Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/THvQYIa2SprhVvWK5-tWknfJY9w.roa
File:                     THvQYIa2SprhVvWK5-tWknfJY9w.roa (raw, json)
Hash identifier:          5zmsJFBP7NnBZaNurwDsUUuS1oMZV7G7pUdzHmeMsEI=
Subject key identifier:   4C:7B:D0:60:86:B6:4A:9A:E1:56:F5:8A:E7:EB:56:92:77:C9:63:DC
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019427B5CB45E1A6DCB991B67777176FDFF2
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/THvQYIa2SprhVvWK5-tWknfJY9w.roa
Signing time:             Thu 02 Jan 2025 15:50:12 +0000
ROA not before:           Thu 02 Jan 2025 15:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49127
IP address blocks:        89.187.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:cb:45:e1:a6:dc:b9:91:b6:77:77:17:6f:df:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  2 15:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c7bd06086b64a9ae156f58ae7eb569277c963dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0e:c1:93:7a:1f:db:6f:43:a8:5b:ec:f0:db:
                    89:3b:77:e4:3f:8e:b7:ac:55:42:62:cd:14:15:4d:
                    42:2f:64:df:30:e7:1c:df:f8:ac:42:da:c5:60:83:
                    ab:99:44:4e:04:22:61:71:b5:1c:02:9b:ce:ce:8d:
                    61:61:bf:93:be:52:d0:72:15:86:ee:94:20:9a:57:
                    ec:44:09:2c:af:2d:f6:46:b1:0c:e2:cd:c4:dc:5c:
                    b6:dd:b8:fb:47:a8:01:28:39:38:f1:11:a2:23:ba:
                    e5:56:40:88:64:c4:df:eb:f1:73:1c:c5:c3:f0:ad:
                    18:58:04:2e:d3:3c:69:54:18:6f:54:93:27:c0:0d:
                    69:3e:58:69:cd:40:6f:46:ca:16:0d:4c:62:3d:8a:
                    97:58:82:17:54:d8:9a:63:cf:d9:7c:3f:f5:03:5e:
                    26:03:6b:04:05:44:04:41:39:af:c0:bc:99:51:21:
                    55:40:34:4e:42:84:af:9e:ca:6f:d8:97:54:ea:ee:
                    e6:30:3b:66:9e:76:df:6c:fc:d3:54:bd:2c:65:fa:
                    06:19:23:4a:2d:a5:70:de:6d:fb:ef:e9:39:25:63:
                    3c:5c:35:69:9b:dd:0a:d7:7a:82:84:ba:23:9c:1e:
                    65:88:f2:10:ac:da:e5:f4:fb:89:c2:d2:00:02:b9:
                    ef:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:7B:D0:60:86:B6:4A:9A:E1:56:F5:8A:E7:EB:56:92:77:C9:63:DC
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/THvQYIa2SprhVvWK5-tWknfJY9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e6:2b:51:f8:75:aa:76:ef:2c:c6:86:68:e2:43:40:41:65:4c:
         d9:39:44:dc:dd:2d:84:30:b6:7e:75:a0:55:da:7c:a4:0b:44:
         ee:e9:ab:79:95:78:4f:a6:37:da:16:38:a5:2a:b6:2b:1b:0d:
         b0:b7:16:56:dd:83:66:83:0a:c2:56:39:94:7b:51:ce:69:04:
         a1:6d:fd:fa:85:ee:66:a2:40:42:9d:d5:ea:97:07:5a:db:6c:
         a3:9b:6c:79:89:78:88:21:e3:19:8d:9a:c2:67:d0:f4:d0:20:
         bb:6d:7c:92:e1:39:e5:83:24:35:f8:2f:8f:bc:1e:17:40:7c:
         7d:1d:68:8a:65:9f:16:cf:4a:25:9d:1c:4c:9b:fc:cd:c4:e8:
         35:74:68:46:74:a5:7c:c8:43:2e:9e:83:97:b7:55:75:ad:ec:
         a8:b2:c5:94:fd:7e:23:c4:f8:c1:1b:fc:26:be:3c:c5:ee:7f:
         e7:61:7d:f3:5d:68:a3:93:d5:59:46:3f:e3:f0:19:36:89:d8:
         be:b5:a8:89:2b:f7:b3:c9:2e:29:73:f5:89:fb:1f:dc:eb:7d:
         61:db:00:08:36:b4:4d:ce:e1:97:ce:1c:71:64:3d:32:c3:6e:
         0c:5a:ab:60:6d:23:83:2b:41:20:1f:ce:42:6e:9b:9c:db:38:
         e5:c8:4e:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntctF4abcuZG2d3cXb9/yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwMTAyMTU1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzdiZDA2MDg2YjY0YTlhZTE1NmY1OGFlN2ViNTY5Mjc3Yzk2M2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQ7Bk3of229DqFvs8NuJO3fkP463
rFVCYs0UFU1CL2TfMOcc3/isQtrFYIOrmUROBCJhcbUcApvOzo1hYb+TvlLQchWG
7pQgmlfsRAksry32RrEM4s3E3Fy23bj7R6gBKDk48RGiI7rlVkCIZMTf6/FzHMXD
8K0YWAQu0zxpVBhvVJMnwA1pPlhpzUBvRsoWDUxiPYqXWIIXVNiaY8/ZfD/1A14m
A2sEBUQEQTmvwLyZUSFVQDROQoSvnspv2JdU6u7mMDtmnnbfbPzTVL0sZfoGGSNK
LaVw3m377+k5JWM8XDVpm90K13qChLojnB5liPIQrNrl9PuJwtIAArnvHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEx70GCGtkqa4Vb1iufrVpJ3yWPcMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvVEh2UVlJYTJTcHJoVnZXSzUtdFdrbmZKWTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsZMA0G
CSqGSIb3DQEBCwUAA4IBAQDmK1H4dap27yzGhmjiQ0BBZUzZOUTc3S2EMLZ+daBV
2nykC0Tu6at5lXhPpjfaFjilKrYrGw2wtxZW3YNmgwrCVjmUe1HOaQShbf36he5m
okBCndXqlwda22yjm2x5iXiIIeMZjZrCZ9D00CC7bXyS4TnlgyQ1+C+PvB4XQHx9
HWiKZZ8Wz0olnRxMm/zNxOg1dGhGdKV8yEMunoOXt1V1reyossWU/X4jxPjBG/wm
vjzF7n/nYX3zXWijk9VZRj/j8Bk2idi+taiJK/ezyS4pc/WJ+x/c631h2wAINrRN
zuGXzhxxZD0yw24MWqtgbSODK0EgH85Cbpuc2zjlyE40
-----END CERTIFICATE-----