Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/I33yCqwIZer4Cmp8fC5WCE4olr8.roa
File:                     I33yCqwIZer4Cmp8fC5WCE4olr8.roa (raw, json)
Hash identifier:          Z0rjpeF1dV+4Tg/0NeY4WWkqA27kgtZdJ5m81yVge0M=
Subject key identifier:   23:7D:F2:0A:AC:08:65:EA:F8:0A:6A:7C:7C:2E:56:08:4E:28:96:BF
Certificate issuer:       /CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Certificate serial:       019294FEAF511007487C9A0D2620CA97FB2D
Authority key identifier: 6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/I33yCqwIZer4Cmp8fC5WCE4olr8.roa
Signing time:             Wed 16 Oct 2024 11:02:51 +0000
ROA not before:           Wed 16 Oct 2024 11:02:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        89.238.120.0/24 maxlen: 24
                          89.238.121.0/24 maxlen: 24
                          89.238.122.0/24 maxlen: 24
                          89.238.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:94:fe:af:51:10:07:48:7c:9a:0d:26:20:ca:97:fb:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
        Validity
            Not Before: Oct 16 11:02:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=237df20aac0865eaf80a6a7c7c2e56084e2896bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bc:de:75:42:91:41:db:94:6a:72:1f:0b:a9:
                    4c:2d:8e:56:5e:70:07:b8:48:d9:63:a6:f6:e4:53:
                    26:4e:9d:67:29:85:9a:52:54:41:a8:d0:d9:0e:7f:
                    6c:41:f4:e4:a6:6f:16:f6:23:54:26:4c:f5:8e:88:
                    b9:48:a2:c0:6a:02:c0:86:0e:b2:03:92:7d:5b:30:
                    52:0c:52:58:93:56:f5:c1:7d:9a:47:dc:9d:59:cd:
                    13:f2:29:00:fa:08:59:65:dc:f4:cb:c2:7f:32:72:
                    09:59:40:de:f4:f0:63:a0:29:34:cd:5a:19:ac:59:
                    bc:91:be:00:03:4d:e6:3c:fc:ec:45:aa:f9:a1:35:
                    77:3f:8f:8d:a7:70:63:aa:e7:ec:fc:96:ff:e5:5e:
                    80:0c:a0:b8:42:ba:e2:e0:a2:b0:db:d7:b3:62:d9:
                    f2:da:7c:0f:d4:08:7e:df:85:45:f6:1a:c3:f9:8d:
                    fe:bb:2b:34:73:c0:a9:24:9c:84:86:db:87:41:35:
                    a3:cf:8c:b5:47:c1:eb:21:52:6a:27:4a:b5:6b:f7:
                    ad:c1:95:13:63:cb:ea:8e:60:5c:57:ad:f9:5f:5b:
                    6f:c1:0f:0e:00:53:b8:2d:1c:10:08:97:6f:5a:d4:
                    47:9d:46:bf:be:eb:9b:10:14:cf:46:9d:b9:21:e2:
                    e7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:7D:F2:0A:AC:08:65:EA:F8:0A:6A:7C:7C:2E:56:08:4E:28:96:BF
            X509v3 Authority Key Identifier:
                keyid:6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/I33yCqwIZer4Cmp8fC5WCE4olr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.238.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:c1:08:d4:b5:86:38:64:3e:c2:9a:20:81:d5:75:24:e4:5e:
         6f:35:01:e1:7f:bc:a7:6f:8d:0f:95:83:a5:b4:21:c2:6c:02:
         30:e1:04:a6:7b:a0:61:76:34:82:5e:a3:b9:25:27:7c:ce:60:
         f2:ab:a7:21:f8:15:a8:3e:ba:d6:d6:8b:9d:fa:43:1e:f3:3d:
         db:12:6c:67:07:e0:cc:5a:de:4f:65:c8:aa:db:dd:81:c2:e8:
         a0:78:67:7d:61:c9:e6:9f:e9:dc:e5:91:1a:e9:92:b8:6f:cd:
         22:8c:97:11:30:c2:ac:22:88:03:4f:cb:69:19:e3:1f:fd:5c:
         83:77:f5:51:39:49:4f:a2:fe:01:eb:4a:e4:29:d5:0b:45:08:
         c5:ab:c9:00:67:ea:d8:51:77:ff:9a:f5:42:40:38:d8:fe:f2:
         3b:b4:1d:1c:4a:fe:0a:48:30:e6:73:89:dd:9f:72:76:b1:f6:
         76:3a:15:0d:8a:d0:68:95:56:8b:4e:6a:b4:22:8e:91:cd:1a:
         5c:50:d1:11:ee:66:4f:9b:d6:5c:f3:5c:13:a1:5a:50:04:a7:
         8d:17:80:84:c2:96:87:00:6a:ba:b3:2c:3e:6d:0c:53:7f:74:
         ec:e3:41:a4:cb:df:81:c3:67:39:77:ac:d1:59:b4:85:7f:6d:
         26:d4:92:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKU/q9REAdIfJoNJiDKl/stMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZDAzOTJhYzc2NjBiZDE0NjBmYTFkNTAzMWQxODQwZDAx
Yjk0MTIwHhcNMjQxMDE2MTEwMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzdkZjIwYWFjMDg2NWVhZjgwYTZhN2M3YzJlNTYwODRlMjg5NmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbzedUKRQduUanIfC6lMLY5WXnAH
uEjZY6b25FMmTp1nKYWaUlRBqNDZDn9sQfTkpm8W9iNUJkz1joi5SKLAagLAhg6y
A5J9WzBSDFJYk1b1wX2aR9ydWc0T8ikA+ghZZdz0y8J/MnIJWUDe9PBjoCk0zVoZ
rFm8kb4AA03mPPzsRar5oTV3P4+Np3Bjqufs/Jb/5V6ADKC4Qrri4KKw29ezYtny
2nwP1Ah+34VF9hrD+Y3+uys0c8CpJJyEhtuHQTWjz4y1R8HrIVJqJ0q1a/etwZUT
Y8vqjmBcV635X1tvwQ8OAFO4LRwQCJdvWtRHnUa/vuubEBTPRp25IeLncQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCN98gqsCGXq+ApqfHwuVghOKJa/MB8GA1UdIwQY
MBaAFG7QOSrHZgvRRg+h1QMdGEDQG5QSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQt
ZThiYWY5ZmZhZGY4LzEvSTMzeUNxd0laZXI0Q21wOGZDNVdDRTRvbHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQtZThiYWY5ZmZhZGY4
LzEvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWe54MA0G
CSqGSIb3DQEBCwUAA4IBAQCQwQjUtYY4ZD7CmiCB1XUk5F5vNQHhf7ynb40PlYOl
tCHCbAIw4QSme6BhdjSCXqO5JSd8zmDyq6ch+BWoPrrW1oud+kMe8z3bEmxnB+DM
Wt5PZciq292BwuigeGd9Ycnmn+nc5ZEa6ZK4b80ijJcRMMKsIogDT8tpGeMf/VyD
d/VROUlPov4B60rkKdULRQjFq8kAZ+rYUXf/mvVCQDjY/vI7tB0cSv4KSDDmc4nd
n3J2sfZ2OhUNitBolVaLTmq0Io6RzRpcUNER7mZPm9Zc81wToVpQBKeNF4CEwpaH
AGq6syw+bQxTf3Ts40Gky9+Bw2c5d6zRWbSFf20m1JLg
-----END CERTIFICATE-----