Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/GzY_tqZQyZA7O-iVYWBPt4-AvO4.roa
File:                     GzY_tqZQyZA7O-iVYWBPt4-AvO4.roa (raw, json)
Hash identifier:          Oi6NcZWhtde2pSviJOSgpORMSptYX6avLAFarENKIck=
Subject key identifier:   1B:36:3F:B6:A6:50:C9:90:3B:3B:E8:95:61:60:4F:B7:8F:80:BC:EE
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E70F171A6BC58F950052BAF04828F
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/GzY_tqZQyZA7O-iVYWBPt4-AvO4.roa
Signing time:             Tue 02 Jan 2024 08:33:30 +0000
ROA not before:           Tue 02 Jan 2024 08:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56458
IP address blocks:        89.40.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:70:f1:71:a6:bc:58:f9:50:05:2b:af:04:82:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b363fb6a650c9903b3be89561604fb78f80bcee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b2:7a:d6:da:8c:ce:73:e4:d0:9d:42:9e:33:
                    7f:a0:6e:88:d7:8a:9b:97:87:6a:b4:1f:69:8b:d8:
                    ae:f2:d5:aa:c4:ac:46:6e:55:9d:7c:63:f6:7e:75:
                    01:e9:76:d3:58:0e:42:a8:f8:0b:7b:bd:24:90:8d:
                    7b:dd:e2:3c:0a:2a:59:99:91:a0:85:c6:8d:ae:95:
                    f7:b4:33:68:7a:97:5a:d2:27:59:c9:7c:69:95:ba:
                    7d:33:de:b6:82:8b:d9:69:22:68:36:d6:08:15:55:
                    14:3d:ca:cb:85:0a:38:4a:30:c2:ed:23:cb:65:69:
                    2a:e5:58:ba:16:f7:95:ef:92:9c:5e:b2:a5:ac:d5:
                    37:a6:8b:1a:84:61:c6:27:75:4c:2f:c5:5e:39:27:
                    ad:3a:3d:ff:29:ff:0e:4f:19:fc:6a:fe:74:db:3f:
                    cf:c6:4c:e8:1f:4f:0e:a0:60:7b:47:95:4d:6d:44:
                    54:f8:00:d2:35:ec:30:ce:87:6b:7b:b6:78:3f:e4:
                    14:98:48:40:6e:3e:d0:db:0f:57:80:b0:3e:41:0c:
                    b7:b9:aa:97:fa:53:98:fb:2b:ee:20:be:7b:4d:25:
                    9d:c3:32:3a:6f:35:7a:6f:d3:44:52:c9:46:f5:05:
                    67:88:7a:3f:f3:37:a5:a1:73:bc:fe:8c:f9:77:be:
                    52:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:36:3F:B6:A6:50:C9:90:3B:3B:E8:95:61:60:4F:B7:8F:80:BC:EE
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/GzY_tqZQyZA7O-iVYWBPt4-AvO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:35:76:a1:87:a8:bb:f3:a2:45:44:3d:fb:06:19:47:b3:3f:
         f9:05:48:11:4f:0e:e2:0a:6d:54:9c:e7:89:d0:01:b0:aa:f3:
         40:30:a6:d0:24:50:f8:10:10:d9:71:6f:e6:72:6e:9a:67:a9:
         df:ca:a3:c9:be:5f:90:36:3b:91:f1:08:b6:48:ae:19:4a:05:
         ca:24:c6:fc:af:05:f9:d8:07:f8:ce:24:3d:8a:3e:ac:2f:11:
         f2:87:3d:5d:c5:bf:80:2e:43:28:f3:10:a5:c5:df:54:d1:9e:
         ea:c9:48:19:c7:a9:09:4e:17:48:75:c0:dc:87:ab:12:9b:26:
         20:95:dd:99:cf:93:bc:64:16:09:b9:6c:af:82:cd:d1:c2:e7:
         aa:93:6d:08:09:38:0c:96:7e:52:8e:e7:fb:57:7d:92:7f:45:
         09:f5:06:5b:f7:7b:5b:23:85:ae:f7:13:07:a5:bd:44:a1:99:
         90:fa:88:70:28:6b:89:ec:d2:86:fd:b8:99:7b:ee:11:0f:a9:
         08:45:8e:a9:24:a9:e9:1d:a2:a1:4a:50:e4:9b:9a:8c:45:53:
         d8:62:cd:19:07:e0:67:45:18:34:d6:4d:d7:42:6a:55:df:27:
         6c:3e:58:bc:f1:04:d7:82:3d:f9:bc:13:3b:07:4f:5e:b6:52:
         3f:b5:69:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTnDxcaa8WPlQBSuvBIKPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjM2M2ZiNmE2NTBjOTkwM2IzYmU4OTU2MTYwNGZiNzhmODBiY2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLJ61tqMznPk0J1CnjN/oG6I14qb
l4dqtB9pi9iu8tWqxKxGblWdfGP2fnUB6XbTWA5CqPgLe70kkI173eI8CipZmZGg
hcaNrpX3tDNoepda0idZyXxplbp9M962govZaSJoNtYIFVUUPcrLhQo4SjDC7SPL
ZWkq5Vi6FveV75KcXrKlrNU3posahGHGJ3VML8VeOSetOj3/Kf8OTxn8av502z/P
xkzoH08OoGB7R5VNbURU+ADSNewwzodre7Z4P+QUmEhAbj7Q2w9XgLA+QQy3uaqX
+lOY+yvuIL57TSWdwzI6bzV6b9NEUslG9QVniHo/8zeloXO8/oz5d75S0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBs2P7amUMmQOzvolWFgT7ePgLzuMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvR3pZX3RxWlF5WkE3Ty1pVllXQlB0NC1Bdk80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSjgMA0G
CSqGSIb3DQEBCwUAA4IBAQCGNXahh6i786JFRD37BhlHsz/5BUgRTw7iCm1UnOeJ
0AGwqvNAMKbQJFD4EBDZcW/mcm6aZ6nfyqPJvl+QNjuR8Qi2SK4ZSgXKJMb8rwX5
2Af4ziQ9ij6sLxHyhz1dxb+ALkMo8xClxd9U0Z7qyUgZx6kJThdIdcDch6sSmyYg
ld2Zz5O8ZBYJuWyvgs3Rwueqk20ICTgMln5Sjuf7V32Sf0UJ9QZb93tbI4Wu9xMH
pb1EoZmQ+ohwKGuJ7NKG/biZe+4RD6kIRY6pJKnpHaKhSlDkm5qMRVPYYs0ZB+Bn
RRg01k3XQmpV3ydsPli88QTXgj35vBM7B09etlI/tWng
-----END CERTIFICATE-----