Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/N6dh9k3iuT1oFOV_WzG1gvoIErw.roa
File:                     N6dh9k3iuT1oFOV_WzG1gvoIErw.roa (raw, json)
Hash identifier:          hwnoLHGksjVrnGyOU4DUgx/WTz33uAm/EmpBfWm2ssw=
Subject key identifier:   37:A7:61:F6:4D:E2:B9:3D:68:14:E5:7F:5B:31:B5:82:FA:08:12:BC
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       018DE5A0F86DBC0EF54BCD02ED411F43C8F2
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/N6dh9k3iuT1oFOV_WzG1gvoIErw.roa
Signing time:             Mon 26 Feb 2024 13:35:48 +0000
ROA not before:           Mon 26 Feb 2024 13:35:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        89.50.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:04:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:a0:f8:6d:bc:0e:f5:4b:cd:02:ed:41:1f:43:c8:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Feb 26 13:35:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37a761f64de2b93d6814e57f5b31b582fa0812bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:8f:5f:98:8c:09:1a:ab:14:6e:97:06:d4:14:
                    15:95:f1:e6:b1:72:54:04:1f:21:3c:5a:c2:15:54:
                    77:8b:4d:0e:15:db:82:a2:f5:9c:7d:d2:f1:58:df:
                    72:da:95:3f:d8:2d:33:46:62:a8:ab:79:ff:f3:4e:
                    7e:3d:c6:a5:74:82:2e:f1:7a:79:dc:44:aa:6e:7f:
                    a5:f2:64:86:13:0c:71:79:36:5a:5c:ac:02:a3:7b:
                    da:3b:fb:5f:77:99:70:81:a0:e6:9c:4e:9d:12:2e:
                    22:b8:6b:12:0b:da:70:fc:89:10:e3:99:a2:2e:db:
                    4b:d4:18:44:5e:4c:5e:fa:7a:2d:65:3d:bb:ec:00:
                    04:2b:af:b5:70:e2:b7:ec:4c:63:f3:96:88:4b:ed:
                    1c:6d:d3:69:22:5d:25:af:f6:81:f7:13:54:8f:05:
                    c5:36:2a:02:ee:22:7e:be:48:1d:31:b4:8f:8d:61:
                    a8:72:50:f1:6a:0e:e9:90:6a:0e:10:bf:69:a6:f5:
                    35:a6:bc:15:ea:88:46:0e:2a:19:6c:4a:c2:ce:4f:
                    9a:06:2f:8a:c1:4c:50:9e:c9:49:c9:58:7c:68:e6:
                    75:53:45:2d:51:cd:ca:33:f4:e2:da:b2:ab:03:de:
                    37:ca:3e:38:c8:d9:d0:78:d2:fa:fb:48:4f:56:f6:
                    1c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:A7:61:F6:4D:E2:B9:3D:68:14:E5:7F:5B:31:B5:82:FA:08:12:BC
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/N6dh9k3iuT1oFOV_WzG1gvoIErw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.50.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         60:e2:63:d4:94:65:f6:de:1e:51:9a:55:f1:04:88:01:c0:64:
         db:96:da:0d:97:cb:8f:ac:09:d3:b4:c1:50:eb:04:f0:77:0c:
         94:9f:29:75:b2:1e:91:11:ea:14:ad:8f:8f:33:3d:66:38:0a:
         9c:a2:14:5e:e1:9f:27:e7:c8:31:fc:e7:99:62:cb:0e:9c:df:
         40:46:ad:3d:93:70:73:a6:61:ef:4f:5e:36:9c:b8:90:27:b0:
         c7:d4:09:1a:28:2c:4d:c3:69:5a:ed:90:ff:ca:83:54:b2:55:
         25:42:17:77:ad:e2:88:33:d6:5d:72:44:df:98:ac:47:b5:40:
         49:6d:c5:7f:7b:22:64:0f:9b:e0:26:12:4e:5a:bf:bb:82:7e:
         86:1e:6e:e0:aa:2c:ba:67:5f:9e:1d:10:63:20:82:ff:d3:ed:
         c6:39:da:90:6f:b4:c5:45:1d:54:34:cc:43:a2:7d:5e:52:3e:
         da:49:6f:1d:3f:8a:1c:87:d7:ad:8c:37:62:75:34:d7:5d:eb:
         60:0b:25:b7:9e:58:db:c9:a3:6c:91:90:5f:2b:83:7a:95:f2:
         8f:54:70:c9:65:e1:8c:9e:db:93:51:fa:63:56:32:66:6e:1b:
         81:ca:e2:3b:0d:6b:67:72:60:81:f2:47:16:f1:ec:97:c4:cd:
         db:01:e7:d7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAY3loPhtvA71S80C7UEfQ8jyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjQwMjI2MTMzNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2E3NjFmNjRkZTJiOTNkNjgxNGU1N2Y1YjMxYjU4MmZhMDgxMmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzY9fmIwJGqsUbpcG1BQVlfHmsXJU
BB8hPFrCFVR3i00OFduCovWcfdLxWN9y2pU/2C0zRmKoq3n/805+PcaldIIu8Xp5
3ESqbn+l8mSGEwxxeTZaXKwCo3vaO/tfd5lwgaDmnE6dEi4iuGsSC9pw/IkQ45mi
LttL1BhEXkxe+notZT277AAEK6+1cOK37Exj85aIS+0cbdNpIl0lr/aB9xNUjwXF
NioC7iJ+vkgdMbSPjWGoclDxag7pkGoOEL9ppvU1prwV6ohGDioZbErCzk+aBi+K
wUxQnslJyVh8aOZ1U0UtUc3KM/Ti2rKrA943yj44yNnQeNL6+0hPVvYc2wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDenYfZN4rk9aBTlf1sxtYL6CBK8MB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvTjZkaDlrM2l1VDFvRk9WX1d6RzFndm9JRXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAWTIwDQYJ
KoZIhvcNAQELBQADggEBAGDiY9SUZfbeHlGaVfEEiAHAZNuW2g2Xy4+sCdO0wVDr
BPB3DJSfKXWyHpER6hStj48zPWY4CpyiFF7hnyfnyDH855liyw6c30BGrT2TcHOm
Ye9PXjacuJAnsMfUCRooLE3DaVrtkP/Kg1SyVSVCF3et4ogz1l1yRN+YrEe1QElt
xX97ImQPm+AmEk5av7uCfoYebuCqLLpnX54dEGMggv/T7cY52pBvtMVFHVQ0zEOi
fV5SPtpJbx0/ihyH162MN2J1NNdd62ALJbeeWNvJo2yRkF8rg3qV8o9UcMll4Yye
25NR+mNWMmZuG4HK4jsNa2dyYIHyRxbx7JfEzdsB59c=
-----END CERTIFICATE-----