Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/s4FNYqlPr4eIL89f7XEMNtp1gE8.roa
File:                     s4FNYqlPr4eIL89f7XEMNtp1gE8.roa (raw, json)
Hash identifier:          ob2pYn60QsZ80HiVyjiebygMBZ2BYOHnh41CTPkghZU=
Subject key identifier:   B3:81:4D:62:A9:4F:AF:87:88:2F:CF:5F:ED:71:0C:36:DA:75:80:4F
Certificate issuer:       /CN=54296d23def4c8521c647dc68acb3c123f611d89
Certificate serial:       019053F356B4927097FC1392A4D7F5232A95
Authority key identifier: 54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/s4FNYqlPr4eIL89f7XEMNtp1gE8.roa
Signing time:             Wed 26 Jun 2024 09:49:34 +0000
ROA not before:           Wed 26 Jun 2024 09:49:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35725
IP address blocks:        89.123.192.0/20 maxlen: 20
                          109.101.160.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 04:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:f3:56:b4:92:70:97:fc:13:92:a4:d7:f5:23:2a:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54296d23def4c8521c647dc68acb3c123f611d89
        Validity
            Not Before: Jun 26 09:49:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3814d62a94faf87882fcf5fed710c36da75804f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c9:4c:75:62:70:d2:48:4e:37:b1:68:b1:28:
                    c1:d9:9a:fc:c1:59:dd:07:89:a3:81:80:9b:3d:d8:
                    ad:aa:b0:18:a9:42:75:d7:d7:39:44:71:00:cb:d8:
                    95:59:38:e4:da:98:d1:4e:9d:9d:fc:09:ef:3f:92:
                    eb:36:78:f2:0b:87:ab:c6:a1:73:ff:43:95:c6:30:
                    5a:19:9b:23:0c:45:43:7f:0d:0d:55:1f:3e:68:59:
                    09:90:0f:55:58:7b:e6:a8:d1:ba:37:24:73:f7:2a:
                    5c:b8:a6:67:16:4e:3c:96:df:89:13:de:f0:07:10:
                    85:84:cc:00:3b:7f:67:4d:bb:74:6c:c5:d0:ae:9c:
                    5d:27:89:72:46:ef:b5:bb:29:8a:be:b4:c3:22:30:
                    a3:bd:b5:57:0e:51:d5:97:91:10:a0:11:7b:c6:44:
                    49:5a:3f:6f:88:57:e5:1f:2d:08:5e:b0:9b:43:e4:
                    94:3f:62:56:84:83:ac:a2:85:e6:c8:46:ce:23:5d:
                    8b:ba:02:3d:8e:d6:05:5b:aa:12:87:98:e4:97:5c:
                    08:0c:ef:fa:98:23:0b:e8:4c:ac:a8:25:ea:b4:76:
                    c7:8d:fa:3f:88:36:db:79:6b:26:c9:63:06:d3:91:
                    b1:a3:7c:a0:bc:65:34:08:5d:82:9e:ee:b4:8d:3a:
                    c4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:81:4D:62:A9:4F:AF:87:88:2F:CF:5F:ED:71:0C:36:DA:75:80:4F
            X509v3 Authority Key Identifier:
                keyid:54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/s4FNYqlPr4eIL89f7XEMNtp1gE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.123.192.0/20
                  109.101.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4e:b0:b1:44:35:b1:34:35:6e:59:a4:17:3e:28:bd:3c:86:0e:
         a4:e6:2b:90:4b:b4:d6:81:0e:f2:ed:56:4b:28:93:df:9f:ef:
         ce:d1:2e:c5:3c:8a:e0:7d:3c:d6:5f:34:eb:95:e4:38:f5:ee:
         3c:3f:44:38:94:98:d4:6d:6c:ef:26:c5:7f:24:60:fa:a3:22:
         31:b1:b6:7a:83:8c:13:d7:ce:cc:71:55:40:f8:1c:31:0b:a3:
         09:4e:48:b7:b9:98:71:e4:dc:10:22:62:11:21:fd:b9:7a:5e:
         f1:0d:97:38:97:8b:34:de:a8:34:0e:d6:12:24:3d:bd:f4:ff:
         13:7b:91:41:bf:7d:15:47:0d:d5:02:cf:28:f8:ad:d4:43:e4:
         53:14:3d:e7:43:59:01:19:81:4a:5a:4d:7f:dd:24:ae:57:46:
         7b:44:50:be:bb:f8:86:3d:9a:dc:d1:3d:1d:78:d1:8f:64:59:
         4f:80:c5:75:55:a5:12:ea:12:8e:0a:e3:7a:47:14:48:79:35:
         04:f9:0f:40:32:0c:33:72:cc:20:03:94:c9:2f:e9:fc:fa:3c:
         9a:08:10:30:47:85:c7:f2:b9:fd:d1:0b:34:91:d5:52:20:5c:
         8e:68:58:e5:f1:01:fa:e1:f6:00:17:82:d4:9f:18:9a:76:ba:
         74:3a:58:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBT81a0knCX/BOSpNf1IyqVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Mjk2ZDIzZGVmNGM4NTIxYzY0N2RjNjhhY2IzYzEyM2Y2
MTFkODkwHhcNMjQwNjI2MDk0OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzgxNGQ2MmE5NGZhZjg3ODgyZmNmNWZlZDcxMGMzNmRhNzU4MDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsslMdWJw0khON7FosSjB2Zr8wVnd
B4mjgYCbPditqrAYqUJ119c5RHEAy9iVWTjk2pjRTp2d/AnvP5LrNnjyC4erxqFz
/0OVxjBaGZsjDEVDfw0NVR8+aFkJkA9VWHvmqNG6NyRz9ypcuKZnFk48lt+JE97w
BxCFhMwAO39nTbt0bMXQrpxdJ4lyRu+1uymKvrTDIjCjvbVXDlHVl5EQoBF7xkRJ
Wj9viFflHy0IXrCbQ+SUP2JWhIOsooXmyEbOI12LugI9jtYFW6oSh5jkl1wIDO/6
mCML6EysqCXqtHbHjfo/iDbbeWsmyWMG05Gxo3ygvGU0CF2Cnu60jTrElQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLOBTWKpT6+HiC/PX+1xDDbadYBPMB8GA1UdIwQY
MBaAFFQpbSPe9MhSHGR9xorLPBI/YR2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUt
OTQyNDgyZjhkMmVhLzEvczRGTllxbFByNGVJTDg5ZjdYRU1OdHAxZ0U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUtOTQyNDgyZjhkMmVh
LzEvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEWXvAAwQF
bWWgMA0GCSqGSIb3DQEBCwUAA4IBAQBOsLFENbE0NW5ZpBc+KL08hg6k5iuQS7TW
gQ7y7VZLKJPfn+/O0S7FPIrgfTzWXzTrleQ49e48P0Q4lJjUbWzvJsV/JGD6oyIx
sbZ6g4wT187McVVA+BwxC6MJTki3uZhx5NwQImIRIf25el7xDZc4l4s03qg0DtYS
JD299P8Te5FBv30VRw3VAs8o+K3UQ+RTFD3nQ1kBGYFKWk1/3SSuV0Z7RFC+u/iG
PZrc0T0deNGPZFlPgMV1VaUS6hKOCuN6RxRIeTUE+Q9AMgwzcswgA5TJL+n8+jya
CBAwR4XH8rn90Qs0kdVSIFyOaFjl8QH64fYAF4LUnxiadrp0OlhT
-----END CERTIFICATE-----