Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/9HOZwuwciw4t4YVtyQK7BR_iy9E.roa
File:                     9HOZwuwciw4t4YVtyQK7BR_iy9E.roa (raw, json)
Hash identifier:          Qvmk0Stc8bG1b+jg+A3GVvi14qOFkaTOjZlMXxStHwY=
Subject key identifier:   F4:73:99:C2:EC:1C:8B:0E:2D:E1:85:6D:C9:02:BB:05:1F:E2:CB:D1
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       018CC802CF53006C6614111CF12997AB43E1
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/9HOZwuwciw4t4YVtyQK7BR_iy9E.roa
Signing time:             Tue 02 Jan 2024 02:31:16 +0000
ROA not before:           Tue 02 Jan 2024 02:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207958
IP address blocks:        89.39.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:cf:53:00:6c:66:14:11:1c:f1:29:97:ab:43:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  2 02:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f47399c2ec1c8b0e2de1856dc902bb051fe2cbd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:92:b1:47:6d:a2:4f:c8:6d:da:ae:12:98:9a:
                    36:4a:6c:30:64:0a:98:6e:20:9a:a1:f0:87:4a:74:
                    8b:ba:b4:4c:48:22:9a:36:4b:ea:3e:7d:9b:6a:23:
                    f3:86:d8:b1:ba:5c:4c:d4:e1:21:6d:ab:07:a0:b8:
                    d5:5e:6c:5f:da:01:86:71:8d:e9:43:b3:d4:75:e8:
                    f2:b7:08:8d:f9:e8:24:31:8d:03:35:94:2c:68:ff:
                    74:fd:3f:e3:0f:51:6a:cb:2b:e9:bf:af:58:d6:fe:
                    e8:7e:03:2b:07:1a:68:ac:71:23:8b:9d:d1:79:a3:
                    de:a4:cb:22:df:9b:c1:20:41:09:47:f2:f4:5c:d1:
                    af:59:1f:28:87:2e:9c:65:90:4e:5d:d4:31:0e:34:
                    52:fb:d2:ec:de:07:a8:75:58:c0:3c:2a:46:fb:ca:
                    1e:bc:05:78:e7:53:3b:dd:28:23:ae:3f:1a:68:b2:
                    e1:e8:06:c0:24:49:ab:66:42:e3:56:7d:85:3a:d8:
                    a1:36:90:7c:1e:4c:af:11:c8:4b:e9:5f:ce:0c:65:
                    2a:05:80:cc:a0:d9:26:4e:2d:c4:88:57:55:2c:3b:
                    b0:a4:d6:1b:a6:53:c0:a2:a4:4d:72:f6:da:2a:7a:
                    0d:32:22:53:7e:54:e3:3e:5b:a0:2a:f8:e3:fc:72:
                    23:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:73:99:C2:EC:1C:8B:0E:2D:E1:85:6D:C9:02:BB:05:1F:E2:CB:D1
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/9HOZwuwciw4t4YVtyQK7BR_iy9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:38:5a:d8:b4:dd:22:a0:68:a1:f2:13:ee:03:88:3a:f2:e8:
         51:3f:39:ed:4c:52:90:32:9a:fd:d9:83:61:e2:e4:7f:5b:32:
         7e:b4:6d:47:04:89:7d:e0:74:d8:98:b0:7e:d3:fd:d9:51:b8:
         6a:6d:62:ce:41:56:0e:b3:bd:3a:ed:7a:f7:89:d6:42:6f:cc:
         88:ec:b8:57:d7:51:8d:0a:65:55:22:da:2f:b4:54:8b:7a:20:
         a0:69:06:5a:b5:8c:dd:8c:7d:ee:ba:a3:97:95:8e:1b:67:3e:
         4b:8d:e1:42:22:16:d9:e8:f5:d7:12:d4:d9:9b:ca:98:ca:a7:
         9d:bd:b2:07:5c:16:62:94:ed:2c:2a:7c:d2:25:e5:a7:a8:09:
         ab:9e:b6:a1:7a:11:96:c7:ed:62:ea:f8:13:3d:0b:fc:90:a1:
         d2:66:44:e9:2b:7a:42:07:b7:d0:29:a1:35:a1:2e:3f:ca:37:
         89:e8:2b:a0:88:d9:e3:23:cf:0e:79:9f:77:8d:7e:30:dd:b9:
         0c:1f:51:ff:80:c6:be:84:71:44:1d:1f:a3:c2:02:3c:41:00:
         36:3c:0e:7a:41:b7:ee:81:a4:3f:99:cc:69:96:05:9f:4d:74:
         f7:fb:3e:51:42:f5:eb:14:77:52:99:75:6f:ba:63:c7:76:54:
         55:5b:67:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAs9TAGxmFBEc8SmXq0PhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDczOTljMmVjMWM4YjBlMmRlMTg1NmRjOTAyYmIwNTFmZTJjYmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZKxR22iT8ht2q4SmJo2SmwwZAqY
biCaofCHSnSLurRMSCKaNkvqPn2baiPzhtixulxM1OEhbasHoLjVXmxf2gGGcY3p
Q7PUdejytwiN+egkMY0DNZQsaP90/T/jD1Fqyyvpv69Y1v7ofgMrBxporHEji53R
eaPepMsi35vBIEEJR/L0XNGvWR8ohy6cZZBOXdQxDjRS+9Ls3geodVjAPCpG+8oe
vAV451M73Sgjrj8aaLLh6AbAJEmrZkLjVn2FOtihNpB8HkyvEchL6V/ODGUqBYDM
oNkmTi3EiFdVLDuwpNYbplPAoqRNcvbaKnoNMiJTflTjPlugKvjj/HIjnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRzmcLsHIsOLeGFbckCuwUf4svRMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvOUhPWnd1d2NpdzR0NFlWdHlRSzdCUl9peTlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSddMA0G
CSqGSIb3DQEBCwUAA4IBAQBZOFrYtN0ioGih8hPuA4g68uhRPzntTFKQMpr92YNh
4uR/WzJ+tG1HBIl94HTYmLB+0/3ZUbhqbWLOQVYOs7067Xr3idZCb8yI7LhX11GN
CmVVItovtFSLeiCgaQZatYzdjH3uuqOXlY4bZz5LjeFCIhbZ6PXXEtTZm8qYyqed
vbIHXBZilO0sKnzSJeWnqAmrnrahehGWx+1i6vgTPQv8kKHSZkTpK3pCB7fQKaE1
oS4/yjeJ6CugiNnjI88OeZ93jX4w3bkMH1H/gMa+hHFEHR+jwgI8QQA2PA56Qbfu
gaQ/mcxplgWfTXT3+z5RQvXrFHdSmXVvumPHdlRVW2c8
-----END CERTIFICATE-----