Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/DDhDyEpxL3TvuymJa4aHyq2S1Qg.roa
File:                     DDhDyEpxL3TvuymJa4aHyq2S1Qg.roa (raw, json)
Hash identifier:          8JDxnYjbbVZEGthw0VMmS2b00puAenAWs2+h3sfYfCY=
Subject key identifier:   0C:38:43:C8:4A:71:2F:74:EF:BB:29:89:6B:86:87:CA:AD:92:D5:08
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7955B688E27DF236B808BD4D180F06C
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/DDhDyEpxL3TvuymJa4aHyq2S1Qg.roa
Signing time:             Tue 02 Jan 2024 00:31:43 +0000
ROA not before:           Tue 02 Jan 2024 00:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58078
IP address blocks:        89.37.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5b:68:8e:27:df:23:6b:80:8b:d4:d1:80:f0:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c3843c84a712f74efbb29896b8687caad92d508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:24:d2:64:c0:5e:03:0a:33:bb:50:36:c2:b8:
                    27:2e:c3:8b:71:be:ce:35:1b:95:c4:62:5a:44:62:
                    04:c1:97:bb:b5:47:bc:fd:b7:ba:41:38:81:25:7a:
                    c5:e9:8f:e8:da:46:5c:22:aa:95:5f:d0:af:b7:8e:
                    8e:5b:27:2c:10:64:e9:14:e9:be:5f:20:66:fe:0d:
                    db:e6:af:05:4f:93:1c:9d:99:0e:2d:41:e0:77:31:
                    a2:eb:cc:94:a6:4f:ca:21:67:a2:42:01:f3:ea:ec:
                    0f:b0:20:ab:49:45:8b:11:4a:4e:21:ff:50:8c:3e:
                    de:77:79:a6:69:2c:5b:19:3c:f4:81:ce:10:b0:9d:
                    73:fd:2d:94:1c:60:72:b9:3a:09:73:56:fb:31:75:
                    6f:18:20:c5:29:3b:70:39:94:a9:52:8b:42:22:9d:
                    3f:33:88:dd:18:60:19:fd:92:ca:9f:4c:ca:db:ae:
                    cc:eb:cc:6d:fd:f3:73:3b:4b:ee:a2:6a:1d:14:7c:
                    e5:86:a2:ec:05:70:ed:a6:1f:87:6b:bd:10:d9:1d:
                    b9:07:db:70:9c:6a:87:59:37:fd:c6:50:80:c0:46:
                    b2:db:30:98:09:b0:3c:56:11:26:94:bb:ed:41:5c:
                    4b:62:c9:61:a0:7e:3c:b9:7e:cd:43:ca:72:c6:17:
                    e5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:38:43:C8:4A:71:2F:74:EF:BB:29:89:6B:86:87:CA:AD:92:D5:08
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/DDhDyEpxL3TvuymJa4aHyq2S1Qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:a2:cc:3c:b7:ab:0c:38:23:f2:6b:31:bf:f2:77:c3:0e:e9:
         77:f9:86:f5:c9:32:2f:60:bf:a4:eb:73:16:03:0c:dd:cf:bd:
         6e:76:f4:23:70:af:bd:6e:8e:da:94:01:a3:5f:59:de:80:11:
         b0:8f:91:08:ee:bb:d8:75:e7:36:fd:82:3f:d1:e7:e3:9d:8c:
         36:42:6d:ed:5b:fc:19:ef:35:4a:0f:e0:fc:ab:df:0c:c8:f1:
         ef:07:e5:be:21:e5:22:c4:23:60:6a:a7:c3:c2:04:5a:ec:57:
         bd:55:22:e2:bd:e1:e9:18:4f:c7:bb:4d:4b:13:6b:bc:f9:78:
         5d:a5:df:66:a4:0a:b8:9b:f0:97:3d:03:65:6e:4c:f5:14:9a:
         03:3f:f5:b8:32:8f:50:20:3a:79:ca:4c:74:33:82:7b:da:2a:
         ae:82:c7:0e:65:61:ed:30:4d:e7:09:74:1b:18:b5:e8:09:1b:
         a6:98:b0:2f:dc:11:7b:06:21:11:cf:4b:a1:ba:55:36:d3:27:
         6f:fd:92:db:4d:d4:1a:13:6f:24:b0:41:22:eb:0c:36:9c:3c:
         12:94:d2:d1:68:c5:29:bd:c5:e3:94:d4:aa:67:90:8d:33:42:
         27:1c:37:1d:87:f8:f6:26:ca:e6:37:ec:44:8f:84:b0:cb:df:
         de:f6:4f:a1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVtojiffI2uAi9TRgPBsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzM4NDNjODRhNzEyZjc0ZWZiYjI5ODk2Yjg2ODdjYWFkOTJkNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSTSZMBeAwozu1A2wrgnLsOLcb7O
NRuVxGJaRGIEwZe7tUe8/be6QTiBJXrF6Y/o2kZcIqqVX9Cvt46OWycsEGTpFOm+
XyBm/g3b5q8FT5McnZkOLUHgdzGi68yUpk/KIWeiQgHz6uwPsCCrSUWLEUpOIf9Q
jD7ed3mmaSxbGTz0gc4QsJ1z/S2UHGByuToJc1b7MXVvGCDFKTtwOZSpUotCIp0/
M4jdGGAZ/ZLKn0zK267M68xt/fNzO0vuomodFHzlhqLsBXDtph+Ha70Q2R25B9tw
nGqHWTf9xlCAwEay2zCYCbA8VhEmlLvtQVxLYslhoH48uX7NQ8pyxhfl0QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAw4Q8hKcS9077spiWuGh8qtktUIMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0REaER5RXB4TDNUdnV5bUphNGFIeXEyUzFRZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZJbgw
DQYJKoZIhvcNAQELBQADggEBAKqizDy3qww4I/JrMb/yd8MO6Xf5hvXJMi9gv6Tr
cxYDDN3PvW529CNwr71ujtqUAaNfWd6AEbCPkQjuu9h15zb9gj/R5+OdjDZCbe1b
/BnvNUoP4Pyr3wzI8e8H5b4h5SLEI2Bqp8PCBFrsV71VIuK94ekYT8e7TUsTa7z5
eF2l32akCrib8Jc9A2VuTPUUmgM/9bgyj1AgOnnKTHQzgnvaKq6Cxw5lYe0wTecJ
dBsYtegJG6aYsC/cEXsGIRHPS6G6VTbTJ2/9kttN1BoTbySwQSLrDDacPBKU0tFo
xSm9xeOU1KpnkI0zQiccNx2H+PYmyuY37ESPhLDL3972T6E=
-----END CERTIFICATE-----