Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/7OS_HiISCJOVNmfOCjf82K0rvGM.roa
File:                     7OS_HiISCJOVNmfOCjf82K0rvGM.roa (raw, json)
Hash identifier:          fq3U2t+f5X3dppX+xBPGKL05THKUhTNQ3LVwaRggyN8=
Subject key identifier:   EC:E4:BF:1E:22:12:08:93:95:36:67:CE:0A:37:FC:D8:AD:2B:BC:63
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       018CC56F0223194068D7BF65E25A394E715B
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/7OS_HiISCJOVNmfOCjf82K0rvGM.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49849
IP address blocks:        89.252.225.0/24 maxlen: 24
                          89.252.226.0/24 maxlen: 24
                          89.252.224.0/24 maxlen: 24
                          194.12.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:02:23:19:40:68:d7:bf:65:e2:5a:39:4e:71:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ece4bf1e22120893953667ce0a37fcd8ad2bbc63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b4:d1:2d:c7:cd:f6:51:fc:a8:88:1c:65:41:
                    32:df:e9:76:99:42:c9:b2:d0:75:6f:90:49:92:39:
                    e3:8f:d2:2e:71:af:60:1b:dc:73:38:81:07:b1:a7:
                    14:6c:03:b9:af:7d:51:e6:00:76:f5:44:81:65:c3:
                    b5:01:fa:ea:7e:fe:0d:60:ff:03:3c:bd:77:5f:97:
                    4b:a8:73:0e:1e:c7:32:9a:3b:74:c3:f5:f3:e8:bc:
                    95:7d:da:5d:51:6d:2b:75:c4:b5:ca:46:8f:d3:d9:
                    e4:48:04:37:de:6d:b5:ae:3a:11:94:88:8a:68:ca:
                    70:f8:0a:89:5f:c3:df:a1:48:f9:2c:9a:29:3f:b0:
                    f2:33:49:1f:a1:bf:9f:41:cb:51:0a:42:0d:99:41:
                    84:53:02:b7:e5:ca:5c:c4:89:1b:68:76:f9:b7:20:
                    de:0d:d7:02:d7:15:ef:90:0f:de:72:8e:7b:80:dd:
                    18:51:a7:9c:3b:26:a2:d7:2a:33:ee:3d:8c:30:9f:
                    eb:02:6e:05:3f:49:ad:d9:33:c1:18:9c:20:19:f0:
                    61:e3:3a:4d:0b:24:c8:83:53:f0:bc:a6:4f:8c:3a:
                    91:8b:b4:ff:b8:f9:31:59:d0:ae:42:32:f5:f9:14:
                    2f:b5:e8:1e:c1:54:1a:08:9b:d9:b8:b2:69:d8:9f:
                    89:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:E4:BF:1E:22:12:08:93:95:36:67:CE:0A:37:FC:D8:AD:2B:BC:63
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/7OS_HiISCJOVNmfOCjf82K0rvGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.224.0-89.252.226.255
                  194.12.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:2f:57:57:53:d1:42:67:ef:84:14:9f:9e:2e:f8:4f:3b:e4:
         56:8f:42:52:4e:1f:19:0b:a2:7c:0d:3e:c1:26:3a:a7:71:a8:
         2d:20:cc:80:0e:23:bc:89:c2:f5:59:9d:4d:67:80:02:f0:29:
         64:5a:68:e5:97:a4:30:de:a9:23:3a:25:f8:60:78:f6:1f:10:
         cf:38:7c:57:54:7d:c2:93:56:a6:37:60:22:da:91:be:c0:0e:
         2e:b6:da:ee:b9:68:82:a2:86:b2:74:6c:41:f7:83:99:d1:75:
         f4:76:f9:ca:59:58:ae:77:ad:38:87:35:07:a0:85:9e:c2:03:
         a0:67:8a:17:88:12:62:0b:c1:22:a9:c7:cd:cb:f9:f9:9a:2b:
         e9:02:8a:f2:d0:b4:46:2e:82:eb:07:e4:29:42:d1:d8:47:c3:
         81:98:b6:56:e6:45:6b:25:39:33:fb:a8:d4:c0:e7:92:b0:2f:
         00:2b:d7:35:f9:bf:54:f0:e1:a6:56:0a:7c:25:df:d7:c1:fd:
         6b:32:7e:4c:62:21:db:71:95:83:68:dc:1f:df:76:f4:d4:64:
         11:61:3b:8d:a4:22:2b:fe:d9:0f:bc:22:e8:3a:5e:af:91:88:
         26:f0:b2:7f:5f:39:11:e5:d0:0f:d7:bf:28:12:9f:7b:a6:f2:
         e0:3c:14:f4
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzFbwIjGUBo179l4lo5TnFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2U0YmYxZTIyMTIwODkzOTUzNjY3Y2UwYTM3ZmNkOGFkMmJiYzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLTRLcfN9lH8qIgcZUEy3+l2mULJ
stB1b5BJkjnjj9Iuca9gG9xzOIEHsacUbAO5r31R5gB29USBZcO1Afrqfv4NYP8D
PL13X5dLqHMOHscymjt0w/Xz6LyVfdpdUW0rdcS1ykaP09nkSAQ33m21rjoRlIiK
aMpw+AqJX8PfoUj5LJopP7DyM0kfob+fQctRCkINmUGEUwK35cpcxIkbaHb5tyDe
DdcC1xXvkA/eco57gN0YUaecOyai1yoz7j2MMJ/rAm4FP0mt2TPBGJwgGfBh4zpN
CyTIg1PwvKZPjDqRi7T/uPkxWdCuQjL1+RQvtegewVQaCJvZuLJp2J+JEwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOzkvx4iEgiTlTZnzgo3/NitK7xjMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvN09TX0hpSVNDSk9WTm1mT0NqZjgySzBydkdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAVZ/OAD
BABZ/OIDBADCDOgwDQYJKoZIhvcNAQELBQADggEBAMEvV1dT0UJn74QUn54u+E87
5FaPQlJOHxkLonwNPsEmOqdxqC0gzIAOI7yJwvVZnU1ngALwKWRaaOWXpDDeqSM6
JfhgePYfEM84fFdUfcKTVqY3YCLakb7ADi622u65aIKihrJ0bEH3g5nRdfR2+cpZ
WK53rTiHNQeghZ7CA6BniheIEmILwSKpx83L+fmaK+kCivLQtEYugusH5ClC0dhH
w4GYtlbmRWslOTP7qNTA55KwLwAr1zX5v1Tw4aZWCnwl39fB/WsyfkxiIdtxlYNo
3B/fdvTUZBFhO42kIiv+2Q+8Iug6Xq+RiCbwsn9fORHl0A/XvygSn3um8uA8FPQ=
-----END CERTIFICATE-----