Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/5rqwaHZrBLNAKN-xFwQD-QWSuMY.roa
File:                     5rqwaHZrBLNAKN-xFwQD-QWSuMY.roa (raw, json)
Hash identifier:          9xYF0b0cuUET3+uMT8Gq5kvDW5IFPzkpR5X9C+giwAA=
Subject key identifier:   E6:BA:B0:68:76:6B:04:B3:40:28:DF:B1:17:04:03:F9:05:92:B8:C6
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       01900FF0C0E40250EFA0552B3CD5FAF46A70
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/5rqwaHZrBLNAKN-xFwQD-QWSuMY.roa
Signing time:             Thu 13 Jun 2024 04:52:34 +0000
ROA not before:           Thu 13 Jun 2024 04:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215865
IP address blocks:        89.251.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0f:f0:c0:e4:02:50:ef:a0:55:2b:3c:d5:fa:f4:6a:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jun 13 04:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6bab068766b04b34028dfb1170403f90592b8c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:aa:62:28:f2:a4:be:a4:53:ea:ce:03:80:6e:
                    a8:16:ef:65:a2:36:31:75:8a:39:c9:03:a6:42:93:
                    68:7e:4c:13:3a:ee:d2:d8:1d:7e:fe:c7:49:85:2d:
                    a6:c4:ee:fe:ef:3a:c1:bf:ae:7f:d6:ce:82:b8:60:
                    46:7e:a1:db:23:19:d9:3a:b4:8a:83:33:50:f4:00:
                    8d:da:c8:46:3d:8b:c6:df:44:1c:1d:89:21:b9:08:
                    f3:27:08:f8:07:65:c4:aa:b2:61:f4:84:8c:ac:36:
                    72:57:2b:75:2d:e7:bd:50:0b:1f:b4:1a:63:eb:64:
                    f8:c7:4a:39:92:3b:d9:f7:0e:05:67:e8:4a:91:19:
                    ee:b1:78:62:c7:fd:e9:6f:ba:92:b6:90:b9:30:f7:
                    0e:81:1c:7e:b2:98:d5:42:f9:ee:b3:04:2e:ef:1d:
                    4a:a5:e9:58:c5:c4:42:2c:4d:81:77:bc:9f:42:45:
                    ae:d4:e9:52:eb:d3:b5:9d:96:51:f4:b4:6c:11:11:
                    51:a8:5f:ec:b5:6d:c9:74:f8:89:40:32:6f:8c:ca:
                    fd:22:01:08:7b:23:2c:be:8f:22:9f:f3:d3:15:f7:
                    ea:28:00:4a:ae:92:08:02:42:d7:9a:0a:12:ce:89:
                    aa:2b:f3:c8:95:a4:d7:88:7a:75:24:4c:1f:91:4b:
                    f2:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:BA:B0:68:76:6B:04:B3:40:28:DF:B1:17:04:03:F9:05:92:B8:C6
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/5rqwaHZrBLNAKN-xFwQD-QWSuMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:fa:35:6c:6a:23:31:99:ce:39:4b:12:b2:a8:c3:4e:16:7a:
         97:c7:eb:e5:c8:82:66:1e:26:4b:5d:eb:b3:d1:8b:2c:20:9b:
         df:d2:1a:af:f9:c5:de:dc:a5:3a:ae:2c:31:1e:13:c4:f0:c5:
         df:b9:7b:5c:1c:5e:6d:99:58:9a:c2:bc:35:8a:f5:23:d7:2f:
         9f:4c:23:79:d9:88:2e:39:01:b3:cb:0d:5e:bb:92:4a:72:f5:
         18:09:5c:57:8b:91:4e:c8:0f:f6:1c:5c:cb:b8:d0:83:3b:55:
         63:8b:52:ba:16:f2:3f:f4:cd:46:aa:20:93:c8:cf:dd:73:12:
         ae:de:4a:2b:56:c6:a4:dd:b4:e4:19:de:3a:8f:14:7b:75:c1:
         22:e4:df:66:f0:a2:bb:f1:53:da:3b:25:1e:19:07:c0:8e:b5:
         15:11:3d:65:6d:0f:b5:fb:b5:31:e2:d0:8f:21:28:3a:bf:67:
         ff:ea:d2:5e:1c:88:f4:fb:1c:b1:cb:bd:58:7b:c0:7f:4f:12:
         af:2b:50:64:e8:1c:b3:6f:5e:05:03:38:44:19:f1:e9:d9:22:
         c9:77:30:74:87:ca:21:4a:d1:d5:a0:28:0f:40:c3:a7:e1:3f:
         05:af:8c:90:bf:86:40:9a:ab:56:ee:d0:8b:b3:ab:48:db:4e:
         36:ba:32:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAP8MDkAlDvoFUrPNX69GpwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwNjEzMDQ1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmJhYjA2ODc2NmIwNGIzNDAyOGRmYjExNzA0MDNmOTA1OTJiOGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKpiKPKkvqRT6s4DgG6oFu9lojYx
dYo5yQOmQpNofkwTOu7S2B1+/sdJhS2mxO7+7zrBv65/1s6CuGBGfqHbIxnZOrSK
gzNQ9ACN2shGPYvG30QcHYkhuQjzJwj4B2XEqrJh9ISMrDZyVyt1Lee9UAsftBpj
62T4x0o5kjvZ9w4FZ+hKkRnusXhix/3pb7qStpC5MPcOgRx+spjVQvnuswQu7x1K
pelYxcRCLE2Bd7yfQkWu1OlS69O1nZZR9LRsERFRqF/stW3JdPiJQDJvjMr9IgEI
eyMsvo8in/PTFffqKABKrpIIAkLXmgoSzomqK/PIlaTXiHp1JEwfkUvybwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOa6sGh2awSzQCjfsRcEA/kFkrjGMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvNXJxd2FIWnJCTE5BS04teEZ3UUQtUVdTdU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsVMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ+jVsaiMxmc45SxKyqMNOFnqXx+vlyIJmHiZLXeuz
0YssIJvf0hqv+cXe3KU6riwxHhPE8MXfuXtcHF5tmViawrw1ivUj1y+fTCN52Ygu
OQGzyw1eu5JKcvUYCVxXi5FOyA/2HFzLuNCDO1Vji1K6FvI/9M1GqiCTyM/dcxKu
3korVsak3bTkGd46jxR7dcEi5N9m8KK78VPaOyUeGQfAjrUVET1lbQ+1+7Ux4tCP
ISg6v2f/6tJeHIj0+xyxy71Ye8B/TxKvK1Bk6Byzb14FAzhEGfHp2SLJdzB0h8oh
StHVoCgPQMOn4T8Fr4yQv4ZAmqtW7tCLs6tI2042ujKn
-----END CERTIFICATE-----