Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EMFB5d4e6BpqnfI8R_dqXZS0XRg.roa
File:                     EMFB5d4e6BpqnfI8R_dqXZS0XRg.roa (raw, json)
Hash identifier:          ElooMbGqq8A8KgzLi0Y9vqC8wiUD4gCZ9gGD0pLOdKw=
Subject key identifier:   10:C1:41:E5:DE:1E:E8:1A:6A:9D:F2:3C:47:F7:6A:5D:94:B4:5D:18
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D20FEE4EA4FAC60E1ABB67EDED6CB74DD
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EMFB5d4e6BpqnfI8R_dqXZS0XRg.roa
Signing time:             Fri 19 Jan 2024 09:13:12 +0000
ROA not before:           Fri 19 Jan 2024 09:13:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50104
IP address blocks:        89.213.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:20:fe:e4:ea:4f:ac:60:e1:ab:b6:7e:de:d6:cb:74:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 19 09:13:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10c141e5de1ee81a6a9df23c47f76a5d94b45d18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:17:f9:d4:33:66:f7:13:91:eb:4b:ba:c7:c9:
                    06:59:eb:8a:86:98:ce:50:f9:ca:33:fc:89:27:0f:
                    42:53:04:df:24:19:a2:3f:5a:14:91:56:75:d1:01:
                    e3:14:1e:1b:0f:6a:75:af:0e:ec:f1:8a:ad:dd:73:
                    ec:9f:a1:39:07:aa:3d:12:86:8e:3d:50:34:c3:16:
                    a2:b7:07:93:38:43:03:07:20:76:32:e8:95:f9:d6:
                    5c:1a:c8:87:e5:ac:63:a9:be:bc:91:bd:e3:f9:5b:
                    45:c2:a9:c2:68:4f:eb:c4:ef:9c:71:19:a9:dd:19:
                    8d:aa:0e:1c:3a:0f:19:56:ca:2b:44:d0:e3:01:93:
                    8d:d6:11:68:68:d2:c6:30:c9:03:17:d1:6a:cd:29:
                    a5:fb:a4:86:b7:75:c9:a1:f6:68:5d:02:dd:76:e9:
                    de:74:35:20:fe:3d:0f:34:38:47:ff:ef:e1:8c:6d:
                    b6:76:a7:c3:8e:8a:c9:20:ff:e0:a9:3c:6d:1a:cb:
                    df:b8:47:a5:09:1c:ac:ee:3d:f7:a8:48:e7:a9:a3:
                    ae:0f:ef:ac:9b:e3:cc:7a:06:8b:55:e4:5b:35:1a:
                    fd:f7:a4:2d:e9:4a:b2:b0:e2:f1:e6:e4:09:07:01:
                    1b:c8:7e:43:37:a9:01:d7:51:4b:03:ae:fb:1c:bf:
                    c5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:C1:41:E5:DE:1E:E8:1A:6A:9D:F2:3C:47:F7:6A:5D:94:B4:5D:18
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EMFB5d4e6BpqnfI8R_dqXZS0XRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:dc:12:9c:f6:5a:93:87:77:91:68:50:75:04:05:00:17:7b:
         c7:df:ad:09:6c:c0:ca:28:94:66:61:cb:49:3b:d0:8e:a0:5f:
         37:5a:73:3b:78:bd:53:e2:cb:5e:9f:d9:a4:a5:9c:6c:2b:ce:
         d8:4d:3b:0d:6b:b0:84:1f:08:4a:7d:fc:44:43:ca:53:d1:cf:
         d0:c3:a0:3b:74:47:73:16:e9:d9:b7:15:b2:5a:ca:3a:f7:2e:
         a4:86:77:50:78:76:db:43:36:5c:31:06:5d:86:0e:d9:44:65:
         cb:6a:d0:bb:4c:1e:48:5a:35:3b:93:91:1d:05:7f:0f:ac:e1:
         a3:ff:96:84:89:1e:ca:f6:a0:e3:df:99:0f:c7:f0:8f:45:86:
         97:b6:74:93:2d:71:a5:62:98:a3:a7:02:c0:ab:7f:53:5e:3c:
         d2:0b:2e:e3:91:d2:45:64:04:0f:71:8b:28:90:97:79:59:ab:
         bc:3b:a1:e6:81:19:9d:f4:a6:3a:e1:72:1a:d9:bd:c9:e8:4e:
         62:23:cc:ba:7d:43:47:78:50:4f:67:a9:b2:c4:d6:09:6f:5c:
         b0:21:25:db:28:5e:5b:06:64:dc:61:64:fb:de:6d:98:6a:7c:
         f3:6c:b0:64:c9:6d:df:3e:94:4f:93:e4:67:cc:32:a5:fd:e4:
         13:84:e5:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0g/uTqT6xg4au2ft7Wy3TdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTE5MDkxMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGMxNDFlNWRlMWVlODFhNmE5ZGYyM2M0N2Y3NmE1ZDk0YjQ1ZDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRf51DNm9xOR60u6x8kGWeuKhpjO
UPnKM/yJJw9CUwTfJBmiP1oUkVZ10QHjFB4bD2p1rw7s8Yqt3XPsn6E5B6o9EoaO
PVA0wxaitweTOEMDByB2MuiV+dZcGsiH5axjqb68kb3j+VtFwqnCaE/rxO+ccRmp
3RmNqg4cOg8ZVsorRNDjAZON1hFoaNLGMMkDF9FqzSml+6SGt3XJofZoXQLddune
dDUg/j0PNDhH/+/hjG22dqfDjorJIP/gqTxtGsvfuEelCRys7j33qEjnqaOuD++s
m+PMegaLVeRbNRr996Qt6UqysOLx5uQJBwEbyH5DN6kB11FLA677HL/FoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBDBQeXeHugaap3yPEf3al2UtF0YMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRU1GQjVkNGU2QnBxbmZJOFJfZHFYWlMwWFJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWgMA0G
CSqGSIb3DQEBCwUAA4IBAQA93BKc9lqTh3eRaFB1BAUAF3vH360JbMDKKJRmYctJ
O9COoF83WnM7eL1T4sten9mkpZxsK87YTTsNa7CEHwhKffxEQ8pT0c/Qw6A7dEdz
FunZtxWyWso69y6khndQeHbbQzZcMQZdhg7ZRGXLatC7TB5IWjU7k5EdBX8PrOGj
/5aEiR7K9qDj35kPx/CPRYaXtnSTLXGlYpijpwLAq39TXjzSCy7jkdJFZAQPcYso
kJd5Wau8O6HmgRmd9KY64XIa2b3J6E5iI8y6fUNHeFBPZ6myxNYJb1ywISXbKF5b
BmTcYWT73m2YanzzbLBkyW3fPpRPk+RnzDKl/eQThOVp
-----END CERTIFICATE-----