Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/WbM3GnqYUMcKT0B4aPJh3xZ_3p8.roa
File:                     WbM3GnqYUMcKT0B4aPJh3xZ_3p8.roa (raw, json)
Hash identifier:          iht5y+9O3Pq5KZiSHzXuvay9uE27g8wXfZPt7Ibx2v8=
Subject key identifier:   59:B3:37:1A:7A:98:50:C7:0A:4F:40:78:68:F2:61:DF:16:7F:DE:9F
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018D633F1A9EBD8209862CACAF0D21E5B23B
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/WbM3GnqYUMcKT0B4aPJh3xZ_3p8.roa
Signing time:             Thu 01 Feb 2024 05:58:16 +0000
ROA not before:           Thu 01 Feb 2024 05:58:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57009
IP address blocks:        89.43.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:63:3f:1a:9e:bd:82:09:86:2c:ac:af:0d:21:e5:b2:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Feb  1 05:58:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59b3371a7a9850c70a4f407868f261df167fde9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1e:f2:1c:43:84:df:68:ef:28:4e:7a:95:c0:
                    6c:35:a0:fb:a6:bc:69:62:35:26:5b:ad:4e:87:74:
                    93:1f:59:ec:8a:a9:f9:a2:5b:a1:48:3d:df:18:83:
                    f7:27:b1:a4:4a:84:b5:50:56:da:c0:8e:1e:36:fd:
                    b9:fb:75:07:dd:94:ac:81:e3:28:31:fb:93:f3:5f:
                    a5:59:69:f8:db:54:d9:dd:b9:b1:20:b9:e5:cf:86:
                    3d:ce:8d:7a:f8:52:6a:6c:12:43:2a:83:a6:8e:64:
                    57:b6:85:7d:2e:f3:07:59:8c:bd:2e:69:2f:1d:fd:
                    bd:22:4f:c1:96:6a:90:47:9f:b6:91:2f:52:07:d5:
                    cd:59:a8:4a:33:66:81:8c:07:a4:df:00:1f:e1:10:
                    55:8f:6c:1e:e7:39:7d:4d:01:d4:7a:69:3a:bb:46:
                    05:e5:67:64:82:84:d0:68:01:9c:dc:a2:ea:7a:e6:
                    2a:96:4e:08:8b:19:65:4b:ea:72:44:7d:64:d1:00:
                    05:7c:a6:63:02:fe:af:fd:a4:70:b3:30:7f:76:8e:
                    17:36:ab:a9:1b:86:27:47:77:12:f2:63:57:20:81:
                    f9:2a:80:92:2e:b9:58:fa:a9:40:05:69:e9:88:dd:
                    29:f4:a2:a4:75:70:fb:22:a7:db:05:4a:8d:92:15:
                    87:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:B3:37:1A:7A:98:50:C7:0A:4F:40:78:68:F2:61:DF:16:7F:DE:9F
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/WbM3GnqYUMcKT0B4aPJh3xZ_3p8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:ed:b4:b2:14:cb:55:62:f4:98:6c:ad:64:78:49:db:4a:56:
         39:bb:ec:0f:6f:3f:50:f6:77:f5:ed:88:40:31:2b:87:1e:62:
         c3:7e:16:b1:70:81:79:d8:f7:2d:93:d0:7f:ba:56:62:99:6e:
         d5:01:0f:76:de:88:f8:5a:11:a5:1e:ed:a1:61:58:23:b5:71:
         20:9e:62:ef:89:b6:7e:21:dd:e8:6c:a5:b3:4a:9e:c4:67:88:
         ac:c3:ce:99:ed:26:b2:ba:31:0c:4a:8d:06:73:d3:6a:5f:c1:
         6e:2e:6f:dd:6f:f5:31:7e:cd:d7:07:b9:1b:cc:df:ed:6c:93:
         4a:54:85:fb:49:30:ee:81:9c:50:17:2e:bd:65:3f:0a:a7:13:
         f4:bc:96:dc:c6:9f:4d:6e:2a:ee:f3:fb:26:39:c5:69:02:50:
         5e:b2:dd:ce:39:18:5b:a6:95:45:98:95:21:67:dc:54:b7:4d:
         2e:de:66:90:c3:98:5e:9c:c2:bc:d0:16:91:26:bd:ea:cb:74:
         e2:c6:6b:75:b3:8b:b8:25:ce:04:9a:74:a0:09:54:c6:53:75:
         18:70:c1:43:a6:c5:09:8f:7b:4a:5b:05:82:6f:a8:8a:63:8a:
         63:ce:f7:ef:02:8d:aa:ff:f2:a3:e0:cc:d2:a7:92:6a:7b:e0:
         44:d6:ce:90
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY1jPxqevYIJhiysrw0h5bI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMjAxMDU1ODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWIzMzcxYTdhOTg1MGM3MGE0ZjQwNzg2OGYyNjFkZjE2N2ZkZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqh7yHEOE32jvKE56lcBsNaD7prxp
YjUmW61Oh3STH1nsiqn5oluhSD3fGIP3J7GkSoS1UFbawI4eNv25+3UH3ZSsgeMo
MfuT81+lWWn421TZ3bmxILnlz4Y9zo16+FJqbBJDKoOmjmRXtoV9LvMHWYy9Lmkv
Hf29Ik/BlmqQR5+2kS9SB9XNWahKM2aBjAek3wAf4RBVj2we5zl9TQHUemk6u0YF
5WdkgoTQaAGc3KLqeuYqlk4IixllS+pyRH1k0QAFfKZjAv6v/aRwszB/do4XNqup
G4YnR3cS8mNXIIH5KoCSLrlY+qlABWnpiN0p9KKkdXD7IqfbBUqNkhWHKwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFmzNxp6mFDHCk9AeGjyYd8Wf96fMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1diTTNHbnFZVU1jS1QwQjRhUEpoM3haXzNwOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZKzcw
DQYJKoZIhvcNAQELBQADggEBAHbttLIUy1Vi9JhsrWR4SdtKVjm77A9vP1D2d/Xt
iEAxK4ceYsN+FrFwgXnY9y2T0H+6VmKZbtUBD3beiPhaEaUe7aFhWCO1cSCeYu+J
tn4h3ehspbNKnsRniKzDzpntJrK6MQxKjQZz02pfwW4ub91v9TF+zdcHuRvM3+1s
k0pUhftJMO6BnFAXLr1lPwqnE/S8ltzGn01uKu7z+yY5xWkCUF6y3c45GFumlUWY
lSFn3FS3TS7eZpDDmF6cwrzQFpEmverLdOLGa3Wzi7glzgSadKAJVMZTdRhwwUOm
xQmPe0pbBYJvqIpjimPO9+8Cjar/8qPgzNKnkmp74ETWzpA=
-----END CERTIFICATE-----