Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/075d2f-46bd-4bde-9835-95ff5c5dbb50/1/ibOUE5neJ1faEM4n3lvggyMTtCY.roa
File:                     ibOUE5neJ1faEM4n3lvggyMTtCY.roa (raw, json)
Hash identifier:          qNPQJK6mqWJ5O0pHvAFNOCpKwBIQDgwq4QrZUIfBmEU=
Subject key identifier:   89:B3:94:13:99:DE:27:57:DA:10:CE:27:DE:5B:E0:83:23:13:B4:26
Certificate issuer:       /CN=fd658693ec327ead4fe83a57b82601cc2552aabd
Certificate serial:       01968FCE658AB4F9D4C9B7D61FCFAA7A2CC6
Authority key identifier: FD:65:86:93:EC:32:7E:AD:4F:E8:3A:57:B8:26:01:CC:25:52:AA:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_WWGk-wyfq1P6DpXuCYBzCVSqr0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/075d2f-46bd-4bde-9835-95ff5c5dbb50/1/ibOUE5neJ1faEM4n3lvggyMTtCY.roa
Signing time:             Fri 02 May 2025 07:03:10 +0000
ROA not before:           Fri 02 May 2025 07:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26666
IP address blocks:        185.130.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/075d2f-46bd-4bde-9835-95ff5c5dbb50/1/_WWGk-wyfq1P6DpXuCYBzCVSqr0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/075d2f-46bd-4bde-9835-95ff5c5dbb50/1/_WWGk-wyfq1P6DpXuCYBzCVSqr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_WWGk-wyfq1P6DpXuCYBzCVSqr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8f:ce:65:8a:b4:f9:d4:c9:b7:d6:1f:cf:aa:7a:2c:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd658693ec327ead4fe83a57b82601cc2552aabd
        Validity
            Not Before: May  2 07:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89b3941399de2757da10ce27de5be0832313b426
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:13:8f:cc:a9:1e:7c:16:1a:8b:5c:e5:be:e0:
                    92:1c:06:5e:1c:6a:2d:d5:47:4c:f8:9d:9b:85:2c:
                    f0:89:4f:0d:78:bc:4d:a5:d7:36:ca:8b:ed:cb:cf:
                    b8:65:35:86:73:ec:92:05:22:ba:a4:a4:28:6c:cb:
                    0e:a8:b4:11:fa:a6:a3:d5:03:48:4d:dd:66:25:bb:
                    cf:e8:03:9e:d1:00:14:26:12:9f:e6:42:c1:50:f9:
                    6a:3e:28:aa:a0:19:d7:c1:2b:85:8e:a0:52:00:10:
                    56:e1:a6:26:06:47:bf:6b:be:3a:8f:80:c7:a7:6e:
                    d3:c1:ef:ff:a3:91:8b:89:6e:5f:61:de:36:42:f6:
                    9a:f3:8b:1e:c8:9e:9a:af:c5:3e:b3:84:6a:19:27:
                    38:e4:76:49:99:fd:af:16:81:75:a1:9a:2a:d0:41:
                    73:f1:e2:47:77:af:7f:6d:b4:c3:23:ea:7a:6b:e4:
                    2a:ca:8b:df:ef:be:a4:da:fa:56:65:4f:82:e9:5d:
                    77:c6:d5:3b:b9:e2:81:25:c6:59:92:0d:b8:c0:a1:
                    43:6f:71:9c:a8:9c:e1:86:d1:ee:f6:da:0b:33:cf:
                    fd:6e:a2:e2:d5:d1:80:3c:92:d7:eb:ee:d5:69:23:
                    e3:17:97:2a:63:59:cd:4c:a7:bd:ed:d9:6c:6f:2b:
                    9f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B3:94:13:99:DE:27:57:DA:10:CE:27:DE:5B:E0:83:23:13:B4:26
            X509v3 Authority Key Identifier:
