Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/4slX7gowUkDerAvq9YaMDvGvX2Y.roa
File:                     4slX7gowUkDerAvq9YaMDvGvX2Y.roa (raw, json)
Hash identifier:          +6MhCX2QVAAagqld/2ht3I0+/61ThOZa5SZUbTOHhl8=
Subject key identifier:   E2:C9:57:EE:0A:30:52:40:DE:AC:0B:EA:F5:86:8C:0E:F1:AF:5F:66
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       01919370B4A7AD88542C3741004E6456648E
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/4slX7gowUkDerAvq9YaMDvGvX2Y.roa
Signing time:             Tue 27 Aug 2024 10:45:22 +0000
ROA not before:           Tue 27 Aug 2024 10:45:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211975
IP address blocks:        89.249.207.0/24 maxlen: 24
                          185.21.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:93:70:b4:a7:ad:88:54:2c:37:41:00:4e:64:56:64:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Aug 27 10:45:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2c957ee0a305240deac0beaf5868c0ef1af5f66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2c:d3:a0:c4:18:23:a6:10:44:87:28:1a:69:
                    ec:b2:b7:cd:44:92:e9:ba:86:bf:c9:ca:a7:df:ca:
                    d8:67:4c:b7:f7:da:f5:9f:1a:83:70:32:db:a1:33:
                    3c:a8:16:61:f5:a7:f0:63:9e:55:23:03:85:f3:c9:
                    e6:67:df:db:6b:ab:68:10:92:59:ec:27:db:6b:4a:
                    fd:d1:f0:c6:f2:a4:c4:4a:d5:28:5f:6d:d5:8b:a6:
                    9a:4e:e4:47:a6:b3:88:09:89:6d:36:0b:27:99:c3:
                    00:3e:b9:ba:40:7d:b1:fa:61:f5:90:ab:8b:75:59:
                    9e:18:39:d9:8a:8a:17:d8:6b:6d:fe:78:f1:18:64:
                    99:73:ca:35:48:95:9f:80:0c:6e:45:14:4e:70:e0:
                    e1:3c:90:cd:a3:0a:cb:eb:81:ce:83:ab:45:51:44:
                    a3:62:12:2b:f2:1c:1d:1a:b2:10:fd:ab:24:36:93:
                    de:be:70:20:f3:c2:7b:a9:3a:b0:c3:a1:cb:71:9a:
                    23:a9:78:d1:0c:03:03:86:8e:4e:f2:4d:0e:dc:a9:
                    16:5d:7e:bd:1e:8c:a5:94:d6:75:21:de:11:49:ea:
                    32:cf:c2:0b:5d:51:5f:4c:b3:28:6f:4b:85:98:ee:
                    54:03:8c:18:25:50:4e:de:ee:e5:f0:ff:ea:8d:5b:
                    99:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:C9:57:EE:0A:30:52:40:DE:AC:0B:EA:F5:86:8C:0E:F1:AF:5F:66
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/4slX7gowUkDerAvq9YaMDvGvX2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.207.0/24
                  185.21.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:c1:b3:e0:57:66:60:4f:c9:76:54:0f:83:83:56:1d:3b:41:
         68:ce:39:79:99:15:28:c4:67:97:45:a2:35:53:cf:9a:67:4c:
         ac:07:5f:09:79:82:86:f9:87:22:9a:9b:13:a6:41:e0:8c:97:
         56:f7:fc:f8:e0:2d:d6:07:21:e8:a9:5e:51:ad:84:25:e7:33:
         b7:3b:a1:0d:b5:f5:f8:a0:1d:5a:19:fc:20:55:c8:34:0e:73:
         b0:fa:ef:76:6d:78:46:52:40:98:58:00:90:f4:c1:18:b3:ca:
         17:01:0f:75:e1:bc:fe:89:80:7d:1a:af:ba:f6:42:62:58:e8:
         fe:34:1d:e8:8c:d6:2b:eb:27:9a:1c:6c:b1:d1:fa:85:ef:d8:
         7b:ab:65:44:21:06:8e:89:d3:89:34:e1:2d:18:ac:e1:89:e7:
         44:6b:f3:fb:ca:f3:95:59:ef:4a:83:a2:43:5f:53:c0:62:fa:
         f9:a0:6c:fd:04:f6:a9:e7:fe:56:ae:65:08:e9:20:6d:81:10:
         0f:91:16:06:12:a9:dc:f7:90:cb:cc:14:c0:43:6c:21:48:df:
         29:59:3f:d4:08:b0:7f:b4:bc:8e:37:9b:e0:68:22:e1:57:7b:
         49:02:e8:70:bf:ca:fa:d8:73:93:b3:35:fa:d4:e4:b4:ab:b9:
         25:ba:90:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGTcLSnrYhULDdBAE5kVmSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwODI3MTA0NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmM5NTdlZTBhMzA1MjQwZGVhYzBiZWFmNTg2OGMwZWYxYWY1ZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzizToMQYI6YQRIcoGmnssrfNRJLp
uoa/ycqn38rYZ0y399r1nxqDcDLboTM8qBZh9afwY55VIwOF88nmZ9/ba6toEJJZ
7Cfba0r90fDG8qTEStUoX23Vi6aaTuRHprOICYltNgsnmcMAPrm6QH2x+mH1kKuL
dVmeGDnZiooX2Gtt/njxGGSZc8o1SJWfgAxuRRROcODhPJDNowrL64HOg6tFUUSj
YhIr8hwdGrIQ/askNpPevnAg88J7qTqww6HLcZojqXjRDAMDho5O8k0O3KkWXX69
HoyllNZ1Id4RSeoyz8ILXVFfTLMob0uFmO5UA4wYJVBO3u7l8P/qjVuZgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOLJV+4KMFJA3qwL6vWGjA7xr19mMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvNHNsWDdnb3dVa0RlckF2cTlZYU1Edkd2WDJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfnPAwQA
uRX/MA0GCSqGSIb3DQEBCwUAA4IBAQALwbPgV2ZgT8l2VA+Dg1YdO0Fozjl5mRUo
xGeXRaI1U8+aZ0ysB18JeYKG+YcimpsTpkHgjJdW9/z44C3WByHoqV5RrYQl5zO3
O6ENtfX4oB1aGfwgVcg0DnOw+u92bXhGUkCYWACQ9MEYs8oXAQ914bz+iYB9Gq+6
9kJiWOj+NB3ojNYr6yeaHGyx0fqF79h7q2VEIQaOidOJNOEtGKzhiedEa/P7yvOV
We9Kg6JDX1PAYvr5oGz9BPap5/5WrmUI6SBtgRAPkRYGEqnc95DLzBTAQ2whSN8p
WT/UCLB/tLyON5vgaCLhV3tJAuhwv8r62HOTszX61OS0q7klupAM
-----END CERTIFICATE-----