Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/F0WLECvdL1X0uvDktcPtFZjYRVk.roa
File:                     F0WLECvdL1X0uvDktcPtFZjYRVk.roa (raw, json)
Hash identifier:          L+Cvd7LHER3obyNLwwo/lRhtzZFBD2V2CZjBdQj9u1w=
Subject key identifier:   17:45:8B:10:2B:DD:2F:55:F4:BA:F0:E4:B5:C3:ED:15:98:D8:45:59
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019423D6B66FD2B25BC2356C94BADAAA68D2
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/F0WLECvdL1X0uvDktcPtFZjYRVk.roa
Signing time:             Wed 01 Jan 2025 21:47:41 +0000
ROA not before:           Wed 01 Jan 2025 21:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14445
IP address blocks:        89.37.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b6:6f:d2:b2:5b:c2:35:6c:94:ba:da:aa:68:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 21:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17458b102bdd2f55f4baf0e4b5c3ed1598d84559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a8:39:a7:6c:6d:35:d6:68:db:51:95:fe:e0:
                    74:2b:c2:fe:30:80:37:c7:8e:be:43:d3:c5:ca:1c:
                    5a:ec:59:f2:27:4b:64:86:38:a3:05:86:c0:b7:af:
                    23:52:18:9b:21:61:21:28:71:cf:91:00:eb:e0:4b:
                    36:d1:90:23:90:16:54:e3:58:e8:b8:05:85:c7:51:
                    8a:70:14:10:5a:37:c0:96:35:8f:7e:25:47:d2:72:
                    d2:25:11:32:6d:19:09:31:fb:b7:60:c5:96:f2:67:
                    a8:36:90:08:ca:fa:d5:52:d0:bf:fe:98:a0:1f:9d:
                    0f:14:e8:5c:72:74:df:24:55:07:a0:f4:f2:df:79:
                    f1:67:1b:10:83:26:a8:00:06:17:25:11:fa:9c:d3:
                    bd:e9:6b:35:c0:53:59:ae:a0:b4:e8:ee:3b:4f:c7:
                    eb:df:d8:ce:e3:cc:fc:4a:f4:18:e3:e0:24:d8:3e:
                    55:12:ec:fc:12:5e:9d:78:df:48:ae:1d:64:4d:1a:
                    ae:4b:01:33:87:91:97:01:2f:76:82:af:32:22:76:
                    85:4c:da:81:57:d0:69:08:b1:53:09:3f:8d:72:10:
                    53:6f:ce:22:31:44:d9:e9:0e:de:f1:5c:b1:fb:a4:
                    43:b9:c0:6f:db:b1:1d:a1:dc:ce:8e:97:16:73:64:
                    07:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:45:8B:10:2B:DD:2F:55:F4:BA:F0:E4:B5:C3:ED:15:98:D8:45:59
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/F0WLECvdL1X0uvDktcPtFZjYRVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:08:a9:89:7e:4c:0c:4d:6d:14:ae:21:a1:57:73:a6:a6:76:
         58:05:38:90:04:4b:7e:f6:69:aa:db:88:3c:3c:3e:b1:c9:7d:
         25:7c:cc:5b:97:61:b5:b2:a4:cd:06:8b:ca:7f:7f:ec:f5:58:
         c3:74:49:c9:8a:d4:ce:5b:c9:b9:0a:86:aa:1c:06:c7:da:bf:
         d6:f6:e9:d9:f0:42:4b:d0:fe:a3:74:70:f7:06:a7:71:7b:50:
         9a:62:f8:e7:17:14:e1:78:50:f7:86:98:f1:98:e8:94:c3:b0:
         70:42:0b:08:19:d1:12:03:ab:76:13:60:c6:97:64:ee:90:f6:
         74:c5:b7:c8:d5:1a:15:61:f6:56:e5:a3:43:00:53:ae:1f:57:
         a8:4a:b2:75:8d:2f:26:bf:ca:cd:c3:39:87:68:90:1e:56:ca:
         d7:44:6b:99:5c:db:77:f6:a1:71:79:a2:a7:13:93:4e:54:63:
         80:51:29:44:f5:93:ea:cb:33:34:88:94:a3:f5:cc:6c:f0:e3:
         b6:d4:58:f2:e9:ca:05:95:23:0d:87:fa:51:46:d5:bd:64:b5:
         01:fd:fb:07:c5:1c:6b:20:73:91:dc:3e:71:e2:dc:43:3d:9b:
         f2:0a:c3:8c:99:61:81:07:cf:bd:8e:8d:cd:76:aa:1f:be:91:
         af:9a:5e:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rZv0rJbwjVslLraqmjSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzQ1OGIxMDJiZGQyZjU1ZjRiYWYwZTRiNWMzZWQxNTk4ZDg0NTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ag5p2xtNdZo21GV/uB0K8L+MIA3
x46+Q9PFyhxa7FnyJ0tkhjijBYbAt68jUhibIWEhKHHPkQDr4Es20ZAjkBZU41jo
uAWFx1GKcBQQWjfAljWPfiVH0nLSJREybRkJMfu3YMWW8meoNpAIyvrVUtC//pig
H50PFOhccnTfJFUHoPTy33nxZxsQgyaoAAYXJRH6nNO96Ws1wFNZrqC06O47T8fr
39jO48z8SvQY4+Ak2D5VEuz8El6deN9Irh1kTRquSwEzh5GXAS92gq8yInaFTNqB
V9BpCLFTCT+NchBTb84iMUTZ6Q7e8Vyx+6RDucBv27EdodzOjpcWc2QH7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdFixAr3S9V9Lrw5LXD7RWY2EVZMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvRjBXTEVDdmRMMVgwdXZEa3RjUHRGWmpZUlZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSV3MA0G
CSqGSIb3DQEBCwUAA4IBAQAyCKmJfkwMTW0UriGhV3OmpnZYBTiQBEt+9mmq24g8
PD6xyX0lfMxbl2G1sqTNBovKf3/s9VjDdEnJitTOW8m5CoaqHAbH2r/W9unZ8EJL
0P6jdHD3Bqdxe1CaYvjnFxTheFD3hpjxmOiUw7BwQgsIGdESA6t2E2DGl2TukPZ0
xbfI1RoVYfZW5aNDAFOuH1eoSrJ1jS8mv8rNwzmHaJAeVsrXRGuZXNt39qFxeaKn
E5NOVGOAUSlE9ZPqyzM0iJSj9cxs8OO21Fjy6coFlSMNh/pRRtW9ZLUB/fsHxRxr
IHOR3D5x4txDPZvyCsOMmWGBB8+9jo3NdqofvpGvml5g
-----END CERTIFICATE-----