Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/pCZJYGWLfMf47M4hTTnNHaf3lqE.roa
File:                     pCZJYGWLfMf47M4hTTnNHaf3lqE.roa (raw, json)
Hash identifier:          jcoNV10A9nQKZm/yHM5DNeojh1+AoJUaIuNjlaLYlYY=
Subject key identifier:   A4:26:49:60:65:8B:7C:C7:F8:EC:CE:21:4D:39:CD:1D:A7:F7:96:A1
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0194266BC0BFF7FEC2C9405EB1A8CFA93CDB
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/pCZJYGWLfMf47M4hTTnNHaf3lqE.roa
Signing time:             Thu 02 Jan 2025 09:49:43 +0000
ROA not before:           Thu 02 Jan 2025 09:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        89.251.16.0/24 maxlen: 24
                          89.251.19.0/24 maxlen: 24
                          89.251.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c0:bf:f7:fe:c2:c9:40:5e:b1:a8:cf:a9:3c:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 09:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4264960658b7cc7f8ecce214d39cd1da7f796a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:52:01:e8:f6:a5:a4:76:dc:dd:c2:10:8d:d7:
                    8c:bf:c0:7a:0f:61:39:bf:ae:98:70:0d:a9:14:74:
                    30:67:18:fa:61:7b:82:73:b9:1e:9b:6f:51:62:e7:
                    06:c8:50:5d:d0:66:d0:fc:bc:7a:72:0b:d9:2d:b4:
                    b5:06:10:8d:6e:f0:b3:ac:e9:1a:7c:79:b0:f1:03:
                    5d:bd:df:95:9a:d9:41:8c:fb:40:02:31:92:5c:5a:
                    41:c4:f7:1f:70:1b:39:ad:cc:eb:bb:ca:97:58:2f:
                    60:b5:0d:47:2a:7d:0b:8d:a0:ca:f7:d9:48:27:28:
                    19:e5:3e:82:5e:2e:d5:af:12:c8:82:d3:e3:58:f1:
                    f3:c2:68:8c:ff:6f:fd:5f:93:df:9a:3f:9d:20:8e:
                    44:6a:b9:a9:bc:4b:6b:dd:6a:aa:15:71:9c:d1:0a:
                    11:b4:5b:16:af:70:94:8a:45:3f:3c:bd:8c:e4:4a:
                    03:8f:9e:79:27:70:80:0b:c8:1d:86:8d:d7:f6:23:
                    88:51:70:0f:66:1c:c2:ed:9a:1b:8e:0a:94:90:14:
                    96:86:69:19:e8:ac:3a:1f:11:e9:51:03:ec:3d:d6:
                    ab:eb:9f:50:c4:eb:44:ad:95:85:45:42:49:33:da:
                    f1:f9:d8:87:46:5d:1e:2a:be:ba:5d:89:9d:ef:55:
                    8b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:26:49:60:65:8B:7C:C7:F8:EC:CE:21:4D:39:CD:1D:A7:F7:96:A1
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/pCZJYGWLfMf47M4hTTnNHaf3lqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.16.0/24
                  89.251.19.0/24
                  89.251.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:e0:f3:8b:91:5b:e8:0f:8d:27:43:a1:b9:f6:45:28:95:6b:
         b3:8e:91:8b:ce:8b:36:a2:f4:e2:89:d5:77:02:78:a3:ed:3c:
         fe:d7:db:5f:45:20:52:3d:ed:2d:76:ac:a9:9d:e5:cf:69:37:
         0f:99:c2:98:cf:de:07:d9:30:c7:01:2d:86:f0:4e:6c:d8:dc:
         1c:16:27:6f:73:58:3d:ce:bb:6c:bd:8d:f8:57:21:4c:89:8b:
         d1:19:86:22:13:14:98:cc:1e:f3:36:f8:a9:84:55:f9:5a:65:
         01:78:4b:f4:2c:44:2f:b7:6d:55:47:11:31:8a:d9:cb:48:b4:
         d6:e1:83:e7:fe:9b:c1:52:21:06:35:4d:3d:bc:94:b1:f3:f2:
         e8:cf:79:34:07:46:01:28:6d:77:05:ec:c4:76:a5:49:54:f8:
         48:83:59:e4:56:fb:33:76:b7:79:1b:55:4b:c2:9a:3d:e0:df:
         e4:5c:bd:5f:2d:e7:54:57:6d:9a:0e:7d:a6:1b:4e:ea:a3:7f:
         97:ce:b6:35:48:77:67:66:ca:4a:b0:38:ab:19:cb:c5:e1:93:
         9a:b7:00:29:e6:01:0d:fb:b6:4d:00:21:48:e1:ca:d4:6e:c4:
         29:29:db:10:db:0a:12:08:8b:7d:ef:ba:b1:cd:ec:af:a5:f5:
         82:d0:f6:5a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQma8C/9/7CyUBesajPqTzbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDI2NDk2MDY1OGI3Y2M3ZjhlY2NlMjE0ZDM5Y2QxZGE3Zjc5NmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1IB6PalpHbc3cIQjdeMv8B6D2E5
v66YcA2pFHQwZxj6YXuCc7kem29RYucGyFBd0GbQ/Lx6cgvZLbS1BhCNbvCzrOka
fHmw8QNdvd+VmtlBjPtAAjGSXFpBxPcfcBs5rczru8qXWC9gtQ1HKn0LjaDK99lI
JygZ5T6CXi7VrxLIgtPjWPHzwmiM/2/9X5Pfmj+dII5EarmpvEtr3WqqFXGc0QoR
tFsWr3CUikU/PL2M5EoDj555J3CAC8gdho3X9iOIUXAPZhzC7ZobjgqUkBSWhmkZ
6Kw6HxHpUQPsPdar659QxOtErZWFRUJJM9rx+diHRl0eKr66XYmd71WLqQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKQmSWBli3zH+OzOIU05zR2n95ahMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvcENaSllHV0xmTWY0N000aFRUbk5IYWYzbHFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWfsQAwQA
WfsTAwQAWfsXMA0GCSqGSIb3DQEBCwUAA4IBAQAf4POLkVvoD40nQ6G59kUolWuz
jpGLzos2ovTiidV3Anij7Tz+19tfRSBSPe0tdqypneXPaTcPmcKYz94H2TDHAS2G
8E5s2NwcFidvc1g9zrtsvY34VyFMiYvRGYYiExSYzB7zNviphFX5WmUBeEv0LEQv
t21VRxExitnLSLTW4YPn/pvBUiEGNU09vJSx8/Loz3k0B0YBKG13BezEdqVJVPhI
g1nkVvszdrd5G1VLwpo94N/kXL1fLedUV22aDn2mG07qo3+XzrY1SHdnZspKsDir
GcvF4ZOatwAp5gEN+7ZNACFI4crUbsQpKdsQ2woSCIt977qxzeyvpfWC0PZa
-----END CERTIFICATE-----