Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/u5h42nF_zanN1CnICnl5HdlM6r4.roa
File:                     u5h42nF_zanN1CnICnl5HdlM6r4.roa (raw, json)
Hash identifier:          iIOnijJFKn+E4K/cJCLUkm2Y4mgEzXwzGjxysCld8QE=
Subject key identifier:   BB:98:78:DA:71:7F:CD:A9:CD:D4:29:C8:0A:79:79:1D:D9:4C:EA:BE
Certificate issuer:       /CN=7826b604f6f8c03fe9df6c98e61f39eaed7555a5
Certificate serial:       018CC8DECDB27AABBE8983B29C7E05F8050A
Authority key identifier: 78:26:B6:04:F6:F8:C0:3F:E9:DF:6C:98:E6:1F:39:EA:ED:75:55:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eCa2BPb4wD_p32yY5h856u11VaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/u5h42nF_zanN1CnICnl5HdlM6r4.roa
Signing time:             Tue 02 Jan 2024 06:31:33 +0000
ROA not before:           Tue 02 Jan 2024 06:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203735
IP address blocks:        185.89.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/eCa2BPb4wD_p32yY5h856u11VaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/eCa2BPb4wD_p32yY5h856u11VaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eCa2BPb4wD_p32yY5h856u11VaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:cd:b2:7a:ab:be:89:83:b2:9c:7e:05:f8:05:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7826b604f6f8c03fe9df6c98e61f39eaed7555a5
        Validity
            Not Before: Jan  2 06:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb9878da717fcda9cdd429c80a79791dd94ceabe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2a:30:05:eb:e7:0f:2e:82:7e:4a:77:4a:d8:
                    48:4a:8f:31:77:9b:71:f0:9e:3e:22:98:4b:91:ce:
                    13:20:cf:09:74:7e:b7:d2:9a:03:ac:28:b8:67:59:
                    1d:72:a7:b4:16:b7:00:57:f5:2f:05:b8:83:70:1f:
                    6b:1a:8e:e3:1a:bf:42:b3:c7:62:e4:c7:80:3a:30:
                    8d:f6:51:c7:65:f3:ed:93:86:19:3f:06:75:4a:ac:
                    65:d7:b1:a2:57:b6:e5:e3:65:4d:71:78:d8:4d:aa:
                    78:16:51:0c:d7:5e:85:e5:0c:80:bf:1e:75:cf:11:
                    81:10:73:ab:d4:42:ae:25:2f:0c:36:75:5f:35:ae:
                    91:72:9b:87:cc:63:1e:6a:68:0e:6d:d8:01:53:ea:
                    5c:1f:ee:31:4d:14:81:88:9d:6d:9d:d6:fa:4a:4d:
                    a2:ec:a3:3b:a9:b9:a0:ca:54:1b:60:c0:d7:6a:63:
                    d1:66:23:14:aa:49:3c:eb:b8:ae:9a:43:8b:91:a4:
                    a0:c5:ea:9d:16:b8:d3:fe:8f:5e:0e:81:53:0a:51:
                    9d:d8:0c:2c:16:e8:ce:3e:e8:a4:43:06:f5:aa:4c:
                    df:66:d6:1d:24:b9:ed:0c:f4:a1:cc:1b:9b:0d:0d:
                    98:cd:4b:8e:5b:3c:20:08:d2:64:46:d2:29:62:27:
                    08:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:98:78:DA:71:7F:CD:A9:CD:D4:29:C8:0A:79:79:1D:D9:4C:EA:BE
            X509v3 Authority Key Identifier:
