Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/C9FeLXHlmSb6adQSBmHRmx1p1GQ.roa
File:                     C9FeLXHlmSb6adQSBmHRmx1p1GQ.roa (raw, json)
Hash identifier:          wsQwdaHpob1xHgKH8CTJtFsTYcrf5LAWX2Z18JuGPe4=
Subject key identifier:   0B:D1:5E:2D:71:E5:99:26:FA:69:D4:12:06:61:D1:9B:1D:69:D4:64
Certificate issuer:       /CN=510b419f0c17b4c8be217f64388d268d14dc261e
Certificate serial:       01941F8C321A61804189F4FEB9E7CE937E38
Authority key identifier: 51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/C9FeLXHlmSb6adQSBmHRmx1p1GQ.roa
Signing time:             Wed 01 Jan 2025 01:47:49 +0000
ROA not before:           Wed 01 Jan 2025 01:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133499
IP address blocks:        89.184.192.0/20 maxlen: 32
                          89.184.208.0/20 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:32:1a:61:80:41:89:f4:fe:b9:e7:ce:93:7e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=510b419f0c17b4c8be217f64388d268d14dc261e
        Validity
            Not Before: Jan  1 01:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bd15e2d71e59926fa69d4120661d19b1d69d464
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:21:d9:18:2d:7b:bd:80:7e:55:10:3b:81:f9:
                    90:97:6c:c2:ea:d1:d9:38:46:37:d5:e9:97:96:99:
                    33:d2:87:b3:77:4f:a4:8c:2b:ff:4e:3c:e2:69:97:
                    25:6d:00:67:c9:71:15:b8:05:92:a7:6f:2c:9b:ac:
                    3f:fb:ca:3e:09:91:d1:e6:c5:7c:09:40:fe:86:d9:
                    22:0e:8b:1e:d6:14:e6:9b:c1:b3:fb:ae:8e:b8:d1:
                    3c:c7:43:b1:5f:21:53:b4:84:67:90:b9:f3:3d:c0:
                    1c:34:a9:ef:2f:43:8d:cd:e7:19:27:94:c4:ec:eb:
                    24:9c:63:f3:c7:24:12:5d:69:6a:0e:82:9f:ab:68:
                    c2:af:dc:f9:fa:37:1e:e4:c6:b3:b7:50:60:5a:28:
                    19:53:b6:a4:a7:0a:90:32:b3:2d:2e:14:c6:ad:16:
                    d1:ea:f6:f8:73:df:6a:fa:31:c4:ca:e0:54:d2:40:
                    81:04:ff:7e:f5:71:13:4f:63:ac:1b:0f:eb:c3:5c:
                    3e:76:91:56:01:df:da:80:98:45:51:2b:bf:37:28:
                    e0:83:4c:83:3e:9c:24:29:15:dc:f5:94:49:04:bb:
                    c8:e8:a0:1d:ef:2c:c0:16:05:ee:3c:ee:49:58:46:
                    96:70:f8:2e:d1:97:41:fc:d0:c0:1a:b5:1e:49:ec:
                    51:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:D1:5E:2D:71:E5:99:26:FA:69:D4:12:06:61:D1:9B:1D:69:D4:64
            X509v3 Authority Key Identifier:
                keyid:51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/C9FeLXHlmSb6adQSBmHRmx1p1GQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.184.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a9:0f:8e:36:0d:05:df:1f:21:2f:df:d7:3c:b9:5b:39:3c:cd:
         3d:a9:8d:95:20:d6:4e:a1:69:2d:48:04:aa:46:0e:58:ce:40:
         32:27:d5:97:e4:86:74:5d:73:82:cd:07:96:0f:ed:86:03:0b:
         93:b5:66:55:88:44:de:8b:a4:60:33:cc:c8:da:ee:fc:7a:63:
         88:fa:76:2e:40:fa:12:4f:50:dd:da:8e:a6:ea:bb:5f:87:a9:
         e2:13:f3:1f:21:5c:af:f8:ba:44:be:85:e0:0a:a5:03:dd:33:
         c9:34:18:48:e9:bf:86:c1:d8:e0:ed:67:35:79:cb:04:aa:f2:
         ff:55:58:3c:4f:28:b6:c8:0a:ee:32:86:2b:a6:4c:aa:a0:59:
         fc:1f:c3:a2:6a:e4:82:0d:f4:64:7d:35:58:81:40:0f:93:b8:
         b3:63:1c:41:b6:21:84:e2:b6:6a:57:6a:c6:d4:b2:98:33:ea:
         0d:ac:3d:7b:67:c7:a9:72:0c:1b:0c:a7:16:9f:55:66:cc:04:
         4c:79:ce:79:2f:8d:fb:c2:86:c2:f7:ed:02:74:16:e8:92:35:
         65:38:e4:61:d8:40:42:c8:70:0e:6e:22:28:6e:a2:b9:0c:47:
         7d:72:e7:78:94:c2:0d:eb:21:c2:21:3d:bf:0c:a9:4c:3a:cf:
         1d:d9:f6:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjDIaYYBBifT+uefOk344MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMGI0MTlmMGMxN2I0YzhiZTIxN2Y2NDM4OGQyNjhkMTRk
YzI2MWUwHhcNMjUwMTAxMDE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmQxNWUyZDcxZTU5OTI2ZmE2OWQ0MTIwNjYxZDE5YjFkNjlkNDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSHZGC17vYB+VRA7gfmQl2zC6tHZ
OEY31emXlpkz0oezd0+kjCv/TjziaZclbQBnyXEVuAWSp28sm6w/+8o+CZHR5sV8
CUD+htkiDose1hTmm8Gz+66OuNE8x0OxXyFTtIRnkLnzPcAcNKnvL0ONzecZJ5TE
7OsknGPzxyQSXWlqDoKfq2jCr9z5+jce5Mazt1BgWigZU7akpwqQMrMtLhTGrRbR
6vb4c99q+jHEyuBU0kCBBP9+9XETT2OsGw/rw1w+dpFWAd/agJhFUSu/Nyjgg0yD
PpwkKRXc9ZRJBLvI6KAd7yzAFgXuPO5JWEaWcPgu0ZdB/NDAGrUeSexRcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvRXi1x5Zkm+mnUEgZh0ZsdadRkMB8GA1UdIwQY
MBaAFFELQZ8MF7TIviF/ZDiNJo0U3CYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYt
MTRhMDk5OTNkNjcxLzEvQzlGZUxYSGxtU2I2YWRRU0JtSFJteDFwMUdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYtMTRhMDk5OTNkNjcx
LzEvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFWbjAMA0G
CSqGSIb3DQEBCwUAA4IBAQCpD442DQXfHyEv39c8uVs5PM09qY2VINZOoWktSASq
Rg5YzkAyJ9WX5IZ0XXOCzQeWD+2GAwuTtWZViETei6RgM8zI2u78emOI+nYuQPoS
T1Dd2o6m6rtfh6niE/MfIVyv+LpEvoXgCqUD3TPJNBhI6b+Gwdjg7Wc1ecsEqvL/
VVg8Tyi2yAruMoYrpkyqoFn8H8OiauSCDfRkfTVYgUAPk7izYxxBtiGE4rZqV2rG
1LKYM+oNrD17Z8epcgwbDKcWn1VmzARMec55L437wobC9+0CdBbokjVlOORh2EBC
yHAObiIobqK5DEd9cud4lMIN6yHCIT2/DKlMOs8d2faK
-----END CERTIFICATE-----