Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gR_g8iKYwHvlqTXjmWhATg8Og7A.roa
File:                     gR_g8iKYwHvlqTXjmWhATg8Og7A.roa (raw, json)
Hash identifier:          pvLknpCWnYyCv3/0IL5quOt/zeFEQ46pJ3j5pJsBVz4=
Subject key identifier:   81:1F:E0:F2:22:98:C0:7B:E5:A9:35:E3:99:68:40:4E:0F:0E:83:B0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3495A9B948CBB33CDC48BB586664D3E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gR_g8iKYwHvlqTXjmWhATg8Og7A.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197860
IP address blocks:        89.213.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5a:9b:94:8c:bb:33:cd:c4:8b:b5:86:66:4d:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=811fe0f22298c07be5a935e39968404e0f0e83b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:0e:52:a1:6b:8a:d3:53:a6:49:c3:58:59:45:
                    67:b9:5e:67:d7:67:13:8d:a2:67:7e:1a:25:e0:cc:
                    78:cb:42:4c:a3:9e:88:d9:b6:03:7c:c4:e8:1e:d1:
                    28:41:96:6b:5e:ca:31:32:71:72:bd:44:f7:77:7a:
                    47:00:5f:b0:c7:ef:40:19:4e:5f:4e:3d:a9:a7:d9:
                    61:59:de:5a:6a:8e:24:d0:ad:7b:8e:8d:b7:7a:9b:
                    2f:a2:e5:8a:87:5f:5f:1f:5c:c2:df:a3:2b:96:13:
                    7a:2f:8b:f8:ca:68:16:a8:95:f1:74:5d:46:a8:c8:
                    ab:f7:df:c2:8d:7d:d7:56:67:01:2c:47:c7:71:2e:
                    18:fc:71:f9:af:b9:2e:f7:29:0d:d3:47:fe:6d:c3:
                    4d:77:91:dd:fa:3d:ea:cc:d7:03:d7:89:7e:94:92:
                    91:40:b3:0e:42:74:9f:14:3e:01:35:70:68:48:a5:
                    c5:8e:2d:3a:0d:7f:50:28:74:01:36:b3:cb:ac:c1:
                    81:a1:a8:37:a4:62:dc:12:5a:bf:1c:c7:3a:8e:ed:
                    fc:4b:96:97:fd:9f:96:a6:da:be:46:af:2e:0a:d7:
                    4a:83:20:9b:2f:6c:e2:1d:bb:6e:ae:0a:dd:6d:5b:
                    26:31:c5:16:c4:5a:66:88:97:a8:b2:12:f9:8b:b7:
                    70:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:1F:E0:F2:22:98:C0:7B:E5:A9:35:E3:99:68:40:4E:0F:0E:83:B0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gR_g8iKYwHvlqTXjmWhATg8Og7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:b3:b1:63:e5:b5:51:e2:db:46:ee:59:fe:bf:0b:11:6e:e3:
         74:d5:6d:b0:5b:da:19:9c:e4:ee:13:42:50:46:ab:3a:b9:4b:
         c8:22:7e:88:9c:8e:37:2c:7f:8d:0b:12:c1:89:3f:6f:2c:a2:
         eb:a7:e1:3a:2c:b0:7a:ee:92:b1:ba:ed:0c:7c:8f:dd:af:9f:
         22:ce:3e:6c:e9:b0:52:8c:f4:81:f3:b8:9c:b2:04:6c:d0:50:
         ec:ee:54:d5:09:16:07:84:0c:e1:06:30:46:a0:2f:df:37:1f:
         74:3a:92:c9:eb:c8:e9:a9:22:6c:9e:8d:09:eb:74:e7:78:54:
         d1:4c:de:71:1d:c6:1a:65:f6:ae:3a:40:ae:53:15:7b:49:dd:
         ea:bc:4b:ce:0b:e1:a0:d7:e8:86:6d:4c:63:90:34:dc:d4:9d:
         99:5f:26:a1:92:5b:10:1e:80:84:c1:0d:72:05:83:d8:ea:c2:
         48:fb:d4:27:36:e7:b3:7f:29:d8:5a:66:df:69:82:39:e5:b2:
         da:8f:3d:c8:e3:13:82:34:88:34:b4:18:32:9a:a8:5a:14:ae:
         3a:46:9c:8e:ba:91:57:13:7f:a2:39:94:b9:d1:c5:0a:ac:da:
         8d:8b:cc:23:26:1f:08:bb:7a:42:f4:2e:ed:1c:2b:5e:95:b5:
         c2:0e:cb:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVqblIy7M83Ei7WGZk0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTFmZTBmMjIyOThjMDdiZTVhOTM1ZTM5OTY4NDA0ZTBmMGU4M2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhA5SoWuK01OmScNYWUVnuV5n12cT
jaJnfhol4Mx4y0JMo56I2bYDfMToHtEoQZZrXsoxMnFyvUT3d3pHAF+wx+9AGU5f
Tj2pp9lhWd5aao4k0K17jo23epsvouWKh19fH1zC36MrlhN6L4v4ymgWqJXxdF1G
qMir99/CjX3XVmcBLEfHcS4Y/HH5r7ku9ykN00f+bcNNd5Hd+j3qzNcD14l+lJKR
QLMOQnSfFD4BNXBoSKXFji06DX9QKHQBNrPLrMGBoag3pGLcElq/HMc6ju38S5aX
/Z+Wptq+Rq8uCtdKgyCbL2ziHbturgrdbVsmMcUWxFpmiJeoshL5i7dwHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEf4PIimMB75ak145loQE4PDoOwMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ1JfZzhpS1l3SHZscVRYam1XaEFUZzhPZzdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWmMA0G
CSqGSIb3DQEBCwUAA4IBAQACs7Fj5bVR4ttG7ln+vwsRbuN01W2wW9oZnOTuE0JQ
Rqs6uUvIIn6InI43LH+NCxLBiT9vLKLrp+E6LLB67pKxuu0MfI/dr58izj5s6bBS
jPSB87icsgRs0FDs7lTVCRYHhAzhBjBGoC/fNx90OpLJ68jpqSJsno0J63TneFTR
TN5xHcYaZfauOkCuUxV7Sd3qvEvOC+Gg1+iGbUxjkDTc1J2ZXyahklsQHoCEwQ1y
BYPY6sJI+9QnNuezfynYWmbfaYI55bLajz3I4xOCNIg0tBgymqhaFK46RpyOupFX
E3+iOZS50cUKrNqNi8wjJh8Iu3pC9C7tHCtelbXCDsu9
-----END CERTIFICATE-----