Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/R1vBdG8FX0LI5_5OPJKVmh2smJk.roa
File:                     R1vBdG8FX0LI5_5OPJKVmh2smJk.roa (raw, json)
Hash identifier:          Nto4i/nJW1GJWb9GY5JjdvPa8pnBbRHFX0QyMvf2ask=
Subject key identifier:   47:5B:C1:74:6F:05:5F:42:C8:E7:FE:4E:3C:92:95:9A:1D:AC:98:99
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       018CC7958F4CB39612C50FC59C1E1A493B3A
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/R1vBdG8FX0LI5_5OPJKVmh2smJk.roa
Signing time:             Tue 02 Jan 2024 00:31:56 +0000
ROA not before:           Tue 02 Jan 2024 00:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211590
IP address blocks:        89.104.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8f:4c:b3:96:12:c5:0f:c5:9c:1e:1a:49:3b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 00:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=475bc1746f055f42c8e7fe4e3c92959a1dac9899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:af:90:0b:88:58:7b:ac:74:3c:70:f6:c6:9d:
                    21:28:f7:7e:12:e6:05:e7:b1:ab:32:2b:69:6f:02:
                    a8:90:41:9f:8b:97:02:86:d9:ba:a5:71:d2:22:b1:
                    e8:10:00:24:d0:6a:a3:9c:1a:ae:7c:7d:79:42:0f:
                    a9:35:3a:88:b7:09:57:e2:45:5b:08:a2:af:b8:7c:
                    52:4f:f7:42:6b:ba:f8:23:f4:c7:3a:05:ec:d2:3c:
                    5c:7c:18:99:cc:44:e9:86:75:78:42:fe:9d:87:d0:
                    96:b2:d3:40:73:e5:8e:07:5d:d9:62:f8:05:0a:1a:
                    3f:b4:c6:40:03:6c:76:95:44:45:a2:18:17:64:08:
                    34:f7:c0:19:5d:70:e2:92:39:a8:ab:c6:d6:7d:85:
                    3b:75:bd:66:bd:3c:aa:82:4b:c6:13:97:ed:8e:9f:
                    2d:fc:02:f0:3d:57:e7:53:f3:95:aa:9b:06:32:c6:
                    d7:15:08:01:ea:5a:4b:11:cb:c8:00:08:39:37:78:
                    1c:8c:b0:b1:24:95:08:06:ca:ff:da:2a:c6:d6:2b:
                    cb:de:45:10:07:24:55:2c:ab:58:c8:a6:94:0c:6f:
                    6c:5b:92:35:56:94:1b:b9:8e:6a:53:35:b3:8b:a6:
                    1f:7b:d0:0b:5c:3d:53:15:16:c3:d5:39:3a:c6:5f:
                    94:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:5B:C1:74:6F:05:5F:42:C8:E7:FE:4E:3C:92:95:9A:1D:AC:98:99
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/R1vBdG8FX0LI5_5OPJKVmh2smJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.104.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:e2:f1:53:76:f5:37:ac:78:e3:b6:64:df:07:db:c9:52:ef:
         46:da:90:28:9a:65:a1:18:5a:70:c8:a9:01:3a:cc:e6:af:0c:
         14:95:ce:9f:1e:b5:92:7d:10:42:2f:ad:3d:89:63:60:30:13:
         52:5d:30:59:91:66:cd:c5:40:6a:4f:58:80:28:c4:b8:34:fc:
         f8:9c:79:0b:4e:87:90:9f:b0:a9:0a:08:38:5b:a7:32:36:01:
         15:d8:50:3e:38:d0:22:48:06:35:39:67:b0:e3:a3:f9:a4:a4:
         a1:6c:2a:9e:11:78:6d:fb:c9:a5:26:52:c6:1c:09:f4:27:28:
         1b:fd:5b:96:de:94:fb:8c:1c:19:a1:0e:e7:fb:82:a4:3e:12:
         30:de:45:02:a0:22:63:3c:03:d3:75:56:d3:d1:89:53:1e:60:
         80:87:5c:4b:2f:8b:84:66:64:83:10:4e:d6:47:a3:a8:81:03:
         cb:cd:ba:78:d6:76:58:13:6b:59:55:06:33:52:58:1b:7b:c8:
         63:6e:a6:6a:5d:eb:6c:4b:dd:b1:32:ea:1a:35:d7:81:e8:79:
         1f:96:5d:88:dc:b7:d8:fe:65:c6:a8:b1:1c:7f:7e:d7:92:b4:
         03:41:71:81:5d:67:c4:95:78:b5:3d:84:69:b4:11:ce:c2:f2:
         a4:f2:d7:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlY9Ms5YSxQ/FnB4aSTs6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjQwMTAyMDAzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzViYzE3NDZmMDU1ZjQyYzhlN2ZlNGUzYzkyOTU5YTFkYWM5ODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6+QC4hYe6x0PHD2xp0hKPd+EuYF
57GrMitpbwKokEGfi5cChtm6pXHSIrHoEAAk0GqjnBqufH15Qg+pNTqItwlX4kVb
CKKvuHxST/dCa7r4I/THOgXs0jxcfBiZzETphnV4Qv6dh9CWstNAc+WOB13ZYvgF
Cho/tMZAA2x2lURFohgXZAg098AZXXDikjmoq8bWfYU7db1mvTyqgkvGE5ftjp8t
/ALwPVfnU/OVqpsGMsbXFQgB6lpLEcvIAAg5N3gcjLCxJJUIBsr/2irG1ivL3kUQ
ByRVLKtYyKaUDG9sW5I1VpQbuY5qUzWzi6Yfe9ALXD1TFRbD1Tk6xl+UZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdbwXRvBV9CyOf+TjySlZodrJiZMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvUjF2QmRHOEZYMExJNV81T1BKS1ZtaDJzbUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWh+MA0G
CSqGSIb3DQEBCwUAA4IBAQAI4vFTdvU3rHjjtmTfB9vJUu9G2pAommWhGFpwyKkB
OszmrwwUlc6fHrWSfRBCL609iWNgMBNSXTBZkWbNxUBqT1iAKMS4NPz4nHkLToeQ
n7CpCgg4W6cyNgEV2FA+ONAiSAY1OWew46P5pKShbCqeEXht+8mlJlLGHAn0Jygb
/VuW3pT7jBwZoQ7n+4KkPhIw3kUCoCJjPAPTdVbT0YlTHmCAh1xLL4uEZmSDEE7W
R6OogQPLzbp41nZYE2tZVQYzUlgbe8hjbqZqXetsS92xMuoaNdeB6Hkfll2I3LfY
/mXGqLEcf37XkrQDQXGBXWfElXi1PYRptBHOwvKk8teJ
-----END CERTIFICATE-----