Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/aNS1cSnLGTZBNGzrCXkf92gjNh0.roa
File:                     aNS1cSnLGTZBNGzrCXkf92gjNh0.roa (raw, json)
Hash identifier:          pBlMqC4Eew0hO3J4AY0dPTF5ZF4C+xD7JHoS5FGPU3E=
Subject key identifier:   68:D4:B5:71:29:CB:19:36:41:34:6C:EB:09:79:1F:F7:68:23:36:1D
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7954AC358225CCE5EC26D71B0274338
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/aNS1cSnLGTZBNGzrCXkf92gjNh0.roa
Signing time:             Tue 02 Jan 2024 00:31:39 +0000
ROA not before:           Tue 02 Jan 2024 00:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41850
IP address blocks:        89.39.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4a:c3:58:22:5c:ce:5e:c2:6d:71:b0:27:43:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68d4b57129cb193641346ceb09791ff76823361d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1c:21:71:7f:8c:65:1b:77:c7:40:ec:13:f8:
                    fc:d1:ab:e3:e6:b3:e6:b3:a8:c5:6a:aa:a9:f3:15:
                    3e:1d:1e:a9:75:aa:72:e9:e2:7e:37:b4:3f:4c:93:
                    74:5a:ef:09:a5:0b:27:fb:1c:db:02:fb:ec:2f:74:
                    98:d1:06:aa:88:cf:42:de:ee:49:ba:07:df:d5:9b:
                    77:28:ec:c7:b7:0d:e6:28:44:b4:0d:54:de:0d:b0:
                    fb:56:62:e6:54:57:12:db:ef:9c:f0:bc:14:22:fd:
                    50:ef:aa:a4:7f:18:29:56:06:7c:91:e0:32:81:f4:
                    36:d8:d4:35:5b:27:23:42:80:ab:7c:aa:69:92:40:
                    7c:f4:92:b6:b7:21:2e:31:47:60:b4:6c:45:15:6a:
                    62:ee:1f:46:03:33:21:94:ed:9f:f8:04:ef:3d:a9:
                    4f:06:47:55:50:da:20:ae:8c:05:37:38:24:dc:0e:
                    fa:54:fc:24:b0:a5:66:f4:83:a9:e9:30:9b:f2:8a:
                    4c:3e:14:67:a7:59:69:13:36:c3:cd:ac:07:1c:c1:
                    7a:fa:fe:c7:5b:fe:13:35:14:ee:33:ac:2d:8b:b0:
                    af:96:0a:71:86:41:7e:6d:db:b1:f2:cc:2e:20:19:
                    39:3f:93:a4:29:83:cb:6d:fd:6e:4c:c5:86:ea:50:
                    0e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D4:B5:71:29:CB:19:36:41:34:6C:EB:09:79:1F:F7:68:23:36:1D
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/aNS1cSnLGTZBNGzrCXkf92gjNh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ce:6e:93:2d:88:ac:52:b1:b4:b0:72:41:50:ac:42:c8:d0:3a:
         5a:40:a9:c1:17:ab:5d:bf:f9:ad:ef:87:ee:81:c1:16:0b:a7:
         ba:21:b5:72:fc:ae:7c:31:38:99:e1:67:a8:83:05:a8:4a:75:
         5e:1d:c5:02:a7:93:44:d0:47:b4:4d:81:ba:bc:15:16:32:c5:
         7f:62:b3:42:72:2d:1b:cc:b3:9f:12:43:4d:54:08:93:4c:4c:
         6d:14:93:a6:c7:34:b2:a9:98:e2:e5:7a:b0:25:35:14:2d:0b:
         29:c4:87:d1:36:6e:88:ec:dc:f5:7f:5b:50:3c:ec:81:24:30:
         6b:9a:24:bf:2f:2e:e1:ab:67:54:36:22:84:cb:d8:62:6f:f0:
         69:9f:26:aa:55:e6:d5:a8:71:01:45:e3:f8:3a:ab:bc:aa:7c:
         a8:be:3f:a2:e0:f5:73:75:16:5c:ce:c4:d4:60:7d:16:42:d0:
         16:6e:df:a1:bd:d9:fc:5b:c4:67:b6:f6:b6:62:29:dc:7e:c9:
         c4:1c:b5:28:65:7d:94:9f:b6:83:50:1f:f1:06:01:38:bd:5b:
         92:2b:35:22:28:5f:5a:24:86:52:9f:36:8e:1a:14:c3:49:6b:
         cb:aa:bd:be:d5:1b:cf:cc:2e:88:da:f5:e2:75:3d:bb:16:3c:
         36:71:0f:35
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUrDWCJczl7CbXGwJ0M4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQ0YjU3MTI5Y2IxOTM2NDEzNDZjZWIwOTc5MWZmNzY4MjMzNjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxwhcX+MZRt3x0DsE/j80avj5rPm
s6jFaqqp8xU+HR6pdapy6eJ+N7Q/TJN0Wu8JpQsn+xzbAvvsL3SY0QaqiM9C3u5J
ugff1Zt3KOzHtw3mKES0DVTeDbD7VmLmVFcS2++c8LwUIv1Q76qkfxgpVgZ8keAy
gfQ22NQ1WycjQoCrfKppkkB89JK2tyEuMUdgtGxFFWpi7h9GAzMhlO2f+ATvPalP
BkdVUNogrowFNzgk3A76VPwksKVm9IOp6TCb8opMPhRnp1lpEzbDzawHHMF6+v7H
W/4TNRTuM6wti7CvlgpxhkF+bdux8swuIBk5P5OkKYPLbf1uTMWG6lAOJQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGjUtXEpyxk2QTRs6wl5H/doIzYdMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2FOUzFjU25MR1RaQk5HenJDWGtmOTJnak5oMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJZJ/gw
DQYJKoZIhvcNAQELBQADggEBAM5uky2IrFKxtLByQVCsQsjQOlpAqcEXq12/+a3v
h+6BwRYLp7ohtXL8rnwxOJnhZ6iDBahKdV4dxQKnk0TQR7RNgbq8FRYyxX9is0Jy
LRvMs58SQ01UCJNMTG0Uk6bHNLKpmOLlerAlNRQtCynEh9E2bojs3PV/W1A87IEk
MGuaJL8vLuGrZ1Q2IoTL2GJv8GmfJqpV5tWocQFF4/g6q7yqfKi+P6Lg9XN1FlzO
xNRgfRZC0BZu36G92fxbxGe29rZiKdx+ycQctShlfZSftoNQH/EGATi9W5IrNSIo
X1okhlKfNo4aFMNJa8uqvb7VG8/MLoja9eJ1PbsWPDZxDzU=
-----END CERTIFICATE-----