Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zqbNduOqbFCu_sxsrqczSaxuZnk.roa
File:                     zqbNduOqbFCu_sxsrqczSaxuZnk.roa (raw, json)
Hash identifier:          lfXvTYghYyLLDeF/bWaaWAPapObvC0tvDFQ4dWm97XQ=
Subject key identifier:   CE:A6:CD:76:E3:AA:6C:50:AE:FE:CC:6C:AE:A7:33:49:AC:6E:66:79
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421441B67C809D4D1073BAD724AF40732
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zqbNduOqbFCu_sxsrqczSaxuZnk.roa
Signing time:             Wed 01 Jan 2025 09:48:19 +0000
ROA not before:           Wed 01 Jan 2025 09:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212815
IP address blocks:        89.213.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:1b:67:c8:09:d4:d1:07:3b:ad:72:4a:f4:07:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cea6cd76e3aa6c50aefecc6caea73349ac6e6679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:7c:cd:95:09:79:d0:bf:7b:53:54:62:04:c3:
                    e9:2e:0f:70:e1:40:fe:8a:69:ee:14:05:75:21:82:
                    0f:b3:0f:3c:6f:21:52:ee:0b:96:af:31:7b:4f:9b:
                    b6:5e:66:02:ae:4a:dd:2b:e6:10:ec:42:e9:b6:6a:
                    00:b3:7c:44:4e:d4:a1:ac:e3:94:05:83:f6:85:19:
                    ea:4f:7c:52:52:fc:1e:c8:7e:aa:6d:5d:f9:e7:1c:
                    df:15:9e:b9:8a:e1:38:0b:92:70:41:a1:fc:ec:25:
                    a5:d6:07:72:4f:b9:07:dc:45:94:21:d9:8f:40:9b:
                    35:2f:95:2c:f6:e4:7b:82:14:88:04:4e:cc:47:eb:
                    53:1c:7b:68:eb:69:0b:d6:6f:b2:f6:4d:92:f1:fa:
                    81:b8:76:a6:ac:ea:bf:be:7e:ef:8a:ba:34:0e:ce:
                    e6:bc:71:a7:5a:6a:f7:75:93:25:6d:e5:e9:70:0b:
                    bc:4f:a4:b6:3a:48:5e:5d:3d:13:d2:ce:f0:da:c7:
                    25:83:77:59:87:73:ec:0b:dc:7d:17:a4:2e:2a:d2:
                    fb:b5:a5:42:14:15:37:6a:2f:b3:eb:45:16:27:29:
                    05:02:0b:7b:2e:f5:02:a5:96:9e:94:b3:27:08:6a:
                    20:66:bd:a1:f8:aa:dd:2b:3d:58:3d:86:5b:a7:bb:
                    ba:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:A6:CD:76:E3:AA:6C:50:AE:FE:CC:6C:AE:A7:33:49:AC:6E:66:79
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zqbNduOqbFCu_sxsrqczSaxuZnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:94:08:39:2b:24:0f:24:ea:3d:80:4d:ce:4c:ed:aa:0a:82:
         ed:61:17:99:c4:3f:3c:0a:92:e6:08:12:16:0e:36:6c:e0:5a:
         fb:f2:66:11:93:7e:cc:02:7f:83:df:68:3f:02:d9:ce:b3:23:
         af:58:9c:95:55:94:6c:3f:c3:ce:8d:69:56:25:58:92:fd:54:
         f2:18:0f:81:0e:0d:e7:95:7b:f1:4c:a1:ec:a6:af:39:f5:12:
         fa:00:f5:fd:c8:c2:49:74:3d:2c:cc:77:5a:74:d2:28:28:23:
         88:68:45:7e:d9:49:e3:29:a5:0c:94:39:74:68:1b:db:6e:09:
         59:5e:71:57:79:d9:10:86:b5:2a:4d:80:b5:c8:52:ab:bc:71:
         45:bd:50:cc:a9:3d:5c:18:83:d7:c5:e2:6d:61:18:f1:75:10:
         6d:a2:18:fd:60:d2:13:a5:56:2b:ef:6b:99:e8:66:49:49:7b:
         43:4a:41:1e:e3:c1:c8:68:d5:06:57:87:35:a9:0b:88:74:7e:
         84:21:64:50:67:f0:9d:45:2c:24:1d:c7:5b:45:45:db:fa:d4:
         7a:65:3d:79:9d:bd:8c:1b:aa:fc:d1:9a:32:9f:0f:46:ac:fb:
         be:ac:c5:03:a6:f1:7b:76:4e:48:a7:07:4a:8b:db:a3:4a:7b:
         0e:84:23:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRBtnyAnU0Qc7rXJK9AcyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWE2Y2Q3NmUzYWE2YzUwYWVmZWNjNmNhZWE3MzM0OWFjNmU2Njc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XzNlQl50L97U1RiBMPpLg9w4UD+
imnuFAV1IYIPsw88byFS7guWrzF7T5u2XmYCrkrdK+YQ7ELptmoAs3xETtShrOOU
BYP2hRnqT3xSUvweyH6qbV355xzfFZ65iuE4C5JwQaH87CWl1gdyT7kH3EWUIdmP
QJs1L5Us9uR7ghSIBE7MR+tTHHto62kL1m+y9k2S8fqBuHamrOq/vn7viro0Ds7m
vHGnWmr3dZMlbeXpcAu8T6S2OkheXT0T0s7w2sclg3dZh3PsC9x9F6QuKtL7taVC
FBU3ai+z60UWJykFAgt7LvUCpZaelLMnCGogZr2h+KrdKz1YPYZbp7u6twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6mzXbjqmxQrv7MbK6nM0msbmZ5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvenFiTmR1T3FiRkN1X3N4c3JxY3pTYXh1Wm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWdMA0G
CSqGSIb3DQEBCwUAA4IBAQAIlAg5KyQPJOo9gE3OTO2qCoLtYReZxD88CpLmCBIW
DjZs4Fr78mYRk37MAn+D32g/AtnOsyOvWJyVVZRsP8POjWlWJViS/VTyGA+BDg3n
lXvxTKHspq859RL6APX9yMJJdD0szHdadNIoKCOIaEV+2UnjKaUMlDl0aBvbbglZ
XnFXedkQhrUqTYC1yFKrvHFFvVDMqT1cGIPXxeJtYRjxdRBtohj9YNITpVYr72uZ
6GZJSXtDSkEe48HIaNUGV4c1qQuIdH6EIWRQZ/CdRSwkHcdbRUXb+tR6ZT15nb2M
G6r80Zoynw9GrPu+rMUDpvF7dk5IpwdKi9ujSnsOhCM0
-----END CERTIFICATE-----