Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/b8Gb7e3T5_fbCDzBvMO1glwFKuI.roa
File:                     b8Gb7e3T5_fbCDzBvMO1glwFKuI.roa (raw, json)
Hash identifier:          95BghHc+/HJ72K1yVMIF1HltsRax/pcXKtykbvEXW30=
Subject key identifier:   6F:C1:9B:ED:ED:D3:E7:F7:DB:08:3C:C1:BC:C3:B5:82:5C:05:2A:E2
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94E04B11AAE720581A85EE7C5ECF79D
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/b8Gb7e3T5_fbCDzBvMO1glwFKuI.roa
Signing time:             Tue 02 Jan 2024 08:33:02 +0000
ROA not before:           Tue 02 Jan 2024 08:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62425
IP address blocks:        89.43.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 06:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:04:b1:1a:ae:72:05:81:a8:5e:e7:c5:ec:f7:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fc19bededd3e7f7db083cc1bcc3b5825c052ae2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e3:3b:14:17:90:bb:58:e8:75:b3:1b:7a:78:
                    d8:0e:8f:04:83:5f:18:50:41:41:dc:6d:b1:96:bb:
                    bf:d0:03:87:66:3e:00:fd:9f:29:cd:89:94:66:90:
                    97:d7:e6:30:aa:02:6a:92:f8:ab:5b:24:ec:ec:bf:
                    ff:4e:e0:98:7b:be:28:6e:f7:57:d7:05:3b:f5:b1:
                    27:13:ef:ef:22:7c:c7:c9:72:bb:af:cb:1f:00:a0:
                    fb:ee:b5:3c:84:99:5c:21:35:3a:e1:89:5e:33:b2:
                    9f:ba:3b:4a:27:93:df:42:b9:3c:f1:78:4f:1a:8b:
                    62:77:d0:95:08:6e:2a:4c:6a:f8:e6:ee:fc:5e:67:
                    8e:46:93:f0:40:8b:f9:9f:b4:a9:65:32:91:23:64:
                    8a:97:2a:5c:66:a6:2c:36:45:74:c3:b0:2a:fa:58:
                    c8:12:4b:c2:c8:3e:83:b0:79:91:0d:ba:00:1b:f9:
                    e2:32:8d:29:fe:c9:81:1f:b7:69:e4:b5:8c:a8:c6:
                    ce:85:6b:71:df:eb:03:b1:84:68:a7:c8:3d:76:3e:
                    d9:7d:4a:c9:c7:b2:e6:51:1b:02:55:b6:c4:80:82:
                    44:73:ce:fc:42:4b:da:1b:26:53:ca:09:0a:d2:0d:
                    4a:0f:42:29:23:df:7a:58:83:40:0f:6d:7c:39:ec:
                    5e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:C1:9B:ED:ED:D3:E7:F7:DB:08:3C:C1:BC:C3:B5:82:5C:05:2A:E2
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/b8Gb7e3T5_fbCDzBvMO1glwFKuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:12:41:b1:d3:cb:a7:4c:03:76:62:63:2d:0e:2a:7f:e5:cf:
         09:2d:4d:d6:ac:b6:54:c5:25:47:c7:f1:2b:7c:fc:77:d9:be:
         e9:ad:df:69:e0:fa:b7:b4:d7:30:c4:f6:56:a6:d6:e7:02:94:
         de:e9:9b:54:97:15:d7:08:6d:fc:a4:47:6d:e2:7e:5d:66:50:
         88:77:ca:6e:01:d3:33:2d:da:3d:9b:56:05:95:c4:e5:cb:8f:
         f4:da:08:8a:05:fd:cd:58:2b:cc:7b:02:71:ff:1b:d6:23:95:
         e9:6d:bc:2d:9d:f3:aa:ef:08:c6:da:cf:9e:41:ef:a7:78:bb:
         80:ed:89:38:b7:e9:03:da:f5:c0:f1:4e:8f:0c:6e:7a:10:80:
         32:90:d4:47:45:b0:7e:46:cf:80:03:45:81:8c:7e:7e:36:fe:
         73:8a:d7:a5:f0:8e:0c:14:1c:71:c7:db:98:ec:0d:21:21:16:
         52:95:d7:0f:fd:78:6b:22:25:d4:79:07:8e:d3:e6:9b:a7:7b:
         4e:0c:6c:5f:f6:f5:0d:74:6a:9a:23:d7:89:ce:04:a8:2e:2e:
         bc:54:f8:07:70:86:e5:b0:0f:e7:6b:80:0b:65:dd:0c:2e:d9:
         87:04:27:8d:26:5b:b5:d9:60:5e:04:e3:6b:7b:b7:35:d4:2c:
         2b:67:26:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgSxGq5yBYGoXufF7PedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmMxOWJlZGVkZDNlN2Y3ZGIwODNjYzFiY2MzYjU4MjVjMDUyYWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueM7FBeQu1jodbMbenjYDo8Eg18Y
UEFB3G2xlru/0AOHZj4A/Z8pzYmUZpCX1+YwqgJqkvirWyTs7L//TuCYe74obvdX
1wU79bEnE+/vInzHyXK7r8sfAKD77rU8hJlcITU64YleM7KfujtKJ5PfQrk88XhP
Gotid9CVCG4qTGr45u78XmeORpPwQIv5n7SpZTKRI2SKlypcZqYsNkV0w7Aq+ljI
EkvCyD6DsHmRDboAG/niMo0p/smBH7dp5LWMqMbOhWtx3+sDsYRop8g9dj7ZfUrJ
x7LmURsCVbbEgIJEc878QkvaGyZTygkK0g1KD0IpI996WINAD218OexeqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/Bm+3t0+f32wg8wbzDtYJcBSriMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvYjhHYjdlM1Q1X2ZiQ0R6QnZNTzFnbHdGS3VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSspMA0G
CSqGSIb3DQEBCwUAA4IBAQB6EkGx08unTAN2YmMtDip/5c8JLU3WrLZUxSVHx/Er
fPx32b7prd9p4Pq3tNcwxPZWptbnApTe6ZtUlxXXCG38pEdt4n5dZlCId8puAdMz
Ldo9m1YFlcTly4/02giKBf3NWCvMewJx/xvWI5XpbbwtnfOq7wjG2s+eQe+neLuA
7Yk4t+kD2vXA8U6PDG56EIAykNRHRbB+Rs+AA0WBjH5+Nv5zitel8I4MFBxxx9uY
7A0hIRZSldcP/XhrIiXUeQeO0+abp3tODGxf9vUNdGqaI9eJzgSoLi68VPgHcIbl
sA/na4ALZd0MLtmHBCeNJlu12WBeBONre7c11CwrZyZu
-----END CERTIFICATE-----