Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/e348f1-bb70-4b34-be12-219e79d84e43/1/SDaAGGa7P44WOP-59lmGnbvdwg4.roa
File:                     SDaAGGa7P44WOP-59lmGnbvdwg4.roa (raw, json)
Hash identifier:          bnt5+2V1dCC0/yyQhlaphCL4OSQtO+nyad6SlymnaL8=
Subject key identifier:   48:36:80:18:66:BB:3F:8E:16:38:FF:B9:F6:59:86:9D:BB:DD:C2:0E
Certificate issuer:       /CN=c4cc02f8fa74cf0da81e8ce2943ea7f9ed2a85f4
Certificate serial:       018CC492388641836E25D5426A6BF35276B7
Authority key identifier: C4:CC:02:F8:FA:74:CF:0D:A8:1E:8C:E2:94:3E:A7:F9:ED:2A:85:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xMwC-Pp0zw2oHozilD6n-e0qhfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/e348f1-bb70-4b34-be12-219e79d84e43/1/SDaAGGa7P44WOP-59lmGnbvdwg4.roa
Signing time:             Mon 01 Jan 2024 10:29:26 +0000
ROA not before:           Mon 01 Jan 2024 10:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212325
IP address blocks:        89.22.64.0/19 maxlen: 19
                          89.22.65.0/24 maxlen: 24
                          89.22.80.0/23 maxlen: 23
                          89.22.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/e348f1-bb70-4b34-be12-219e79d84e43/1/xMwC-Pp0zw2oHozilD6n-e0qhfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/e348f1-bb70-4b34-be12-219e79d84e43/1/xMwC-Pp0zw2oHozilD6n-e0qhfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xMwC-Pp0zw2oHozilD6n-e0qhfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:38:86:41:83:6e:25:d5:42:6a:6b:f3:52:76:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4cc02f8fa74cf0da81e8ce2943ea7f9ed2a85f4
        Validity
            Not Before: Jan  1 10:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4836801866bb3f8e1638ffb9f659869dbbddc20e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:aa:6a:63:c5:da:d4:82:06:a0:89:8a:31:f5:
                    70:d2:80:57:48:36:03:39:15:17:dc:e1:db:c6:34:
                    1e:1b:21:f9:16:d7:7a:de:5b:6d:f3:7b:f0:64:41:
                    d7:cf:4d:bd:c2:91:67:84:f2:cc:51:46:ed:82:25:
                    db:af:c4:9c:fd:9e:80:40:50:d7:02:0c:db:9e:09:
                    a8:b2:7d:95:a0:f6:0b:ec:aa:87:65:84:f4:a3:bf:
                    15:0a:4e:81:2b:24:54:ff:d0:53:a6:c8:08:11:6e:
                    a9:79:7c:17:6f:d9:23:63:52:58:97:90:b4:6e:2e:
                    c7:4a:13:87:10:06:eb:43:4c:1a:51:e6:8f:38:07:
                    f5:57:1f:6e:e0:98:37:99:0b:f3:52:fd:ee:07:77:
                    ca:b3:fd:56:2f:75:bb:05:d1:c5:37:49:fc:ec:70:
                    52:d9:6e:3e:50:b3:6b:8f:e4:a3:18:96:c8:24:96:
                    cb:4e:95:24:74:f8:ca:6d:ae:30:0f:5d:5e:aa:a7:
                    1c:89:10:e9:9a:4f:6f:aa:ee:72:87:e5:c7:ed:88:
                    e8:b8:0c:fc:a5:8c:5e:49:5d:ca:a0:b7:8b:3d:e2:
                    f3:f1:a7:2a:a5:63:34:6d:19:ca:c0:28:ab:52:4d:
                    3e:15:4f:9b:33:1e:c5:7a:99:2e:ba:23:0d:13:4b:
                    25:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:36:80:18:66:BB:3F:8E:16:38:FF:B9:F6:59:86:9D:BB:DD:C2:0E
            X509v3 Authority Key Identifier:
