Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/lFNEbA4WXa1kqpPRAFp7E-A0l2E.roa
File:                     lFNEbA4WXa1kqpPRAFp7E-A0l2E.roa (raw, json)
Hash identifier:          RLdKaSl14tW7ZrRmULGs2dhO8FMuiohKtUpmaqgzRYE=
Subject key identifier:   94:53:44:6C:0E:16:5D:AD:64:AA:93:D1:00:5A:7B:13:E0:34:97:61
Certificate issuer:       /CN=3e8c1897624f57be34e0f760b97f110ad5b5da3a
Certificate serial:       019546E7F9AFEA18891DC609A74041BF536B
Authority key identifier: 3E:8C:18:97:62:4F:57:BE:34:E0:F7:60:B9:7F:11:0A:D5:B5:DA:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PowYl2JPV7404PdguX8RCtW12jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/lFNEbA4WXa1kqpPRAFp7E-A0l2E.roa
Signing time:             Thu 27 Feb 2025 10:16:02 +0000
ROA not before:           Thu 27 Feb 2025 10:16:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206031
IP address blocks:        89.207.120.0/24 maxlen: 24
                          89.207.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/PowYl2JPV7404PdguX8RCtW12jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/PowYl2JPV7404PdguX8RCtW12jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PowYl2JPV7404PdguX8RCtW12jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:46:e7:f9:af:ea:18:89:1d:c6:09:a7:40:41:bf:53:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e8c1897624f57be34e0f760b97f110ad5b5da3a
        Validity
            Not Before: Feb 27 10:16:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9453446c0e165dad64aa93d1005a7b13e0349761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:18:3b:35:66:8d:51:07:d5:64:c6:5b:a0:f0:
                    d8:39:36:15:e2:b0:12:9f:e7:b4:7e:5f:61:d0:df:
                    13:07:bc:64:da:c1:3f:3b:e5:b5:d5:99:72:8d:fe:
                    32:41:d7:9d:51:95:20:a0:e0:2c:5e:a5:62:f8:76:
                    73:91:e0:c1:db:d8:a1:5f:0d:0d:4a:2b:d5:07:e7:
                    b5:17:da:c1:95:d6:45:88:dc:8a:12:d8:16:97:33:
                    df:e9:09:7e:a2:ea:f6:22:92:d5:09:fd:47:64:40:
                    ec:2e:e4:ac:10:65:99:12:f4:ec:fa:79:38:0f:bf:
                    76:b2:49:1f:cb:6f:94:68:ed:03:41:74:01:d6:73:
                    75:b8:2a:b9:72:98:8b:45:9a:2f:08:1a:b2:8d:e6:
                    65:8d:dd:c6:5d:e3:69:b6:06:5e:6b:a5:c0:94:f7:
                    7c:4a:0f:d4:2a:ce:db:bf:61:29:d0:d6:74:72:12:
                    73:ad:46:47:be:c5:3e:54:7a:b8:57:9b:0e:0e:ea:
                    ce:b7:82:0a:28:9d:ce:8f:b2:d9:da:79:7f:5f:e2:
                    fb:ae:9d:cc:90:38:28:ba:38:ec:b3:44:10:b1:a3:
                    44:15:4a:d9:22:4e:71:95:51:88:71:07:3e:11:82:
                    8f:02:1b:eb:56:a2:a5:cd:b6:62:55:d8:94:c4:01:
                    39:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:53:44:6C:0E:16:5D:AD:64:AA:93:D1:00:5A:7B:13:E0:34:97:61
            X509v3 Authority Key Identifier:
