Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/73Q69-85kmuHjGU8cSCM6i14V_Q.roa
File:                     73Q69-85kmuHjGU8cSCM6i14V_Q.roa (raw, json)
Hash identifier:          uJAyR9y+oqF5X+Zv4Ji1t8Ktk0LXeaxlo90M+TPRZV4=
Subject key identifier:   EF:74:3A:F7:EF:39:92:6B:87:8C:65:3C:71:20:8C:EA:2D:78:57:F4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143F64205F21F594642DD2858F21FCE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/73Q69-85kmuHjGU8cSCM6i14V_Q.roa
Signing time:             Wed 01 Jan 2025 09:48:09 +0000
ROA not before:           Wed 01 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137409
IP address blocks:        89.213.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f6:42:05:f2:1f:59:46:42:dd:28:58:f2:1f:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef743af7ef39926b878c653c71208cea2d7857f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:49:34:00:fe:4b:ff:e9:93:9d:5e:d4:94:7b:
                    54:4a:17:9e:3a:6b:1d:88:d7:67:3b:98:6d:5a:ef:
                    ed:d9:bc:8d:29:5e:21:2f:a9:9c:dd:cb:e7:ba:90:
                    78:7a:a4:1e:20:8d:0a:0e:ba:9f:1a:4a:28:f3:a5:
                    d1:66:8e:9a:d5:cd:6b:db:70:06:33:1b:db:9c:8a:
                    4e:a3:9f:0d:f9:96:36:09:2e:4d:14:81:53:9b:84:
                    6b:2f:6d:ff:2f:a2:45:a8:b4:73:8e:bf:a4:f1:1d:
                    04:4b:af:3f:89:21:2b:83:42:74:da:ab:75:3d:0c:
                    9c:c3:d0:25:2e:01:cb:4a:e8:1a:e2:78:2d:80:4d:
                    9e:bb:73:11:3d:d8:fe:e6:ef:30:fb:0f:e3:93:60:
                    c2:91:96:5d:92:a2:bf:da:f7:89:2b:62:85:18:49:
                    3a:fd:46:5e:4f:9d:3b:5d:c5:0c:2d:81:7e:df:36:
                    fd:57:d2:13:8b:2e:d3:bf:a8:97:4b:92:f9:1c:3d:
                    a5:fa:6b:ae:56:72:53:3d:ed:62:82:13:74:4c:3e:
                    c1:16:db:bb:9f:e5:11:39:7a:e9:40:ce:7b:c5:a9:
                    c5:62:c3:e8:46:31:94:98:d7:cf:b6:88:91:cc:b4:
                    3c:60:c4:0b:6b:95:f0:40:ff:ba:c1:32:f3:5c:0b:
                    f2:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:74:3A:F7:EF:39:92:6B:87:8C:65:3C:71:20:8C:EA:2D:78:57:F4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/73Q69-85kmuHjGU8cSCM6i14V_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:c4:43:cf:23:76:1c:3a:af:8f:c1:13:f3:0b:0a:45:75:b0:
         0e:5f:ec:2a:14:b9:21:07:13:22:24:1e:f9:dc:57:6e:63:8a:
         bf:2e:d6:13:d7:52:08:88:36:63:d5:e3:fe:38:8c:3f:3e:c6:
         60:f0:83:7b:53:39:6c:25:ef:d2:1d:0b:fd:c2:76:3c:c0:6d:
         55:82:7f:d1:4f:8c:ce:e5:f8:43:f5:6a:03:cd:25:17:e2:10:
         ce:cb:d0:07:36:29:a8:9c:0b:31:eb:a0:dc:5b:3a:93:92:e5:
         fc:fb:80:2c:2f:03:b9:11:69:70:71:82:74:6f:a9:1c:fa:57:
         0a:0a:9b:4e:11:fa:c3:2c:18:87:01:32:41:41:09:70:d8:33:
         94:89:5b:db:a0:10:b0:8b:5a:a7:b3:58:60:be:cb:8e:f5:79:
         c9:1a:66:c8:64:26:62:6a:5c:14:c2:ed:ba:eb:96:a4:aa:dd:
         ca:47:7a:24:74:0b:af:0d:e5:d5:78:e7:9b:b9:0b:da:f2:53:
         46:c7:2f:85:89:8c:fa:a3:ab:8f:ec:34:50:36:d7:c6:e8:7d:
         3e:42:6b:79:be:f4:39:66:bc:e4:3e:36:41:9e:6b:10:bf:d7:
         ab:a4:74:d1:11:0b:1c:bf:a3:5b:93:76:91:04:58:a8:13:bf:
         8e:20:2e:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/ZCBfIfWUZC3ShY8h/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjc0M2FmN2VmMzk5MjZiODc4YzY1M2M3MTIwOGNlYTJkNzg1N2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0k0AP5L/+mTnV7UlHtUSheeOmsd
iNdnO5htWu/t2byNKV4hL6mc3cvnupB4eqQeII0KDrqfGkoo86XRZo6a1c1r23AG
MxvbnIpOo58N+ZY2CS5NFIFTm4RrL23/L6JFqLRzjr+k8R0ES68/iSErg0J02qt1
PQycw9AlLgHLSuga4ngtgE2eu3MRPdj+5u8w+w/jk2DCkZZdkqK/2veJK2KFGEk6
/UZeT507XcUMLYF+3zb9V9ITiy7Tv6iXS5L5HD2l+muuVnJTPe1ighN0TD7BFtu7
n+UROXrpQM57xanFYsPoRjGUmNfPtoiRzLQ8YMQLa5XwQP+6wTLzXAvyuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO90OvfvOZJrh4xlPHEgjOoteFf0MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNzNRNjktODVrbXVIakdVOGNTQ002aTE0Vl9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdVhMA0G
CSqGSIb3DQEBCwUAA4IBAQBYxEPPI3YcOq+PwRPzCwpFdbAOX+wqFLkhBxMiJB75
3FduY4q/LtYT11IIiDZj1eP+OIw/PsZg8IN7UzlsJe/SHQv9wnY8wG1Vgn/RT4zO
5fhD9WoDzSUX4hDOy9AHNimonAsx66DcWzqTkuX8+4AsLwO5EWlwcYJ0b6kc+lcK
CptOEfrDLBiHATJBQQlw2DOUiVvboBCwi1qns1hgvsuO9XnJGmbIZCZialwUwu26
65akqt3KR3okdAuvDeXVeOebuQva8lNGxy+FiYz6o6uP7DRQNtfG6H0+Qmt5vvQ5
ZrzkPjZBnmsQv9erpHTREQscv6Nbk3aRBFioE7+OIC4U
-----END CERTIFICATE-----