Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/rff2YJL4fdgKq49R9AKM3IXsWCU.roa
File:                     rff2YJL4fdgKq49R9AKM3IXsWCU.roa (raw, json)
Hash identifier:          UdHEqmdc/KEjpEhj6+fAQGK08FgsuyLDuHZCLKCCud8=
Subject key identifier:   AD:F7:F6:60:92:F8:7D:D8:0A:AB:8F:51:F4:02:8C:DC:85:EC:58:25
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01942369A1545DCB07A5B69B3C6085503EA9
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/rff2YJL4fdgKq49R9AKM3IXsWCU.roa
Signing time:             Wed 01 Jan 2025 19:48:32 +0000
ROA not before:           Wed 01 Jan 2025 19:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51909
IP address blocks:        89.47.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:a1:54:5d:cb:07:a5:b6:9b:3c:60:85:50:3e:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=adf7f66092f87dd80aab8f51f4028cdc85ec5825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a9:e8:48:93:fc:f4:e8:d1:7e:45:41:a2:0d:
                    92:d3:2c:84:a9:84:b2:bb:03:9e:70:b4:d6:13:96:
                    8e:6c:84:e8:4d:56:41:9d:e1:fa:3a:ad:04:d5:1e:
                    7a:dc:52:54:a8:a1:ca:da:a3:c0:e8:94:d2:fd:0e:
                    aa:33:88:69:a4:44:ab:35:51:a7:46:c8:63:51:c1:
                    cc:32:ff:43:1e:10:55:13:7e:0a:19:f9:63:d1:73:
                    4f:f6:5d:a1:1a:52:e3:aa:94:67:0d:3d:40:c7:4c:
                    75:d4:04:56:72:6d:1e:5d:3f:e9:ce:f6:ce:a4:70:
                    bb:4d:2f:8d:f8:f5:ec:29:b1:5c:e8:79:a8:ce:2a:
                    44:a9:54:86:af:d1:04:3d:5e:14:16:e9:50:df:73:
                    db:4d:63:9d:5e:ed:71:58:4f:8f:d2:90:f4:2d:e4:
                    15:a2:45:b2:dd:36:5a:60:ed:b2:b3:4d:ee:18:40:
                    e2:11:78:56:fb:17:5c:4e:31:79:3f:86:b3:98:7d:
                    25:5b:50:2c:29:25:56:bc:e8:68:a2:f3:00:f8:59:
                    33:0b:fc:ef:bb:11:0e:42:c2:5a:d3:4e:dd:52:8e:
                    37:9a:11:c8:e1:29:f2:c4:36:58:43:95:c9:9c:8e:
                    0d:89:25:80:11:ad:16:8b:7c:00:24:fe:8e:82:ae:
                    41:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:F7:F6:60:92:F8:7D:D8:0A:AB:8F:51:F4:02:8C:DC:85:EC:58:25
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/rff2YJL4fdgKq49R9AKM3IXsWCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:98:a4:48:82:7c:0d:f4:46:21:ea:d9:a3:a3:ed:c3:aa:7f:
         d4:1c:24:9b:c2:66:53:3e:b9:33:8b:03:7a:05:a9:9e:01:a1:
         b5:74:80:fa:21:00:94:84:12:ae:3a:8a:6d:3a:3b:b3:7f:97:
         8d:92:af:b9:98:d7:6c:b0:cc:97:5e:37:32:f0:4a:2f:b3:79:
         9b:7a:e8:21:44:d4:92:7d:0d:b6:77:5a:98:80:77:eb:70:35:
         b2:97:76:1a:cd:b8:8c:df:06:6b:8a:21:01:49:73:1a:3f:12:
         5f:9e:85:8a:ed:92:08:b2:f0:f2:a8:30:56:b9:33:07:22:ce:
         99:76:4a:39:55:3a:d8:17:6d:0f:57:0d:49:8c:88:fa:4c:a9:
         b3:61:0d:b5:a1:b9:37:08:6d:13:6c:16:1b:dd:4f:13:31:4f:
         0e:e1:53:a5:98:4e:cf:ba:12:26:f4:72:01:3b:cb:71:80:e9:
         7e:d7:da:ea:f9:fc:ac:65:30:cb:c5:5c:e0:f9:83:27:38:84:
         80:bf:54:ce:f2:6c:e9:40:74:24:55:44:cc:df:1e:dc:ae:67:
         1f:c9:b9:25:f2:3c:70:c2:81:03:ee:b2:ac:ae:7b:d9:88:67:
         15:bd:96:12:aa:8c:33:1c:98:70:35:63:06:06:a6:6e:99:bb:
         05:56:45:45
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaaFUXcsHpbabPGCFUD6pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGY3ZjY2MDkyZjg3ZGQ4MGFhYjhmNTFmNDAyOGNkYzg1ZWM1ODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqnoSJP89OjRfkVBog2S0yyEqYSy
uwOecLTWE5aObIToTVZBneH6Oq0E1R563FJUqKHK2qPA6JTS/Q6qM4hppESrNVGn
RshjUcHMMv9DHhBVE34KGflj0XNP9l2hGlLjqpRnDT1Ax0x11ARWcm0eXT/pzvbO
pHC7TS+N+PXsKbFc6HmozipEqVSGr9EEPV4UFulQ33PbTWOdXu1xWE+P0pD0LeQV
okWy3TZaYO2ys03uGEDiEXhW+xdcTjF5P4azmH0lW1AsKSVWvOhoovMA+FkzC/zv
uxEOQsJa007dUo43mhHI4SnyxDZYQ5XJnI4NiSWAEa0Wi3wAJP6Ogq5BZQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFK339mCS+H3YCquPUfQCjNyF7FglMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3JmZjJZSkw0ZmRnS3E0OVI5QUtNM0lYc1dDVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJZL8Aw
DQYJKoZIhvcNAQELBQADggEBAH6YpEiCfA30RiHq2aOj7cOqf9QcJJvCZlM+uTOL
A3oFqZ4BobV0gPohAJSEEq46im06O7N/l42Sr7mY12ywzJdeNzLwSi+zeZt66CFE
1JJ9DbZ3WpiAd+twNbKXdhrNuIzfBmuKIQFJcxo/El+ehYrtkgiy8PKoMFa5Mwci
zpl2SjlVOtgXbQ9XDUmMiPpMqbNhDbWhuTcIbRNsFhvdTxMxTw7hU6WYTs+6Eib0
cgE7y3GA6X7X2ur5/KxlMMvFXOD5gyc4hIC/VM7ybOlAdCRVRMzfHtyuZx/JuSXy
PHDCgQPusqyue9mIZxW9lhKqjDMcmHA1YwYGpm6ZuwVWRUU=
-----END CERTIFICATE-----