Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/B5NGdVBBF38v7I807spD9rlndCk.roa
File:                     B5NGdVBBF38v7I807spD9rlndCk.roa (raw, json)
Hash identifier:          Ij2UQybHDi9rCMOEdxuL3uK0WnnQkl2pfO/6vc3aPyM=
Subject key identifier:   07:93:46:75:50:41:17:7F:2F:EC:8F:34:EE:CA:43:F6:B9:67:74:29
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019427B5CCF346AA3CE3CE015653F21B4B71
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/B5NGdVBBF38v7I807spD9rlndCk.roa
Signing time:             Thu 02 Jan 2025 15:50:13 +0000
ROA not before:           Thu 02 Jan 2025 15:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212335
IP address blocks:        89.187.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:cc:f3:46:aa:3c:e3:ce:01:56:53:f2:1b:4b:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  2 15:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=079346755041177f2fec8f34eeca43f6b9677429
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f1:2a:2e:f2:dc:1b:13:e3:98:72:ed:fc:96:
                    a0:c7:2a:b4:b0:32:99:ea:b9:c2:fe:8c:e3:19:b9:
                    07:10:a4:f4:75:93:00:d4:c8:c1:3d:3f:dc:9a:b5:
                    49:12:76:ed:de:56:d0:38:12:ff:74:75:44:61:53:
                    be:4f:ce:3f:10:dd:f8:03:38:69:0e:eb:94:6c:5c:
                    ef:28:e9:20:a5:1d:05:49:75:a7:e4:07:28:f6:43:
                    9d:5a:48:44:80:41:cc:3e:cb:cc:66:c2:1d:9b:b0:
                    3c:fe:39:15:e5:1a:0f:74:6b:b8:ad:60:6c:4e:67:
                    b8:9b:56:1c:8f:bd:52:1a:1f:d5:33:8e:0b:45:cd:
                    a9:7c:b4:c0:b0:d9:b0:b9:70:ad:34:9b:09:e5:12:
                    a7:10:d7:9e:e5:4f:4c:9f:7a:bd:43:fc:c2:a8:d2:
                    33:62:4d:e0:dc:91:21:3c:ed:18:18:92:e6:a2:f2:
                    d1:4e:14:4a:56:c1:0b:28:ff:9c:32:8d:cb:fb:ce:
                    dd:b5:94:11:1d:08:55:a5:ea:0e:ae:c4:8d:9c:df:
                    5e:16:73:48:10:88:88:ba:88:d1:fb:ab:1d:47:02:
                    fb:13:b0:42:ba:72:a1:f5:1d:49:c8:58:53:a2:6d:
                    06:4f:ab:c1:4c:64:78:17:92:d0:96:39:4f:24:99:
                    30:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:93:46:75:50:41:17:7F:2F:EC:8F:34:EE:CA:43:F6:B9:67:74:29
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/B5NGdVBBF38v7I807spD9rlndCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:87:1c:57:ed:6a:f6:fd:82:13:68:dd:a4:90:45:44:e0:2b:
         70:40:5b:f9:8f:76:46:86:d1:d7:4d:26:a6:c8:87:4c:23:a7:
         c9:aa:d4:9b:9c:07:10:66:76:15:19:5e:4d:d5:68:81:ba:5f:
         2c:25:70:a1:41:5a:b3:6b:c9:dd:eb:ec:36:e9:22:33:65:c0:
         c0:9d:ed:3a:b2:29:5d:10:43:47:8c:f7:dd:27:14:8a:c2:83:
         ce:dc:fd:72:a6:07:9d:a1:d4:8e:e0:97:87:ea:53:9a:4a:a4:
         2b:4c:ee:7c:18:ac:36:b0:16:44:ad:c2:f6:2a:0e:b7:ab:08:
         8d:f5:7d:a8:eb:07:06:4a:16:a9:dc:99:c0:47:cd:62:77:bc:
         37:6a:a9:36:3a:cc:9d:af:09:e1:a5:01:80:28:59:05:9a:cd:
         a9:6a:96:c0:ad:d5:b8:3d:9a:b6:0c:a3:1c:37:61:94:88:b2:
         33:a3:3e:1f:66:01:1a:aa:d0:1f:5f:eb:80:0b:98:39:e8:ef:
         36:0f:90:b0:51:0d:3d:a2:02:ee:67:53:d4:ea:5a:0e:55:c1:
         46:04:4f:f6:6f:64:ca:ba:52:68:d5:39:9d:c3:a2:e6:be:c0:
         1f:ba:f2:39:da:3f:dc:6f:a3:21:a8:f4:d3:c0:f3:86:42:c6:
         4b:cb:d2:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntczzRqo8484BVlPyG0txMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwMTAyMTU1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzkzNDY3NTUwNDExNzdmMmZlYzhmMzRlZWNhNDNmNmI5Njc3NDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4vEqLvLcGxPjmHLt/Jagxyq0sDKZ
6rnC/ozjGbkHEKT0dZMA1MjBPT/cmrVJEnbt3lbQOBL/dHVEYVO+T84/EN34Azhp
DuuUbFzvKOkgpR0FSXWn5Aco9kOdWkhEgEHMPsvMZsIdm7A8/jkV5RoPdGu4rWBs
Tme4m1Ycj71SGh/VM44LRc2pfLTAsNmwuXCtNJsJ5RKnENee5U9Mn3q9Q/zCqNIz
Yk3g3JEhPO0YGJLmovLRThRKVsELKP+cMo3L+87dtZQRHQhVpeoOrsSNnN9eFnNI
EIiIuojR+6sdRwL7E7BCunKh9R1JyFhTom0GT6vBTGR4F5LQljlPJJkwDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAeTRnVQQRd/L+yPNO7KQ/a5Z3QpMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvQjVOR2RWQkJGMzh2N0k4MDdzcEQ5cmxuZENrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsdMA0G
CSqGSIb3DQEBCwUAA4IBAQBlhxxX7Wr2/YITaN2kkEVE4CtwQFv5j3ZGhtHXTSam
yIdMI6fJqtSbnAcQZnYVGV5N1WiBul8sJXChQVqza8nd6+w26SIzZcDAne06sild
EENHjPfdJxSKwoPO3P1ypgedodSO4JeH6lOaSqQrTO58GKw2sBZErcL2Kg63qwiN
9X2o6wcGShap3JnAR81id7w3aqk2OsydrwnhpQGAKFkFms2papbArdW4PZq2DKMc
N2GUiLIzoz4fZgEaqtAfX+uAC5g56O82D5CwUQ09ogLuZ1PU6loOVcFGBE/2b2TK
ulJo1Tmdw6LmvsAfuvI52j/cb6MhqPTTwPOGQsZLy9Il
-----END CERTIFICATE-----