Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/GiXPWO_M5_Qz7chgSaADKYyKdjQ.roa
File:                     GiXPWO_M5_Qz7chgSaADKYyKdjQ.roa (raw, json)
Hash identifier:          CR+t2FWeT4iCGvfmEuW7cscv5yFtp2gnGfSh1BKnw8o=
Subject key identifier:   1A:25:CF:58:EF:CC:E7:F4:33:ED:C8:60:49:A0:03:29:8C:8A:76:34
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019420D658E05351A90677E6F0495014B732
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/GiXPWO_M5_Qz7chgSaADKYyKdjQ.roa
Signing time:             Wed 01 Jan 2025 07:48:25 +0000
ROA not before:           Wed 01 Jan 2025 07:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        89.32.130.0/24 maxlen: 24
                          89.32.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:58:e0:53:51:a9:06:77:e6:f0:49:50:14:b7:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  1 07:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a25cf58efcce7f433edc86049a003298c8a7634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6c:3e:d7:52:0d:8b:33:b4:45:90:60:06:d2:
                    97:8c:9e:ef:6c:d7:70:0d:77:f6:34:9e:f6:9a:bf:
                    1f:20:72:a6:1d:0c:b9:9f:32:3b:6c:23:44:27:37:
                    50:76:63:dd:ff:86:d0:c3:b0:43:39:87:0f:d3:bc:
                    6f:44:c0:0c:33:09:f8:e2:29:4d:f6:93:6d:ee:88:
                    0e:47:5a:f4:88:6c:ea:31:ac:30:fd:11:f4:33:7a:
                    9b:52:f3:0f:65:18:be:f9:2b:d2:c9:f2:7c:73:86:
                    26:10:3d:fd:b3:78:64:ad:f7:d9:b1:5e:86:f0:fa:
                    36:ee:02:29:8c:a6:d2:89:3a:3b:36:b1:79:14:ac:
                    54:af:5c:42:d2:79:d6:88:65:eb:f2:74:0c:57:1b:
                    60:95:26:ca:64:32:10:12:33:94:34:4c:16:19:8f:
                    ea:f0:87:02:c9:fc:0d:ac:3a:14:c1:b0:0d:37:ef:
                    62:43:10:a8:06:a9:56:b4:36:9c:1a:63:98:4e:ff:
                    37:01:a3:d4:6e:22:cd:8b:f9:60:d7:87:9e:46:96:
                    87:38:d5:cd:d2:10:e1:3b:bb:39:34:9a:06:ba:84:
                    7f:56:85:fa:94:18:3e:25:fd:e0:94:2b:3a:c1:f0:
                    9b:17:3d:b6:5c:80:67:76:e8:4f:6c:ec:20:91:62:
                    cf:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:25:CF:58:EF:CC:E7:F4:33:ED:C8:60:49:A0:03:29:8C:8A:76:34
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/GiXPWO_M5_Qz7chgSaADKYyKdjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.32.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:48:24:5d:6e:fb:3c:98:a3:94:ab:8b:2c:9e:15:cc:c7:e9:
         18:25:21:ea:66:04:22:ea:e8:75:0e:bb:56:be:df:8f:29:61:
         ed:e3:32:82:f8:76:0a:6a:81:e2:e6:b4:08:29:55:e4:01:33:
         28:c7:3a:bf:73:49:fb:ec:a9:eb:7e:86:de:19:9a:09:c7:be:
         4b:33:87:5c:33:17:e0:7a:3b:c1:f9:a6:5b:00:01:38:eb:ec:
         97:cd:db:65:1f:42:05:21:5f:9b:60:18:90:84:65:a9:c9:9c:
         89:b2:53:24:bd:4b:09:15:cb:c8:3b:1d:7c:89:15:4c:21:9f:
         58:93:7f:06:a3:07:e3:1a:13:7c:82:12:bb:e2:b7:bf:36:76:
         3e:70:ee:95:f1:6c:6b:83:36:ec:7a:90:ad:a0:c0:3a:c3:a7:
         da:4b:1c:dd:c9:b9:62:07:15:9b:92:24:5e:ad:9d:f6:47:4f:
         be:d1:93:4a:0b:aa:4d:b8:dc:3d:ba:da:b2:02:68:f6:1b:66:
         db:c3:12:4b:03:3b:cd:87:28:96:ad:9a:45:45:cf:48:df:c7:
         ec:01:97:f0:a3:36:19:04:93:b4:f4:2e:73:14:d6:c2:dc:71:
         ba:97:19:84:fa:39:1e:12:8b:5c:1f:df:05:c1:9e:ac:f2:27:
         d6:94:d8:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1ljgU1GpBnfm8ElQFLcyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTI1Y2Y1OGVmY2NlN2Y0MzNlZGM4NjA0OWEwMDMyOThjOGE3NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGw+11INizO0RZBgBtKXjJ7vbNdw
DXf2NJ72mr8fIHKmHQy5nzI7bCNEJzdQdmPd/4bQw7BDOYcP07xvRMAMMwn44ilN
9pNt7ogOR1r0iGzqMaww/RH0M3qbUvMPZRi++SvSyfJ8c4YmED39s3hkrffZsV6G
8Po27gIpjKbSiTo7NrF5FKxUr1xC0nnWiGXr8nQMVxtglSbKZDIQEjOUNEwWGY/q
8IcCyfwNrDoUwbANN+9iQxCoBqlWtDacGmOYTv83AaPUbiLNi/lg14eeRpaHONXN
0hDhO7s5NJoGuoR/VoX6lBg+Jf3glCs6wfCbFz22XIBnduhPbOwgkWLPNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBolz1jvzOf0M+3IYEmgAymMinY0MB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvR2lYUFdPX001X1F6N2NoZ1NhQURLWXlLZGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSCCMA0G
CSqGSIb3DQEBCwUAA4IBAQAXSCRdbvs8mKOUq4ssnhXMx+kYJSHqZgQi6uh1DrtW
vt+PKWHt4zKC+HYKaoHi5rQIKVXkATMoxzq/c0n77KnrfobeGZoJx75LM4dcMxfg
ejvB+aZbAAE46+yXzdtlH0IFIV+bYBiQhGWpyZyJslMkvUsJFcvIOx18iRVMIZ9Y
k38GowfjGhN8ghK74re/NnY+cO6V8WxrgzbsepCtoMA6w6faSxzdybliBxWbkiRe
rZ32R0++0ZNKC6pNuNw9utqyAmj2G2bbwxJLAzvNhyiWrZpFRc9I38fsAZfwozYZ
BJO09C5zFNbC3HG6lxmE+jkeEotcH98FwZ6s8ifWlNhz
-----END CERTIFICATE-----