Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/rMe2K42UsrM8ure-5ZDjw10T4Js.roa
File:                     rMe2K42UsrM8ure-5ZDjw10T4Js.roa (raw, json)
Hash identifier:          HkBWA0zAy/cmBLll3TNH9iXFddtyx8TZQfw+xMa8jTg=
Subject key identifier:   AC:C7:B6:2B:8D:94:B2:B3:3C:BA:B7:BE:E5:90:E3:C3:5D:13:E0:9B
Certificate issuer:       /CN=f82554a856a422b061ae64c577630f91d408cd4a
Certificate serial:       018CC94D44B57B21937899E8D7D2EE33F2EC
Authority key identifier: F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/rMe2K42UsrM8ure-5ZDjw10T4Js.roa
Signing time:             Tue 02 Jan 2024 08:32:13 +0000
ROA not before:           Tue 02 Jan 2024 08:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39421
IP address blocks:        89.234.190.0/24 maxlen: 24
                          2a00:5880:1800::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:44:b5:7b:21:93:78:99:e8:d7:d2:ee:33:f2:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f82554a856a422b061ae64c577630f91d408cd4a
        Validity
            Not Before: Jan  2 08:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acc7b62b8d94b2b33cbab7bee590e3c35d13e09b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:50:1b:7c:3d:c2:d9:a5:62:d5:cf:11:3d:77:
                    f2:5e:1c:4b:11:c0:23:74:09:6f:21:8c:9f:5e:b9:
                    30:9f:cb:4f:f6:39:66:bb:39:9b:1c:78:d6:ed:30:
                    17:a9:2c:46:8d:d6:c8:31:4b:e0:fb:d7:cb:0b:3d:
                    04:ab:79:3d:2b:9e:61:c4:64:a4:58:ad:59:3d:e6:
                    cf:d0:05:de:c6:95:99:03:ee:e6:b5:e5:e4:1d:a8:
                    eb:55:fb:d5:95:d8:5f:93:41:76:f0:59:f2:64:97:
                    89:f4:34:f5:8c:1c:08:63:c4:3a:1d:31:0b:80:e8:
                    ec:4b:38:65:87:43:a4:7e:09:4a:59:71:ba:39:21:
                    c4:2e:77:11:56:e8:b2:fb:20:e4:54:a9:14:6b:44:
                    e9:e9:1c:06:92:8a:7c:4c:24:61:f1:16:71:97:8e:
                    58:89:16:25:7a:b4:d8:07:87:00:e7:17:ce:94:fc:
                    15:63:5f:c9:34:17:ce:2a:03:ad:89:46:d6:de:41:
                    81:8b:43:d3:45:ae:5f:03:7d:8e:c1:24:82:82:c9:
                    c6:ae:80:4d:79:52:74:4c:39:4d:53:94:da:cb:c5:
                    de:25:56:a3:1f:7a:3d:43:b1:b8:2f:da:49:76:14:
                    8e:2b:00:ec:ea:14:f0:c9:9f:f3:48:41:20:be:d8:
                    99:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C7:B6:2B:8D:94:B2:B3:3C:BA:B7:BE:E5:90:E3:C3:5D:13:E0:9B
            X509v3 Authority Key Identifier:
                keyid:F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/rMe2K42UsrM8ure-5ZDjw10T4Js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.234.190.0/24
