Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/0AFHWcWBLg5CK-GMlnb1apoTQN0.roa
File:                     0AFHWcWBLg5CK-GMlnb1apoTQN0.roa (raw, json)
Hash identifier:          3/DeCy7uxenI8cyZM9Nvuyk1OgREU0T9hZwS9UMuZ3I=
Subject key identifier:   D0:01:47:59:C5:81:2E:0E:42:2B:E1:8C:96:76:F5:6A:9A:13:40:DD
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018F464EBF6EAD8CCE7CADFE677CD4ED38E8
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/0AFHWcWBLg5CK-GMlnb1apoTQN0.roa
Signing time:             Sun 05 May 2024 01:11:56 +0000
ROA not before:           Sun 05 May 2024 01:11:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        89.251.16.0/24 maxlen: 24
                          89.251.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:46:4e:bf:6e:ad:8c:ce:7c:ad:fe:67:7c:d4:ed:38:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May  5 01:11:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0014759c5812e0e422be18c9676f56a9a1340dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:ff:71:8b:94:9e:db:28:b1:50:90:df:e5:ef:
                    dc:54:1e:f3:fc:65:f5:f2:6b:50:97:60:99:96:d2:
                    12:8a:ef:61:a5:9b:56:4f:ab:a9:a6:9e:54:ae:a9:
                    59:9c:bc:12:89:3f:05:13:f5:06:2b:0d:02:52:65:
                    92:81:45:5b:35:73:70:69:16:5a:20:8c:5d:c2:13:
                    e3:a5:87:99:1e:88:b4:6f:5c:ad:46:a6:fb:00:8f:
                    46:61:ab:54:cc:9b:08:46:a2:bf:ea:70:6a:eb:f6:
                    bd:a1:f2:fe:97:94:a5:0a:c2:38:34:37:9e:52:23:
                    0d:28:e9:b3:21:57:8c:ac:11:d2:13:f0:9c:ed:4a:
                    ec:19:bb:52:27:8e:78:de:97:d6:bb:e8:13:bd:2a:
                    e0:bf:f9:a4:ad:c1:7d:bd:22:e6:5c:25:b8:50:e5:
                    08:7b:39:23:c2:cb:2d:86:d1:e9:1d:ef:47:f9:11:
                    4e:e2:2b:d6:57:cf:0a:21:d6:ab:f8:0a:61:91:99:
                    00:8c:80:d7:2c:b7:96:60:03:f9:d7:0f:70:b6:a2:
                    72:98:47:81:29:9a:41:aa:2f:9b:e8:a0:02:bd:5d:
                    f8:02:42:93:12:20:8b:69:53:6c:67:4c:c3:54:92:
                    f1:07:86:60:33:bb:4c:72:75:7d:14:bb:02:e9:ff:
                    e8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:01:47:59:C5:81:2E:0E:42:2B:E1:8C:96:76:F5:6A:9A:13:40:DD
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/0AFHWcWBLg5CK-GMlnb1apoTQN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.16.0/24
                  89.251.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:fb:e2:ab:f3:6a:92:ef:d8:14:81:e9:d4:38:eb:cb:6f:da:
         c3:c1:79:8f:cc:b1:06:ad:7b:93:5e:36:25:63:00:9f:13:e1:
         02:e0:18:4f:ba:b4:aa:0d:dc:8c:06:4a:a9:50:b6:eb:9c:2a:
         31:4c:c4:bc:30:1b:12:42:dc:bc:51:db:ab:ed:b7:14:a0:5c:
         bf:06:17:ba:e0:1c:da:2b:11:8c:12:65:dc:60:b8:b6:d3:98:
         38:11:91:f5:7f:cb:50:a3:a1:f5:9a:bf:28:70:ec:7c:6f:af:
         32:51:7b:e2:4e:9d:a0:4e:d3:77:36:08:9a:24:86:94:cf:92:
         f4:f5:c2:5e:fe:2e:90:f3:81:b1:6c:23:28:57:4b:90:8d:73:
         1c:a1:8c:d2:f6:ff:5d:88:a0:5b:f4:23:3b:4b:d7:92:8d:ae:
         36:37:a2:45:30:5d:27:35:9d:f6:52:f6:56:24:8c:fe:db:2a:
         34:14:20:24:76:41:93:fb:de:10:d1:db:a3:4b:df:c3:b3:f7:
         62:7c:c7:86:a2:a0:30:1f:71:c1:23:64:bc:e0:b9:17:c1:db:
         f1:d0:07:e8:aa:ad:6e:6c:40:0c:f9:1d:1c:90:fb:07:0f:70:
         b8:f5:29:40:c1:c2:b8:7a:37:16:f3:0e:a6:4c:db:b9:09:41:
         db:f6:38:c9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9GTr9urYzOfK3+Z3zU7TjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwNTA1MDExMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDAxNDc1OWM1ODEyZTBlNDIyYmUxOGM5Njc2ZjU2YTlhMTM0MGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/9xi5Se2yixUJDf5e/cVB7z/GX1
8mtQl2CZltISiu9hpZtWT6uppp5UrqlZnLwSiT8FE/UGKw0CUmWSgUVbNXNwaRZa
IIxdwhPjpYeZHoi0b1ytRqb7AI9GYatUzJsIRqK/6nBq6/a9ofL+l5SlCsI4NDee
UiMNKOmzIVeMrBHSE/Cc7UrsGbtSJ4543pfWu+gTvSrgv/mkrcF9vSLmXCW4UOUI
ezkjwssthtHpHe9H+RFO4ivWV88KIdar+AphkZkAjIDXLLeWYAP51w9wtqJymEeB
KZpBqi+b6KACvV34AkKTEiCLaVNsZ0zDVJLxB4ZgM7tMcnV9FLsC6f/oCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNABR1nFgS4OQivhjJZ29WqaE0DdMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvMEFGSFdjV0JMZzVDSy1HTWxuYjFhcG9UUU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfsQAwQA
WfsTMA0GCSqGSIb3DQEBCwUAA4IBAQAE++Kr82qS79gUgenUOOvLb9rDwXmPzLEG
rXuTXjYlYwCfE+EC4BhPurSqDdyMBkqpULbrnCoxTMS8MBsSQty8Udur7bcUoFy/
Bhe64BzaKxGMEmXcYLi205g4EZH1f8tQo6H1mr8ocOx8b68yUXviTp2gTtN3Ngia
JIaUz5L09cJe/i6Q84GxbCMoV0uQjXMcoYzS9v9diKBb9CM7S9eSja42N6JFMF0n
NZ32UvZWJIz+2yo0FCAkdkGT+94Q0dujS9/Ds/difMeGoqAwH3HBI2S84LkXwdvx
0Afoqq1ubEAM+R0ckPsHD3C49SlAwcK4ejcW8w6mTNu5CUHb9jjJ
-----END CERTIFICATE-----