Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/f3kz1XK82k7nZ9c_VJO00J_IYWo.roa
File:                     f3kz1XK82k7nZ9c_VJO00J_IYWo.roa (raw, json)
Hash identifier:          R4KrzIMz0JnJH3vYw54vRi44kV7CXnTPuVDwpmZ1A10=
Subject key identifier:   7F:79:33:D5:72:BC:DA:4E:E7:67:D7:3F:54:93:B4:D0:9F:C8:61:6A
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94E00A0817E41E8A06882CD436057BC
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/f3kz1XK82k7nZ9c_VJO00J_IYWo.roa
Signing time:             Tue 02 Jan 2024 08:33:01 +0000
ROA not before:           Tue 02 Jan 2024 08:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39205
IP address blocks:        89.33.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:00:a0:81:7e:41:e8:a0:68:82:cd:43:60:57:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f7933d572bcda4ee767d73f5493b4d09fc8616a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a0:bf:cb:76:c4:06:85:80:bf:97:3a:21:4c:
                    57:3c:3f:1e:30:e5:47:98:37:6e:10:e2:2e:0f:cd:
                    36:3c:b7:9c:97:d3:41:38:d6:68:f8:d3:27:09:6b:
                    78:35:e6:7e:83:a1:1f:ca:48:8c:6d:9e:49:43:86:
                    4c:c3:70:5b:3b:e8:d3:53:8a:a7:52:ad:04:59:2a:
                    a4:0f:f3:32:41:3b:5e:a3:79:72:f4:70:ae:af:00:
                    ee:f0:43:f4:2e:99:05:a0:c6:b4:b7:39:13:ba:44:
                    5d:2b:60:1d:62:c2:89:a6:4a:80:a3:71:26:78:4a:
                    7a:91:c3:cd:e4:eb:41:b1:67:86:8d:5b:55:dc:38:
                    12:66:c5:91:70:0d:fe:b1:d8:ad:6a:a8:4f:24:4f:
                    06:09:51:57:f5:2a:2f:5a:24:0f:98:45:54:c3:f1:
                    3b:d6:9c:bc:8b:f7:1f:f4:3e:05:ec:93:8e:4c:58:
                    da:22:37:2c:64:3e:ca:2c:d7:b9:9b:17:7c:c7:3b:
                    10:89:65:c1:e7:02:82:25:7e:8d:28:e5:bc:28:b5:
                    5a:29:21:38:ac:34:d9:89:db:2c:b3:86:37:67:1b:
                    ab:ab:e3:84:4a:a1:eb:e8:96:53:b7:3e:6b:e5:cf:
                    09:e2:e6:36:83:07:e5:58:10:dc:1b:14:fd:e4:70:
                    75:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:79:33:D5:72:BC:DA:4E:E7:67:D7:3F:54:93:B4:D0:9F:C8:61:6A
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/f3kz1XK82k7nZ9c_VJO00J_IYWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:b0:96:88:ab:68:13:ff:26:01:35:e0:38:36:25:05:a2:ed:
         be:9f:77:56:d3:b7:93:3f:25:bf:32:69:c6:4f:e2:21:fc:64:
         00:ee:8a:6f:be:00:99:d4:24:3a:cc:f2:4b:48:08:59:4f:c1:
         92:46:d8:d3:54:e1:42:51:3f:f6:5d:56:2d:53:97:38:b6:7e:
         a3:96:b7:56:db:87:fd:da:93:4c:d9:7b:f2:b4:de:37:df:c2:
         c6:59:6b:4b:84:dc:f5:06:f9:f5:09:ea:b9:48:75:63:04:d7:
         25:6e:f3:1c:6c:e5:84:ad:f1:7f:a9:4b:f6:ed:bf:a6:63:25:
         39:ca:a1:cd:4f:e5:d7:10:4c:93:55:81:a9:4f:f7:9c:e8:5b:
         cf:f1:36:34:60:a7:ed:dc:17:8a:89:06:01:b6:59:fa:a5:b9:
         58:cd:2a:ec:44:f4:c5:34:52:8f:e8:86:d0:08:91:07:bc:8b:
         93:0b:01:88:64:4c:73:e4:fe:fe:93:0a:03:db:05:eb:f9:32:
         fc:ce:6f:58:92:f7:3c:91:ac:29:06:e7:c9:05:36:24:8e:a2:
         62:9b:aa:b5:84:f9:2a:bc:4c:5b:40:78:74:70:8e:7f:ea:59:
         25:e2:bf:e6:9b:b2:c1:f9:56:1b:2e:ca:6e:36:ec:6b:37:74:
         57:d7:c8:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgCggX5B6KBogs1DYFe8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjc5MzNkNTcyYmNkYTRlZTc2N2Q3M2Y1NDkzYjRkMDlmYzg2MTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6C/y3bEBoWAv5c6IUxXPD8eMOVH
mDduEOIuD802PLecl9NBONZo+NMnCWt4NeZ+g6EfykiMbZ5JQ4ZMw3BbO+jTU4qn
Uq0EWSqkD/MyQTteo3ly9HCurwDu8EP0LpkFoMa0tzkTukRdK2AdYsKJpkqAo3Em
eEp6kcPN5OtBsWeGjVtV3DgSZsWRcA3+sditaqhPJE8GCVFX9SovWiQPmEVUw/E7
1py8i/cf9D4F7JOOTFjaIjcsZD7KLNe5mxd8xzsQiWXB5wKCJX6NKOW8KLVaKSE4
rDTZidsss4Y3Zxurq+OESqHr6JZTtz5r5c8J4uY2gwflWBDcGxT95HB1SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH95M9VyvNpO52fXP1STtNCfyGFqMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvZjNrejFYSzgyazduWjljX1ZKTzAwSl9JWVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSH9MA0G
CSqGSIb3DQEBCwUAA4IBAQBfsJaIq2gT/yYBNeA4NiUFou2+n3dW07eTPyW/MmnG
T+Ih/GQA7opvvgCZ1CQ6zPJLSAhZT8GSRtjTVOFCUT/2XVYtU5c4tn6jlrdW24f9
2pNM2XvytN4338LGWWtLhNz1Bvn1Ceq5SHVjBNclbvMcbOWErfF/qUv27b+mYyU5
yqHNT+XXEEyTVYGpT/ec6FvP8TY0YKft3BeKiQYBtln6pblYzSrsRPTFNFKP6IbQ
CJEHvIuTCwGIZExz5P7+kwoD2wXr+TL8zm9Ykvc8kawpBufJBTYkjqJim6q1hPkq
vExbQHh0cI5/6lkl4r/mm7LB+VYbLspuNuxrN3RX18gp
-----END CERTIFICATE-----