Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/0896b2-f809-4f1d-9b94-14a0825b5291/1/mFr0J-DUVAHwXtJGBVGLWHbbIpk.roa
File:                     mFr0J-DUVAHwXtJGBVGLWHbbIpk.roa (raw, json)
Hash identifier:          uBzb81GdG1u8maFbL7suVfBvgoS0JO680OcDeOBuras=
Subject key identifier:   98:5A:F4:27:E0:D4:54:01:F0:5E:D2:46:05:51:8B:58:76:DB:22:99
Certificate issuer:       /CN=a896c1e14c86e6ef5b16724f7117676ec7214957
Certificate serial:       018CC5011374843C1D59ABD17B25E1BF6A38
Authority key identifier: A8:96:C1:E1:4C:86:E6:EF:5B:16:72:4F:71:17:67:6E:C7:21:49:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qJbB4UyG5u9bFnJPcRdnbschSVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/0896b2-f809-4f1d-9b94-14a0825b5291/1/mFr0J-DUVAHwXtJGBVGLWHbbIpk.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        193.24.80.0/21 maxlen: 21
                          192.82.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/0896b2-f809-4f1d-9b94-14a0825b5291/1/qJbB4UyG5u9bFnJPcRdnbschSVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/0896b2-f809-4f1d-9b94-14a0825b5291/1/qJbB4UyG5u9bFnJPcRdnbschSVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qJbB4UyG5u9bFnJPcRdnbschSVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:13:74:84:3c:1d:59:ab:d1:7b:25:e1:bf:6a:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a896c1e14c86e6ef5b16724f7117676ec7214957
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=985af427e0d45401f05ed24605518b5876db2299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:dd:a1:5a:6e:e5:4b:65:95:0a:86:fe:b4:05:
                    a6:23:50:a8:34:7b:d6:64:19:a5:1e:32:48:99:bd:
                    36:29:ac:4d:3f:13:0d:3b:8d:a9:59:39:6a:bc:2a:
                    86:f9:63:d4:2d:8d:91:8b:39:3c:03:52:ad:b7:10:
                    34:93:cf:e8:69:72:5a:57:ed:73:7b:ac:81:49:6e:
                    07:d6:71:73:a6:c9:8f:39:cd:d2:cd:28:77:ad:ee:
                    71:ef:b6:b5:db:49:9f:28:3d:9f:4a:69:7d:6f:b9:
                    80:fa:e4:50:66:bb:62:d3:18:3e:a0:53:4c:6f:8e:
                    21:c6:df:ee:c0:f5:cb:2d:3f:39:6d:51:d6:58:f9:
                    5a:cd:c1:b6:f8:da:ad:57:96:b6:7c:b3:e0:2c:0c:
                    03:50:99:e1:eb:93:ec:88:00:53:3e:25:fe:69:6b:
                    3c:fa:04:c5:9f:57:e6:e2:8f:db:23:40:3b:04:c5:
                    b2:45:09:ba:f5:3b:4a:da:75:e7:0c:93:ee:b7:c7:
                    ac:dd:ea:3d:e5:7b:b4:1a:6f:41:16:ad:61:cb:a8:
                    82:f4:3e:40:bc:12:d8:d0:2e:32:34:6e:d3:f4:cb:
                    33:5d:52:0b:9a:8c:22:b5:cb:d2:30:b7:6c:d5:a6:
                    1f:88:c2:3b:36:16:39:d4:3c:d3:9b:42:f4:97:80:
                    1a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5A:F4:27:E0:D4:54:01:F0:5E:D2:46:05:51:8B:58:76:DB:22:99
            X509v3 Authority Key Identifier:
