Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/5PCYIBk2_Vkq-R7esvMGrrnVGVM.roa
File:                     5PCYIBk2_Vkq-R7esvMGrrnVGVM.roa (raw, json)
Hash identifier:          nMMCamMFIKOP6kiSUlE4m0B6nzz91tK1jjwpPp5W81Q=
Subject key identifier:   E4:F0:98:20:19:36:FD:59:2A:F9:1E:DE:B2:F3:06:AE:B9:D5:19:53
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       018CC7958DC238E82CFEB5EB34B1F38BB8C1
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/5PCYIBk2_Vkq-R7esvMGrrnVGVM.roa
Signing time:             Tue 02 Jan 2024 00:31:56 +0000
ROA not before:           Tue 02 Jan 2024 00:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208325
IP address blocks:        89.223.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8d:c2:38:e8:2c:fe:b5:eb:34:b1:f3:8b:b8:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 00:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4f098201936fd592af91edeb2f306aeb9d51953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:cf:02:76:53:f7:19:54:6d:da:37:db:0f:d1:
                    75:57:ed:93:87:08:f2:7c:dc:b9:7b:e6:f4:08:c5:
                    32:36:11:9e:37:90:06:37:e2:b7:c3:d5:24:da:a5:
                    7a:0c:b9:8f:6c:99:3e:36:72:2b:d9:d2:1b:e9:4c:
                    30:b3:31:83:55:42:7f:d0:9e:ba:43:96:55:c5:e0:
                    16:5b:6a:eb:ea:26:31:3e:63:be:c1:12:ea:29:3b:
                    6d:b2:1f:d4:7f:6b:72:eb:e2:a0:34:56:8b:0e:4e:
                    a0:fe:e6:a6:69:76:77:57:29:3f:f9:78:af:b5:9c:
                    13:7c:ae:be:a1:0a:be:ec:35:7f:38:1b:8f:a0:f9:
                    89:fb:ef:69:31:c7:b0:41:8d:f2:7b:54:58:63:92:
                    7f:b9:64:ee:da:c9:08:0b:73:4a:b5:bb:2d:c2:31:
                    6a:72:fd:d3:0c:35:c3:b1:fe:39:55:50:9f:f3:ab:
                    b2:38:c2:46:eb:b6:c8:31:c2:cc:be:05:f4:8b:e9:
                    c3:20:a7:8d:9f:4d:81:09:22:a8:a8:93:8e:ca:5c:
                    41:42:0c:98:d5:89:f1:6b:de:52:d1:48:63:6f:ae:
                    1b:5d:cc:a3:38:b6:b1:46:d1:ec:3d:c1:7c:78:70:
                    92:51:46:02:b8:e4:7a:f7:0b:d8:3a:7c:f3:56:49:
                    c9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F0:98:20:19:36:FD:59:2A:F9:1E:DE:B2:F3:06:AE:B9:D5:19:53
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/5PCYIBk2_Vkq-R7esvMGrrnVGVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.223.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:29:eb:28:b0:c8:ca:a2:bd:fa:23:4a:6f:fa:a3:ad:32:fc:
         7f:7b:4c:ee:88:af:dd:e6:1e:d3:86:95:74:71:bb:db:bd:c1:
         d4:85:21:d7:d5:f9:57:5c:9c:26:5b:8e:f6:33:a3:fd:17:41:
         7c:f1:32:3d:4e:82:b8:aa:e9:2b:98:e8:6b:78:f1:c4:47:f7:
         b2:4c:bb:8b:16:71:f7:15:f3:57:1f:9b:b3:5c:e8:3b:9a:5c:
         17:8f:c7:86:61:4b:39:6c:bd:60:0d:07:d9:dd:39:af:21:23:
         2e:08:23:d3:44:0b:47:ae:ec:d8:10:c7:d5:d1:5a:c4:c1:22:
         d3:9f:1b:b9:5b:e9:d0:a8:82:bd:1e:9f:09:b5:dd:61:d1:74:
         3f:cf:1b:18:44:80:be:42:c8:b7:c8:db:fd:a0:71:0a:b9:d2:
         d4:eb:1e:d2:f2:bf:0d:e0:34:f3:3e:94:6b:51:d4:ec:2e:4d:
         11:01:66:1a:06:01:90:25:bb:db:99:6c:34:23:a0:cf:02:7c:
         b2:69:85:04:bd:ab:95:02:f3:10:72:da:52:b5:9b:3f:13:26:
         64:2e:46:a2:7e:26:7d:c7:52:89:28:04:69:8b:ef:3a:76:5a:
         f8:00:69:8d:36:6a:6e:02:50:8c:c0:f7:28:95:73:8c:b9:29:
         65:b2:3a:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlY3COOgs/rXrNLHzi7jBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjQwMTAyMDAzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGYwOTgyMDE5MzZmZDU5MmFmOTFlZGViMmYzMDZhZWI5ZDUxOTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA288CdlP3GVRt2jfbD9F1V+2Thwjy
fNy5e+b0CMUyNhGeN5AGN+K3w9Uk2qV6DLmPbJk+NnIr2dIb6UwwszGDVUJ/0J66
Q5ZVxeAWW2rr6iYxPmO+wRLqKTttsh/Uf2ty6+KgNFaLDk6g/uamaXZ3Vyk/+Xiv
tZwTfK6+oQq+7DV/OBuPoPmJ++9pMcewQY3ye1RYY5J/uWTu2skIC3NKtbstwjFq
cv3TDDXDsf45VVCf86uyOMJG67bIMcLMvgX0i+nDIKeNn02BCSKoqJOOylxBQgyY
1Ynxa95S0Uhjb64bXcyjOLaxRtHsPcF8eHCSUUYCuOR69wvYOnzzVknJIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTwmCAZNv1ZKvke3rLzBq651RlTMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvNVBDWUlCazJfVmtxLVI3ZXN2TUdycm5WR1ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWd9jMA0G
CSqGSIb3DQEBCwUAA4IBAQAvKesosMjKor36I0pv+qOtMvx/e0zuiK/d5h7ThpV0
cbvbvcHUhSHX1flXXJwmW472M6P9F0F88TI9ToK4qukrmOhrePHER/eyTLuLFnH3
FfNXH5uzXOg7mlwXj8eGYUs5bL1gDQfZ3TmvISMuCCPTRAtHruzYEMfV0VrEwSLT
nxu5W+nQqIK9Hp8Jtd1h0XQ/zxsYRIC+Qsi3yNv9oHEKudLU6x7S8r8N4DTzPpRr
UdTsLk0RAWYaBgGQJbvbmWw0I6DPAnyyaYUEvauVAvMQctpStZs/EyZkLkaifiZ9
x1KJKARpi+86dlr4AGmNNmpuAlCMwPcolXOMuSllsjrU
-----END CERTIFICATE-----