Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/G_75n8-L0iJqnjkaHw7zP2gBjIo.roa
File:                     G_75n8-L0iJqnjkaHw7zP2gBjIo.roa (raw, json)
Hash identifier:          z2fRWBvDRrVRPA42qxS+QP078b8hBDM48KrQZFVaasA=
Subject key identifier:   1B:FE:F9:9F:CF:8B:D2:22:6A:9E:39:1A:1F:0E:F3:3F:68:01:8C:8A
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0194266BBFC41E0A9A168DB92E6209FE3EB5
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/G_75n8-L0iJqnjkaHw7zP2gBjIo.roa
Signing time:             Thu 02 Jan 2025 09:49:43 +0000
ROA not before:           Thu 02 Jan 2025 09:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60949
IP address blocks:        89.251.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:bf:c4:1e:0a:9a:16:8d:b9:2e:62:09:fe:3e:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 09:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bfef99fcf8bd2226a9e391a1f0ef33f68018c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:32:0f:58:84:b2:8b:2d:a3:c3:0f:4d:eb:cd:
                    0c:60:c2:c2:0c:b5:80:e6:5d:35:80:d9:5c:98:82:
                    88:f0:d5:b1:09:32:54:e0:ab:03:e3:ff:35:e2:27:
                    c6:13:e7:ad:ca:25:8d:a9:aa:4c:07:15:ae:ae:2f:
                    02:bb:8c:40:6d:78:2f:21:27:6f:97:5c:25:ac:53:
                    30:7b:75:dc:a0:82:6c:6d:b5:1e:e2:44:3a:36:be:
                    4b:25:48:ef:d6:1f:34:e9:15:b3:3d:48:81:ad:d9:
                    b5:e9:c4:fb:0a:bb:6d:d7:96:1d:5d:b9:1c:66:13:
                    49:5b:de:2f:eb:62:59:fd:6b:9c:28:88:f8:13:00:
                    84:d6:38:8c:e5:11:e6:bc:5a:87:e9:64:b8:58:28:
                    e0:07:91:06:44:49:ef:0a:ed:15:d4:d9:6e:64:2e:
                    e6:d2:5f:08:6c:eb:a9:c6:72:10:bc:d2:1a:87:18:
                    a6:4e:fe:2b:54:66:14:c2:b9:00:4d:8f:c6:7f:d7:
                    a3:59:a1:16:09:ea:55:8c:0b:e8:2e:25:21:78:39:
                    ba:c0:07:53:0e:e2:3a:c5:40:8f:9b:6c:95:3e:d5:
                    9e:22:38:1b:a9:6b:99:52:fe:c5:ca:86:83:57:1c:
                    89:4c:88:96:fc:7d:31:0d:4b:62:0a:b6:b8:a8:74:
                    79:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:FE:F9:9F:CF:8B:D2:22:6A:9E:39:1A:1F:0E:F3:3F:68:01:8C:8A
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/G_75n8-L0iJqnjkaHw7zP2gBjIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:c0:b1:d2:c9:c9:d4:84:c5:60:b9:1f:89:9b:7e:74:88:a2:
         6b:29:04:23:5b:74:67:f7:13:7d:72:98:8a:ec:d0:65:6b:91:
         10:46:84:08:78:3b:55:7b:9d:8e:b1:02:60:47:cd:24:d5:1e:
         8f:34:84:e1:74:39:46:1b:41:9c:90:93:b8:00:60:ed:fe:a6:
         5d:e4:f1:54:88:0a:a4:3a:45:89:e2:c1:cf:42:7e:26:91:8e:
         93:99:7f:79:52:d4:a3:b8:72:60:0d:17:9e:b8:00:32:d8:3a:
         51:64:8e:e1:53:42:c5:1a:c1:22:27:34:de:be:29:65:3b:8b:
         6e:14:5a:7b:11:2b:d3:b8:c3:8f:b9:d3:c8:b3:46:5c:91:97:
         f4:1d:c3:29:9b:b5:a8:7c:3b:be:dd:77:d1:6f:f1:87:73:c9:
         e9:eb:01:eb:8c:49:5f:e9:f1:52:15:99:21:73:7b:fe:b9:ae:
         b6:b2:6f:f2:e6:3d:93:d5:f3:c7:0b:a8:05:20:75:e1:80:b0:
         9d:9b:1a:89:16:2d:01:92:96:39:f0:c0:3e:a0:43:6e:ef:fc:
         88:8a:02:92:5f:1f:1f:de:c2:da:16:f8:61:d5:b9:53:ab:c9:
         06:0c:ca:55:b1:cb:34:a8:fc:76:e4:38:45:2b:4c:ca:ab:6f:
         d5:04:54:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma7/EHgqaFo25LmIJ/j61MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmZlZjk5ZmNmOGJkMjIyNmE5ZTM5MWExZjBlZjMzZjY4MDE4YzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zIPWISyiy2jww9N680MYMLCDLWA
5l01gNlcmIKI8NWxCTJU4KsD4/814ifGE+etyiWNqapMBxWuri8Cu4xAbXgvISdv
l1wlrFMwe3XcoIJsbbUe4kQ6Nr5LJUjv1h806RWzPUiBrdm16cT7Crtt15YdXbkc
ZhNJW94v62JZ/WucKIj4EwCE1jiM5RHmvFqH6WS4WCjgB5EGREnvCu0V1NluZC7m
0l8IbOupxnIQvNIahximTv4rVGYUwrkATY/Gf9ejWaEWCepVjAvoLiUheDm6wAdT
DuI6xUCPm2yVPtWeIjgbqWuZUv7FyoaDVxyJTIiW/H0xDUtiCra4qHR5FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBv++Z/Pi9Iiap45Gh8O8z9oAYyKMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvR183NW44LUwwaUpxbmprYUh3N3pQMmdCaklvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsbMA0G
CSqGSIb3DQEBCwUAA4IBAQCMwLHSycnUhMVguR+Jm350iKJrKQQjW3Rn9xN9cpiK
7NBla5EQRoQIeDtVe52OsQJgR80k1R6PNIThdDlGG0GckJO4AGDt/qZd5PFUiAqk
OkWJ4sHPQn4mkY6TmX95UtSjuHJgDReeuAAy2DpRZI7hU0LFGsEiJzTevillO4tu
FFp7ESvTuMOPudPIs0ZckZf0HcMpm7WofDu+3XfRb/GHc8np6wHrjElf6fFSFZkh
c3v+ua62sm/y5j2T1fPHC6gFIHXhgLCdmxqJFi0BkpY58MA+oENu7/yIigKSXx8f
3sLaFvhh1blTq8kGDMpVscs0qPx25DhFK0zKq2/VBFRS
-----END CERTIFICATE-----