                keyid:A8:96:C1:E1:4C:86:E6:EF:5B:16:72:4F:71:17:67:6E:C7:21:49:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qJbB4UyG5u9bFnJPcRdnbschSVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/0896b2-f809-4f1d-9b94-14a0825b5291/1/mFr0J-DUVAHwXtJGBVGLWHbbIpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/0896b2-f809-4f1d-9b94-14a0825b5291/1/qJbB4UyG5u9bFnJPcRdnbschSVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.82.241.0/24
                  193.24.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9c:2a:90:4b:92:59:63:c1:0a:ce:99:e0:a0:70:69:ea:db:03:
         b1:7d:1d:12:07:15:d1:0a:f7:03:e4:03:b8:9b:5d:db:ad:a5:
         b0:cf:64:91:a4:f4:a8:f7:c8:fd:98:53:a3:1c:9e:4b:b1:1f:
         78:87:5a:7b:ea:25:7d:58:c1:ca:27:11:ea:7e:b3:f8:c1:44:
         69:20:1f:ba:47:dc:84:5d:e2:db:b1:8f:ac:42:59:0c:72:4f:
         3c:87:72:d2:29:be:33:23:43:96:b9:4e:c9:f2:31:07:9e:79:
         51:e8:b2:d6:26:0f:a2:39:1e:c3:97:f4:f6:3c:e7:8b:76:3a:
         39:f0:73:94:17:50:d0:bc:11:53:4d:51:4d:c5:ec:cc:19:6c:
         a4:0a:70:3a:4d:3a:70:83:b3:56:d9:53:45:91:b9:db:ce:6f:
         40:45:cb:48:58:3e:41:08:8e:c4:9e:61:c4:6a:07:0a:e1:e8:
         19:ee:49:d1:dd:f1:2f:73:f2:72:d5:55:5c:16:7d:00:1e:00:
         54:c5:d7:60:51:1b:d1:36:c1:92:fb:11:fe:26:ed:f1:9a:7c:
         0e:7e:cb:db:3b:43:8a:1b:84:64:1c:10:90:d2:85:b4:00:7b:
         de:a2:79:d8:f5:c0:bc:44:b0:fd:e2:e0:a9:47:ae:52:2f:aa:
         15:07:23:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFARN0hDwdWavReyXhv2o4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4OTZjMWUxNGM4NmU2ZWY1YjE2NzI0ZjcxMTc2NzZlYzcy
MTQ5NTcwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODVhZjQyN2UwZDQ1NDAxZjA1ZWQyNDYwNTUxOGI1ODc2ZGIyMjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm92hWm7lS2WVCob+tAWmI1CoNHvW
ZBmlHjJImb02KaxNPxMNO42pWTlqvCqG+WPULY2Rizk8A1KttxA0k8/oaXJaV+1z
e6yBSW4H1nFzpsmPOc3SzSh3re5x77a120mfKD2fSml9b7mA+uRQZrti0xg+oFNM
b44hxt/uwPXLLT85bVHWWPlazcG2+NqtV5a2fLPgLAwDUJnh65PsiABTPiX+aWs8
+gTFn1fm4o/bI0A7BMWyRQm69TtK2nXnDJPut8es3eo95Xu0Gm9BFq1hy6iC9D5A
vBLY0C4yNG7T9MszXVILmowitcvSMLds1aYfiMI7NhY51DzTm0L0l4AaqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJha9Cfg1FQB8F7SRgVRi1h22yKZMB8GA1UdIwQY
MBaAFKiWweFMhubvWxZyT3EXZ27HIUlXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUpiQjRVeUc1dTliRm5KUGNSZG5ic2NoU1ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8wODk2YjItZjgwOS00ZjFkLTliOTQt
MTRhMDgyNWI1MjkxLzEvbUZyMEotRFVWQUh3WHRKR0JWR0xXSGJiSXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8wODk2YjItZjgwOS00ZjFkLTliOTQtMTRhMDgyNWI1Mjkx
LzEvcUpiQjRVeUc1dTliRm5KUGNSZG5ic2NoU1ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwFLxAwQD
wRhQMA0GCSqGSIb3DQEBCwUAA4IBAQCcKpBLklljwQrOmeCgcGnq2wOxfR0SBxXR
CvcD5AO4m13braWwz2SRpPSo98j9mFOjHJ5LsR94h1p76iV9WMHKJxHqfrP4wURp
IB+6R9yEXeLbsY+sQlkMck88h3LSKb4zI0OWuU7J8jEHnnlR6LLWJg+iOR7Dl/T2
POeLdjo58HOUF1DQvBFTTVFNxezMGWykCnA6TTpwg7NW2VNFkbnbzm9ARctIWD5B
CI7EnmHEagcK4egZ7knR3fEvc/Jy1VVcFn0AHgBUxddgURvRNsGS+xH+Ju3xmnwO
fsvbO0OKG4RkHBCQ0oW0AHveonnY9cC8RLD94uCpR65SL6oVByNA
-----END CERTIFICATE-----