Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AUwPpCNjUuctNf1dmn4pbE39-fw.roa
File:                     AUwPpCNjUuctNf1dmn4pbE39-fw.roa (raw, json)
Hash identifier:          IEaNHKGk1v5EvJSD8mIgfzMmVDIV7UYSvWpcZAOuFkw=
Subject key identifier:   01:4C:0F:A4:23:63:52:E7:2D:35:FD:5D:9A:7E:29:6C:4D:FD:F9:FC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018DBB59360BCED3C2F4C88B686933B11DC7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AUwPpCNjUuctNf1dmn4pbE39-fw.roa
Signing time:             Sun 18 Feb 2024 08:33:22 +0000
ROA not before:           Sun 18 Feb 2024 08:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202827
IP address blocks:        89.213.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:bb:59:36:0b:ce:d3:c2:f4:c8:8b:68:69:33:b1:1d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb 18 08:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=014c0fa4236352e72d35fd5d9a7e296c4dfdf9fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:24:59:a3:9f:a9:4a:3c:64:28:be:c7:97:8c:
                    f4:bb:17:19:1c:e4:24:f9:71:58:33:12:87:ad:87:
                    b3:9a:20:6e:9a:d7:6b:2e:90:8e:0d:21:ee:5c:2c:
                    ac:5f:1a:e8:82:89:58:b0:58:36:b5:99:7d:5b:04:
                    69:26:73:51:b5:47:7b:e7:fb:b0:30:ed:93:3e:c4:
                    54:7a:b0:04:be:fd:62:33:1f:89:f5:1f:be:6e:b2:
                    90:85:e2:79:fb:dc:1e:b2:aa:75:45:11:75:61:98:
                    0e:5c:4c:30:cc:07:34:8d:f1:f5:e8:9a:5a:ee:2b:
                    09:47:c3:b4:4e:10:8b:e8:23:c3:31:0c:2c:dc:c5:
                    dd:26:e1:e3:a9:0a:ff:08:31:a9:8e:08:af:b4:eb:
                    40:1c:65:e3:30:9f:6e:2c:aa:54:ff:7f:b9:9c:a5:
                    2c:91:0e:39:02:1a:00:e5:14:27:70:9a:d5:78:f8:
                    b7:00:02:14:16:fe:c9:5f:2f:37:e1:3d:bf:5c:2b:
                    88:21:c4:13:a4:e2:ec:1e:d4:0f:16:d2:b7:8a:9a:
                    71:64:bc:37:dc:1f:67:c3:43:13:f5:f1:5b:66:65:
                    49:bf:fb:10:39:6f:68:10:a0:71:ae:eb:88:d5:be:
                    4e:44:a4:01:02:8a:d2:f6:db:ce:cf:e5:45:9a:ed:
                    8e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:4C:0F:A4:23:63:52:E7:2D:35:FD:5D:9A:7E:29:6C:4D:FD:F9:FC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AUwPpCNjUuctNf1dmn4pbE39-fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:b1:eb:3c:ee:58:67:32:11:99:58:e4:d8:25:bd:0d:bf:d9:
         c6:dc:32:1b:aa:46:21:94:2b:2f:7d:20:4c:bb:18:fb:55:90:
         4f:b0:7e:c4:16:a8:06:92:4a:35:fb:33:89:0f:a8:a0:f4:78:
         a9:2a:a0:80:7c:56:2f:db:f7:ba:d7:2e:c8:e9:5f:fd:dd:46:
         d4:12:41:99:6d:4a:39:69:cf:c5:2e:2e:e1:a7:f1:93:b7:a0:
         26:67:ee:9d:aa:de:c8:62:ff:02:49:b8:63:be:11:5f:69:0d:
         49:24:31:90:83:62:08:fd:a5:f6:41:4c:1c:cb:dc:8c:5b:ce:
         46:74:2c:3c:4f:6f:e6:b7:52:3e:78:6e:f3:a1:54:0c:5c:d2:
         fa:5b:4c:9c:10:27:d3:81:c0:fa:af:22:de:1c:60:24:58:3d:
         1f:98:f4:09:8a:6a:d2:3f:04:53:90:65:15:94:13:48:64:65:
         f1:f0:d2:8b:63:71:15:44:13:76:95:67:ad:cb:79:5d:3e:51:
         0c:0d:db:dd:74:5a:ee:25:4b:88:d1:bc:4c:eb:7a:05:5f:28:
         a3:39:26:5c:3e:3d:5d:0c:ec:3c:a8:d6:0e:00:87:e1:62:43:
         e4:a2:63:7e:6f:2a:b3:67:b7:86:b6:77:e9:71:55:6b:f5:08:
         06:cd:72:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY27WTYLztPC9MiLaGkzsR3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjE4MDgzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTRjMGZhNDIzNjM1MmU3MmQzNWZkNWQ5YTdlMjk2YzRkZmRmOWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyRZo5+pSjxkKL7Hl4z0uxcZHOQk
+XFYMxKHrYezmiBumtdrLpCODSHuXCysXxrogolYsFg2tZl9WwRpJnNRtUd75/uw
MO2TPsRUerAEvv1iMx+J9R++brKQheJ5+9wesqp1RRF1YZgOXEwwzAc0jfH16Jpa
7isJR8O0ThCL6CPDMQws3MXdJuHjqQr/CDGpjgivtOtAHGXjMJ9uLKpU/3+5nKUs
kQ45AhoA5RQncJrVePi3AAIUFv7JXy834T2/XCuIIcQTpOLsHtQPFtK3ippxZLw3
3B9nw0MT9fFbZmVJv/sQOW9oEKBxruuI1b5ORKQBAorS9tvOz+VFmu2OXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFMD6QjY1LnLTX9XZp+KWxN/fn8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQVV3UHBDTmpVdWN0TmYxZG1uNHBiRTM5LWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWeMA0G
CSqGSIb3DQEBCwUAA4IBAQA8ses87lhnMhGZWOTYJb0Nv9nG3DIbqkYhlCsvfSBM
uxj7VZBPsH7EFqgGkko1+zOJD6ig9HipKqCAfFYv2/e61y7I6V/93UbUEkGZbUo5
ac/FLi7hp/GTt6AmZ+6dqt7IYv8CSbhjvhFfaQ1JJDGQg2II/aX2QUwcy9yMW85G
dCw8T2/mt1I+eG7zoVQMXNL6W0ycECfTgcD6ryLeHGAkWD0fmPQJimrSPwRTkGUV
lBNIZGXx8NKLY3EVRBN2lWety3ldPlEMDdvddFruJUuI0bxM63oFXyijOSZcPj1d
DOw8qNYOAIfhYkPkomN+byqzZ7eGtnfpcVVr9QgGzXKd
-----END CERTIFICATE-----