Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/rVlMZ7GDKDKT0POEzliPjToG3wU.roa
File:                     rVlMZ7GDKDKT0POEzliPjToG3wU.roa (raw, json)
Hash identifier:          +e5artsI0BJji0ZWSt+aWiTPcb+q7oM8UgOXLxwsIGA=
Subject key identifier:   AD:59:4C:67:B1:83:28:32:93:D0:F3:84:CE:58:8F:8D:3A:06:DF:05
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019423D6BD3EEDF4BD8633A74A06E3B8B818
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/rVlMZ7GDKDKT0POEzliPjToG3wU.roa
Signing time:             Wed 01 Jan 2025 21:47:43 +0000
ROA not before:           Wed 01 Jan 2025 21:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42689
IP address blocks:        89.33.195.0/24 maxlen: 24
                          89.42.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 00:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:bd:3e:ed:f4:bd:86:33:a7:4a:06:e3:b8:b8:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 21:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad594c67b183283293d0f384ce588f8d3a06df05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c5:bd:12:8d:e6:b4:a6:e6:0d:ef:c9:e9:06:
                    63:c4:4b:3e:5a:01:c6:7d:55:3b:d5:05:8c:e0:cd:
                    a4:ec:ad:83:cd:12:4f:55:34:2a:5c:99:d4:65:76:
                    c9:2b:53:5a:f5:1a:9c:da:8a:48:7a:a5:99:be:41:
                    06:c3:b7:96:39:47:58:06:cf:19:bc:01:4a:44:41:
                    ea:11:7e:ed:55:f6:aa:11:41:97:c4:00:9d:79:93:
                    f7:a0:8c:f8:d5:b5:11:4d:15:c3:f6:18:bd:82:70:
                    11:b3:68:52:c6:4b:b8:ae:ca:cd:d6:40:04:e8:3a:
                    99:11:8f:9f:65:dd:42:e8:fd:23:b5:5b:7c:ee:56:
                    19:1d:fb:c1:0e:b8:f7:d4:e1:77:c5:23:53:aa:ca:
                    26:e6:9e:de:4c:83:93:e0:68:61:e9:ed:01:04:ed:
                    ff:9c:c4:a4:ab:0c:56:13:e0:9d:68:ca:0c:b3:c5:
                    1d:c8:69:96:a3:70:fa:23:68:98:0a:6a:0f:6b:f2:
                    34:0c:ec:63:44:04:55:b6:e6:d3:12:20:17:91:4b:
                    3e:e5:9d:df:9a:96:0e:fb:6a:29:7e:1c:1e:ed:c0:
                    70:d1:bb:c9:ed:5f:93:a2:b4:74:26:bb:a9:54:93:
                    55:92:20:0c:d9:7b:36:b2:04:bf:4b:06:cf:a9:e5:
                    74:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:59:4C:67:B1:83:28:32:93:D0:F3:84:CE:58:8F:8D:3A:06:DF:05
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/rVlMZ7GDKDKT0POEzliPjToG3wU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.195.0/24
                  89.42.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:f0:36:08:0e:9d:19:b2:c7:e9:61:1f:18:6c:bc:9e:73:85:
         1e:81:50:f5:99:d7:9e:1b:a2:55:06:37:ef:62:60:3e:11:57:
         74:16:0e:3d:68:1d:d7:d8:10:fe:c9:e3:e0:36:9d:f3:99:17:
         e8:6a:70:41:ad:5a:ab:9b:ca:80:d8:7d:f5:ac:a7:7e:fa:be:
         d4:fd:0f:a5:32:80:a8:c2:bc:ad:65:db:08:b6:c4:f2:45:83:
         1d:0f:f0:87:4d:b5:a8:62:2e:18:c2:0e:9e:6f:c2:fe:41:42:
         75:22:18:b3:45:d3:dd:50:21:bd:4d:6c:9d:94:d9:78:99:da:
         77:7b:e8:bc:32:49:09:75:fe:44:4a:22:1e:3e:ea:45:2a:f5:
         86:c2:06:91:a0:fd:7d:e7:dc:48:53:35:bb:79:32:ad:74:81:
         0e:ec:41:76:77:d5:7e:43:03:88:26:72:30:e4:a0:45:63:8c:
         3d:f4:76:24:bb:15:a3:e4:21:25:31:86:49:f2:9a:2f:2f:4a:
         1f:4c:9b:43:64:4f:32:aa:15:17:07:d3:37:f6:df:99:dd:9f:
         cc:ac:98:6c:49:ac:2c:57:57:92:5f:2a:21:83:f5:02:08:73:
         f5:45:2d:86:61:42:14:9e:be:ea:f3:0d:c9:73:5c:60:fe:71:
         94:c3:90:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1r0+7fS9hjOnSgbjuLgYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDU5NGM2N2IxODMyODMyOTNkMGYzODRjZTU4OGY4ZDNhMDZkZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcW9Eo3mtKbmDe/J6QZjxEs+WgHG
fVU71QWM4M2k7K2DzRJPVTQqXJnUZXbJK1Na9Rqc2opIeqWZvkEGw7eWOUdYBs8Z
vAFKREHqEX7tVfaqEUGXxACdeZP3oIz41bURTRXD9hi9gnARs2hSxku4rsrN1kAE
6DqZEY+fZd1C6P0jtVt87lYZHfvBDrj31OF3xSNTqsom5p7eTIOT4Ghh6e0BBO3/
nMSkqwxWE+CdaMoMs8UdyGmWo3D6I2iYCmoPa/I0DOxjRARVtubTEiAXkUs+5Z3f
mpYO+2opfhwe7cBw0bvJ7V+TorR0JrupVJNVkiAM2Xs2sgS/SwbPqeV0pQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK1ZTGexgygyk9DzhM5Yj406Bt8FMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvclZsTVo3R0RLREtUMFBPRXpsaVBqVG9HM3dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSHDAwQA
WSpTMA0GCSqGSIb3DQEBCwUAA4IBAQAb8DYIDp0ZssfpYR8YbLyec4UegVD1mdee
G6JVBjfvYmA+EVd0Fg49aB3X2BD+yePgNp3zmRfoanBBrVqrm8qA2H31rKd++r7U
/Q+lMoCowrytZdsItsTyRYMdD/CHTbWoYi4Ywg6eb8L+QUJ1IhizRdPdUCG9TWyd
lNl4mdp3e+i8MkkJdf5ESiIePupFKvWGwgaRoP1959xIUzW7eTKtdIEO7EF2d9V+
QwOIJnIw5KBFY4w99HYkuxWj5CElMYZJ8povL0ofTJtDZE8yqhUXB9M39t+Z3Z/M
rJhsSawsV1eSXyohg/UCCHP1RS2GYUIUnr7q8w3Jc1xg/nGUw5CC
-----END CERTIFICATE-----