Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/I89qaPPQ7xt2BGSLDSUFg6wIskE.roa
File:                     I89qaPPQ7xt2BGSLDSUFg6wIskE.roa (raw, json)
Hash identifier:          stvFee/mjI6WEXOlNmHRR0UyASl3TY5yjuxZK8DDqzw=
Subject key identifier:   23:CF:6A:68:F3:D0:EF:1B:76:04:64:8B:0D:25:05:83:AC:08:B2:41
Certificate issuer:       /CN=66d475bb542f61821be39dbc9b68275d6e0087d4
Certificate serial:       018CC7935022286511A6DEF78DB1E0DB372C
Authority key identifier: 66:D4:75:BB:54:2F:61:82:1B:E3:9D:BC:9B:68:27:5D:6E:00:87:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/I89qaPPQ7xt2BGSLDSUFg6wIskE.roa
Signing time:             Tue 02 Jan 2024 00:29:29 +0000
ROA not before:           Tue 02 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41728
IP address blocks:        194.37.250.0/23 maxlen: 24
                          194.39.78.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:50:22:28:65:11:a6:de:f7:8d:b1:e0:db:37:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66d475bb542f61821be39dbc9b68275d6e0087d4
        Validity
            Not Before: Jan  2 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23cf6a68f3d0ef1b7604648b0d250583ac08b241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9b:3c:b9:27:8d:c4:b2:9f:eb:db:a7:5c:48:
                    58:90:10:ec:00:92:96:48:db:3e:0e:3f:1b:a3:e1:
                    14:8b:76:83:5c:39:15:03:dd:b2:5f:0b:93:bf:48:
                    84:ee:7e:26:16:e6:69:e2:10:c4:65:3a:cd:38:a3:
                    aa:87:72:c7:7f:de:a4:ac:f3:03:87:54:aa:0a:bf:
                    ce:ff:2f:5b:ea:dc:ec:05:e5:9a:5a:0f:e9:f6:12:
                    8f:f3:21:ec:c0:39:fa:16:ed:c8:a3:d2:76:e5:b9:
                    64:3b:dc:fe:e9:a4:7d:c1:69:c1:99:70:d4:d6:df:
                    d6:61:06:d5:01:bd:e8:8c:c1:39:24:0f:5a:2d:49:
                    93:de:46:0e:16:dd:78:e3:a2:26:c3:d5:af:66:1f:
                    b5:ea:9f:dd:6a:7b:5b:ca:61:fe:38:fa:cc:fd:5e:
                    44:ef:a4:65:c3:66:62:2e:ff:ea:ac:98:9e:12:91:
                    c2:1c:a0:70:a4:53:53:7d:93:40:18:64:aa:ce:78:
                    16:83:5a:f1:63:bd:61:5b:e7:b5:5f:c5:3b:5c:82:
                    99:76:dc:55:b7:f0:c0:bb:46:5b:9c:2a:4c:d6:73:
                    6e:00:75:b8:38:70:ad:3b:6c:6e:b6:46:04:58:4e:
                    7f:fb:c1:8e:79:85:76:a1:88:ea:23:ec:43:f0:ff:
                    70:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:CF:6A:68:F3:D0:EF:1B:76:04:64:8B:0D:25:05:83:AC:08:B2:41
            X509v3 Authority Key Identifier:
                keyid:66:D4:75:BB:54:2F:61:82:1B:E3:9D:BC:9B:68:27:5D:6E:00:87:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/I89qaPPQ7xt2BGSLDSUFg6wIskE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ee354a-8428-4d86-9824-e5fcebdaa7f2/1/ZtR1u1QvYYIb4528m2gnXW4Ah9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.37.250.0/23