                keyid:78:26:B6:04:F6:F8:C0:3F:E9:DF:6C:98:E6:1F:39:EA:ED:75:55:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eCa2BPb4wD_p32yY5h856u11VaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/u5h42nF_zanN1CnICnl5HdlM6r4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/eCa2BPb4wD_p32yY5h856u11VaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:e8:2b:38:26:cd:78:0c:4b:d7:e2:89:75:9c:63:05:f7:f9:
         a9:5d:cd:cb:84:8f:fc:a0:ca:d6:ae:4a:67:df:00:6f:5f:44:
         81:7e:74:fa:d7:3b:08:bf:32:32:3c:4d:42:e5:72:1a:75:b8:
         b1:7f:e2:15:d3:64:a4:ac:56:a5:26:ac:e2:7e:3a:73:57:b4:
         54:da:cd:af:97:3f:00:8e:e4:b4:6b:7f:f2:ae:b8:91:40:fe:
         1f:e7:ff:14:6c:cd:64:20:93:ca:09:58:85:88:5c:2f:7b:8a:
         f7:40:a1:4f:43:0b:e3:ef:5c:79:93:07:f0:f4:e2:28:c7:bc:
         b8:cd:e3:61:8d:4b:a5:ff:e8:dc:29:00:aa:eb:24:87:8e:5a:
         b7:f6:84:f0:6b:69:3f:08:dd:b3:45:b5:68:5f:16:70:fd:75:
         a9:f4:be:d2:72:7b:fe:4d:01:4a:ac:d7:96:f2:a9:7c:51:31:
         f0:57:4a:8b:bd:73:92:44:5d:12:8a:aa:a4:03:8e:c4:15:de:
         e1:e2:65:4f:4c:27:e4:d3:a7:5f:46:37:29:ba:d1:00:c5:7e:
         8d:8f:0a:83:af:67:0b:1e:0a:8c:f6:bd:92:da:dd:d0:a6:16:
         be:f4:07:25:f4:bc:c9:96:19:8e:05:48:76:36:f3:51:7d:69:
         30:aa:1b:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3s2yequ+iYOynH4F+AUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MjZiNjA0ZjZmOGMwM2ZlOWRmNmM5OGU2MWYzOWVhZWQ3
NTU1YTUwHhcNMjQwMTAyMDYzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjk4NzhkYTcxN2ZjZGE5Y2RkNDI5YzgwYTc5NzkxZGQ5NGNlYWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyowBevnDy6Cfkp3SthISo8xd5tx
8J4+IphLkc4TIM8JdH630poDrCi4Z1kdcqe0FrcAV/UvBbiDcB9rGo7jGr9Cs8di
5MeAOjCN9lHHZfPtk4YZPwZ1Sqxl17GiV7bl42VNcXjYTap4FlEM116F5QyAvx51
zxGBEHOr1EKuJS8MNnVfNa6RcpuHzGMeamgObdgBU+pcH+4xTRSBiJ1tndb6Sk2i
7KM7qbmgylQbYMDXamPRZiMUqkk867iumkOLkaSgxeqdFrjT/o9eDoFTClGd2Aws
FujOPuikQwb1qkzfZtYdJLntDPShzBubDQ2YzUuOWzwgCNJkRtIpYicItQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLuYeNpxf82pzdQpyAp5eR3ZTOq+MB8GA1UdIwQY
MBaAFHgmtgT2+MA/6d9smOYfOertdVWlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUNhMkJQYjR3RF9wMzJ5WTVoODU2dTExVmFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9jOTRjNjUtZWEwMi00MDVhLWJiYTct
Y2EwNDc0YWRmMzczLzEvdTVoNDJuRl96YW5OMUNuSUNubDVIZGxNNnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9jOTRjNjUtZWEwMi00MDVhLWJiYTctY2EwNDc0YWRmMzcz
LzEvZUNhMkJQYjR3RF9wMzJ5WTVoODU2dTExVmFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVliMA0G
CSqGSIb3DQEBCwUAA4IBAQAw6Cs4Js14DEvX4ol1nGMF9/mpXc3LhI/8oMrWrkpn
3wBvX0SBfnT61zsIvzIyPE1C5XIadbixf+IV02SkrFalJqzifjpzV7RU2s2vlz8A
juS0a3/yrriRQP4f5/8UbM1kIJPKCViFiFwve4r3QKFPQwvj71x5kwfw9OIox7y4
zeNhjUul/+jcKQCq6ySHjlq39oTwa2k/CN2zRbVoXxZw/XWp9L7Scnv+TQFKrNeW
8ql8UTHwV0qLvXOSRF0SiqqkA47EFd7h4mVPTCfk06dfRjcputEAxX6NjwqDr2cL
HgqM9r2S2t3Qpha+9Acl9LzJlhmOBUh2NvNRfWkwqhtZ
-----END CERTIFICATE-----