Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/97jK4Nwl25K3gffda_0uOhV5aLA.roa
File:                     97jK4Nwl25K3gffda_0uOhV5aLA.roa (raw, json)
Hash identifier:          /GhESWSqw1rhNZIbTWuYTF7xT/kXSd6uSY3w3ucVr9M=
Subject key identifier:   F7:B8:CA:E0:DC:25:DB:92:B7:81:F7:DD:6B:FD:2E:3A:15:79:68:B0
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0193354711448E93CF33F8A796D2B87D1FEC
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/97jK4Nwl25K3gffda_0uOhV5aLA.roa
Signing time:             Sat 16 Nov 2024 14:01:10 +0000
ROA not before:           Sat 16 Nov 2024 14:01:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214857
IP address blocks:        89.42.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:35:47:11:44:8e:93:cf:33:f8:a7:96:d2:b8:7d:1f:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Nov 16 14:01:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7b8cae0dc25db92b781f7dd6bfd2e3a157968b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:94:8e:c3:85:17:9a:73:df:93:5b:f4:45:63:
                    d7:a7:bd:83:63:ce:c6:73:77:20:44:54:b2:2a:e8:
                    06:17:95:af:b8:9b:a8:d8:fd:98:bc:71:47:77:81:
                    80:77:13:ec:86:89:a4:20:cc:43:4d:3d:27:7b:b3:
                    42:c2:cf:17:ca:79:dd:2d:32:16:41:1b:ee:c7:6c:
                    79:db:ee:d6:70:51:da:c8:72:91:8e:37:a5:3f:ec:
                    a1:00:3d:10:ef:5e:72:16:b5:9c:a5:f7:90:e0:50:
                    c1:77:20:77:7d:f1:af:cd:d3:e5:f9:65:88:0d:b4:
                    fd:b3:75:f3:ec:87:84:0a:ee:a4:5e:fb:96:c7:a9:
                    68:38:51:68:b9:8e:08:3a:ad:e0:51:3a:cc:b4:4c:
                    6e:cd:c6:8d:88:5c:fc:5f:99:9d:4e:aa:43:dd:e9:
                    18:84:0d:39:07:3c:6e:40:51:06:de:bb:5d:c1:c7:
                    3d:56:8c:40:68:95:cf:1a:24:9d:1e:d3:a9:75:ff:
                    f6:99:9f:fe:4f:bc:64:2b:14:af:ae:62:42:fa:a0:
                    48:69:02:51:00:13:ea:89:5a:05:49:6f:07:5c:33:
                    48:f1:bd:9e:1e:22:87:ca:86:d6:d6:a8:9f:c9:ff:
                    36:1e:ba:8a:5a:83:67:93:19:3e:78:e6:29:26:b2:
                    dd:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B8:CA:E0:DC:25:DB:92:B7:81:F7:DD:6B:FD:2E:3A:15:79:68:B0
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/97jK4Nwl25K3gffda_0uOhV5aLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:99:e8:95:4e:62:48:ef:3e:40:8c:74:e6:d5:19:f8:bd:0f:
         1e:14:57:a3:99:a8:b7:31:81:62:a6:9a:5c:e3:77:c2:d0:1d:
         d8:99:1f:16:59:8c:52:5b:a5:81:8a:e6:06:7c:5c:9b:5b:fd:
         4e:4b:1b:d7:7f:f4:a7:bd:0d:f2:22:f7:7d:3b:a4:c5:9e:5e:
         a5:15:82:34:1f:6d:b9:99:61:b8:c2:8d:b8:3c:35:cd:ed:71:
         b7:03:21:fe:cc:45:73:a7:be:8c:02:a3:3b:5d:a9:9a:86:ec:
         a3:eb:c0:3e:ee:5e:02:02:6a:1b:09:5b:74:8c:aa:72:b9:6a:
         fc:bc:97:ed:d9:85:1a:4c:53:8a:83:28:07:bb:80:2e:cc:35:
         cd:34:bb:48:38:70:0c:3e:87:e8:1d:06:15:d6:ad:2a:7d:55:
         cc:5f:82:2a:dc:bd:50:f6:9e:ce:f1:b3:dc:6d:8b:e0:7b:c9:
         09:59:f6:35:0f:31:7e:de:bd:99:8c:0d:0a:b0:72:95:e8:99:
         3d:15:df:30:14:17:2e:1e:b7:7c:39:15:12:2c:52:32:3c:1a:
         03:2d:07:ff:e9:14:ed:69:2a:61:60:9a:87:5b:e5:46:4f:f6:
         da:53:51:00:d4:4e:48:c0:7a:d6:4b:a0:8c:7f:24:7c:b6:1c:
         14:f1:fc:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM1RxFEjpPPM/inltK4fR/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQxMTE2MTQwMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2I4Y2FlMGRjMjVkYjkyYjc4MWY3ZGQ2YmZkMmUzYTE1Nzk2OGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZSOw4UXmnPfk1v0RWPXp72DY87G
c3cgRFSyKugGF5WvuJuo2P2YvHFHd4GAdxPshomkIMxDTT0ne7NCws8XynndLTIW
QRvux2x52+7WcFHayHKRjjelP+yhAD0Q715yFrWcpfeQ4FDBdyB3ffGvzdPl+WWI
DbT9s3Xz7IeECu6kXvuWx6loOFFouY4IOq3gUTrMtExuzcaNiFz8X5mdTqpD3ekY
hA05BzxuQFEG3rtdwcc9VoxAaJXPGiSdHtOpdf/2mZ/+T7xkKxSvrmJC+qBIaQJR
ABPqiVoFSW8HXDNI8b2eHiKHyobW1qifyf82HrqKWoNnkxk+eOYpJrLduQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPe4yuDcJduSt4H33Wv9LjoVeWiwMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvOTdqSzROd2wyNUszZ2ZmZGFfMHVPaFY1YUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSovMA0G
CSqGSIb3DQEBCwUAA4IBAQBsmeiVTmJI7z5AjHTm1Rn4vQ8eFFejmai3MYFipppc
43fC0B3YmR8WWYxSW6WBiuYGfFybW/1OSxvXf/SnvQ3yIvd9O6TFnl6lFYI0H225
mWG4wo24PDXN7XG3AyH+zEVzp76MAqM7Xamahuyj68A+7l4CAmobCVt0jKpyuWr8
vJft2YUaTFOKgygHu4AuzDXNNLtIOHAMPofoHQYV1q0qfVXMX4Iq3L1Q9p7O8bPc
bYvge8kJWfY1DzF+3r2ZjA0KsHKV6Jk9Fd8wFBcuHrd8ORUSLFIyPBoDLQf/6RTt
aSphYJqHW+VGT/baU1EA1E5IwHrWS6CMfyR8thwU8fzQ
-----END CERTIFICATE-----