Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/eYc-IsSgTBFFPG9NDlo1YwYAATc.roa
File:                     eYc-IsSgTBFFPG9NDlo1YwYAATc.roa (raw, json)
Hash identifier:          AINQbgxfZ+WkJxnIge2jIf5nsbeqzGdNbRmCdWccl2w=
Subject key identifier:   79:87:3E:22:C4:A0:4C:11:45:3C:6F:4D:0E:5A:35:63:06:00:01:37
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018E37E95FF3B97267F5BEAC5D8AB87DA851
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/eYc-IsSgTBFFPG9NDlo1YwYAATc.roa
Signing time:             Wed 13 Mar 2024 13:03:45 +0000
ROA not before:           Wed 13 Mar 2024 13:03:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        89.251.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:e9:5f:f3:b9:72:67:f5:be:ac:5d:8a:b8:7d:a8:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar 13 13:03:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79873e22c4a04c11453c6f4d0e5a356306000137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:80:92:9f:6e:be:40:41:39:8c:a2:47:75:06:
                    4a:e6:90:44:a7:dc:d1:e5:9e:c1:57:a7:a9:a4:e3:
                    9a:63:50:83:a8:31:9e:b1:58:ea:ed:c9:e1:47:79:
                    c4:6d:34:4a:db:c7:46:c9:99:14:8d:60:bd:f8:25:
                    88:b0:05:62:64:fb:5d:bd:a8:27:21:82:78:67:6c:
                    7a:60:88:bf:ae:00:a2:95:fc:2a:d5:88:d6:18:81:
                    93:4d:20:22:bd:48:7e:ce:8b:50:f7:9f:1f:e2:d0:
                    69:62:2a:30:a9:4f:21:e0:6a:36:40:49:61:88:fa:
                    dd:38:0f:af:3e:b8:cd:16:70:a2:e3:be:50:47:70:
                    58:4a:88:63:92:98:e3:6b:c7:89:e1:01:22:00:08:
                    79:31:6f:6e:4a:2b:32:6e:73:64:42:e4:f2:c8:da:
                    9c:b7:1c:76:4a:b1:32:5e:3e:30:2c:a1:66:ac:13:
                    f9:e8:9c:f5:d3:83:bb:72:a0:31:0f:74:3f:f2:dd:
                    f1:94:04:8c:24:8a:13:ab:0c:53:31:ae:74:b0:a9:
                    d2:60:f1:45:c8:d0:42:57:5c:2a:89:cb:a2:0c:66:
                    f3:80:55:0c:32:2c:f3:05:08:d1:98:3d:0b:aa:66:
                    dc:10:41:20:d4:bf:5c:4d:33:a8:db:1e:a7:47:a7:
                    f8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:87:3E:22:C4:A0:4C:11:45:3C:6F:4D:0E:5A:35:63:06:00:01:37
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/eYc-IsSgTBFFPG9NDlo1YwYAATc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:48:18:1b:71:d2:44:63:bf:57:9f:58:d9:ba:33:3d:2a:f8:
         14:e0:d5:ce:ee:d1:f7:b1:8e:0c:14:f6:8c:82:16:49:4e:c6:
         1e:e9:61:bc:b4:35:85:5e:e9:36:0f:c0:c5:e7:80:dc:a7:25:
         e8:8d:4f:48:f6:24:89:f6:fb:48:2b:d0:14:8f:9d:9c:eb:cb:
         dd:4d:8c:75:bb:88:c7:94:a9:c1:41:3b:d4:e1:36:96:e3:eb:
         9e:03:22:62:85:9b:77:e5:74:7c:bb:20:29:f2:7c:b9:34:f6:
         51:7a:30:4a:99:ec:0a:93:38:5b:d6:40:2a:6a:31:fa:a6:de:
         f6:dc:d6:7a:00:72:5b:98:72:7a:65:3e:50:39:32:60:6f:5e:
         dc:e0:94:27:d5:2a:8a:09:e2:fe:f0:ea:9b:c0:58:68:28:b9:
         ad:f5:89:5e:53:2f:f0:24:29:b0:72:37:bc:88:30:92:83:c1:
         9b:bb:e9:52:a2:e6:9f:ac:68:3f:39:75:25:6a:1c:a6:ff:a8:
         88:58:09:2c:7d:db:f5:49:08:fa:65:12:46:00:5c:bc:f4:4a:
         b7:3b:65:63:e2:2f:48:8b:87:14:f9:a9:00:bb:5b:52:0f:07:
         1c:39:83:2d:b0:79:5f:e1:9d:26:db:96:6c:ef:4d:e9:f3:eb:
         4c:1e:18:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY436V/zuXJn9b6sXYq4fahRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMzEzMTMwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTg3M2UyMmM0YTA0YzExNDUzYzZmNGQwZTVhMzU2MzA2MDAwMTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYCSn26+QEE5jKJHdQZK5pBEp9zR
5Z7BV6eppOOaY1CDqDGesVjq7cnhR3nEbTRK28dGyZkUjWC9+CWIsAViZPtdvagn
IYJ4Z2x6YIi/rgCilfwq1YjWGIGTTSAivUh+zotQ958f4tBpYiowqU8h4Go2QElh
iPrdOA+vPrjNFnCi475QR3BYSohjkpjja8eJ4QEiAAh5MW9uSisybnNkQuTyyNqc
txx2SrEyXj4wLKFmrBP56Jz104O7cqAxD3Q/8t3xlASMJIoTqwxTMa50sKnSYPFF
yNBCV1wqicuiDGbzgFUMMizzBQjRmD0LqmbcEEEg1L9cTTOo2x6nR6f4aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmHPiLEoEwRRTxvTQ5aNWMGAAE3MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvZVljLUlzU2dUQkZGUEc5TkRsbzFZd1lBQVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfscMA0G
CSqGSIb3DQEBCwUAA4IBAQB0SBgbcdJEY79Xn1jZujM9KvgU4NXO7tH3sY4MFPaM
ghZJTsYe6WG8tDWFXuk2D8DF54DcpyXojU9I9iSJ9vtIK9AUj52c68vdTYx1u4jH
lKnBQTvU4TaW4+ueAyJihZt35XR8uyAp8ny5NPZRejBKmewKkzhb1kAqajH6pt72
3NZ6AHJbmHJ6ZT5QOTJgb17c4JQn1SqKCeL+8OqbwFhoKLmt9YleUy/wJCmwcje8
iDCSg8Gbu+lSouafrGg/OXUlahym/6iIWAksfdv1SQj6ZRJGAFy89Eq3O2Vj4i9I
i4cU+akAu1tSDwccOYMtsHlf4Z0m25Zs703p8+tMHhjI
-----END CERTIFICATE-----