Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/93sCdiu8IpCKpGCXAaxXRhzzjZs.roa
File:                     93sCdiu8IpCKpGCXAaxXRhzzjZs.roa (raw, json)
Hash identifier:          h20ByxLf84cACR9XyfE0ajcA2rjtUHmKF542sRjH0Vw=
Subject key identifier:   F7:7B:02:76:2B:BC:22:90:8A:A4:60:97:01:AC:57:46:1C:F3:8D:9B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019113FBF5EAC25A0D5B87738EDDB4D8F7EE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/93sCdiu8IpCKpGCXAaxXRhzzjZs.roa
Signing time:             Fri 02 Aug 2024 16:46:05 +0000
ROA not before:           Fri 02 Aug 2024 16:46:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47679
IP address blocks:        89.213.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:13:fb:f5:ea:c2:5a:0d:5b:87:73:8e:dd:b4:d8:f7:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  2 16:46:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f77b02762bbc22908aa4609701ac57461cf38d9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:7b:54:1d:e2:66:11:4f:c5:91:d7:7c:f4:6b:
                    39:42:98:ae:44:1b:48:f7:94:40:2b:0f:2a:87:ad:
                    75:32:7c:66:26:f9:8b:9c:bd:f9:bd:b5:f8:f9:89:
                    33:12:be:50:cd:ba:75:7b:4d:1a:24:c4:8e:a7:50:
                    75:6b:e2:44:63:4b:14:50:ee:fe:be:aa:81:a5:02:
                    57:0c:01:9e:b1:c7:30:17:c2:40:c0:2d:42:4e:54:
                    e9:0f:82:25:f4:d9:c8:97:fe:14:ff:d8:6c:f6:8e:
                    e9:99:ea:86:d4:a0:32:67:0a:9b:6a:88:50:b9:e0:
                    de:2a:e2:7a:87:e8:e1:bf:b1:a5:0a:09:3f:87:1b:
                    4b:67:fa:e5:ed:bd:6c:25:db:df:2e:8b:cb:ff:d2:
                    6e:0c:12:c4:63:66:e1:a8:d1:c9:b3:cf:7f:50:7a:
                    c6:51:2f:40:29:3c:1a:5c:a1:b2:23:a5:bd:b0:51:
                    46:01:e4:04:cc:91:81:8a:ac:6e:5e:1e:2b:a0:30:
                    18:18:8c:55:ca:96:cb:9b:49:36:3f:01:07:c2:b9:
                    5b:73:da:56:5d:c9:fd:05:5c:77:2b:7b:a1:78:8a:
                    f8:5f:66:18:5d:b1:1e:ce:84:7f:d4:62:f4:81:67:
                    33:08:99:11:c6:c0:6b:4c:e6:a5:d2:2d:9a:d3:ad:
                    7e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:7B:02:76:2B:BC:22:90:8A:A4:60:97:01:AC:57:46:1C:F3:8D:9B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/93sCdiu8IpCKpGCXAaxXRhzzjZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:0e:90:fe:e6:04:6f:ad:3f:d3:97:6b:69:7b:d3:48:cf:09:
         29:60:35:3b:9e:fd:d2:9d:b5:c0:41:3e:82:62:56:84:ab:10:
         e9:5e:4e:5a:19:bd:58:22:2e:a7:c7:ae:31:06:b0:c5:99:a1:
         85:73:b1:00:f0:f3:b9:86:30:76:48:e9:ec:54:68:5b:d4:54:
         90:c3:5f:23:f5:ae:41:f0:3a:2e:1d:94:c3:37:79:54:87:8e:
         74:89:bc:e9:ca:77:40:a3:01:10:8b:bf:9f:57:78:65:f0:f9:
         ad:3f:78:9e:f2:73:43:d3:6b:45:be:5c:77:0e:24:d7:1a:d2:
         37:19:c0:9d:77:d5:ff:89:8a:bb:a3:5e:03:0b:12:92:a0:2d:
         39:f2:48:83:be:16:f8:9e:60:b2:36:04:4f:66:fc:43:57:75:
         2d:bd:a5:59:e9:f0:6c:96:5c:9d:93:6e:88:4d:7a:ca:c5:cc:
         d4:e8:8a:91:78:d0:32:88:0a:bc:17:aa:c9:a7:68:01:13:f2:
         d3:5a:10:5d:8c:fb:15:4b:d3:25:22:a4:7f:e3:2f:c9:92:1a:
         55:38:f4:28:9f:3b:69:52:a3:a1:94:55:a7:ba:e7:1b:a2:b5:
         a7:e6:3b:44:45:1c:e7:7d:fd:19:a8:d0:98:0e:e6:84:24:37:
         74:d8:8d:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZET+/XqwloNW4dzjt202PfuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwODAyMTY0NjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzdiMDI3NjJiYmMyMjkwOGFhNDYwOTcwMWFjNTc0NjFjZjM4ZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHtUHeJmEU/Fkdd89Gs5QpiuRBtI
95RAKw8qh611MnxmJvmLnL35vbX4+YkzEr5Qzbp1e00aJMSOp1B1a+JEY0sUUO7+
vqqBpQJXDAGesccwF8JAwC1CTlTpD4Il9NnIl/4U/9hs9o7pmeqG1KAyZwqbaohQ
ueDeKuJ6h+jhv7GlCgk/hxtLZ/rl7b1sJdvfLovL/9JuDBLEY2bhqNHJs89/UHrG
US9AKTwaXKGyI6W9sFFGAeQEzJGBiqxuXh4roDAYGIxVypbLm0k2PwEHwrlbc9pW
Xcn9BVx3K3uheIr4X2YYXbEezoR/1GL0gWczCJkRxsBrTOal0i2a061+3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPd7AnYrvCKQiqRglwGsV0Yc842bMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOTNzQ2RpdThJcENLcEdDWEFheFhSaHp6alpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdW/MA0G
CSqGSIb3DQEBCwUAA4IBAQA8DpD+5gRvrT/Tl2tpe9NIzwkpYDU7nv3SnbXAQT6C
YlaEqxDpXk5aGb1YIi6nx64xBrDFmaGFc7EA8PO5hjB2SOnsVGhb1FSQw18j9a5B
8DouHZTDN3lUh450ibzpyndAowEQi7+fV3hl8PmtP3ie8nND02tFvlx3DiTXGtI3
GcCdd9X/iYq7o14DCxKSoC058kiDvhb4nmCyNgRPZvxDV3UtvaVZ6fBsllydk26I
TXrKxczU6IqReNAyiAq8F6rJp2gBE/LTWhBdjPsVS9MlIqR/4y/JkhpVOPQonztp
UqOhlFWnuucborWn5jtERRznff0ZqNCYDuaEJDd02I1V
-----END CERTIFICATE-----