Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/mfKk2UDR122ZnsFSoQHBHgy3IXg.roa
File:                     mfKk2UDR122ZnsFSoQHBHgy3IXg.roa (raw, json)
Hash identifier:          TBp101SfIfewO+MAV1VsLk5TSN7X04m0TQXCzFZcL5M=
Subject key identifier:   99:F2:A4:D9:40:D1:D7:6D:99:9E:C1:52:A1:01:C1:1E:0C:B7:21:78
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DED4BD1670413A8E2C72BC15BEFD7
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/mfKk2UDR122ZnsFSoQHBHgy3IXg.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60484
IP address blocks:        62.89.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ed:4b:d1:67:04:13:a8:e2:c7:2b:c1:5b:ef:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99f2a4d940d1d76d999ec152a101c11e0cb72178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:3d:3a:76:06:73:31:cc:92:75:e4:ae:db:2c:
                    fe:38:55:86:4d:35:3c:5b:aa:09:9c:9e:2a:ab:2c:
                    21:83:f9:8b:38:83:2e:44:49:93:4f:81:37:de:64:
                    c3:a9:d9:38:4f:96:44:5f:3e:61:a3:b0:1f:02:02:
                    7b:02:6b:11:93:2f:69:f8:2c:40:f9:b4:c2:56:9a:
                    e8:a4:34:92:b7:df:35:5e:a3:e3:87:87:f2:38:2c:
                    a7:8b:b8:bd:4e:a0:0d:f1:32:78:18:a8:e9:35:98:
                    23:5b:a4:40:e7:55:26:70:10:75:1c:51:e6:28:05:
                    19:f0:e0:a3:db:19:e9:2a:4b:a4:92:67:53:ff:9d:
                    e8:79:7b:6b:9a:69:e2:99:0d:21:b5:7d:e4:2c:f0:
                    d7:4a:27:87:f1:f8:97:94:f8:60:68:9d:80:8a:f9:
                    41:11:08:8b:96:90:62:9c:e7:ea:62:aa:2d:d2:3d:
                    69:fd:50:b7:e3:14:15:96:6a:7e:fb:0d:fb:02:9c:
                    bf:97:28:a6:31:f1:c4:f8:c8:64:05:39:68:e5:90:
                    da:90:e9:92:e2:9e:25:0d:62:a8:e2:49:94:f0:a8:
                    79:2c:fc:16:6a:92:45:28:b1:e2:da:aa:98:36:42:
                    29:3f:ed:5b:d9:43:2b:90:cb:02:52:c4:7a:e3:ad:
                    8f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F2:A4:D9:40:D1:D7:6D:99:9E:C1:52:A1:01:C1:1E:0C:B7:21:78
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/mfKk2UDR122ZnsFSoQHBHgy3IXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.89.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:16:84:07:83:03:b8:df:7b:72:23:50:26:27:32:29:be:92:
         6b:33:00:28:24:af:78:e7:00:a7:17:73:de:22:5b:1d:33:fe:
         89:b9:7f:ed:04:93:b1:72:bc:b0:97:a3:1e:a3:8d:52:f9:3c:
         6b:79:20:78:d1:82:61:74:71:0e:6b:62:2b:dd:21:fa:fe:1f:
         55:ec:7c:5c:c2:d2:fb:87:03:18:08:49:bd:5e:c2:11:a1:ce:
         c3:00:41:07:c9:c2:1a:3e:62:7c:f4:54:38:dc:94:93:f8:03:
         3e:c4:97:98:c6:18:4c:6d:22:43:ef:02:ad:72:0a:cc:f6:f5:
         9c:9e:dc:5e:c7:7b:46:02:95:43:eb:b3:f1:b5:0c:67:51:13:
         6b:1c:f1:3a:b4:1c:3f:ac:b7:d4:40:b0:a6:89:f3:b0:9d:02:
         a1:25:54:5a:8a:c0:98:99:8b:4a:ac:22:b2:39:0d:af:05:b9:
         09:da:86:c8:a0:d7:21:99:1a:03:1b:d9:71:41:4f:cb:ab:23:
         fe:95:b6:df:61:6a:92:8d:77:e0:5f:f0:35:42:cf:de:af:02:
         6e:ee:55:02:05:83:53:5f:8d:1f:e9:57:c8:77:e8:8d:48:14:
         5d:02:a8:f8:be:fd:32:71:3f:d2:e6:90:0d:2b:2e:bb:6b:60:
         c1:ea:2b:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbe1L0WcEE6jixyvBW+/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWYyYTRkOTQwZDFkNzZkOTk5ZWMxNTJhMTAxYzExZTBjYjcyMTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6z06dgZzMcySdeSu2yz+OFWGTTU8
W6oJnJ4qqywhg/mLOIMuREmTT4E33mTDqdk4T5ZEXz5ho7AfAgJ7AmsRky9p+CxA
+bTCVpropDSSt981XqPjh4fyOCyni7i9TqAN8TJ4GKjpNZgjW6RA51UmcBB1HFHm
KAUZ8OCj2xnpKkukkmdT/53oeXtrmmnimQ0htX3kLPDXSieH8fiXlPhgaJ2AivlB
EQiLlpBinOfqYqot0j1p/VC34xQVlmp++w37Apy/lyimMfHE+MhkBTlo5ZDakOmS
4p4lDWKo4kmU8Kh5LPwWapJFKLHi2qqYNkIpP+1b2UMrkMsCUsR6462PjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJnypNlA0ddtmZ7BUqEBwR4MtyF4MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvbWZLazJVRFIxMjJabnNGU29RSEJIZ3kzSVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPlnEMA0G
CSqGSIb3DQEBCwUAA4IBAQAVFoQHgwO433tyI1AmJzIpvpJrMwAoJK945wCnF3Pe
IlsdM/6JuX/tBJOxcrywl6Meo41S+TxreSB40YJhdHEOa2Ir3SH6/h9V7HxcwtL7
hwMYCEm9XsIRoc7DAEEHycIaPmJ89FQ43JST+AM+xJeYxhhMbSJD7wKtcgrM9vWc
ntxex3tGApVD67PxtQxnURNrHPE6tBw/rLfUQLCmifOwnQKhJVRaisCYmYtKrCKy
OQ2vBbkJ2obIoNchmRoDG9lxQU/LqyP+lbbfYWqSjXfgX/A1Qs/erwJu7lUCBYNT
X40f6VfId+iNSBRdAqj4vv0ycT/S5pANKy67a2DB6iu6
-----END CERTIFICATE-----