Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Po8KQOl0n1jyByLHJjdCnQ2G8RU.roa
File:                     Po8KQOl0n1jyByLHJjdCnQ2G8RU.roa (raw, json)
Hash identifier:          Tn121AMw2TDQtX5rZNFfWa1JnoSkA7/GXm5VcSzBGVI=
Subject key identifier:   3E:8F:0A:40:E9:74:9F:58:F2:07:22:C7:26:37:42:9D:0D:86:F1:15
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       0190B2B3509532769378ABF9E31E855AB7BE
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Po8KQOl0n1jyByLHJjdCnQ2G8RU.roa
Signing time:             Sun 14 Jul 2024 19:23:34 +0000
ROA not before:           Sun 14 Jul 2024 19:23:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        89.33.192.0/24 maxlen: 24
                          89.37.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b2:b3:50:95:32:76:93:78:ab:f9:e3:1e:85:5a:b7:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jul 14 19:23:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e8f0a40e9749f58f20722c72637429d0d86f115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:9b:96:3b:5d:4b:eb:ad:d8:73:b9:36:b2:b6:
                    24:a4:0e:19:62:49:ff:07:a5:ee:2d:89:d1:dd:33:
                    73:3a:69:f2:4d:e6:36:49:c4:65:d7:95:15:41:20:
                    6f:da:8e:1f:48:ad:10:fe:52:d9:4d:b7:8a:cc:00:
                    cd:f1:47:72:3f:50:84:eb:ae:12:29:7d:7e:48:11:
                    0c:02:a3:e8:79:5f:93:14:55:c4:15:0d:4e:75:9d:
                    3b:20:c2:1b:c3:76:3c:d5:6c:4f:60:da:03:09:d4:
                    81:81:f2:c1:79:2c:1b:31:4a:14:37:b5:98:2f:3d:
                    9f:61:22:4f:01:3e:38:d7:2e:b3:b9:14:c1:d0:13:
                    7c:19:25:45:6d:3f:50:f6:70:40:e8:8e:dc:3c:ed:
                    be:30:99:b8:ef:71:36:65:ed:ea:a7:47:df:11:0d:
                    e6:1d:a7:00:06:9e:ac:87:16:11:62:62:72:10:34:
                    7f:32:72:6c:08:2d:d9:02:17:2b:df:d2:0b:9f:b7:
                    0d:4b:bf:c1:19:90:de:4d:94:56:57:12:99:60:dc:
                    43:7b:7c:09:c9:b5:56:5b:7e:d3:c4:5f:3f:76:9a:
                    b1:39:17:40:36:09:81:f6:2b:d2:79:63:98:2e:ef:
                    b8:cd:5f:aa:9d:8e:6e:3b:94:d5:95:40:7f:20:4b:
                    91:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:8F:0A:40:E9:74:9F:58:F2:07:22:C7:26:37:42:9D:0D:86:F1:15
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Po8KQOl0n1jyByLHJjdCnQ2G8RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.192.0/24
                  89.37.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:fe:99:1f:f0:29:2a:c2:bb:f8:73:5d:72:3e:a8:07:84:6a:
         0e:10:e9:fc:d0:d7:27:31:57:cc:d7:da:21:b2:37:0b:12:31:
         44:95:97:1e:11:80:17:75:ee:c1:1d:ab:35:79:da:a9:8c:34:
         d2:56:60:fd:8e:38:b6:8c:c3:83:b5:65:ca:8f:d3:bd:05:58:
         c5:f7:a2:11:3a:73:98:6f:a9:07:1e:6e:00:af:a9:3b:90:a5:
         40:50:bf:87:f4:3b:6a:31:25:c5:9b:39:28:65:78:e7:cd:c6:
         8c:ea:44:f2:5e:55:39:49:b6:f5:aa:6e:5f:da:b2:22:cd:df:
         bf:e6:88:66:c1:2e:1d:93:08:b4:c6:3f:d0:fd:55:76:ef:20:
         db:45:88:de:ed:f5:3f:c2:2f:e4:d9:55:a1:9b:0b:b1:2e:1c:
         6a:f3:17:26:49:b7:39:ab:b6:b2:de:9b:23:c9:c2:e8:e6:7c:
         66:68:1a:1e:d6:15:d3:4e:2b:de:41:1a:4f:86:43:b7:14:34:
         05:e0:2f:cb:57:ab:bf:24:88:05:43:ed:02:11:3b:69:08:f4:
         c8:16:8e:e2:60:8f:30:81:64:0a:74:6e:5c:bb:3c:cc:50:ea:
         81:67:3e:8e:06:db:62:71:7b:23:b5:46:89:dd:cb:d7:87:d1:
         fc:95:02:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCys1CVMnaTeKv54x6FWre+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwNzE0MTkyMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZThmMGE0MGU5NzQ5ZjU4ZjIwNzIyYzcyNjM3NDI5ZDBkODZmMTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JuWO11L663Yc7k2srYkpA4ZYkn/
B6XuLYnR3TNzOmnyTeY2ScRl15UVQSBv2o4fSK0Q/lLZTbeKzADN8UdyP1CE664S
KX1+SBEMAqPoeV+TFFXEFQ1OdZ07IMIbw3Y81WxPYNoDCdSBgfLBeSwbMUoUN7WY
Lz2fYSJPAT441y6zuRTB0BN8GSVFbT9Q9nBA6I7cPO2+MJm473E2Ze3qp0ffEQ3m
HacABp6shxYRYmJyEDR/MnJsCC3ZAhcr39ILn7cNS7/BGZDeTZRWVxKZYNxDe3wJ
ybVWW37TxF8/dpqxORdANgmB9ivSeWOYLu+4zV+qnY5uO5TVlUB/IEuRlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD6PCkDpdJ9Y8gcixyY3Qp0NhvEVMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvUG84S1FPbDBuMWp5QnlMSEpqZENuUTJHOFJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSHAAwQA
WSXFMA0GCSqGSIb3DQEBCwUAA4IBAQBy/pkf8Ckqwrv4c11yPqgHhGoOEOn80Ncn
MVfM19ohsjcLEjFElZceEYAXde7BHas1edqpjDTSVmD9jji2jMODtWXKj9O9BVjF
96IROnOYb6kHHm4Ar6k7kKVAUL+H9DtqMSXFmzkoZXjnzcaM6kTyXlU5Sbb1qm5f
2rIizd+/5ohmwS4dkwi0xj/Q/VV27yDbRYje7fU/wi/k2VWhmwuxLhxq8xcmSbc5
q7ay3psjycLo5nxmaBoe1hXTTiveQRpPhkO3FDQF4C/LV6u/JIgFQ+0CETtpCPTI
Fo7iYI8wgWQKdG5cuzzMUOqBZz6OBtticXsjtUaJ3cvXh9H8lQKp
-----END CERTIFICATE-----