Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_8zv-4jyIyJwtqaMaZBg41Nz4-o.roa
File:                     _8zv-4jyIyJwtqaMaZBg41Nz4-o.roa (raw, json)
Hash identifier:          BR1RMx9iY2hNLHScARJh3ojoVK8tlYB8y+vW7D3ehJU=
Subject key identifier:   FF:CC:EF:FB:88:F2:23:22:70:B6:A6:8C:69:90:60:E3:53:73:E3:EA
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018E51BE3A8AE4134C0775DAF003390FBE8A
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_8zv-4jyIyJwtqaMaZBg41Nz4-o.roa
Signing time:             Mon 18 Mar 2024 13:26:45 +0000
ROA not before:           Mon 18 Mar 2024 13:26:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5606
IP address blocks:        89.38.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:be:3a:8a:e4:13:4c:07:75:da:f0:03:39:0f:be:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Mar 18 13:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffcceffb88f2232270b6a68c699060e35373e3ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:50:6f:b7:aa:f8:99:ad:fe:b7:d8:38:1d:09:
                    b5:53:06:70:3b:19:25:3e:bd:24:9c:ff:06:b9:a2:
                    b2:5b:a6:13:cc:01:b2:40:6c:09:7a:fb:e1:ef:83:
                    9b:b9:3a:65:04:96:a5:ee:65:25:49:af:00:86:6e:
                    c5:0f:e1:e1:d3:16:7f:e8:66:f8:d1:cb:4a:ea:d9:
                    9f:c3:c8:10:61:c5:d2:d3:50:39:51:c8:53:c1:54:
                    19:4c:72:5e:95:e4:6b:95:6d:5e:72:b2:eb:5a:b3:
                    18:5e:42:00:d7:79:ae:88:65:bf:fd:52:17:cf:72:
                    18:bc:0c:4e:74:d1:f0:06:75:60:a7:19:6f:4f:5f:
                    9b:71:5b:a2:ce:6a:55:20:e4:1e:19:1f:df:9e:42:
                    96:9c:d5:e6:35:a1:80:d8:f1:ba:da:7b:fb:1f:bf:
                    38:1c:d7:75:bb:75:34:53:e2:68:2d:f5:84:89:79:
                    bb:d9:30:ea:42:a4:ae:9f:35:a1:d5:f7:13:96:06:
                    1a:22:30:39:84:c5:a4:8e:a1:91:73:06:0a:8f:ec:
                    47:b2:46:1c:80:d4:5a:b5:ca:5e:09:04:18:ff:e3:
                    7a:d5:48:e5:ef:e3:e7:6a:da:c2:81:28:8f:44:42:
                    1c:60:83:95:78:04:a9:41:3d:d3:24:5d:a7:e0:c3:
                    7c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:CC:EF:FB:88:F2:23:22:70:B6:A6:8C:69:90:60:E3:53:73:E3:EA
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_8zv-4jyIyJwtqaMaZBg41Nz4-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:9c:e3:24:cc:87:8e:a5:9a:5f:4b:1c:ce:c9:eb:e4:22:13:
         6a:c4:34:fd:3c:14:d0:b8:08:8c:22:07:b3:45:4e:3d:c1:cf:
         a1:71:60:c6:73:9a:57:60:4d:70:81:06:13:68:2e:c6:7e:3a:
         75:08:03:0b:20:07:4b:9f:6d:fb:4f:bf:42:b0:0a:f1:c7:97:
         df:57:5a:79:c4:40:a8:07:0e:73:1f:42:34:5e:ab:fb:4b:34:
         c4:3e:06:5d:d8:e0:dc:43:35:cb:09:26:fc:e5:9c:40:a2:84:
         e8:c8:11:64:66:4c:c4:61:c9:c3:3e:a3:64:42:2a:3d:2b:c6:
         e9:a7:17:87:11:b8:6e:ec:42:88:b2:93:fd:31:fa:a0:33:79:
         80:e7:27:51:c9:dc:1c:6c:1f:21:b2:cf:53:60:d7:fb:7c:2a:
         57:c0:83:b3:6c:bc:6d:ad:89:88:58:cd:06:25:c6:a4:ac:88:
         b5:6a:bc:82:18:f7:ee:e6:72:41:f7:d6:e3:41:68:1a:d0:ef:
         1d:67:04:88:f7:bb:bf:c4:5f:29:ab:01:c2:6b:6f:f9:57:77:
         c7:50:c5:25:1e:16:4b:e4:d8:04:4e:3a:07:a4:ab:ab:5b:2e:
         5a:58:3f:99:93:9d:e5:e0:31:26:07:fe:0f:46:4b:8e:b6:d6:
         bc:b4:67:21
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY5RvjqK5BNMB3Xa8AM5D76KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMzE4MTMyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmNjZWZmYjg4ZjIyMzIyNzBiNmE2OGM2OTkwNjBlMzUzNzNlM2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1Bvt6r4ma3+t9g4HQm1UwZwOxkl
Pr0knP8GuaKyW6YTzAGyQGwJevvh74ObuTplBJal7mUlSa8Ahm7FD+Hh0xZ/6Gb4
0ctK6tmfw8gQYcXS01A5UchTwVQZTHJeleRrlW1ecrLrWrMYXkIA13muiGW//VIX
z3IYvAxOdNHwBnVgpxlvT1+bcVuizmpVIOQeGR/fnkKWnNXmNaGA2PG62nv7H784
HNd1u3U0U+JoLfWEiXm72TDqQqSunzWh1fcTlgYaIjA5hMWkjqGRcwYKj+xHskYc
gNRatcpeCQQY/+N61Ujl7+PnatrCgSiPREIcYIOVeASpQT3TJF2n4MN8aQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFP/M7/uI8iMicLamjGmQYONTc+PqMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL184enYtNGp5SXlKd3RxYU1hWkJnNDFOejQtby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZJjkw
DQYJKoZIhvcNAQELBQADggEBAKec4yTMh46lml9LHM7J6+QiE2rENP08FNC4CIwi
B7NFTj3Bz6FxYMZzmldgTXCBBhNoLsZ+OnUIAwsgB0ufbftPv0KwCvHHl99XWnnE
QKgHDnMfQjReq/tLNMQ+Bl3Y4NxDNcsJJvzlnECihOjIEWRmTMRhycM+o2RCKj0r
xumnF4cRuG7sQoiyk/0x+qAzeYDnJ1HJ3BxsHyGyz1Ng1/t8KlfAg7NsvG2tiYhY
zQYlxqSsiLVqvIIY9+7mckH31uNBaBrQ7x1nBIj3u7/EXymrAcJrb/lXd8dQxSUe
Fkvk2AROOgekq6tbLlpYP5mTneXgMSYH/g9GS4621ry0ZyE=
-----END CERTIFICATE-----