Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/DVxku4MmVw3qknUQL_Mj8r7LbMg.roa
File:                     DVxku4MmVw3qknUQL_Mj8r7LbMg.roa (raw, json)
Hash identifier:          d589bEQUW97ZSHfiuyq3Ov+0SH5tfDOeXhVrB1c4SSg=
Subject key identifier:   0D:5C:64:BB:83:26:57:0D:EA:92:75:10:2F:F3:23:F2:BE:CB:6C:C8
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018EEDFC69ABB47842C414B7023FD1E6F799
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/DVxku4MmVw3qknUQL_Mj8r7LbMg.roa
Signing time:             Wed 17 Apr 2024 21:35:25 +0000
ROA not before:           Wed 17 Apr 2024 21:35:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199326
IP address blocks:        89.42.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 09:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ed:fc:69:ab:b4:78:42:c4:14:b7:02:3f:d1:e6:f7:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Apr 17 21:35:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d5c64bb8326570dea9275102ff323f2becb6cc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a3:53:b4:da:d2:a1:78:27:2d:1d:4d:70:db:
                    a7:86:2a:52:d1:2c:c8:31:5f:bf:d4:6a:98:04:a3:
                    ae:06:75:07:65:0a:5a:bc:38:ea:3e:fe:e2:25:c0:
                    2b:86:81:19:d2:97:30:5b:59:0d:ec:20:da:d0:88:
                    59:97:79:f0:27:a1:b7:a9:da:7e:cd:7e:3f:12:29:
                    20:d3:89:b8:3b:53:b5:70:b5:cb:7e:96:75:8d:82:
                    f9:9d:91:a7:7e:54:b5:ee:bd:1b:d3:98:c8:52:5f:
                    ab:81:a3:f1:6d:c8:4b:40:46:15:49:4a:e6:01:30:
                    62:61:f9:d3:de:01:c7:16:c6:ed:c2:b4:4e:ee:36:
                    b3:0c:13:00:6d:2a:9f:f8:fb:9a:d4:17:5a:0d:b6:
                    d2:b9:aa:f5:3d:64:8a:25:8c:fa:72:42:89:15:44:
                    dd:81:24:d9:c6:06:66:b1:cf:9f:66:4e:4e:86:1d:
                    11:10:21:a6:4b:51:a2:63:c3:97:20:b0:de:05:c2:
                    ae:62:f7:b4:f4:6a:a7:df:78:bf:c2:3a:f2:f5:33:
                    50:76:bf:40:14:69:13:a8:7a:fb:c1:af:0c:28:ab:
                    17:52:b3:75:0e:19:9a:b3:9b:fa:19:5c:ef:b7:4b:
                    cf:88:fa:d3:21:98:23:09:bb:ad:a6:f3:be:f6:18:
                    73:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:5C:64:BB:83:26:57:0D:EA:92:75:10:2F:F3:23:F2:BE:CB:6C:C8
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/DVxku4MmVw3qknUQL_Mj8r7LbMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:87:f6:c3:55:44:e2:c7:cc:b2:b7:77:76:53:91:b8:4e:52:
         2d:fe:00:aa:1e:81:58:88:1a:c8:54:1f:0c:7d:68:4c:79:29:
         82:7d:f5:2c:79:9c:b4:dc:93:7b:43:0c:6c:69:5e:fb:43:a9:
         f3:13:1d:06:5b:4e:c5:23:fc:25:a5:69:74:3e:6b:5e:de:8a:
         fb:c2:51:21:7e:9d:e3:5f:1c:43:39:69:2a:5d:df:8b:34:19:
         34:ea:31:09:a4:ed:4a:0a:19:21:58:2f:19:2d:19:80:cf:b1:
         58:89:0b:d9:dd:92:45:f1:0a:c8:08:96:6d:25:d6:09:4c:eb:
         e1:52:fa:fc:3c:08:c3:17:9a:79:c4:a0:dc:93:c0:7b:51:18:
         20:47:43:3b:a4:33:16:3a:f2:8f:4a:24:d8:06:14:c0:5c:e9:
         b7:3f:c6:e5:ee:1c:29:17:e4:7f:df:e6:97:07:c8:f2:f6:ba:
         99:1f:d4:82:e4:e4:e5:50:0c:08:71:2e:e8:45:e8:67:9b:e0:
         dd:79:c5:94:9e:04:88:65:dc:c2:9e:8d:d3:02:6d:37:84:de:
         ff:e8:65:8b:f0:b1:02:06:2a:5a:7a:3f:3e:7b:90:81:9a:5f:
         9e:80:c9:82:32:dd:b7:12:4f:47:ad:0c:2a:7a:89:69:b1:ac:
         aa:c5:b5:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7t/GmrtHhCxBS3Aj/R5veZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwNDE3MjEzNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDVjNjRiYjgzMjY1NzBkZWE5Mjc1MTAyZmYzMjNmMmJlY2I2Y2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6NTtNrSoXgnLR1NcNunhipS0SzI
MV+/1GqYBKOuBnUHZQpavDjqPv7iJcArhoEZ0pcwW1kN7CDa0IhZl3nwJ6G3qdp+
zX4/Eikg04m4O1O1cLXLfpZ1jYL5nZGnflS17r0b05jIUl+rgaPxbchLQEYVSUrm
ATBiYfnT3gHHFsbtwrRO7jazDBMAbSqf+Pua1BdaDbbSuar1PWSKJYz6ckKJFUTd
gSTZxgZmsc+fZk5Ohh0RECGmS1GiY8OXILDeBcKuYve09Gqn33i/wjry9TNQdr9A
FGkTqHr7wa8MKKsXUrN1Dhmas5v6GVzvt0vPiPrTIZgjCbutpvO+9hhzrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1cZLuDJlcN6pJ1EC/zI/K+y2zIMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvRFZ4a3U0TW1WdzNxa25VUUxfTWo4cjdMYk1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSrVMA0G
CSqGSIb3DQEBCwUAA4IBAQCCh/bDVUTix8yyt3d2U5G4TlIt/gCqHoFYiBrIVB8M
fWhMeSmCffUseZy03JN7QwxsaV77Q6nzEx0GW07FI/wlpWl0Pmte3or7wlEhfp3j
XxxDOWkqXd+LNBk06jEJpO1KChkhWC8ZLRmAz7FYiQvZ3ZJF8QrICJZtJdYJTOvh
Uvr8PAjDF5p5xKDck8B7URggR0M7pDMWOvKPSiTYBhTAXOm3P8bl7hwpF+R/3+aX
B8jy9rqZH9SC5OTlUAwIcS7oRehnm+DdecWUngSIZdzCno3TAm03hN7/6GWL8LEC
Bipaej8+e5CBml+egMmCMt23Ek9HrQwqeolpsayqxbWM
-----END CERTIFICATE-----