Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lNuUGHVH2lmeHbuiG3NubyiuUdk.roa
File:                     lNuUGHVH2lmeHbuiG3NubyiuUdk.roa (raw, json)
Hash identifier:          IlC+y3rnsPPvgFKYTZhxnvWXFkY4KWc/RddWWVRpDI0=
Subject key identifier:   94:DB:94:18:75:47:DA:59:9E:1D:BB:A2:1B:73:6E:6F:28:AE:51:D9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143F35C1F55C68620C5C93D113D52C5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lNuUGHVH2lmeHbuiG3NubyiuUdk.roa
Signing time:             Wed 01 Jan 2025 09:48:08 +0000
ROA not before:           Wed 01 Jan 2025 09:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        89.213.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f3:5c:1f:55:c6:86:20:c5:c9:3d:11:3d:52:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94db94187547da599e1dbba21b736e6f28ae51d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:67:72:b5:ba:ff:68:91:9a:b8:71:af:51:86:
                    91:8d:73:b3:20:1a:fc:64:00:c6:3d:56:3b:c9:c7:
                    66:78:2d:7b:cb:14:01:bb:15:1d:71:43:4c:e8:af:
                    4f:28:13:b4:fb:6c:ee:da:57:76:bd:8c:8a:af:61:
                    71:aa:4f:a3:54:a3:37:0b:23:4a:9e:32:eb:d7:38:
                    3a:67:36:ba:8a:48:8f:eb:7a:cc:b5:52:c0:22:8d:
                    76:d2:1f:8a:ba:4e:1f:01:57:48:7e:23:d0:4f:9a:
                    4f:94:b9:47:73:06:b9:18:9e:fc:ac:c5:7a:3a:c0:
                    c7:40:de:84:82:1c:d3:3f:e8:52:65:a3:d5:0d:5f:
                    32:70:28:05:43:3f:16:6e:61:f5:e2:a6:e9:60:ad:
                    06:f5:3f:65:43:89:af:e4:6d:50:51:a1:fa:f9:ca:
                    01:ec:52:29:e2:92:50:7e:b4:d7:dd:1e:f7:53:fc:
                    fe:7b:46:63:3f:d2:ec:71:0b:3b:9a:b7:73:41:c7:
                    38:0b:26:eb:59:f1:e8:3d:12:fc:09:89:bd:d6:96:
                    36:8e:b7:65:60:ce:96:c0:57:7f:55:80:dc:93:54:
                    1f:ec:dc:00:50:c8:da:28:98:32:6a:d2:c3:9c:22:
                    eb:33:ef:b3:df:5e:70:43:c5:74:6f:63:bf:a0:6b:
                    99:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:DB:94:18:75:47:DA:59:9E:1D:BB:A2:1B:73:6E:6F:28:AE:51:D9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lNuUGHVH2lmeHbuiG3NubyiuUdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:36:cc:8d:92:db:b9:53:e8:a7:89:9a:86:9e:d5:fd:52:f3:
         6a:20:73:a5:69:55:cf:4d:ef:ee:23:35:33:ed:48:60:7d:1e:
         7a:62:ce:cd:98:dc:e3:a8:89:9e:04:5f:90:25:c7:7d:0c:24:
         3a:f3:35:8c:62:b0:9d:9e:b3:67:4b:75:72:2e:aa:cd:94:cd:
         52:89:0e:10:0e:ba:3e:5d:9b:a2:ff:80:30:cb:05:a7:2c:24:
         f9:f0:17:6f:29:ec:43:91:0f:d1:ff:c7:f9:e1:b1:5b:b4:c9:
         cb:98:db:e0:8f:b4:a6:6d:7a:a3:da:0b:10:8c:7e:89:99:b6:
         21:01:f1:a9:e2:18:24:af:67:b1:38:30:94:15:32:51:33:b4:
         af:45:58:1a:06:ed:aa:a1:bc:4a:27:26:b9:d0:9d:d7:59:a0:
         94:06:47:50:8b:0b:88:25:c2:1f:67:f0:fd:bf:c5:c7:c6:a6:
         10:0a:2f:49:97:ef:ad:7a:a8:0c:f3:c7:0e:20:5b:45:ca:82:
         6b:0c:6f:00:48:c0:d5:15:34:b3:4b:ce:b4:28:09:a6:58:c9:
         c2:1b:1e:a1:e7:af:6b:fb:30:b5:1a:dc:a5:0b:20:1e:9d:f9:
         db:ec:f2:73:ab:e2:30:65:ad:3b:32:0b:db:f4:8e:a3:04:a5:
         64:9a:44:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/NcH1XGhiDFyT0RPVLFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGRiOTQxODc1NDdkYTU5OWUxZGJiYTIxYjczNmU2ZjI4YWU1MWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Gdytbr/aJGauHGvUYaRjXOzIBr8
ZADGPVY7ycdmeC17yxQBuxUdcUNM6K9PKBO0+2zu2ld2vYyKr2Fxqk+jVKM3CyNK
njLr1zg6Zza6ikiP63rMtVLAIo120h+Kuk4fAVdIfiPQT5pPlLlHcwa5GJ78rMV6
OsDHQN6EghzTP+hSZaPVDV8ycCgFQz8WbmH14qbpYK0G9T9lQ4mv5G1QUaH6+coB
7FIp4pJQfrTX3R73U/z+e0ZjP9LscQs7mrdzQcc4CybrWfHoPRL8CYm91pY2jrdl
YM6WwFd/VYDck1Qf7NwAUMjaKJgyatLDnCLrM++z315wQ8V0b2O/oGuZxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTblBh1R9pZnh27ohtzbm8orlHZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbE51VUdIVkgybG1lSGJ1aUczTnVieWl1VWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXVMA0G
CSqGSIb3DQEBCwUAA4IBAQBHNsyNktu5U+iniZqGntX9UvNqIHOlaVXPTe/uIzUz
7UhgfR56Ys7NmNzjqImeBF+QJcd9DCQ68zWMYrCdnrNnS3VyLqrNlM1SiQ4QDro+
XZui/4AwywWnLCT58BdvKexDkQ/R/8f54bFbtMnLmNvgj7SmbXqj2gsQjH6JmbYh
AfGp4hgkr2exODCUFTJRM7SvRVgaBu2qobxKJya50J3XWaCUBkdQiwuIJcIfZ/D9
v8XHxqYQCi9Jl++teqgM88cOIFtFyoJrDG8ASMDVFTSzS860KAmmWMnCGx6h569r
+zC1GtylCyAenfnb7PJzq+IwZa07Mgvb9I6jBKVkmkSi
-----END CERTIFICATE-----