Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1upwVvOth0ESwzIfWwpLuCD_3Es.roa
File:                     1upwVvOth0ESwzIfWwpLuCD_3Es.roa (raw, json)
Hash identifier:          6LIM0TJ502zyJgxqFVPqSxya65Y/9B+s8bx0dBkgTEM=
Subject key identifier:   D6:EA:70:56:F3:AD:87:41:12:C3:32:1F:5B:0A:4B:B8:20:FF:DC:4B
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       0194206871B2851045CA49E31AA78154B1CB
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1upwVvOth0ESwzIfWwpLuCD_3Es.roa
Signing time:             Wed 01 Jan 2025 05:48:23 +0000
ROA not before:           Wed 01 Jan 2025 05:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        89.23.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:71:b2:85:10:45:ca:49:e3:1a:a7:81:54:b1:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  1 05:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6ea7056f3ad874112c3321f5b0a4bb820ffdc4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:46:0c:d3:52:98:85:fc:52:47:a5:02:82:6a:
                    cc:9e:5d:4a:91:6b:91:d0:32:6e:7e:95:71:58:23:
                    af:19:cb:3f:89:b6:63:45:d3:23:0d:f7:af:a6:2e:
                    a7:e6:e4:d7:b5:ce:44:e8:90:40:aa:ce:b8:3f:a7:
                    39:68:32:c4:c2:f5:e7:ff:ce:97:d9:5f:dc:26:bc:
                    ea:6d:db:a7:09:1e:51:7a:eb:03:fc:0d:3d:89:03:
                    04:7c:ca:ab:1b:55:6b:bb:e0:f2:ce:2e:6c:ca:d9:
                    9a:43:33:a8:73:09:c0:6d:e2:4d:1f:fc:ff:b5:ce:
                    96:e6:d8:30:f3:2c:b4:d0:e5:3b:69:8d:e1:8d:40:
                    1f:7b:b0:d0:d1:d7:f6:3b:7d:51:db:5a:9c:e5:52:
                    73:58:7d:3c:8c:b3:d3:94:f3:f9:94:af:c5:66:f7:
                    c5:6a:57:9d:6c:d0:a5:f2:8e:16:91:c4:5b:35:ab:
                    0b:a3:0a:ad:b3:e9:13:83:b2:ec:e0:ab:ba:e5:8f:
                    b3:ff:af:a9:a9:ba:2b:d8:8a:f3:c8:e3:c4:08:25:
                    0e:3c:93:9d:22:8b:aa:5e:6b:c5:df:ad:ec:e2:89:
                    8a:43:58:4b:1a:5e:da:26:16:09:b2:52:f5:31:da:
                    a6:78:7f:98:75:18:23:c2:41:a7:8d:16:3a:57:b3:
                    35:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:EA:70:56:F3:AD:87:41:12:C3:32:1F:5B:0A:4B:B8:20:FF:DC:4B
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1upwVvOth0ESwzIfWwpLuCD_3Es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:1c:8c:56:71:ea:d7:66:50:f0:f3:de:66:35:84:81:05:84:
         e0:41:34:33:05:f7:49:1e:a3:53:33:a6:e9:4f:33:ab:cd:13:
         d6:7f:a7:c6:88:ee:dd:cb:a1:f2:1d:69:10:21:37:98:2e:03:
         da:8e:4f:8e:65:29:ea:ce:4f:43:db:6a:19:57:ab:70:81:f1:
         0e:1d:2f:f2:69:1f:70:47:57:98:0e:0a:19:6d:9f:c6:82:4b:
         e3:23:04:96:b9:4d:f2:4e:67:93:1a:2a:a5:fb:d1:9e:d1:9c:
         54:6b:6b:24:17:ba:fa:97:40:67:97:7e:cd:ca:96:07:a3:2d:
         02:93:15:c8:01:a1:d8:d2:0a:cc:a5:5c:11:b5:55:9d:ab:e0:
         9d:98:43:82:05:bf:e1:a7:53:f5:03:21:27:bf:ee:ae:4f:91:
         a1:e2:09:04:72:1c:50:7a:1d:5a:72:a8:fc:22:3e:62:e3:56:
         29:09:56:71:44:b8:95:fe:49:3a:63:86:1f:b5:ca:22:24:cd:
         2b:0a:1a:a2:69:a3:0e:a1:ba:83:8c:4f:63:90:e7:f3:45:7b:
         51:21:64:9e:ef:95:ee:ca:1f:9f:0d:c1:18:ea:f9:1f:c0:20:
         a5:e5:52:32:13:ca:92:e7:62:3f:30:84:7f:b4:08:d0:87:21:
         34:72:cd:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaHGyhRBFyknjGqeBVLHLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwMTAxMDU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmVhNzA1NmYzYWQ4NzQxMTJjMzMyMWY1YjBhNGJiODIwZmZkYzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EYM01KYhfxSR6UCgmrMnl1KkWuR
0DJufpVxWCOvGcs/ibZjRdMjDfevpi6n5uTXtc5E6JBAqs64P6c5aDLEwvXn/86X
2V/cJrzqbdunCR5ReusD/A09iQMEfMqrG1Vru+Dyzi5sytmaQzOocwnAbeJNH/z/
tc6W5tgw8yy00OU7aY3hjUAfe7DQ0df2O31R21qc5VJzWH08jLPTlPP5lK/FZvfF
aledbNCl8o4WkcRbNasLowqts+kTg7Ls4Ku65Y+z/6+pqbor2IrzyOPECCUOPJOd
IouqXmvF363s4omKQ1hLGl7aJhYJslL1MdqmeH+YdRgjwkGnjRY6V7M11QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbqcFbzrYdBEsMyH1sKS7gg/9xLMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvMXVwd1Z2T3RoMEVTd3pJZld3cEx1Q0RfM0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdSMA0G
CSqGSIb3DQEBCwUAA4IBAQB4HIxWcerXZlDw895mNYSBBYTgQTQzBfdJHqNTM6bp
TzOrzRPWf6fGiO7dy6HyHWkQITeYLgPajk+OZSnqzk9D22oZV6twgfEOHS/yaR9w
R1eYDgoZbZ/GgkvjIwSWuU3yTmeTGiql+9Ge0ZxUa2skF7r6l0Bnl37NypYHoy0C
kxXIAaHY0grMpVwRtVWdq+CdmEOCBb/hp1P1AyEnv+6uT5Gh4gkEchxQeh1acqj8
Ij5i41YpCVZxRLiV/kk6Y4YftcoiJM0rChqiaaMOobqDjE9jkOfzRXtRIWSe75Xu
yh+fDcEY6vkfwCCl5VIyE8qS52I/MIR/tAjQhyE0cs3S
-----END CERTIFICATE-----