6b:97:93:c5:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ec8ed5ec8708d825e77e3f8f2bfaf9019012ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:56:f5:76:89:b1:ac:05:93:f0:aa:f5:ae:14:
                    aa:ac:3a:bc:09:97:40:d1:df:56:9f:8a:e1:56:bd:
                    a5:4a:f5:61:61:fb:4e:54:9c:6c:3b:37:57:db:76:
                    80:52:11:4b:b9:c0:02:03:25:fe:d3:40:a3:2f:a7:
                    92:4d:6c:b0:df:52:76:72:89:15:33:60:d6:c2:48:
                    03:38:be:a0:d3:c3:9f:80:8f:5d:a4:c0:77:f4:e3:
                    85:04:0e:3b:18:0a:c3:f7:08:27:9d:f2:09:25:19:
                    e8:77:bb:7b:01:81:67:87:0c:1a:db:29:ef:94:95:
                    ad:dc:03:47:6c:b2:e2:0f:74:5c:dd:86:bb:d3:95:
                    2f:fb:ed:c6:a2:05:7d:a7:dd:a2:42:96:26:a9:8a:
                    da:c5:db:82:52:8d:a8:52:37:c9:d3:29:b5:18:23:
                    25:9d:93:d8:8a:76:bb:9b:2c:16:bc:c8:d8:dd:36:
                    d7:2b:7c:71:85:42:bf:63:ce:1f:10:72:31:b7:54:
                    74:bd:fa:b3:28:61:70:4b:e8:2f:fc:e8:e7:ac:bf:
                    a9:35:85:12:b7:a2:25:6b:08:0a:33:82:dc:75:65:
                    7d:12:db:82:b5:ab:e4:91:d8:a3:9c:cd:cd:75:b4:
                    8d:38:a3:34:75:21:61:82:56:45:20:0f:af:26:33:
                    45:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:C8:ED:5E:C8:70:8D:82:5E:77:E3:F8:F2:BF:AF:90:19:01:2A:B2
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nsjtXshwjYJed-P48r-vkBkBKrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.190.159.0/24
                  194.50.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:4a:4d:aa:ef:de:2f:ad:12:c6:52:c0:44:39:55:ed:93:f2:
         ea:63:95:b7:8b:5b:b5:1f:47:e7:04:88:4b:3a:3a:8f:76:a3:
         90:c7:f5:06:29:f3:d9:59:66:e7:f8:54:8c:f2:11:bc:6b:7c:
         b3:a6:22:1e:01:24:c9:87:b7:66:d3:e3:39:b2:95:b0:42:68:
         9c:e2:85:d4:86:d9:d8:4d:06:c1:ae:04:fd:3d:05:f3:6f:3c:
         0c:c3:a6:59:09:2c:fb:8d:23:19:11:b2:4c:48:23:5e:92:f2:
         27:ed:1b:db:88:fb:90:e9:d1:64:a6:49:a5:97:89:4b:4e:c9:
         0b:a6:95:7d:d4:0e:8d:59:92:8a:1a:8d:e5:2e:8d:04:0c:fe:
         a7:1f:fe:45:2e:a0:3c:d5:1d:c2:5f:ed:dc:55:86:cb:c9:36:
         88:cd:bb:f9:f4:c1:21:92:83:ea:76:2d:a1:ea:24:61:60:bd:
         1e:16:90:8c:97:24:9d:99:42:97:2b:4b:5d:83:89:2d:2c:64:
         cf:d5:3b:4d:fa:c4:ea:fa:f8:27:87:1b:88:17:98:16:dc:60:
         22:53:cd:6f:22:d1:47:f1:6e:26:c7:70:9d:04:89:7d:2f:ca:
         6a:fd:2c:5d:07:62:14:4d:51:e4:fc:65:e7:1d:17:2a:92:61:
         49:45:1b:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR9gLlS/YEPOf/2uXk8XFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWM4ZWQ1ZWM4NzA4ZDgyNWU3N2UzZjhmMmJmYWY5MDE5MDEyYWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lb1domxrAWT8Kr1rhSqrDq8CZdA
0d9Wn4rhVr2lSvVhYftOVJxsOzdX23aAUhFLucACAyX+00CjL6eSTWyw31J2cokV
M2DWwkgDOL6g08OfgI9dpMB39OOFBA47GArD9wgnnfIJJRnod7t7AYFnhwwa2ynv
lJWt3ANHbLLiD3Rc3Ya705Uv++3GogV9p92iQpYmqYraxduCUo2oUjfJ0ym1GCMl
nZPYina7mywWvMjY3TbXK3xxhUK/Y84fEHIxt1R0vfqzKGFwS+gv/OjnrL+pNYUS
t6IlawgKM4LcdWV9EtuCtavkkdijnM3NdbSNOKM0dSFhglZFIA+vJjNFzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ7I7V7IcI2CXnfj+PK/r5AZASqyMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvbnNqdFhzaHdqWUplZC1QNDhyLXZrQmtCS3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWb6fAwQA
wjIQMA0GCSqGSIb3DQEBCwUAA4IBAQAbSk2q794vrRLGUsBEOVXtk/LqY5W3i1u1
H0fnBIhLOjqPdqOQx/UGKfPZWWbn+FSM8hG8a3yzpiIeASTJh7dm0+M5spWwQmic
4oXUhtnYTQbBrgT9PQXzbzwMw6ZZCSz7jSMZEbJMSCNekvIn7RvbiPuQ6dFkpkml
l4lLTskLppV91A6NWZKKGo3lLo0EDP6nH/5FLqA81R3CX+3cVYbLyTaIzbv59MEh
koPqdi2h6iRhYL0eFpCMlySdmUKXK0tdg4ktLGTP1TtN+sTq+vgnhxuIF5gW3GAi
U81vItFH8W4mx3CdBIl9L8pq/SxdB2IUTVHk/GXnHRcqkmFJRRsm
-----END CERTIFICATE-----