Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/n1jT0bT-cyMunw08NbHX7KADMcM.roa
File:                     n1jT0bT-cyMunw08NbHX7KADMcM.roa (raw, json)
Hash identifier:          BVKtDbIvXmE20ZQcn6xePHtkECkX3PdbPMK7VrC05AA=
Subject key identifier:   9F:58:D3:D1:B4:FE:73:23:2E:9F:0D:3C:35:B1:D7:EC:A0:03:31:C3
Certificate issuer:       /CN=4c6319fe7859c342f7cd9f711306f56590828d60
Certificate serial:       018E1A6A5A1FD359B4412A497D579756C865
Authority key identifier: 4C:63:19:FE:78:59:C3:42:F7:CD:9F:71:13:06:F5:65:90:82:8D:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/n1jT0bT-cyMunw08NbHX7KADMcM.roa
Signing time:             Thu 07 Mar 2024 19:36:01 +0000
ROA not before:           Thu 07 Mar 2024 19:36:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398387
IP address blocks:        89.40.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1a:6a:5a:1f:d3:59:b4:41:2a:49:7d:57:97:56:c8:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c6319fe7859c342f7cd9f711306f56590828d60
        Validity
            Not Before: Mar  7 19:36:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f58d3d1b4fe73232e9f0d3c35b1d7eca00331c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:32:c9:f5:19:d0:fb:31:ed:f9:2b:cc:ff:97:
                    41:fd:3f:e0:e7:62:c9:01:86:29:7c:a9:91:15:dc:
                    0b:df:23:89:65:47:1f:a7:7f:be:ff:64:7c:b4:5a:
                    ba:13:6c:55:48:ba:46:6c:b6:98:69:23:cc:c5:56:
                    55:c0:cc:55:6d:e3:c2:2d:a6:21:4c:4a:cc:f1:de:
                    05:4d:81:61:3d:3c:27:21:98:1b:34:7b:f3:6b:f8:
                    51:0b:4f:a3:09:dd:55:94:d3:17:8b:ff:cd:39:ff:
                    3a:62:f8:7c:c3:db:d7:4d:92:cb:79:46:12:41:60:
                    05:6f:0f:e0:c3:7c:66:0a:9c:c5:6d:ee:f7:a3:48:
                    60:79:04:ec:a6:1d:37:aa:12:94:9c:b6:e2:63:35:
                    50:ca:32:4c:42:d8:4b:3c:ed:b4:54:db:3e:f5:ac:
                    ee:b8:4c:ba:6b:7b:cd:ce:af:c1:8b:a8:3a:6e:17:
                    3b:fd:71:8c:8d:23:9f:24:5c:9e:d1:40:3f:60:5a:
                    c7:b4:7b:cb:f5:f3:48:d3:3a:e9:40:fc:ef:66:87:
                    7f:b4:84:f4:ac:7c:13:e1:a0:f1:37:f7:6f:3f:40:
                    f0:18:ce:fd:b5:f7:9a:c3:af:bd:e3:f6:fb:6c:63:
                    4b:6a:54:aa:41:7d:c8:82:2b:16:f2:cf:f9:f8:f6:
                    13:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:58:D3:D1:B4:FE:73:23:2E:9F:0D:3C:35:B1:D7:EC:A0:03:31:C3
            X509v3 Authority Key Identifier:
                keyid:4C:63:19:FE:78:59:C3:42:F7:CD:9F:71:13:06:F5:65:90:82:8D:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/n1jT0bT-cyMunw08NbHX7KADMcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/01e7df-1410-491f-a71b-55830f9edde4/1/TGMZ_nhZw0L3zZ9xEwb1ZZCCjWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:a0:89:45:6d:e8:89:3d:9b:71:c4:1d:e2:3b:17:bc:64:f1:
         ac:fc:73:b4:6b:3e:57:19:bf:b1:8b:5a:8e:4a:df:ba:3a:d4:
         81:72:28:c0:02:a8:9b:42:ff:53:7f:a1:7f:20:37:84:ad:74:
         a4:26:2c:5c:6d:e8:bb:1d:b6:ec:d6:45:9d:ed:d9:41:47:52:
         eb:83:24:4f:b7:55:0c:52:cd:a8:4f:cc:c2:6d:5b:78:56:f3:
         1f:44:b0:bb:87:2b:1d:43:62:9f:e4:69:2a:30:ae:df:db:33:
         88:d5:d3:86:b9:13:6c:5f:30:0b:a6:52:a2:1f:49:fd:19:1d:
         d4:8b:1e:1e:d9:ea:8e:ad:5a:d6:f7:ec:e9:12:62:13:bf:dc:
         99:ce:91:d2:a9:4a:c1:96:ea:9b:55:94:ba:19:86:a0:5c:e5:
         fb:54:06:37:de:30:54:e9:fd:61:39:01:8c:a7:21:28:39:72:
         41:bc:ff:2f:ce:18:45:8b:cd:ca:6a:cd:ba:c2:5c:bd:01:a7:
         bc:ac:bc:59:a2:84:50:e2:50:29:e0:c6:c9:88:0b:7d:15:ae:
         c0:a9:d6:9d:96:b9:d3:11:bf:31:ba:4b:d0:ee:cb:63:ac:7e:
         e0:97:57:22:31:a1:a9:b0:9b:8e:f8:ab:c0:56:9d:24:10:79:
         62:7d:d3:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4aalof01m0QSpJfVeXVshlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNjMxOWZlNzg1OWMzNDJmN2NkOWY3MTEzMDZmNTY1OTA4
MjhkNjAwHhcNMjQwMzA3MTkzNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjU4ZDNkMWI0ZmU3MzIzMmU5ZjBkM2MzNWIxZDdlY2EwMDMzMWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zLJ9RnQ+zHt+SvM/5dB/T/g52LJ
AYYpfKmRFdwL3yOJZUcfp3++/2R8tFq6E2xVSLpGbLaYaSPMxVZVwMxVbePCLaYh
TErM8d4FTYFhPTwnIZgbNHvza/hRC0+jCd1VlNMXi//NOf86Yvh8w9vXTZLLeUYS
QWAFbw/gw3xmCpzFbe73o0hgeQTsph03qhKUnLbiYzVQyjJMQthLPO20VNs+9azu
uEy6a3vNzq/Bi6g6bhc7/XGMjSOfJFye0UA/YFrHtHvL9fNI0zrpQPzvZod/tIT0
rHwT4aDxN/dvP0DwGM79tfeaw6+94/b7bGNLalSqQX3IgisW8s/5+PYTsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9Y09G0/nMjLp8NPDWx1+ygAzHDMB8GA1UdIwQY
MBaAFExjGf54WcNC982fcRMG9WWQgo1gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEdNWl9uaFp3MEwzelo5eEV3YjFaWkNDaldBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8wMWU3ZGYtMTQxMC00OTFmLWE3MWIt
NTU4MzBmOWVkZGU0LzEvbjFqVDBiVC1jeU11bncwOE5iSFg3S0FETWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8wMWU3ZGYtMTQxMC00OTFmLWE3MWItNTU4MzBmOWVkZGU0
LzEvVEdNWl9uaFp3MEwzelo5eEV3YjFaWkNDaldBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSipMA0G
CSqGSIb3DQEBCwUAA4IBAQAtoIlFbeiJPZtxxB3iOxe8ZPGs/HO0az5XGb+xi1qO
St+6OtSBcijAAqibQv9Tf6F/IDeErXSkJixcbei7Hbbs1kWd7dlBR1LrgyRPt1UM
Us2oT8zCbVt4VvMfRLC7hysdQ2Kf5GkqMK7f2zOI1dOGuRNsXzALplKiH0n9GR3U
ix4e2eqOrVrW9+zpEmITv9yZzpHSqUrBluqbVZS6GYagXOX7VAY33jBU6f1hOQGM
pyEoOXJBvP8vzhhFi83Kas26wly9Aae8rLxZooRQ4lAp4MbJiAt9Fa7AqdadlrnT
Eb8xukvQ7stjrH7gl1ciMaGpsJuO+KvAVp0kEHlifdNw
-----END CERTIFICATE-----