                keyid:C4:CC:02:F8:FA:74:CF:0D:A8:1E:8C:E2:94:3E:A7:F9:ED:2A:85:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xMwC-Pp0zw2oHozilD6n-e0qhfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/e348f1-bb70-4b34-be12-219e79d84e43/1/SDaAGGa7P44WOP-59lmGnbvdwg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/e348f1-bb70-4b34-be12-219e79d84e43/1/xMwC-Pp0zw2oHozilD6n-e0qhfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.22.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         95:1e:49:e6:31:c3:12:df:66:5a:0b:d2:20:09:50:82:4e:72:
         60:d3:b3:78:87:8e:06:f3:c8:5f:ac:c5:7b:a7:be:1f:5e:13:
         7c:40:8b:30:1e:ee:37:4f:fe:56:c2:97:78:08:4b:e4:7b:dc:
         95:fc:39:f0:a2:d1:2b:af:71:d2:c3:42:32:53:02:84:0f:cd:
         42:e3:90:94:24:76:38:d5:85:5a:f0:ed:78:16:94:fc:89:e0:
         c4:db:ca:74:32:53:aa:bb:49:7b:40:e2:1a:76:01:c1:40:ed:
         7b:43:bb:4c:7b:ec:cd:68:26:e0:f6:57:70:84:3e:da:8c:27:
         16:5f:97:7d:c2:ab:01:59:71:48:5f:c6:a1:63:10:57:ce:08:
         77:a8:8e:08:f4:59:96:24:14:2b:04:cf:d3:68:f1:d9:88:22:
         16:9c:a5:96:0a:bb:4c:1a:cd:ae:ca:2a:f1:0b:b2:d5:35:fd:
         b0:2e:b0:15:2c:1e:4c:fd:b6:22:24:e9:8f:f3:0b:1a:0e:72:
         35:8d:91:98:58:9e:23:04:82:23:99:c1:5b:91:99:f7:60:19:
         bc:5d:0c:86:fb:34:47:92:d7:74:02:6e:c4:39:02:01:7d:e6:
         54:1a:91:4d:cc:14:51:84:ce:48:6b:29:ce:f0:3e:5c:5c:12:
         a4:30:bc:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjiGQYNuJdVCamvzUna3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0Y2MwMmY4ZmE3NGNmMGRhODFlOGNlMjk0M2VhN2Y5ZWQy
YTg1ZjQwHhcNMjQwMTAxMTAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODM2ODAxODY2YmIzZjhlMTYzOGZmYjlmNjU5ODY5ZGJiZGRjMjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqpqY8Xa1IIGoImKMfVw0oBXSDYD
ORUX3OHbxjQeGyH5Ftd63ltt83vwZEHXz029wpFnhPLMUUbtgiXbr8Sc/Z6AQFDX
Agzbngmosn2VoPYL7KqHZYT0o78VCk6BKyRU/9BTpsgIEW6peXwXb9kjY1JYl5C0
bi7HShOHEAbrQ0waUeaPOAf1Vx9u4Jg3mQvzUv3uB3fKs/1WL3W7BdHFN0n87HBS
2W4+ULNrj+SjGJbIJJbLTpUkdPjKba4wD11eqqcciRDpmk9vqu5yh+XH7YjouAz8
pYxeSV3KoLeLPeLz8acqpWM0bRnKwCirUk0+FU+bMx7FepkuuiMNE0slNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEg2gBhmuz+OFjj/ufZZhp273cIOMB8GA1UdIwQY
MBaAFMTMAvj6dM8NqB6M4pQ+p/ntKoX0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE13Qy1QcDB6dzJvSG96aWxENm4tZTBxaGZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9lMzQ4ZjEtYmI3MC00YjM0LWJlMTIt
MjE5ZTc5ZDg0ZTQzLzEvU0RhQUdHYTdQNDRXT1AtNTlsbUduYnZkd2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9lMzQ4ZjEtYmI3MC00YjM0LWJlMTItMjE5ZTc5ZDg0ZTQz
LzEveE13Qy1QcDB6dzJvSG96aWxENm4tZTBxaGZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFWRZAMA0G
CSqGSIb3DQEBCwUAA4IBAQCVHknmMcMS32ZaC9IgCVCCTnJg07N4h44G88hfrMV7
p74fXhN8QIswHu43T/5Wwpd4CEvke9yV/DnwotErr3HSw0IyUwKED81C45CUJHY4
1YVa8O14FpT8ieDE28p0MlOqu0l7QOIadgHBQO17Q7tMe+zNaCbg9ldwhD7ajCcW
X5d9wqsBWXFIX8ahYxBXzgh3qI4I9FmWJBQrBM/TaPHZiCIWnKWWCrtMGs2uyirx
C7LVNf2wLrAVLB5M/bYiJOmP8wsaDnI1jZGYWJ4jBIIjmcFbkZn3YBm8XQyG+zRH
ktd0Am7EOQIBfeZUGpFNzBRRhM5IaynO8D5cXBKkMLxW
-----END CERTIFICATE-----