                keyid:3E:8C:18:97:62:4F:57:BE:34:E0:F7:60:B9:7F:11:0A:D5:B5:DA:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PowYl2JPV7404PdguX8RCtW12jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/lFNEbA4WXa1kqpPRAFp7E-A0l2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/PowYl2JPV7404PdguX8RCtW12jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.120.0/24
                  89.207.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:33:59:d6:85:94:c4:b6:9c:80:13:0a:be:25:fd:50:4f:ab:
         df:0d:2e:c9:5e:31:16:1d:5d:e8:67:2d:e4:70:e4:d9:cb:65:
         e3:98:0e:a4:a5:33:43:1e:2d:11:9d:be:08:08:28:82:39:2b:
         e7:8d:75:78:12:3c:d2:90:f9:59:87:c2:ec:6f:51:63:bc:71:
         af:c9:48:87:a2:70:43:8b:7e:b3:c4:7e:9c:ef:3f:83:0e:4b:
         49:88:6d:ff:c1:82:8c:ff:9e:bc:df:41:3a:c8:96:41:32:32:
         30:d3:58:2d:ea:aa:97:50:77:0d:8c:36:64:c7:e3:ad:4c:64:
         78:52:d0:fc:f5:82:e3:c4:48:94:a4:da:5c:16:d0:9a:ea:af:
         2d:05:87:12:2f:4c:31:5d:83:05:8a:6f:dd:f2:75:25:1e:fe:
         a2:2f:cc:3d:2a:61:45:d0:42:ea:bd:45:15:5e:a4:1b:c3:90:
         0b:a1:31:c2:57:07:f4:71:63:84:c8:ba:c9:e1:64:9d:cd:7d:
         89:57:b2:de:70:51:24:bd:98:7c:1c:02:f5:c1:05:77:7d:34:
         e3:07:a4:14:73:62:c7:92:ec:2e:b2:ba:66:5c:ef:6e:86:91:
         6f:1e:f5:da:c5:65:89:01:86:a8:ca:00:9b:d7:88:1d:50:eb:
         ac:92:5f:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVG5/mv6hiJHcYJp0BBv1NrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlOGMxODk3NjI0ZjU3YmUzNGUwZjc2MGI5N2YxMTBhZDVi
NWRhM2EwHhcNMjUwMjI3MTAxNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDUzNDQ2YzBlMTY1ZGFkNjRhYTkzZDEwMDVhN2IxM2UwMzQ5NzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBg7NWaNUQfVZMZboPDYOTYV4rAS
n+e0fl9h0N8TB7xk2sE/O+W11Zlyjf4yQdedUZUgoOAsXqVi+HZzkeDB29ihXw0N
SivVB+e1F9rBldZFiNyKEtgWlzPf6Ql+our2IpLVCf1HZEDsLuSsEGWZEvTs+nk4
D792skkfy2+UaO0DQXQB1nN1uCq5cpiLRZovCBqyjeZljd3GXeNptgZea6XAlPd8
Sg/UKs7bv2Ep0NZ0chJzrUZHvsU+VHq4V5sODurOt4IKKJ3Oj7LZ2nl/X+L7rp3M
kDgoujjss0QQsaNEFUrZIk5xlVGIcQc+EYKPAhvrVqKlzbZiVdiUxAE5uwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJRTRGwOFl2tZKqT0QBaexPgNJdhMB8GA1UdIwQY
MBaAFD6MGJdiT1e+NOD3YLl/EQrVtdo6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG93WWwySlBWNzQwNFBkZ3VYOFJDdFcxMmpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy81N2VhOGQtYzY4MC00MGE3LThhMjkt
ZjA3NmEwOGU2MDAzLzEvbEZORWJBNFdYYTFrcXBQUkFGcDdFLUEwbDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy81N2VhOGQtYzY4MC00MGE3LThhMjktZjA3NmEwOGU2MDAz
LzEvUG93WWwySlBWNzQwNFBkZ3VYOFJDdFcxMmpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWc94AwQA
Wc98MA0GCSqGSIb3DQEBCwUAA4IBAQCwM1nWhZTEtpyAEwq+Jf1QT6vfDS7JXjEW
HV3oZy3kcOTZy2XjmA6kpTNDHi0Rnb4ICCiCOSvnjXV4EjzSkPlZh8Lsb1FjvHGv
yUiHonBDi36zxH6c7z+DDktJiG3/wYKM/56830E6yJZBMjIw01gt6qqXUHcNjDZk
x+OtTGR4UtD89YLjxEiUpNpcFtCa6q8tBYcSL0wxXYMFim/d8nUlHv6iL8w9KmFF
0ELqvUUVXqQbw5ALoTHCVwf0cWOEyLrJ4WSdzX2JV7LecFEkvZh8HAL1wQV3fTTj
B6QUc2LHkuwusrpmXO9uhpFvHvXaxWWJAYaoygCb14gdUOuskl9t
-----END CERTIFICATE-----