Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7ic2baG660ISybe9MMaItiLk_CE.roa
File:                     7ic2baG660ISybe9MMaItiLk_CE.roa (raw, json)
Hash identifier:          K3Ufk92Fiw1jfiqd9fPM4VS5T0Qj5DBFwtLIrrx6pAQ=
Subject key identifier:   EE:27:36:6D:A1:BA:EB:42:12:C9:B7:BD:30:C6:88:B6:22:E4:FC:21
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3496975CE73DF9CC58E0F67FF6AB9E9
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7ic2baG660ISybe9MMaItiLk_CE.roa
Signing time:             Mon 01 Jan 2024 04:30:17 +0000
ROA not before:           Mon 01 Jan 2024 04:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397630
IP address blocks:        89.213.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:69:75:ce:73:df:9c:c5:8e:0f:67:ff:6a:b9:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee27366da1baeb4212c9b7bd30c688b622e4fc21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:64:2f:74:c4:28:a2:b5:54:ca:d5:b4:53:97:
                    1d:19:e4:60:76:86:6c:fc:03:ca:1b:13:22:2c:f9:
                    81:f7:11:e5:be:67:6c:42:42:72:18:45:07:25:95:
                    9f:af:36:b7:f6:7e:67:d4:c4:a7:66:2a:93:74:a5:
                    88:75:8a:b1:d5:57:0a:1f:e1:df:7f:cd:24:ce:a1:
                    ef:79:ee:9b:ee:7d:bf:f6:2e:d0:24:f0:70:30:5e:
                    27:57:ba:87:18:6d:81:36:d4:48:73:5b:01:d1:af:
                    74:b3:fd:58:4c:96:c1:a8:22:9e:31:4a:b4:d1:ec:
                    a0:fc:dd:f1:6a:21:2d:24:da:88:2f:a5:ea:2c:59:
                    f5:5e:12:6a:85:65:32:eb:9a:80:39:f3:64:a7:68:
                    f8:cf:37:cb:ca:53:a5:37:07:87:46:e6:8a:4d:86:
                    99:a6:09:e5:5f:65:96:1d:b4:46:05:74:b7:f4:53:
                    b8:9b:52:94:83:b8:4d:8c:a3:88:45:66:03:eb:5f:
                    c8:40:31:95:d3:65:05:1e:c5:a3:9d:28:04:1b:19:
                    ea:02:7b:ca:e3:b2:68:a2:2a:9b:45:30:c8:49:65:
                    f3:03:12:df:0b:e5:6f:7f:e2:f8:a1:b8:21:de:ca:
                    dd:ee:c8:4a:26:3d:ac:0f:98:78:fa:80:6d:5c:9b:
                    17:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:27:36:6D:A1:BA:EB:42:12:C9:B7:BD:30:C6:88:B6:22:E4:FC:21
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7ic2baG660ISybe9MMaItiLk_CE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:d4:38:59:23:6a:e2:70:99:6c:b1:e2:ba:7b:c4:df:28:ae:
         13:38:81:b6:46:4c:fd:77:48:d1:e3:01:ca:7b:e8:31:b7:f3:
         06:d2:38:c3:50:38:28:75:bb:b7:93:cf:44:89:bd:26:ec:d0:
         62:f6:5b:f1:0a:54:10:93:62:ed:df:2a:f2:e0:20:3c:33:22:
         56:61:b9:86:3d:74:7c:0b:9d:d2:05:04:85:fd:c3:41:9c:9b:
         a4:a7:f0:2a:9d:f3:1f:02:7f:55:9e:bc:ba:3d:eb:83:1c:ce:
         02:a7:68:06:3f:b2:66:77:71:38:2c:8c:56:da:8c:9b:3f:c8:
         4b:5c:8c:d7:92:89:60:92:83:ba:27:96:06:f0:48:94:3a:db:
         95:a9:f1:a6:08:db:7d:95:5e:38:5f:8b:3f:e1:87:9d:82:53:
         e9:62:1b:fe:e2:82:50:39:57:dd:70:3c:39:98:02:e7:58:4a:
         d9:d6:71:be:2f:5c:25:09:fc:6c:67:3a:9c:f6:6e:b2:7a:25:
         06:6c:cf:6d:ed:a1:a9:57:16:46:8b:c6:80:0d:59:0d:d1:1b:
         f2:e1:d7:15:be:69:04:97:5b:af:26:8e:c2:b7:b9:a6:a4:2a:
         5d:da:5d:02:d7:ed:4f:52:2f:11:13:84:9a:5c:87:a3:e5:f2:
         6a:a1:00:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWl1znPfnMWOD2f/arnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTI3MzY2ZGExYmFlYjQyMTJjOWI3YmQzMGM2ODhiNjIyZTRmYzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGQvdMQoorVUytW0U5cdGeRgdoZs
/APKGxMiLPmB9xHlvmdsQkJyGEUHJZWfrza39n5n1MSnZiqTdKWIdYqx1VcKH+Hf
f80kzqHvee6b7n2/9i7QJPBwMF4nV7qHGG2BNtRIc1sB0a90s/1YTJbBqCKeMUq0
0eyg/N3xaiEtJNqIL6XqLFn1XhJqhWUy65qAOfNkp2j4zzfLylOlNweHRuaKTYaZ
pgnlX2WWHbRGBXS39FO4m1KUg7hNjKOIRWYD61/IQDGV02UFHsWjnSgEGxnqAnvK
47JooiqbRTDISWXzAxLfC+Vvf+L4obgh3srd7shKJj2sD5h4+oBtXJsXqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4nNm2huutCEsm3vTDGiLYi5PwhMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN2ljMmJhRzY2MElTeWJlOU1NYUl0aUxrX0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWiMA0G
CSqGSIb3DQEBCwUAA4IBAQBz1DhZI2ricJlsseK6e8TfKK4TOIG2Rkz9d0jR4wHK
e+gxt/MG0jjDUDgodbu3k89Eib0m7NBi9lvxClQQk2Lt3yry4CA8MyJWYbmGPXR8
C53SBQSF/cNBnJukp/AqnfMfAn9Vnry6PeuDHM4Cp2gGP7Jmd3E4LIxW2oybP8hL
XIzXkolgkoO6J5YG8EiUOtuVqfGmCNt9lV44X4s/4YedglPpYhv+4oJQOVfdcDw5
mALnWErZ1nG+L1wlCfxsZzqc9m6yeiUGbM9t7aGpVxZGi8aADVkN0Rvy4dcVvmkE
l1uvJo7Ct7mmpCpd2l0C1+1PUi8RE4SaXIej5fJqoQA4
-----END CERTIFICATE-----