                  194.39.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:a5:ec:f6:b8:2a:42:b7:75:ae:59:56:b2:43:57:e9:81:a6:
         4f:3e:47:17:cf:ae:3d:cc:c3:ce:ef:12:ed:25:13:62:b1:de:
         4f:00:4d:f4:c4:24:45:cf:4b:9d:d6:d8:19:24:56:65:4a:9a:
         27:4d:a7:a6:b4:a5:9b:8c:1a:60:d2:ad:9d:af:f2:8c:84:f8:
         ac:44:c5:30:4a:24:fb:2e:55:fc:0b:3e:89:a5:b9:35:3a:f3:
         34:1b:9c:7d:3b:fd:fb:44:d1:28:4f:f0:ce:8a:8a:c3:97:54:
         33:b9:bd:08:49:d6:f3:b0:6d:6c:5a:fe:14:e4:02:48:f6:fa:
         8b:68:bd:27:e6:e7:9e:3b:bd:3c:70:1d:f0:3e:10:af:db:f3:
         5d:b8:eb:2c:29:59:35:1e:c0:7d:53:09:ee:87:ae:51:c9:8f:
         1d:c1:27:ec:8b:90:cc:de:0b:8e:7e:67:dd:95:ed:33:bb:c0:
         b7:80:b1:f6:40:f7:c1:98:2f:05:12:69:27:a7:66:58:67:b1:
         6c:09:31:81:93:3f:8e:66:38:dc:fd:25:fa:c0:c6:83:51:36:
         79:bc:e8:91:ab:52:7e:10:d8:31:42:01:45:64:b7:42:cc:99:
         e9:d9:0e:64:01:ce:5c:ee:a5:66:7e:99:a6:79:08:64:5e:72:
         2b:e3:d2:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk1AiKGURpt73jbHg2zcsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZDQ3NWJiNTQyZjYxODIxYmUzOWRiYzliNjgyNzVkNmUw
MDg3ZDQwHhcNMjQwMTAyMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2NmNmE2OGYzZDBlZjFiNzYwNDY0OGIwZDI1MDU4M2FjMDhiMjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZs8uSeNxLKf69unXEhYkBDsAJKW
SNs+Dj8bo+EUi3aDXDkVA92yXwuTv0iE7n4mFuZp4hDEZTrNOKOqh3LHf96krPMD
h1SqCr/O/y9b6tzsBeWaWg/p9hKP8yHswDn6Fu3Io9J25blkO9z+6aR9wWnBmXDU
1t/WYQbVAb3ojME5JA9aLUmT3kYOFt1446Imw9WvZh+16p/dantbymH+OPrM/V5E
76Rlw2ZiLv/qrJieEpHCHKBwpFNTfZNAGGSqzngWg1rxY71hW+e1X8U7XIKZdtxV
t/DAu0ZbnCpM1nNuAHW4OHCtO2xutkYEWE5/+8GOeYV2oYjqI+xD8P9wXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCPPamjz0O8bdgRkiw0lBYOsCLJBMB8GA1UdIwQY
MBaAFGbUdbtUL2GCG+OdvJtoJ11uAIfUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRSMXUxUXZZWUliNDUyOG0yZ25YVzRBaDlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9lZTM1NGEtODQyOC00ZDg2LTk4MjQt
ZTVmY2ViZGFhN2YyLzEvSTg5cWFQUFE3eHQyQkdTTERTVUZnNndJc2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9lZTM1NGEtODQyOC00ZDg2LTk4MjQtZTVmY2ViZGFhN2Yy
LzEvWnRSMXUxUXZZWUliNDUyOG0yZ25YVzRBaDlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwiX6AwQB
widOMA0GCSqGSIb3DQEBCwUAA4IBAQAPpez2uCpCt3WuWVayQ1fpgaZPPkcXz649
zMPO7xLtJRNisd5PAE30xCRFz0ud1tgZJFZlSponTaemtKWbjBpg0q2dr/KMhPis
RMUwSiT7LlX8Cz6Jpbk1OvM0G5x9O/37RNEoT/DOiorDl1Qzub0ISdbzsG1sWv4U
5AJI9vqLaL0n5ueeO708cB3wPhCv2/NduOssKVk1HsB9Uwnuh65RyY8dwSfsi5DM
3guOfmfdle0zu8C3gLH2QPfBmC8FEmknp2ZYZ7FsCTGBkz+OZjjc/SX6wMaDUTZ5
vOiRq1J+ENgxQgFFZLdCzJnp2Q5kAc5c7qVmfpmmeQhkXnIr49KS
-----END CERTIFICATE-----