Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/yd7IGTXoNF7At7qFgg6SFovdsmw.roa
File:                     yd7IGTXoNF7At7qFgg6SFovdsmw.roa (raw, json)
Hash identifier:          LJrmBZeojvV/aAHDkxr4mqAtodKgUDj4fKu5ErNfpbs=
Subject key identifier:   C9:DE:C8:19:35:E8:34:5E:C0:B7:BA:85:82:0E:92:16:8B:DD:B2:6C
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       01941FFA352FF7B6F68C17C554130DAA08FC
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/yd7IGTXoNF7At7qFgg6SFovdsmw.roa
Signing time:             Wed 01 Jan 2025 03:47:58 +0000
ROA not before:           Wed 01 Jan 2025 03:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41635
IP address blocks:        89.38.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:35:2f:f7:b6:f6:8c:17:c5:54:13:0d:aa:08:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  1 03:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9dec81935e8345ec0b7ba85820e92168bddb26c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:92:a3:ed:d7:6f:28:3b:62:2f:16:41:97:54:
                    ef:35:fc:20:27:8a:fa:ae:eb:f9:cd:e8:07:f1:c3:
                    d5:85:92:9b:ae:61:98:77:8c:b0:d5:0d:62:da:bd:
                    c0:d5:ca:95:47:d3:3d:3d:4a:b9:29:fa:4c:da:c4:
                    a6:de:09:a8:5d:36:2d:b2:3d:00:d9:1a:24:af:d5:
                    bd:57:ce:11:d1:b0:3d:fe:7f:16:fd:bb:48:f0:a9:
                    f2:69:21:2d:e6:6d:b5:f0:a6:59:a7:36:fd:04:04:
                    69:b9:d9:0a:ef:b2:d3:62:4d:7f:90:d8:c7:ec:25:
                    fe:72:2a:a0:7a:9e:e6:b9:94:34:30:8b:34:a5:ea:
                    2d:e9:b4:6e:63:41:e4:6a:8d:0d:c2:24:6e:ab:82:
                    ee:01:ad:b9:fa:d6:9e:1e:05:78:c9:29:37:f3:9f:
                    3f:c7:00:9d:38:b8:96:20:80:ef:0b:6b:a4:51:d4:
                    0e:85:1b:93:4e:74:20:f9:ed:86:1d:90:80:fc:84:
                    75:d3:c5:1c:61:b0:b6:77:7c:aa:89:23:a2:be:35:
                    0f:aa:ab:74:68:df:20:5b:be:03:73:36:0a:f7:7c:
                    a8:b1:62:4f:36:c2:1b:28:c7:a0:d9:74:05:67:78:
                    da:63:8c:60:80:c1:d7:e3:2b:9b:3b:5b:e7:a8:61:
                    e8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:DE:C8:19:35:E8:34:5E:C0:B7:BA:85:82:0E:92:16:8B:DD:B2:6C
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/yd7IGTXoNF7At7qFgg6SFovdsmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:c0:8b:45:a5:34:b6:d0:9f:0a:97:82:ce:c7:7e:73:61:51:
         c3:29:1d:8e:eb:6a:d6:51:ce:cc:46:12:57:50:fa:30:d4:2d:
         be:01:68:d9:6b:bc:d3:0c:26:39:25:6b:1a:25:36:bc:56:c7:
         b0:f5:09:59:f4:da:86:56:d8:f3:ab:97:1b:f2:41:43:4c:cc:
         ff:6c:8c:e5:11:38:80:91:03:a7:bb:7b:75:42:ca:5c:aa:b8:
         f7:2c:4b:8e:8f:fb:a2:9a:48:aa:2e:a2:c8:17:48:c5:f5:39:
         a4:41:02:99:ec:61:6f:b0:8b:b2:b4:b5:c1:e4:83:1f:1c:d0:
         02:f0:60:d5:be:38:12:40:f4:89:b2:cd:0b:33:d2:5b:30:04:
         38:f6:5d:fe:10:83:23:f8:c7:c7:54:d7:a1:50:4f:76:ad:35:
         4f:a7:76:bb:7e:ac:2a:63:26:25:e4:11:c1:6e:a5:b9:94:97:
         e8:ea:23:48:03:79:5a:ed:44:e3:0b:7c:ae:46:b1:2b:c5:32:
         ae:47:82:fc:d9:d0:16:28:6e:9f:d3:fe:1e:aa:a3:e1:a6:31:
         93:2c:c6:e4:ce:e4:b3:f5:58:5d:0c:8c:29:20:d0:c3:91:70:
         fb:fb:a0:62:c1:e5:94:d4:8b:96:a5:d8:62:0d:33:97:4b:bb:
         60:0b:bd:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jUv97b2jBfFVBMNqgj8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjUwMTAxMDM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWRlYzgxOTM1ZTgzNDVlYzBiN2JhODU4MjBlOTIxNjhiZGRiMjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJKj7ddvKDtiLxZBl1TvNfwgJ4r6
ruv5zegH8cPVhZKbrmGYd4yw1Q1i2r3A1cqVR9M9PUq5KfpM2sSm3gmoXTYtsj0A
2Rokr9W9V84R0bA9/n8W/btI8KnyaSEt5m218KZZpzb9BARpudkK77LTYk1/kNjH
7CX+ciqgep7muZQ0MIs0peot6bRuY0Hkao0NwiRuq4LuAa25+taeHgV4ySk3858/
xwCdOLiWIIDvC2ukUdQOhRuTTnQg+e2GHZCA/IR108UcYbC2d3yqiSOivjUPqqt0
aN8gW74DczYK93yosWJPNsIbKMeg2XQFZ3jaY4xggMHX4yubO1vnqGHo+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMneyBk16DRewLe6hYIOkhaL3bJsMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEveWQ3SUdUWG9ORjdBdDdxRmdnNlNGb3Zkc213LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWSbQMA0G
CSqGSIb3DQEBCwUAA4IBAQAjwItFpTS20J8Kl4LOx35zYVHDKR2O62rWUc7MRhJX
UPow1C2+AWjZa7zTDCY5JWsaJTa8Vsew9QlZ9NqGVtjzq5cb8kFDTMz/bIzlETiA
kQOnu3t1Qspcqrj3LEuOj/uimkiqLqLIF0jF9TmkQQKZ7GFvsIuytLXB5IMfHNAC
8GDVvjgSQPSJss0LM9JbMAQ49l3+EIMj+MfHVNehUE92rTVPp3a7fqwqYyYl5BHB
bqW5lJfo6iNIA3la7UTjC3yuRrErxTKuR4L82dAWKG6f0/4eqqPhpjGTLMbkzuSz
9VhdDIwpINDDkXD7+6BiweWU1IuWpdhiDTOXS7tgC72+
-----END CERTIFICATE-----