Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/iF7yd0b80QkITn8WpA7mJJypNM0.roa
File:                     iF7yd0b80QkITn8WpA7mJJypNM0.roa (raw, json)
Hash identifier:          1hbH6fwxI0t/uPgW+FZoRWd4yB2cIz2OOzCavW5p7ys=
Subject key identifier:   88:5E:F2:77:46:FC:D1:09:08:4E:7F:16:A4:0E:E6:24:9C:A9:34:CD
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01942369BA2A2C18CAED25D0D2E012690E84
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/iF7yd0b80QkITn8WpA7mJJypNM0.roa
Signing time:             Wed 01 Jan 2025 19:48:39 +0000
ROA not before:           Wed 01 Jan 2025 19:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205275
IP address blocks:        89.44.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ba:2a:2c:18:ca:ed:25:d0:d2:e0:12:69:0e:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=885ef27746fcd109084e7f16a40ee6249ca934cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:e9:c4:c9:66:33:0b:ab:fc:eb:22:cb:ac:0a:
                    c9:16:a6:56:c9:27:0f:db:5c:ec:fb:5b:28:84:4c:
                    84:14:04:e7:cb:78:7f:6d:c6:e0:3c:fc:29:65:ac:
                    30:53:86:10:5c:e0:96:1a:2e:13:80:d5:b3:eb:e0:
                    94:bf:bb:70:7d:22:7c:7f:66:49:b7:61:8f:26:67:
                    17:4a:e0:c3:39:da:90:96:d8:fd:2f:00:97:50:a3:
                    d8:22:fb:75:6b:c4:bd:f0:fb:be:f5:6e:0f:f3:c9:
                    22:be:f2:37:ca:ad:4c:19:a5:f8:c3:8f:13:f2:21:
                    e8:9a:8d:00:13:bc:3b:5f:f8:7b:83:79:43:c5:c7:
                    50:ac:fc:e0:da:9b:32:e2:3f:5f:c6:22:f6:4b:78:
                    a9:9b:d5:a3:07:07:43:74:c6:09:a8:8e:4a:c9:f4:
                    8b:e5:46:8f:ec:74:33:d1:cf:14:75:cc:6b:6a:e3:
                    ec:2e:f9:63:47:2c:a3:12:46:3a:a2:54:aa:b8:68:
                    c1:58:76:5e:05:11:4b:0f:c2:9c:f2:bf:a9:6d:00:
                    8b:60:b1:7b:be:aa:d1:d7:7e:63:97:2e:60:54:1a:
                    f6:8f:3a:9f:f6:7c:e4:7c:96:f1:38:72:b1:8a:67:
                    80:5a:9f:e4:a9:98:f1:5f:b6:e5:f1:66:de:cf:11:
                    fc:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:5E:F2:77:46:FC:D1:09:08:4E:7F:16:A4:0E:E6:24:9C:A9:34:CD
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/iF7yd0b80QkITn8WpA7mJJypNM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:29:ed:ae:e6:49:ca:9b:8a:38:51:4b:54:1d:7b:92:48:17:
         d3:47:d8:46:2d:de:6e:62:b3:c0:cc:8f:17:f5:66:0e:05:7f:
         7d:be:5a:01:a6:b9:f4:6b:03:8d:cc:95:53:96:3b:d5:28:2a:
         2a:a4:4f:bc:ab:d1:6b:05:71:1d:ab:76:6f:7b:95:39:df:e4:
         e8:86:1d:f9:c0:7e:0c:d9:a8:11:c3:c2:79:23:01:05:c3:2c:
         fa:0e:fb:b9:bb:78:09:de:3a:4a:17:6a:0a:ee:59:99:f0:23:
         b0:68:5b:6b:6e:e5:bb:63:3f:54:6d:36:ff:e4:0e:c8:f2:78:
         26:dc:b6:e7:3c:df:53:e2:8a:78:d3:fd:48:ba:0e:0a:37:e5:
         78:83:11:4e:6f:73:a2:9f:b3:55:ab:16:e4:26:ef:dd:7b:7e:
         0b:10:ea:49:9e:d3:a1:25:1d:0c:81:f2:48:25:c0:da:ca:f0:
         ec:5a:33:7d:08:ab:58:57:bf:f2:00:91:e3:bf:a0:04:ae:30:
         d6:55:79:fe:a5:83:92:a9:87:24:75:51:79:46:c2:8f:bf:ec:
         e1:26:df:99:92:71:8e:97:7c:17:2e:1a:ee:7a:86:e1:43:e4:
         53:91:bd:2c:1c:d6:77:c7:79:da:0c:2e:59:b1:31:9f:38:e3:
         f0:df:52:9d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaboqLBjK7SXQ0uASaQ6EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODVlZjI3NzQ2ZmNkMTA5MDg0ZTdmMTZhNDBlZTYyNDljYTkzNGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4enEyWYzC6v86yLLrArJFqZWyScP
21zs+1sohEyEFATny3h/bcbgPPwpZawwU4YQXOCWGi4TgNWz6+CUv7twfSJ8f2ZJ
t2GPJmcXSuDDOdqQltj9LwCXUKPYIvt1a8S98Pu+9W4P88kivvI3yq1MGaX4w48T
8iHomo0AE7w7X/h7g3lDxcdQrPzg2psy4j9fxiL2S3ipm9WjBwdDdMYJqI5KyfSL
5UaP7HQz0c8UdcxrauPsLvljRyyjEkY6olSquGjBWHZeBRFLD8Kc8r+pbQCLYLF7
vqrR135jly5gVBr2jzqf9nzkfJbxOHKximeAWp/kqZjxX7bl8WbezxH8eQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIhe8ndG/NEJCE5/FqQO5iScqTTNMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2lGN3lkMGI4MFFrSVRuOFdwQTdtSkp5cE5NMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZLHww
DQYJKoZIhvcNAQELBQADggEBAHYp7a7mScqbijhRS1Qde5JIF9NH2EYt3m5is8DM
jxf1Zg4Ff32+WgGmufRrA43MlVOWO9UoKiqkT7yr0WsFcR2rdm97lTnf5OiGHfnA
fgzZqBHDwnkjAQXDLPoO+7m7eAneOkoXagruWZnwI7BoW2tu5btjP1RtNv/kDsjy
eCbctuc831PiinjT/Ui6Dgo35XiDEU5vc6Kfs1WrFuQm7917fgsQ6kme06ElHQyB
8kglwNrK8OxaM30Iq1hXv/IAkeO/oASuMNZVef6lg5KphyR1UXlGwo+/7OEm35mS
cY6XfBcuGu56huFD5FORvSwc1nfHedoMLlmxMZ844/DfUp0=
-----END CERTIFICATE-----