Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tNcNsei9KaciFNfjjNm42egsp0o.roa
File:                     tNcNsei9KaciFNfjjNm42egsp0o.roa (raw, json)
Hash identifier:          alxAbIPLJE2pK2y7LVNWTuioPY7iopeFDH24dmNrXAQ=
Subject key identifier:   B4:D7:0D:B1:E8:BD:29:A7:22:14:D7:E3:8C:D9:B8:D9:E8:2C:A7:4A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143DD3DADA771EF633CBACEB89A4AAB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tNcNsei9KaciFNfjjNm42egsp0o.roa
Signing time:             Wed 01 Jan 2025 09:48:03 +0000
ROA not before:           Wed 01 Jan 2025 09:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32167
IP address blocks:        89.213.42.0/24 maxlen: 24
                          89.213.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:dd:3d:ad:a7:71:ef:63:3c:ba:ce:b8:9a:4a:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4d70db1e8bd29a72214d7e38cd9b8d9e82ca74a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:37:39:c2:23:64:3c:b3:7c:4e:8c:af:d2:da:
                    14:e8:87:21:86:1e:70:23:be:af:b3:d0:ae:32:9e:
                    56:d5:15:53:ad:33:41:de:0d:f1:50:dc:11:09:61:
                    14:f4:78:6a:87:fc:a4:e1:00:61:dd:ac:97:1b:94:
                    de:6f:9d:8b:56:34:69:8a:05:02:5d:01:18:fc:8b:
                    3f:ac:65:39:ec:d5:4f:55:7d:06:b7:fc:bf:65:fd:
                    f5:51:0f:15:ae:a8:10:b8:14:c0:13:d6:75:01:cf:
                    6b:70:ca:68:9c:ad:eb:ce:0b:12:30:f3:ba:4a:3b:
                    01:9c:ee:13:e6:35:a6:b9:68:c5:24:c2:66:e5:f8:
                    5d:c5:46:df:d6:3e:64:fb:19:39:c5:d4:f3:ca:c1:
                    fd:57:36:a5:43:7e:86:c8:4d:3d:5d:f8:34:5d:a5:
                    7f:63:fe:00:7a:0d:5f:65:e8:66:9b:b4:51:8d:94:
                    5b:cf:53:e6:d2:99:02:8a:e9:4b:19:37:70:e3:c3:
                    06:79:55:4b:5b:ee:5f:44:e5:bb:00:7e:5f:cb:77:
                    29:cf:dd:58:09:d4:98:b0:3a:25:e9:00:be:a6:68:
                    1a:28:63:e4:a5:3b:5d:b2:b8:9a:bb:88:d8:58:41:
                    ce:a2:c8:bd:05:11:fe:cb:d9:f2:5c:5e:8b:de:a3:
                    e9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D7:0D:B1:E8:BD:29:A7:22:14:D7:E3:8C:D9:B8:D9:E8:2C:A7:4A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tNcNsei9KaciFNfjjNm42egsp0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.42.0/24
                  89.213.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:09:24:67:61:77:4c:e3:df:23:3d:06:55:e6:ad:f5:0b:13:
         20:b6:ba:85:f1:76:64:c0:62:84:f7:91:04:46:48:09:c5:0a:
         e5:bf:3e:f9:bd:fc:35:45:44:7b:ef:a7:3c:7c:ff:33:53:4d:
         b4:f2:01:bf:65:8a:11:3d:1b:5e:1f:90:4a:cf:03:c6:19:9e:
         ce:df:2a:68:f3:d4:4d:17:5f:3c:9a:55:94:39:3f:65:76:70:
         89:aa:7d:15:93:51:c1:db:06:19:11:06:72:52:f6:7f:e3:13:
         88:33:3f:c1:11:6f:cc:19:f6:f2:63:c6:1e:6e:5d:75:39:7a:
         d6:96:ab:65:ac:1e:e7:32:c6:e7:ea:e5:66:74:c3:50:83:5e:
         49:87:2b:44:48:47:05:ef:27:aa:33:79:4c:d4:03:2d:74:7c:
         07:2e:68:db:52:58:96:98:f3:d4:25:4e:19:71:74:6c:6a:83:
         37:a3:88:1a:80:f7:34:a4:74:1f:72:4a:5b:e9:6c:3b:cc:61:
         11:4a:9c:d0:78:2a:50:26:3a:0a:ed:b4:13:00:24:75:90:43:
         a5:26:3d:6c:f1:9f:b2:2e:16:5e:90:bc:19:05:6d:6f:c8:e4:
         e4:0e:df:7c:db:f5:fa:e0:fc:6c:7f:e3:af:58:45:cc:c0:7e:
         9a:dd:71:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ909radx72M8us64mkqrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQ3MGRiMWU4YmQyOWE3MjIxNGQ3ZTM4Y2Q5YjhkOWU4MmNhNzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Dc5wiNkPLN8Toyv0toU6Ichhh5w
I76vs9CuMp5W1RVTrTNB3g3xUNwRCWEU9Hhqh/yk4QBh3ayXG5Teb52LVjRpigUC
XQEY/Is/rGU57NVPVX0Gt/y/Zf31UQ8VrqgQuBTAE9Z1Ac9rcMponK3rzgsSMPO6
SjsBnO4T5jWmuWjFJMJm5fhdxUbf1j5k+xk5xdTzysH9VzalQ36GyE09Xfg0XaV/
Y/4Aeg1fZehmm7RRjZRbz1Pm0pkCiulLGTdw48MGeVVLW+5fROW7AH5fy3cpz91Y
CdSYsDol6QC+pmgaKGPkpTtdsriau4jYWEHOosi9BRH+y9nyXF6L3qPp2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLTXDbHovSmnIhTX44zZuNnoLKdKMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdE5jTnNlaTlLYWNpRk5mampObTQyZWdzcDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdUqAwQA
WdWzMA0GCSqGSIb3DQEBCwUAA4IBAQCECSRnYXdM498jPQZV5q31CxMgtrqF8XZk
wGKE95EERkgJxQrlvz75vfw1RUR776c8fP8zU0208gG/ZYoRPRteH5BKzwPGGZ7O
3ypo89RNF188mlWUOT9ldnCJqn0Vk1HB2wYZEQZyUvZ/4xOIMz/BEW/MGfbyY8Ye
bl11OXrWlqtlrB7nMsbn6uVmdMNQg15JhytESEcF7yeqM3lM1AMtdHwHLmjbUliW
mPPUJU4ZcXRsaoM3o4gagPc0pHQfckpb6Ww7zGERSpzQeCpQJjoK7bQTACR1kEOl
Jj1s8Z+yLhZekLwZBW1vyOTkDt982/X64Pxsf+OvWEXMwH6a3XFy
-----END CERTIFICATE-----