Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/s-ub-KTv9kBJthUAx3CIvlPJdn4.roa
File:                     s-ub-KTv9kBJthUAx3CIvlPJdn4.roa (raw, json)
Hash identifier:          z9QEo8+aPD+JH0fzOpwr2kgJnURem+BNpNnI45BF5AA=
Subject key identifier:   B3:EB:9B:F8:A4:EF:F6:40:49:B6:15:00:C7:70:88:BE:53:C9:76:7E
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       01973EA6A434652551E4EE57418FE22DE622
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/s-ub-KTv9kBJthUAx3CIvlPJdn4.roa
Signing time:             Thu 05 Jun 2025 05:53:17 +0000
ROA not before:           Thu 05 Jun 2025 05:53:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207667
IP address blocks:        147.234.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3e:a6:a4:34:65:25:51:e4:ee:57:41:8f:e2:2d:e6:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jun  5 05:53:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3eb9bf8a4eff64049b61500c77088be53c9767e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e9:fb:9e:05:c0:09:6a:42:ab:d2:b2:ad:d6:
                    4b:39:2f:0f:53:df:3e:81:66:78:5d:81:55:5b:de:
                    2e:ef:81:37:1e:49:9f:9b:a4:ad:f5:c7:01:9b:40:
                    7c:b4:df:57:dd:27:5b:c0:2f:c4:b3:47:c4:72:48:
                    11:e5:70:b8:41:7c:28:fa:2b:8c:0a:2c:56:1b:10:
                    55:79:64:72:55:61:ba:51:fa:e9:12:c7:4c:8d:4c:
                    68:e2:83:41:67:fc:8d:4a:29:31:d6:b9:d1:7e:a4:
                    ef:c2:be:3e:2f:05:d1:56:03:26:46:0c:50:d8:02:
                    f4:43:b2:1b:fe:4d:89:b1:7d:d0:5f:a3:d5:81:64:
                    fa:62:f8:77:a6:80:f3:72:ba:e9:fb:c2:69:51:8d:
                    87:4c:6e:d2:8f:89:dc:24:34:71:11:b8:48:35:9e:
                    4f:f9:c9:ae:4a:26:12:83:73:a4:1f:2b:55:7e:79:
                    c3:39:da:ac:2f:3c:e4:dd:2c:2f:14:e6:c1:f6:62:
                    51:a1:cb:c7:76:fc:ac:26:30:a3:f0:3d:16:bd:c5:
                    9c:87:ac:cd:95:36:a6:04:62:6a:d2:a2:b2:f3:d5:
                    3c:0e:e9:63:c8:79:88:9a:ea:d1:56:87:d2:46:9c:
                    82:44:31:49:35:db:1c:7c:96:5b:4a:59:45:47:a3:
                    eb:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:EB:9B:F8:A4:EF:F6:40:49:B6:15:00:C7:70:88:BE:53:C9:76:7E
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/s-ub-KTv9kBJthUAx3CIvlPJdn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:ed:9b:82:bd:ac:4a:c4:f9:a7:59:92:62:84:b1:5c:68:80:
         80:ba:bc:6a:f1:47:da:a9:a6:23:85:76:9e:d0:f3:f8:b3:b2:
         df:bc:8e:d1:33:22:f1:c4:fa:9d:b4:63:73:d8:b3:77:15:69:
         76:44:f4:cc:41:2c:a9:b2:b5:5a:df:6f:e8:e1:17:cf:6b:62:
         77:c0:dc:63:61:a8:7c:f5:0f:ea:13:6a:99:bb:64:96:a7:d7:
         44:aa:36:f9:df:ab:2e:5b:92:69:b7:c3:f2:da:d8:61:bc:1b:
         c3:2f:0f:94:20:a4:18:3f:83:3b:b8:9e:0e:21:5f:95:62:e8:
         16:8b:96:7d:1b:be:4e:04:49:50:35:21:f0:0f:58:8d:b4:1c:
         be:38:cf:a8:a5:b8:01:3f:54:13:3a:fc:af:a1:18:b4:97:a5:
         fe:e1:75:67:c5:c8:06:f8:10:c3:7b:dc:ba:f6:c2:92:cf:88:
         84:12:5b:f3:bc:e2:a5:32:92:71:b1:58:52:c9:5e:84:b3:35:
         91:13:e7:9f:a4:71:b4:cc:57:15:ed:e8:a5:d8:39:9a:bb:52:
         19:81:a1:d4:7c:7a:f9:65:d4:d6:1a:4d:05:b0:b2:25:69:3b:
         ce:58:f0:91:53:84:6f:aa:e8:39:c0:90:7b:90:55:1f:88:ae:
         a0:e2:61:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc+pqQ0ZSVR5O5XQY/iLeYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjUwNjA1MDU1MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2ViOWJmOGE0ZWZmNjQwNDliNjE1MDBjNzcwODhiZTUzYzk3NjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvun7ngXACWpCq9KyrdZLOS8PU98+
gWZ4XYFVW94u74E3Hkmfm6St9ccBm0B8tN9X3SdbwC/Es0fEckgR5XC4QXwo+iuM
CixWGxBVeWRyVWG6UfrpEsdMjUxo4oNBZ/yNSikx1rnRfqTvwr4+LwXRVgMmRgxQ
2AL0Q7Ib/k2JsX3QX6PVgWT6Yvh3poDzcrrp+8JpUY2HTG7Sj4ncJDRxEbhINZ5P
+cmuSiYSg3OkHytVfnnDOdqsLzzk3SwvFObB9mJRocvHdvysJjCj8D0WvcWch6zN
lTamBGJq0qKy89U8DuljyHmImurRVofSRpyCRDFJNdscfJZbSllFR6PruwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPrm/ik7/ZASbYVAMdwiL5TyXZ+MB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvcy11Yi1LVHY5a0JKdGhVQXgzQ0l2bFBKZG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk+pZMA0G
CSqGSIb3DQEBCwUAA4IBAQCl7ZuCvaxKxPmnWZJihLFcaICAurxq8UfaqaYjhXae
0PP4s7LfvI7RMyLxxPqdtGNz2LN3FWl2RPTMQSypsrVa32/o4RfPa2J3wNxjYah8
9Q/qE2qZu2SWp9dEqjb536suW5Jpt8Py2thhvBvDLw+UIKQYP4M7uJ4OIV+VYugW
i5Z9G75OBElQNSHwD1iNtBy+OM+opbgBP1QTOvyvoRi0l6X+4XVnxcgG+BDDe9y6
9sKSz4iEElvzvOKlMpJxsVhSyV6EszWRE+efpHG0zFcV7eil2Dmau1IZgaHUfHr5
ZdTWGk0FsLIlaTvOWPCRU4Rvqug5wJB7kFUfiK6g4mGX
-----END CERTIFICATE-----