Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/g7lx6C5kXPnEfXLP294qTJxteQ8.roa
File:                     g7lx6C5kXPnEfXLP294qTJxteQ8.roa (raw, json)
Hash identifier:          l7hevrc6KINzg50UL0K7VvwBIry+IzM/G7vvWuceqFA=
Subject key identifier:   83:B9:71:E8:2E:64:5C:F9:C4:7D:72:CF:DB:DE:2A:4C:9C:6D:79:0F
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0196205A5112C6DFB4C6FA47EDF9F925692A
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/g7lx6C5kXPnEfXLP294qTJxteQ8.roa
Signing time:             Thu 10 Apr 2025 15:38:31 +0000
ROA not before:           Thu 10 Apr 2025 15:38:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216444
IP address blocks:        89.106.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:20:5a:51:12:c6:df:b4:c6:fa:47:ed:f9:f9:25:69:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Apr 10 15:38:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83b971e82e645cf9c47d72cfdbde2a4c9c6d790f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:e6:fe:c2:b3:f3:d2:11:16:f9:fc:18:f4:19:
                    50:dc:17:86:f5:b3:1c:66:cf:70:ad:15:eb:3b:d0:
                    a7:47:fb:02:6c:c5:3a:4c:28:f6:e1:19:7f:cf:db:
                    a9:1a:d2:fe:a1:8c:47:b2:24:ab:5f:87:ea:ca:1e:
                    97:be:bf:bb:1b:6c:88:1d:85:a4:6a:2f:7d:e2:2b:
                    05:fd:fd:72:e6:67:29:af:57:3a:ab:c4:1a:08:95:
                    3a:bf:bf:20:f2:31:27:e8:92:0d:3e:0b:ff:9a:5d:
                    43:16:cb:fc:22:b9:c7:38:5f:34:fe:ce:e1:a1:a4:
                    8f:32:f3:99:7f:18:29:5d:1e:4d:4d:4c:e9:68:af:
                    9d:34:4e:a6:1d:55:43:4c:aa:e3:5e:58:fa:54:bc:
                    d9:18:45:c7:d9:44:33:f7:45:63:fd:15:03:90:81:
                    06:a8:15:6f:b8:71:a9:68:a2:ba:62:ff:34:89:02:
                    3a:0a:9f:0b:32:37:ed:b9:97:27:ea:a3:f5:11:12:
                    64:f3:8b:4a:f2:2c:12:3c:70:6b:c5:fc:46:5b:5a:
                    33:4a:ee:fe:46:42:5e:cf:e8:9c:85:a2:22:41:e0:
                    7c:af:71:30:6f:e0:4c:6c:58:f6:2e:de:55:82:19:
                    ce:16:06:04:93:90:fb:90:72:c4:40:be:3d:04:24:
                    12:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:B9:71:E8:2E:64:5C:F9:C4:7D:72:CF:DB:DE:2A:4C:9C:6D:79:0F
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/g7lx6C5kXPnEfXLP294qTJxteQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:c0:ac:17:11:16:46:c5:64:4e:d0:80:83:ea:16:eb:ae:70:
         6a:db:b8:6a:05:5e:2c:3a:b5:c8:22:5b:96:7e:5d:44:97:dc:
         ff:a9:0c:ca:37:ce:f2:4c:cc:1a:b2:85:9c:74:b0:a8:d7:c7:
         6d:38:6a:4d:9d:79:ce:6a:47:aa:69:05:fc:6e:76:0f:e2:ab:
         57:d3:33:e3:ae:2d:c8:48:64:d7:20:04:7a:78:69:70:74:e7:
         57:bc:45:e6:2b:6d:83:3b:72:36:a7:a7:88:d5:0a:8f:83:ca:
         b7:94:cf:87:91:2f:2b:6f:fd:38:40:1a:9b:5c:a3:c0:95:27:
         87:b2:37:30:d0:0b:54:1d:d6:31:7c:6a:95:be:f1:5f:b7:7c:
         18:69:4b:de:a3:44:48:f8:1d:19:44:05:ca:9e:8b:db:70:24:
         c2:7c:9b:91:95:2d:27:20:5c:45:75:14:f0:15:1f:4c:38:a4:
         78:b9:32:a8:fd:f7:72:1b:04:71:f3:ff:64:dc:9f:fe:39:14:
         dd:e4:9b:1f:1e:6c:e2:18:ab:09:6c:90:72:98:e1:b3:c9:7e:
         ec:21:46:0d:e5:51:cf:4d:a9:cd:63:e9:07:bf:25:d1:a9:98:
         29:54:88:4e:c7:6f:f4:9e:fc:4d:79:b0:0c:61:61:3b:7c:da:
         03:a3:86:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYgWlESxt+0xvpH7fn5JWkqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNDEwMTUzODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2I5NzFlODJlNjQ1Y2Y5YzQ3ZDcyY2ZkYmRlMmE0YzljNmQ3OTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ub+wrPz0hEW+fwY9BlQ3BeG9bMc
Zs9wrRXrO9CnR/sCbMU6TCj24Rl/z9upGtL+oYxHsiSrX4fqyh6Xvr+7G2yIHYWk
ai994isF/f1y5mcpr1c6q8QaCJU6v78g8jEn6JINPgv/ml1DFsv8IrnHOF80/s7h
oaSPMvOZfxgpXR5NTUzpaK+dNE6mHVVDTKrjXlj6VLzZGEXH2UQz90Vj/RUDkIEG
qBVvuHGpaKK6Yv80iQI6Cp8LMjftuZcn6qP1ERJk84tK8iwSPHBrxfxGW1ozSu7+
RkJez+ichaIiQeB8r3Ewb+BMbFj2Lt5VghnOFgYEk5D7kHLEQL49BCQSyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIO5ceguZFz5xH1yz9veKkycbXkPMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvZzdseDZDNWtYUG5FZlhMUDI5NHFUSnh0ZVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWoNMA0G
CSqGSIb3DQEBCwUAA4IBAQCjwKwXERZGxWRO0ICD6hbrrnBq27hqBV4sOrXIIluW
fl1El9z/qQzKN87yTMwasoWcdLCo18dtOGpNnXnOakeqaQX8bnYP4qtX0zPjri3I
SGTXIAR6eGlwdOdXvEXmK22DO3I2p6eI1QqPg8q3lM+HkS8rb/04QBqbXKPAlSeH
sjcw0AtUHdYxfGqVvvFft3wYaUveo0RI+B0ZRAXKnovbcCTCfJuRlS0nIFxFdRTw
FR9MOKR4uTKo/fdyGwRx8/9k3J/+ORTd5JsfHmziGKsJbJBymOGzyX7sIUYN5VHP
TanNY+kHvyXRqZgpVIhOx2/0nvxNebAMYWE7fNoDo4Yb
-----END CERTIFICATE-----