                IPv6:
                  2a00:5880:1800::/44

    Signature Algorithm: sha256WithRSAEncryption
         a2:61:ab:ca:16:7a:6f:38:21:1c:51:d7:8e:9a:dd:04:4e:10:
         68:2c:95:20:d9:41:fa:63:c6:fd:4b:e2:38:e8:98:ad:27:65:
         56:8c:75:65:40:30:96:d5:1c:0d:96:6d:6f:5d:12:47:ac:b1:
         b5:c1:2c:f5:28:3e:4e:81:6b:23:20:47:0b:ee:c5:86:4c:d7:
         ad:16:0c:0e:6b:16:99:27:40:fe:b6:89:13:9a:4a:8d:fe:b1:
         b7:c5:d3:b2:9f:20:c4:00:ea:a3:8a:ef:e7:7c:0a:ca:c6:b1:
         31:58:94:1e:eb:6f:73:19:0a:b9:dc:2d:74:d0:02:93:60:e1:
         77:fb:96:13:5b:f1:3e:3a:5c:63:7f:a5:f4:48:9a:b5:c2:b4:
         b4:e3:24:fb:96:99:fe:93:fc:92:24:51:0e:52:0e:fc:9b:f2:
         6e:51:42:6a:5c:f7:b9:11:e8:79:fb:10:7c:02:8a:71:d3:03:
         72:e9:41:a5:b3:51:67:b8:ad:09:d2:36:bc:6b:d5:cf:42:bd:
         f7:40:af:37:e8:20:8d:ce:6c:6a:01:35:4d:47:e1:df:68:04:
         8b:b8:51:d3:02:aa:3b:f4:4b:41:5c:b5:fa:56:24:0a:9b:e1:
         f0:31:f6:b6:8a:c8:63:01:10:5e:31:7e:b7:9f:df:11:76:30:
         6e:1b:60:57
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYzJTUS1eyGTeJno19LuM/LsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MjU1NGE4NTZhNDIyYjA2MWFlNjRjNTc3NjMwZjkxZDQw
OGNkNGEwHhcNMjQwMTAyMDgzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2M3YjYyYjhkOTRiMmIzM2NiYWI3YmVlNTkwZTNjMzVkMTNlMDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlAbfD3C2aVi1c8RPXfyXhxLEcAj
dAlvIYyfXrkwn8tP9jlmuzmbHHjW7TAXqSxGjdbIMUvg+9fLCz0Eq3k9K55hxGSk
WK1ZPebP0AXexpWZA+7mteXkHajrVfvVldhfk0F28FnyZJeJ9DT1jBwIY8Q6HTEL
gOjsSzhlh0OkfglKWXG6OSHELncRVuiy+yDkVKkUa0Tp6RwGkop8TCRh8RZxl45Y
iRYlerTYB4cA5xfOlPwVY1/JNBfOKgOtiUbW3kGBi0PTRa5fA32OwSSCgsnGroBN
eVJ0TDlNU5Tay8XeJVajH3o9Q7G4L9pJdhSOKwDs6hTwyZ/zSEEgvtiZ/wIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFKzHtiuNlLKzPLq3vuWQ48NdE+CbMB8GA1UdIwQY
MBaAFPglVKhWpCKwYa5kxXdjD5HUCM1KMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1DVlVxRmFrSXJCaHJtVEZkMk1Qa2RRSXpVby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNm
LTk2NWQ2ZDYwM2JmYS8xL3JNZTJLNDJVc3JNOHVyZS01WkRqdzEwVDRKcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNmLTk2NWQ2ZDYwM2Jm
YS8xLzEtQ1ZVcUZha0lyQmhybVRGZDJNUGtkUUl6VW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBABZ6r4w
DwQCAAIwCQMHBCoAWIAYADANBgkqhkiG9w0BAQsFAAOCAQEAomGryhZ6bzghHFHX
jprdBE4QaCyVINlB+mPG/UviOOiYrSdlVox1ZUAwltUcDZZtb10SR6yxtcEs9Sg+
ToFrIyBHC+7FhkzXrRYMDmsWmSdA/raJE5pKjf6xt8XTsp8gxADqo4rv53wKysax
MViUHutvcxkKudwtdNACk2Dhd/uWE1vxPjpcY3+l9EiatcK0tOMk+5aZ/pP8kiRR
DlIO/JvyblFCalz3uRHoefsQfAKKcdMDculBpbNRZ7itCdI2vGvVz0K990CvN+gg
jc5sagE1TUfh32gEi7hR0wKqO/RLQVy1+lYkCpvh8DH2torIYwEQXjF+t5/fEXYw
bhtgVw==
-----END CERTIFICATE-----