                keyid:FD:65:86:93:EC:32:7E:AD:4F:E8:3A:57:B8:26:01:CC:25:52:AA:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_WWGk-wyfq1P6DpXuCYBzCVSqr0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/075d2f-46bd-4bde-9835-95ff5c5dbb50/1/ibOUE5neJ1faEM4n3lvggyMTtCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/075d2f-46bd-4bde-9835-95ff5c5dbb50/1/_WWGk-wyfq1P6DpXuCYBzCVSqr0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:22:ef:58:3d:85:2d:6d:bb:55:3e:74:77:dc:7c:ac:c8:a0:
         9f:81:eb:d2:16:95:e3:71:ff:fd:4d:4f:88:03:85:97:78:9c:
         dc:3f:e6:c5:4c:59:3a:5a:1c:a5:5b:32:65:66:1e:94:76:78:
         8e:bd:1b:7a:0c:5b:8b:e6:f4:9a:1e:42:66:e7:9a:ef:99:cf:
         7e:ca:c4:b3:e7:d1:20:82:aa:38:f3:68:a9:0a:93:bd:3c:f0:
         5f:1b:e5:ff:b8:b0:66:5a:21:c2:fc:61:b6:2f:6e:1b:27:ef:
         44:5e:c2:0f:f7:ed:f8:86:59:26:97:04:d1:54:2d:c5:58:8b:
         03:6a:7e:6e:7f:fc:f2:7f:5e:61:a8:5c:e1:f1:8d:a0:39:82:
         e4:f4:8a:f7:07:ae:c4:98:cc:21:47:99:77:c2:9a:cd:8e:8e:
         c3:49:46:a7:2f:bf:58:75:19:ec:d4:8d:05:8e:e4:74:52:15:
         bc:4d:9f:18:66:f5:64:a6:33:4e:66:f2:e1:8c:8f:07:6f:09:
         81:ba:fd:59:84:45:28:35:2a:84:91:6d:b9:63:18:9c:db:12:
         50:c3:07:26:c1:db:df:0b:27:4c:b5:2f:1c:97:bb:90:7d:08:
         a7:46:21:ac:ac:2e:6a:4b:88:de:25:4c:0a:2a:a6:66:b9:78:
         e7:3d:00:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaPzmWKtPnUybfWH8+qeizGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkNjU4NjkzZWMzMjdlYWQ0ZmU4M2E1N2I4MjYwMWNjMjU1
MmFhYmQwHhcNMjUwNTAyMDcwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWIzOTQxMzk5ZGUyNzU3ZGExMGNlMjdkZTViZTA4MzIzMTNiNDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBOPzKkefBYai1zlvuCSHAZeHGot
1UdM+J2bhSzwiU8NeLxNpdc2yovty8+4ZTWGc+ySBSK6pKQobMsOqLQR+qaj1QNI
Td1mJbvP6AOe0QAUJhKf5kLBUPlqPiiqoBnXwSuFjqBSABBW4aYmBke/a746j4DH
p27Twe//o5GLiW5fYd42Qvaa84seyJ6ar8U+s4RqGSc45HZJmf2vFoF1oZoq0EFz
8eJHd69/bbTDI+p6a+Qqyovf776k2vpWZU+C6V13xtU7ueKBJcZZkg24wKFDb3Gc
qJzhhtHu9toLM8/9bqLi1dGAPJLX6+7VaSPjF5cqY1nNTKe97dlsbyufLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImzlBOZ3idX2hDOJ95b4IMjE7QmMB8GA1UdIwQY
MBaAFP1lhpPsMn6tT+g6V7gmAcwlUqq9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1dXR2std3lmcTFQNkRwWHVDWUJ6Q1ZTcXIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8wNzVkMmYtNDZiZC00YmRlLTk4MzUt
OTVmZjVjNWRiYjUwLzEvaWJPVUU1bmVKMWZhRU00bjNsdmdneU1UdENZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8wNzVkMmYtNDZiZC00YmRlLTk4MzUtOTVmZjVjNWRiYjUw
LzEvX1dXR2std3lmcTFQNkRwWHVDWUJ6Q1ZTcXIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYJZMA0G
CSqGSIb3DQEBCwUAA4IBAQCEIu9YPYUtbbtVPnR33HysyKCfgevSFpXjcf/9TU+I
A4WXeJzcP+bFTFk6WhylWzJlZh6UdniOvRt6DFuL5vSaHkJm55rvmc9+ysSz59Eg
gqo482ipCpO9PPBfG+X/uLBmWiHC/GG2L24bJ+9EXsIP9+34hlkmlwTRVC3FWIsD
an5uf/zyf15hqFzh8Y2gOYLk9Ir3B67EmMwhR5l3wprNjo7DSUanL79YdRns1I0F
juR0UhW8TZ8YZvVkpjNOZvLhjI8HbwmBuv1ZhEUoNSqEkW25Yxic2xJQwwcmwdvf
CydMtS8cl7uQfQinRiGsrC5qS4jeJUwKKqZmuXjnPQAC
-----END CERTIFICATE-----