Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/FGtFhjbVdf7UtUPxzyKmjL0hl5k.roa
File:                     FGtFhjbVdf7UtUPxzyKmjL0hl5k.roa (raw, json)
Hash identifier:          W9JMwlEEvhQgCbxGNCfw+Q7PhftwPh0z+o6hg73IYjQ=
Subject key identifier:   14:6B:45:86:36:D5:75:FE:D4:B5:43:F1:CF:22:A6:8C:BD:21:97:99
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018E51BE3AB8D0AADEF0DC90D1F8DB256D43
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/FGtFhjbVdf7UtUPxzyKmjL0hl5k.roa
Signing time:             Mon 18 Mar 2024 13:26:45 +0000
ROA not before:           Mon 18 Mar 2024 13:26:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41414
IP address blocks:        89.38.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:be:3a:b8:d0:aa:de:f0:dc:90:d1:f8:db:25:6d:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Mar 18 13:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=146b458636d575fed4b543f1cf22a68cbd219799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1b:c5:c8:b2:2d:68:9d:2b:e3:03:4a:0b:e2:
                    2a:13:68:9d:11:59:b8:e6:39:a9:64:3b:ad:7c:8e:
                    f0:b9:c7:c2:2f:4c:50:ef:04:9a:55:93:96:ba:c3:
                    2e:bc:b4:cd:a1:f6:60:a4:6e:43:f3:8b:76:a4:18:
                    37:cd:68:30:09:85:21:d4:0d:13:ab:8a:08:70:63:
                    e9:c7:0f:3d:9b:9b:57:40:97:04:01:18:68:0b:47:
                    ac:5f:4f:a8:5a:29:0e:2c:69:f8:d5:75:2d:35:48:
                    17:09:ec:18:50:12:69:5a:13:39:10:e9:d2:09:2f:
                    61:26:4f:b1:e9:f0:dc:9c:96:3c:34:dc:7f:b2:90:
                    12:15:d7:2f:cc:aa:0f:f5:5b:48:ff:53:0e:32:16:
                    a5:9d:14:cf:d4:c3:1a:5f:d1:b5:a7:fb:b3:c9:7a:
                    9d:68:98:96:eb:81:de:05:74:2c:ec:82:e4:75:02:
                    c5:69:a8:5d:7b:40:28:89:b4:1a:51:d1:f4:5a:c0:
                    b4:4d:14:8c:96:2e:75:f8:8c:de:75:42:64:cd:bb:
                    9d:c1:ab:e1:16:a1:18:34:6f:76:8c:e5:61:73:40:
                    ac:8a:4c:e6:7d:35:57:95:1b:78:44:32:90:05:11:
                    1a:50:25:36:2d:2c:0f:ab:51:d2:e1:a8:82:83:42:
                    fb:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:6B:45:86:36:D5:75:FE:D4:B5:43:F1:CF:22:A6:8C:BD:21:97:99
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/FGtFhjbVdf7UtUPxzyKmjL0hl5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:26:2b:81:d5:82:ed:21:84:da:bd:fb:09:5f:e2:53:fa:a2:
         c8:89:fe:b7:82:cf:82:46:55:ff:5f:7c:fb:6c:63:21:47:8d:
         65:50:d8:4d:0c:0e:22:e1:de:b7:e4:e3:c0:44:cd:2b:6c:da:
         96:4c:6b:4e:f8:8d:44:e0:68:e3:7a:d6:9a:7c:f7:0f:f6:b8:
         75:3f:83:37:b0:cb:03:23:20:11:37:64:c0:bf:40:c1:63:0d:
         ed:3f:e7:9d:39:0c:75:58:95:5e:89:a9:8d:2a:fa:12:5e:a4:
         be:be:7a:8b:f7:7e:21:54:23:0c:df:34:06:59:f4:33:15:8a:
         be:49:43:1a:d7:95:38:ea:82:df:f7:19:b5:bd:8c:27:5e:4b:
         d1:c5:e4:19:f6:2c:e4:f4:3b:bd:7d:51:ef:9f:c1:83:8b:02:
         6f:4a:f2:07:6c:c0:25:d9:f5:6a:32:eb:9d:8f:ac:61:dd:5d:
         4c:d3:1a:56:fd:3c:3f:6b:48:34:8d:65:68:da:ed:57:b6:fc:
         d1:dd:f2:0e:a3:7e:24:c4:88:37:f3:e3:d5:d9:fc:69:2c:c9:
         7d:82:91:89:dd:4c:63:3d:eb:8d:bf:bd:c6:0b:20:e8:0a:50:
         fd:6a:9e:fb:d1:64:1f:e4:c3:ab:75:27:d9:4f:2b:3d:6a:44:
         b6:c1:75:0a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY5Rvjq40Kre8NyQ0fjbJW1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMzE4MTMyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDZiNDU4NjM2ZDU3NWZlZDRiNTQzZjFjZjIyYTY4Y2JkMjE5Nzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRvFyLItaJ0r4wNKC+IqE2idEVm4
5jmpZDutfI7wucfCL0xQ7wSaVZOWusMuvLTNofZgpG5D84t2pBg3zWgwCYUh1A0T
q4oIcGPpxw89m5tXQJcEARhoC0esX0+oWikOLGn41XUtNUgXCewYUBJpWhM5EOnS
CS9hJk+x6fDcnJY8NNx/spASFdcvzKoP9VtI/1MOMhalnRTP1MMaX9G1p/uzyXqd
aJiW64HeBXQs7ILkdQLFaahde0AoibQaUdH0WsC0TRSMli51+IzedUJkzbudwavh
FqEYNG92jOVhc0CsikzmfTVXlRt4RDKQBREaUCU2LSwPq1HS4aiCg0L7fQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBRrRYY21XX+1LVD8c8ipoy9IZeZMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0ZHdEZoamJWZGY3VXRVUHh6eUttakwwaGw1ay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZJjkw
DQYJKoZIhvcNAQELBQADggEBAHQmK4HVgu0hhNq9+wlf4lP6osiJ/reCz4JGVf9f
fPtsYyFHjWVQ2E0MDiLh3rfk48BEzSts2pZMa074jUTgaON61pp89w/2uHU/gzew
ywMjIBE3ZMC/QMFjDe0/5505DHVYlV6JqY0q+hJepL6+eov3fiFUIwzfNAZZ9DMV
ir5JQxrXlTjqgt/3GbW9jCdeS9HF5Bn2LOT0O719Ue+fwYOLAm9K8gdswCXZ9Woy
652PrGHdXUzTGlb9PD9rSDSNZWja7Ve2/NHd8g6jfiTEiDfz49XZ/GksyX2CkYnd
TGM9642/vcYLIOgKUP1qnvvRZB/kw6t1J9lPKz1qRLbBdQo=
-----END CERTIFICATE-----