Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/p2yd7HNa_2u5FC_KlUlqY56HCPs.roa
File:                     p2yd7HNa_2u5FC_KlUlqY56HCPs.roa (raw, json)
Hash identifier:          K3DV3sbkfUMMuZK4zVe0/CYbRxPCq5VTXfB/v1NUxXI=
Subject key identifier:   A7:6C:9D:EC:73:5A:FF:6B:B9:14:2F:CA:95:49:6A:63:9E:87:08:FB
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       01916A76BD4713A534CEA133865A3EDC91B5
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/p2yd7HNa_2u5FC_KlUlqY56HCPs.roa
Signing time:             Mon 19 Aug 2024 11:47:32 +0000
ROA not before:           Mon 19 Aug 2024 11:47:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57353
IP address blocks:        89.58.192.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6a:76:bd:47:13:a5:34:ce:a1:33:86:5a:3e:dc:91:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Aug 19 11:47:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a76c9dec735aff6bb9142fca95496a639e8708fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:44:0e:f9:69:26:7b:f1:8b:d0:ba:97:f1:b7:
                    3d:4b:6b:19:f7:e3:af:30:0b:2b:28:73:f6:b4:83:
                    15:5a:ed:16:90:a4:55:b2:9c:d7:fb:9c:a4:16:6e:
                    e7:1a:80:cb:0c:89:a1:f4:26:a8:9e:62:70:45:9f:
                    d2:67:05:c8:7a:0c:cf:ed:63:bf:af:2f:4f:8b:3d:
                    59:71:da:a0:c7:a6:34:68:0e:dc:28:8b:6b:a9:59:
                    c4:1b:a1:c3:9f:c1:d3:9d:ec:6e:b3:eb:c1:fd:64:
                    fd:62:71:3a:6e:b7:b1:40:e6:fd:cf:82:7e:eb:a5:
                    ed:da:a8:47:e1:d8:dd:d0:e3:67:b5:31:c2:8c:58:
                    f2:31:7a:f6:4c:44:f7:a9:ca:24:a3:c2:3e:81:fb:
                    70:4c:2c:65:3d:6c:54:d0:b7:22:b2:51:5a:fc:27:
                    f5:5c:8e:a1:95:d9:71:8d:d8:fa:87:9d:72:ea:73:
                    bb:9f:0a:83:5f:a8:6e:c4:91:77:1a:2e:de:1c:e0:
                    0d:8d:46:27:e3:26:fd:e1:70:7a:9a:08:93:29:61:
                    08:be:93:61:b3:27:b7:65:c2:3e:cc:b0:9b:60:0f:
                    05:cf:6b:06:7f:35:ee:d6:e2:92:aa:45:18:98:f7:
                    2e:c5:0b:3c:5c:ea:28:0f:65:ed:44:5a:32:86:5b:
                    c3:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:6C:9D:EC:73:5A:FF:6B:B9:14:2F:CA:95:49:6A:63:9E:87:08:FB
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/p2yd7HNa_2u5FC_KlUlqY56HCPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.58.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6c:6f:00:9a:00:15:ca:b6:b8:c4:91:3d:7c:30:69:c4:22:c7:
         62:d7:b8:07:5e:65:54:00:04:eb:6d:fb:ad:5a:a4:a5:ac:f2:
         e9:f6:fc:54:a0:76:9b:4c:a5:9e:e5:33:a9:39:d9:04:ef:72:
         7f:62:55:b6:8e:5f:f3:12:21:da:0e:df:3a:e8:ac:18:0f:15:
         02:eb:d0:0d:cd:66:fd:90:db:72:68:cd:f2:cc:69:ff:e3:c3:
         6f:5c:7c:5c:7c:48:0f:f5:9a:20:de:fc:f8:0d:05:69:9b:d3:
         48:91:c1:10:41:55:e5:8f:80:6a:fb:be:31:82:42:0a:df:d2:
         30:05:01:d1:eb:48:39:3d:35:da:79:50:cb:47:45:0e:f8:75:
         de:7b:eb:a5:ea:dd:b0:f5:de:b2:ed:bb:8c:89:3d:68:70:4f:
         ee:8c:fc:6c:e0:08:a9:d6:78:a2:25:5a:d4:89:1f:91:37:39:
         c9:4e:2c:9b:94:05:ab:96:6f:8e:94:ad:82:17:4c:3e:62:8e:
         f6:58:e7:e3:b1:81:7a:3d:90:2c:95:a7:ed:93:37:c3:f7:2c:
         0a:e1:da:d1:e6:21:91:70:8b:5f:9f:43:25:a8:e4:60:f2:5a:
         5d:a0:08:3a:56:02:e1:2c:00:0c:a2:23:60:b1:cb:16:26:4f:
         bf:45:44:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFqdr1HE6U0zqEzhlo+3JG1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjQwODE5MTE0NzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzZjOWRlYzczNWFmZjZiYjkxNDJmY2E5NTQ5NmE2MzllODcwOGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7EQO+Wkme/GL0LqX8bc9S2sZ9+Ov
MAsrKHP2tIMVWu0WkKRVspzX+5ykFm7nGoDLDImh9CaonmJwRZ/SZwXIegzP7WO/
ry9Piz1Zcdqgx6Y0aA7cKItrqVnEG6HDn8HTnexus+vB/WT9YnE6brexQOb9z4J+
66Xt2qhH4djd0ONntTHCjFjyMXr2TET3qcoko8I+gftwTCxlPWxU0LcislFa/Cf1
XI6hldlxjdj6h51y6nO7nwqDX6huxJF3Gi7eHOANjUYn4yb94XB6mgiTKWEIvpNh
sye3ZcI+zLCbYA8Fz2sGfzXu1uKSqkUYmPcuxQs8XOooD2XtRFoyhlvDYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdsnexzWv9ruRQvypVJamOehwj7MB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvcDJ5ZDdITmFfMnU1RkNfS2xVbHFZNTZIQ1BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGWTrAMA0G
CSqGSIb3DQEBCwUAA4IBAQBsbwCaABXKtrjEkT18MGnEIsdi17gHXmVUAATrbfut
WqSlrPLp9vxUoHabTKWe5TOpOdkE73J/YlW2jl/zEiHaDt866KwYDxUC69ANzWb9
kNtyaM3yzGn/48NvXHxcfEgP9Zog3vz4DQVpm9NIkcEQQVXlj4Bq+74xgkIK39Iw
BQHR60g5PTXaeVDLR0UO+HXee+ul6t2w9d6y7buMiT1ocE/ujPxs4Aip1niiJVrU
iR+RNznJTiyblAWrlm+OlK2CF0w+Yo72WOfjsYF6PZAslaftkzfD9ywK4drR5iGR
cItfn0MlqORg8lpdoAg6VgLhLAAMoiNgscsWJk+/RUR1
-----END CERTIFICATE-----