Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/bJErtMar1CrNFcm_nCifra_6ANA.roa
File:                     bJErtMar1CrNFcm_nCifra_6ANA.roa (raw, json)
Hash identifier:          Qrua0DbxbsgHtm9QhUbxKWdZXSM+JqeZXAi1wEue4vM=
Subject key identifier:   6C:91:2B:B4:C6:AB:D4:2A:CD:15:C9:BF:9C:28:9F:AD:AF:FA:00:D0
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01966B6653FDAEF289437600C6D1749944B9
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/bJErtMar1CrNFcm_nCifra_6ANA.roa
Signing time:             Fri 25 Apr 2025 05:23:10 +0000
ROA not before:           Fri 25 Apr 2025 05:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.81.0/24 maxlen: 24
                          89.42.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6b:66:53:fd:ae:f2:89:43:76:00:c6:d1:74:99:44:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Apr 25 05:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c912bb4c6abd42acd15c9bf9c289fadaffa00d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:a2:5e:78:63:8e:3d:e6:c5:65:ce:73:81:2a:
                    c0:48:a6:3e:00:b4:3f:46:ea:4c:5b:5e:8c:0a:80:
                    d5:49:57:74:cc:a5:c5:60:fa:8d:ad:8b:c2:e4:1f:
                    6e:e4:a8:b3:72:d9:d8:e4:d2:43:cc:41:0b:ab:23:
                    b9:8f:eb:8a:b4:37:38:be:41:29:6c:13:86:20:38:
                    c3:a8:ba:9c:61:47:e1:8e:e7:49:46:8d:7f:eb:81:
                    6a:35:5e:50:2f:da:68:7a:eb:98:4d:1c:b8:ec:9e:
                    95:31:91:92:ea:f0:79:f4:b8:91:21:ad:83:36:d1:
                    f5:c9:b1:32:3d:6c:d4:7e:3f:c0:69:6e:26:7c:be:
                    f3:32:6d:b0:61:8f:85:c3:4c:34:ea:6c:0a:da:d0:
                    2a:5c:b2:90:5b:23:de:3d:55:ee:03:af:9c:5b:5e:
                    6e:ee:f8:ed:44:93:0b:72:5a:94:b4:a5:7e:cf:d2:
                    d6:44:d1:ee:f7:d8:4f:4b:ab:e4:dc:47:77:bb:09:
                    04:06:77:ce:aa:f0:da:a8:fa:c8:a5:be:37:b1:55:
                    13:7d:aa:b5:dd:7c:99:d0:84:3a:9a:dc:d4:55:19:
                    65:e2:d2:56:1b:12:db:0e:e0:dd:f6:26:a1:61:95:
                    41:e6:e5:1f:2b:2a:d5:33:c3:1c:e2:1d:90:ad:18:
                    5d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:91:2B:B4:C6:AB:D4:2A:CD:15:C9:BF:9C:28:9F:AD:AF:FA:00:D0
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/bJErtMar1CrNFcm_nCifra_6ANA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.81.0-89.42.83.255

    Signature Algorithm: sha256WithRSAEncryption
         4a:14:b9:0f:05:67:8b:ed:e5:fa:13:99:a4:1d:a8:a3:90:f0:
         bc:8e:cd:97:b9:d5:36:06:26:c0:82:e5:0a:ee:a7:36:a3:85:
         4a:64:fa:96:76:02:20:7c:b8:ad:34:d8:af:70:33:22:e1:bd:
         fe:cc:51:8d:25:98:5f:7d:85:25:95:e0:31:d3:ea:ff:d0:a2:
         91:7a:d5:b1:93:d6:a8:ce:3c:88:c1:c5:c2:e7:7a:de:ef:ad:
         bb:b1:04:84:c1:a9:f7:05:ab:ce:33:71:3a:11:45:da:cd:48:
         08:48:58:ee:3b:90:38:1d:99:dd:4c:7f:b2:66:80:3b:9e:2f:
         60:9b:02:63:e4:e0:92:f7:e8:70:82:c5:fd:e5:1b:2f:ce:55:
         9e:bc:f5:d1:8d:ae:8d:3e:ec:b3:d4:7e:ce:13:c4:6f:e7:99:
         c6:0d:7b:af:80:0b:03:23:2b:88:26:31:c8:c9:81:15:4b:56:
         5b:48:4f:2f:04:58:9c:42:6d:0b:76:e1:42:85:89:10:07:b1:
         14:0d:6b:67:87:4b:4a:8d:33:70:ed:75:fc:c2:5c:78:2a:ad:
         58:71:75:b9:e4:f2:22:e9:9e:33:77:c6:7c:51:d2:4c:5e:91:
         45:a1:98:2d:1a:c2:cf:21:72:64:aa:b2:19:0f:61:79:68:72:
         77:01:d8:ef
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZZrZlP9rvKJQ3YAxtF0mUS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwNDI1MDUyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzkxMmJiNGM2YWJkNDJhY2QxNWM5YmY5YzI4OWZhZGFmZmEwMGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56JeeGOOPebFZc5zgSrASKY+ALQ/
RupMW16MCoDVSVd0zKXFYPqNrYvC5B9u5KizctnY5NJDzEELqyO5j+uKtDc4vkEp
bBOGIDjDqLqcYUfhjudJRo1/64FqNV5QL9poeuuYTRy47J6VMZGS6vB59LiRIa2D
NtH1ybEyPWzUfj/AaW4mfL7zMm2wYY+Fw0w06mwK2tAqXLKQWyPePVXuA6+cW15u
7vjtRJMLclqUtKV+z9LWRNHu99hPS6vk3Ed3uwkEBnfOqvDaqPrIpb43sVUTfaq1
3XyZ0IQ6mtzUVRll4tJWGxLbDuDd9iahYZVB5uUfKyrVM8Mc4h2QrRhdCQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGyRK7TGq9QqzRXJv5won62v+gDQMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvYkpFcnRNYXIxQ3JORmNtX25DaWZyYV82QU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABZKlED
BAJZKlAwDQYJKoZIhvcNAQELBQADggEBAEoUuQ8FZ4vt5foTmaQdqKOQ8LyOzZe5
1TYGJsCC5QrupzajhUpk+pZ2AiB8uK002K9wMyLhvf7MUY0lmF99hSWV4DHT6v/Q
opF61bGT1qjOPIjBxcLnet7vrbuxBITBqfcFq84zcToRRdrNSAhIWO47kDgdmd1M
f7JmgDueL2CbAmPk4JL36HCCxf3lGy/OVZ689dGNro0+7LPUfs4TxG/nmcYNe6+A
CwMjK4gmMcjJgRVLVltITy8EWJxCbQt24UKFiRAHsRQNa2eHS0qNM3DtdfzCXHgq
rVhxdbnk8iLpnjN3xnxR0kxekUWhmC0aws8hcmSqshkPYXlocncB2O8=
-----END CERTIFICATE-----