Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CGCFI_1LrMSPv9jcaRDjdVjgJ2M.roa
File:                     CGCFI_1LrMSPv9jcaRDjdVjgJ2M.roa (raw, json)
Hash identifier:          /wQDWxx5HBsCaH+e53ULhTB+MAcFMvgzyfpbmtcPm1M=
Subject key identifier:   08:60:85:23:FD:4B:AC:C4:8F:BF:D8:DC:69:10:E3:75:58:E0:27:63
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143CF09CCF5DEA1E460ABA52BEB31E6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CGCFI_1LrMSPv9jcaRDjdVjgJ2M.roa
Signing time:             Wed 01 Jan 2025 09:47:59 +0000
ROA not before:           Wed 01 Jan 2025 09:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        89.213.186.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:cf:09:cc:f5:de:a1:e4:60:ab:a5:2b:eb:31:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08608523fd4bacc48fbfd8dc6910e37558e02763
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:af:de:14:95:ed:86:4a:a3:d3:76:96:42:28:
                    8f:f4:71:e3:a5:f1:fa:24:a4:85:d4:8a:7a:c9:1b:
                    e8:e6:92:9d:00:34:9c:6c:c6:0e:9d:d3:02:02:c7:
                    63:6e:84:3d:7b:f5:12:93:cd:73:85:6f:e3:d0:c2:
                    e6:6c:0e:83:6b:41:7d:c5:a4:58:17:44:65:bc:47:
                    c1:e3:2e:f6:63:a5:87:b4:d4:94:f3:9b:4b:f3:37:
                    59:97:71:76:b8:d2:b1:e9:30:35:e8:70:be:88:38:
                    27:24:ad:7f:dc:2d:84:30:2a:9a:f5:39:03:06:2b:
                    56:6b:13:1f:c1:d3:55:9d:bc:4d:71:f0:a5:62:a6:
                    be:44:44:99:fb:6d:76:e3:64:66:d7:ed:a1:5e:e3:
                    46:77:39:fa:fe:6f:a3:35:d4:58:ff:21:20:04:28:
                    bb:39:b5:ce:cf:f8:df:36:03:cc:f7:f8:39:dc:3c:
                    5f:a7:27:e9:b9:14:77:a9:15:0f:53:2a:f5:ca:95:
                    1b:e9:0a:4a:98:df:da:3f:06:64:9f:0e:aa:1d:49:
                    15:81:30:bd:27:fe:4b:6d:40:c5:fe:ac:ef:e4:63:
                    1f:b2:b9:63:80:87:ec:ce:73:9f:dc:85:ea:e3:c6:
                    92:49:ba:e3:5f:48:43:cc:f1:d5:30:48:51:5b:51:
                    38:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:60:85:23:FD:4B:AC:C4:8F:BF:D8:DC:69:10:E3:75:58:E0:27:63
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CGCFI_1LrMSPv9jcaRDjdVjgJ2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:8f:c6:1e:c5:59:e6:41:49:5d:d9:fc:61:0b:cc:01:e6:39:
         1c:13:dd:bd:61:8c:3b:fd:9f:2b:b0:e5:72:ff:f6:22:0d:82:
         0a:5f:50:42:fc:fb:ae:7e:ff:6d:93:9c:c5:8e:f1:de:1d:4d:
         f9:e7:f9:45:16:b5:7e:8d:11:f9:11:80:aa:64:35:79:9f:aa:
         b0:ac:d6:d6:b4:9d:04:a4:84:42:74:45:d6:7b:b0:9c:66:09:
         a3:f3:87:63:80:06:d8:c8:60:e9:b9:84:6e:4d:6a:a7:12:df:
         71:53:27:70:e7:76:3e:d1:62:b8:d7:38:98:fe:6f:05:18:7e:
         04:d5:81:29:c2:4f:33:17:39:22:d6:69:cf:fd:df:91:a8:aa:
         45:cc:20:a2:66:ec:45:dc:27:d0:dd:43:18:b3:fe:42:e3:5c:
         6e:2f:c1:96:e8:c1:9b:8b:9f:e6:4d:b0:f9:05:74:34:1f:bb:
         b3:6c:04:e4:0f:ef:f2:ee:5a:b3:86:83:2a:37:76:e1:25:2d:
         e9:00:0a:74:82:91:68:ec:23:5c:40:c8:55:b3:c2:fd:6e:3d:
         26:2a:e7:3d:55:26:04:08:71:25:25:53:2e:ff:c0:d6:d2:8c:
         2d:2b:3b:7d:1f:e8:5d:50:75:76:ed:96:23:1a:d5:3c:80:07:
         40:78:87:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ88JzPXeoeRgq6Ur6zHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODYwODUyM2ZkNGJhY2M0OGZiZmQ4ZGM2OTEwZTM3NTU4ZTAyNzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6/eFJXthkqj03aWQiiP9HHjpfH6
JKSF1Ip6yRvo5pKdADScbMYOndMCAsdjboQ9e/USk81zhW/j0MLmbA6Da0F9xaRY
F0RlvEfB4y72Y6WHtNSU85tL8zdZl3F2uNKx6TA16HC+iDgnJK1/3C2EMCqa9TkD
BitWaxMfwdNVnbxNcfClYqa+RESZ+21242Rm1+2hXuNGdzn6/m+jNdRY/yEgBCi7
ObXOz/jfNgPM9/g53DxfpyfpuRR3qRUPUyr1ypUb6QpKmN/aPwZknw6qHUkVgTC9
J/5LbUDF/qzv5GMfsrljgIfsznOf3IXq48aSSbrjX0hDzPHVMEhRW1E4WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhghSP9S6zEj7/Y3GkQ43VY4CdjMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ0dDRklfMUxyTVNQdjlqY2FSRGpkVmpnSjJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWdW6MA0G
CSqGSIb3DQEBCwUAA4IBAQAYj8YexVnmQUld2fxhC8wB5jkcE929YYw7/Z8rsOVy
//YiDYIKX1BC/Puufv9tk5zFjvHeHU355/lFFrV+jRH5EYCqZDV5n6qwrNbWtJ0E
pIRCdEXWe7CcZgmj84djgAbYyGDpuYRuTWqnEt9xUydw53Y+0WK41ziY/m8FGH4E
1YEpwk8zFzki1mnP/d+RqKpFzCCiZuxF3CfQ3UMYs/5C41xuL8GW6MGbi5/mTbD5
BXQ0H7uzbATkD+/y7lqzhoMqN3bhJS3pAAp0gpFo7CNcQMhVs8L9bj0mKuc9VSYE
CHElJVMu/8DW0owtKzt9H+hdUHV27ZYjGtU8gAdAeIf2
-----END CERTIFICATE-----