Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/0nyuKNwkHdjNx58vqjYZWHgdk04.roa
File:                     0nyuKNwkHdjNx58vqjYZWHgdk04.roa (raw, json)
Hash identifier:          IJwrVyR1/3bxuDIXcjl0pqsWJYg81ab8+TgzpFzMgak=
Subject key identifier:   D2:7C:AE:28:DC:24:1D:D8:CD:C7:9F:2F:AA:36:19:58:78:1D:93:4E
Certificate issuer:       /CN=874bf8070cee4305d1a389e910fb5102bbcc1941
Certificate serial:       019427B40D5B9F1F3C8A105093C27E67F0F8
Authority key identifier: 87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/0nyuKNwkHdjNx58vqjYZWHgdk04.roa
Signing time:             Thu 02 Jan 2025 15:48:18 +0000
ROA not before:           Thu 02 Jan 2025 15:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211826
IP address blocks:        85.237.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:0d:5b:9f:1f:3c:8a:10:50:93:c2:7e:67:f0:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874bf8070cee4305d1a389e910fb5102bbcc1941
        Validity
            Not Before: Jan  2 15:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d27cae28dc241dd8cdc79f2faa361958781d934e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:42:e8:99:90:4f:f1:4a:d0:ac:ed:95:6d:13:
                    80:e3:fa:9f:d8:34:df:80:4f:d9:91:47:f9:ff:13:
                    da:9c:86:ea:14:14:af:7a:c0:f7:44:37:7f:50:bc:
                    9c:84:20:8a:1c:74:30:a5:7c:f1:cf:c0:20:4d:f5:
                    63:80:ff:c2:66:e1:0a:82:46:5f:bc:ad:6e:db:78:
                    15:bd:85:d7:09:f2:36:b8:1b:da:a9:f0:7d:ee:f9:
                    a4:2b:76:c5:f5:12:c3:e9:aa:f7:b4:98:c2:23:e0:
                    1d:d9:57:b1:cf:65:05:5d:77:70:ed:b6:8a:45:47:
                    1c:8d:81:ce:da:34:fe:44:52:e4:64:5d:4d:4a:68:
                    f6:2e:25:8e:05:d2:29:4c:50:a7:0e:5b:93:ee:fa:
                    e3:8b:d9:42:fa:20:15:71:92:ab:6c:7d:9d:0c:51:
                    82:bc:ef:8a:36:71:49:f0:4b:6d:df:1a:d4:70:1e:
                    e9:2e:8d:28:f5:f4:eb:78:2b:7f:c2:61:5a:6a:18:
                    8c:cb:ce:e8:d5:70:14:da:75:5b:a9:83:08:95:12:
                    8e:af:06:c4:f2:e7:40:17:df:17:88:37:c6:e0:81:
                    a5:10:93:98:ce:9a:17:3f:60:2d:53:06:59:f3:6a:
                    0b:c8:b4:df:f3:d4:05:05:ef:47:2e:86:fa:3c:8f:
                    57:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:7C:AE:28:DC:24:1D:D8:CD:C7:9F:2F:AA:36:19:58:78:1D:93:4E
            X509v3 Authority Key Identifier:
                keyid:87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/0nyuKNwkHdjNx58vqjYZWHgdk04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:59:49:78:78:ca:39:b5:63:f6:4f:98:6f:4a:3a:ec:4a:a8:
         d6:a8:a7:d8:50:f5:b1:c8:43:4f:e5:4d:19:63:6a:ec:6b:e1:
         47:92:a3:ab:e6:28:c3:c4:41:9c:97:45:c4:00:98:01:39:4a:
         02:e5:57:09:ab:08:81:08:7a:a1:fb:b0:ce:69:dd:1b:8f:78:
         be:4b:3a:b0:d0:a7:60:57:f0:67:c3:5d:75:c1:5e:03:fe:ca:
         c3:e8:ce:95:d0:54:69:f4:b4:8f:f9:51:a7:d6:a1:24:1d:f4:
         c5:a0:03:ed:b9:92:ef:84:a7:00:44:87:2e:7f:cd:76:c3:13:
         dc:f9:0f:c3:25:e4:6d:24:bd:cc:a2:00:d2:a9:aa:43:89:36:
         01:05:f5:77:6c:b4:44:ba:bc:8d:e1:61:7e:0d:d2:ea:7c:3a:
         bb:07:3a:68:0b:7a:2a:16:82:de:21:62:e2:d9:f6:37:5f:9e:
         68:ae:f3:fd:1d:05:f6:cc:c8:08:44:ea:ad:3d:0b:75:eb:8b:
         1c:96:bb:ce:d0:c2:44:ba:44:19:a6:6e:cd:50:2c:34:a4:9c:
         c5:a8:12:43:8e:12:bc:b3:ee:83:9e:64:38:be:8f:b0:3a:53:
         5a:08:53:70:26:94:91:57:4b:de:34:a4:b8:aa:42:06:36:9c:
         c4:4d:98:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntA1bnx88ihBQk8J+Z/D4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGJmODA3MGNlZTQzMDVkMWEzODllOTEwZmI1MTAyYmJj
YzE5NDEwHhcNMjUwMTAyMTU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjdjYWUyOGRjMjQxZGQ4Y2RjNzlmMmZhYTM2MTk1ODc4MWQ5MzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0LomZBP8UrQrO2VbROA4/qf2DTf
gE/ZkUf5/xPanIbqFBSvesD3RDd/ULychCCKHHQwpXzxz8AgTfVjgP/CZuEKgkZf
vK1u23gVvYXXCfI2uBvaqfB97vmkK3bF9RLD6ar3tJjCI+Ad2Vexz2UFXXdw7baK
RUccjYHO2jT+RFLkZF1NSmj2LiWOBdIpTFCnDluT7vrji9lC+iAVcZKrbH2dDFGC
vO+KNnFJ8Ett3xrUcB7pLo0o9fTreCt/wmFaahiMy87o1XAU2nVbqYMIlRKOrwbE
8udAF98XiDfG4IGlEJOYzpoXP2AtUwZZ82oLyLTf89QFBe9HLob6PI9X6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJ8rijcJB3YzcefL6o2GVh4HZNOMB8GA1UdIwQY
MBaAFIdL+AcM7kMF0aOJ6RD7UQK7zBlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWIt
NmZlNGQ4ZmVkMTYwLzEvMG55dUtOd2tIZGpOeDU4dnFqWVpXSGdkazA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWItNmZlNGQ4ZmVkMTYw
LzEvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe1ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBOWUl4eMo5tWP2T5hvSjrsSqjWqKfYUPWxyENP5U0Z
Y2rsa+FHkqOr5ijDxEGcl0XEAJgBOUoC5VcJqwiBCHqh+7DOad0bj3i+Szqw0Kdg
V/Bnw111wV4D/srD6M6V0FRp9LSP+VGn1qEkHfTFoAPtuZLvhKcARIcuf812wxPc
+Q/DJeRtJL3MogDSqapDiTYBBfV3bLREuryN4WF+DdLqfDq7BzpoC3oqFoLeIWLi
2fY3X55orvP9HQX2zMgIROqtPQt164sclrvO0MJEukQZpm7NUCw0pJzFqBJDjhK8
s+6DnmQ4vo+wOlNaCFNwJpSRV0veNKS4qkIGNpzETZiW
-----END CERTIFICATE-----