Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/Q59ytOKeHa2KtJTA4Sa7e3bNY6s.roa
File:                     Q59ytOKeHa2KtJTA4Sa7e3bNY6s.roa (raw, json)
Hash identifier:          fOTBjF2V8Z9w12AikjQdtRZu2ZKOUjWTxsW/iNtoW1Y=
Subject key identifier:   43:9F:72:B4:E2:9E:1D:AD:8A:B4:94:C0:E1:26:BB:7B:76:CD:63:AB
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DF242B62CBE0C8502070E865EA558
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/Q59ytOKeHa2KtJTA4Sa7e3bNY6s.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204271
IP address blocks:        62.89.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f2:42:b6:2c:be:0c:85:02:07:0e:86:5e:a5:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=439f72b4e29e1dad8ab494c0e126bb7b76cd63ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:8f:da:a1:45:9a:4d:e3:60:bf:52:b7:e4:ac:
                    04:19:2e:6c:46:96:62:aa:04:d2:b2:3d:0a:b8:3a:
                    ad:c3:ae:79:91:b1:0a:d0:98:df:79:47:62:b7:e1:
                    37:cb:75:41:ad:75:d4:55:1c:01:0f:d8:f4:e5:e9:
                    14:04:60:c4:76:51:ab:51:aa:55:9c:ed:14:77:2a:
                    4c:28:db:fa:04:12:06:49:05:5e:43:fb:c6:c6:2f:
                    e5:d4:ec:c6:8e:8f:70:09:0e:36:96:2f:de:24:4c:
                    44:22:76:d2:79:46:72:e2:9c:0c:7e:22:82:54:63:
                    95:a7:56:cf:ec:fa:08:87:ba:c0:0c:32:fa:52:e2:
                    51:2e:05:c9:b4:58:0c:1a:80:74:c2:b5:2f:56:f2:
                    38:2c:38:af:13:49:6d:84:b3:db:eb:6a:92:43:2c:
                    d1:2c:31:0a:89:26:18:f0:19:f9:c4:2d:ed:13:4b:
                    fe:f4:47:8d:e6:c6:3d:7c:19:91:3e:4e:b3:4b:b4:
                    46:fa:35:1f:04:da:bd:12:eb:8b:53:87:c2:e8:55:
                    f2:d5:70:cf:a2:6f:f7:46:78:47:94:24:8f:de:a0:
                    48:11:c6:a2:ce:ed:1e:56:66:4a:b7:6f:ff:e8:be:
                    a1:ac:ad:b6:6a:54:21:4e:08:58:19:02:f4:d9:df:
                    58:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:9F:72:B4:E2:9E:1D:AD:8A:B4:94:C0:E1:26:BB:7B:76:CD:63:AB
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/Q59ytOKeHa2KtJTA4Sa7e3bNY6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.89.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:5e:ce:e5:f5:ff:fb:50:f5:08:45:eb:2e:ab:3b:8a:33:0c:
         a2:00:b8:c2:1a:5e:6f:f9:be:7c:bf:72:79:4d:e9:cc:e8:1e:
         52:aa:91:d3:21:b0:9b:15:ce:15:e6:6a:5f:6d:ea:39:20:39:
         f9:2f:47:e0:86:33:dd:be:35:f6:1d:6f:72:d1:5f:08:04:10:
         af:1d:26:6a:31:30:02:13:04:37:7d:56:15:e8:63:a2:08:80:
         0f:7f:6b:90:5f:74:bf:1f:09:05:d5:b2:11:2d:ad:e3:f1:f5:
         81:3f:82:4e:89:5a:52:58:50:be:68:d9:f6:d7:6d:c1:4b:da:
         d9:9e:08:8b:39:da:33:57:2e:e5:4e:00:b7:aa:68:2d:f2:0b:
         77:43:4f:18:64:48:f6:0f:30:4d:da:db:79:65:d9:d6:00:82:
         f6:ca:52:c7:d3:5b:b0:bc:97:39:f5:25:b3:85:04:1d:51:71:
         64:7a:44:d3:e0:e8:fa:cf:ab:7d:8c:a3:cc:c8:66:bd:48:c1:
         6a:f2:2e:c7:3f:c5:62:da:ca:92:cb:7d:f3:5a:95:ac:ce:92:
         46:a2:71:38:e5:e6:28:56:85:c2:17:c0:29:2c:11:4a:b3:96:
         8a:ca:f4:1a:a6:5a:c3:77:bc:99:3f:a5:c4:1d:b1:52:a1:2f:
         9d:0c:80:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfJCtiy+DIUCBw6GXqVYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzlmNzJiNGUyOWUxZGFkOGFiNDk0YzBlMTI2YmI3Yjc2Y2Q2M2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4/aoUWaTeNgv1K35KwEGS5sRpZi
qgTSsj0KuDqtw655kbEK0JjfeUdit+E3y3VBrXXUVRwBD9j05ekUBGDEdlGrUapV
nO0UdypMKNv6BBIGSQVeQ/vGxi/l1OzGjo9wCQ42li/eJExEInbSeUZy4pwMfiKC
VGOVp1bP7PoIh7rADDL6UuJRLgXJtFgMGoB0wrUvVvI4LDivE0lthLPb62qSQyzR
LDEKiSYY8Bn5xC3tE0v+9EeN5sY9fBmRPk6zS7RG+jUfBNq9EuuLU4fC6FXy1XDP
om/3RnhHlCSP3qBIEcaizu0eVmZKt2//6L6hrK22alQhTghYGQL02d9YYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOfcrTinh2tirSUwOEmu3t2zWOrMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvUTU5eXRPS2VIYTJLdEpUQTRTYTdlM2JOWTZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPlnBMA0G
CSqGSIb3DQEBCwUAA4IBAQAsXs7l9f/7UPUIResuqzuKMwyiALjCGl5v+b58v3J5
TenM6B5SqpHTIbCbFc4V5mpfbeo5IDn5L0fghjPdvjX2HW9y0V8IBBCvHSZqMTAC
EwQ3fVYV6GOiCIAPf2uQX3S/HwkF1bIRLa3j8fWBP4JOiVpSWFC+aNn2123BS9rZ
ngiLOdozVy7lTgC3qmgt8gt3Q08YZEj2DzBN2tt5ZdnWAIL2ylLH01uwvJc59SWz
hQQdUXFkekTT4Oj6z6t9jKPMyGa9SMFq8i7HP8Vi2sqSy33zWpWszpJGonE45eYo
VoXCF8ApLBFKs5aKyvQaplrDd7yZP6XEHbFSoS+dDIB0
-----END CERTIFICATE-----