Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/bCebDvqKAmXmMDlAtjHTV8I9NsA.roa
File:                     bCebDvqKAmXmMDlAtjHTV8I9NsA.roa (raw, json)
Hash identifier:          ccAoctPNm3VnwcgJJIfSe0r5RuV0rI3WrmRun+eORUo=
Subject key identifier:   6C:27:9B:0E:FA:8A:02:65:E6:30:39:40:B6:31:D3:57:C2:3D:36:C0
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79560591D2B423A92B986362024C83D
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/bCebDvqKAmXmMDlAtjHTV8I9NsA.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60583
IP address blocks:        89.36.143.0/24 maxlen: 24
                          217.19.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:60:59:1d:2b:42:3a:92:b9:86:36:20:24:c8:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c279b0efa8a0265e6303940b631d357c23d36c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9d:8c:d4:d7:27:1c:1d:a7:58:10:92:07:fd:
                    da:1d:2c:4e:56:2b:82:94:ef:a5:44:f0:bd:30:24:
                    e6:04:a3:d0:3f:7a:03:ca:37:9f:90:35:79:4a:6e:
                    89:d7:32:31:12:a2:b0:3a:b1:a5:53:1d:68:ec:ff:
                    11:69:93:73:d6:33:bb:bf:de:30:db:47:ba:38:dc:
                    19:bc:73:a9:fb:af:87:c0:16:d3:33:fb:44:8d:cc:
                    78:3d:47:75:d7:6c:0d:e6:40:a1:66:1a:d2:e0:7a:
                    ea:22:fb:bf:7e:47:de:c3:82:46:58:c3:77:69:31:
                    b8:62:fd:4e:e7:af:5e:0b:bd:80:45:42:71:15:8d:
                    9f:37:34:9b:33:b3:01:4c:1d:49:1a:70:e4:88:16:
                    d9:1b:82:3d:f5:1f:1b:75:60:33:c8:13:19:d8:2c:
                    9a:e1:cf:d5:cd:8c:2e:bc:00:3d:f3:47:9d:4f:16:
                    cf:bb:93:12:de:d6:27:ce:61:d2:6b:7c:90:76:a2:
                    cc:d1:66:67:37:ea:a6:c8:70:9a:4d:f4:f9:8a:85:
                    52:fd:5a:dc:c8:cc:a0:46:46:c3:0f:34:81:a2:87:
                    3c:5a:7e:55:ec:bb:32:14:6d:7b:66:8d:7c:b3:b7:
                    a8:69:72:bc:2c:4d:30:1d:be:11:0e:34:f1:c9:78:
                    b0:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:27:9B:0E:FA:8A:02:65:E6:30:39:40:B6:31:D3:57:C2:3D:36:C0
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/bCebDvqKAmXmMDlAtjHTV8I9NsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.143.0/24
                  217.19.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         f0:bd:93:5e:96:5f:18:aa:6d:fd:7e:2b:1f:75:81:72:27:c3:
         56:13:bb:2b:ed:2b:a0:f6:0d:96:5f:c3:f8:f2:55:4b:82:18:
         17:20:2b:bb:2c:09:98:ea:fb:c0:84:c4:4a:32:8b:4d:9e:d3:
         2a:a6:dd:25:75:81:39:04:ac:23:45:34:d4:64:77:d0:a6:7a:
         8d:a1:49:14:9c:cc:3d:6f:d1:1b:e3:0a:e8:7b:bb:13:5c:8c:
         8a:c6:1d:bb:e2:d7:96:8a:bb:0b:09:33:4d:91:d8:bc:ec:7b:
         58:35:cf:81:d8:e0:50:b7:81:5f:42:3f:35:ec:6a:1d:cf:ca:
         7e:72:f1:22:49:5a:c1:28:76:be:28:cd:e0:6e:09:b9:d2:cd:
         69:22:f4:ff:cf:a2:cf:50:fe:0e:fa:28:79:2b:0f:46:32:2b:
         14:77:1f:b9:95:3b:15:15:1e:d6:81:21:c8:03:25:3e:42:17:
         f1:16:8f:01:f7:d3:d0:33:e1:22:e2:08:f0:c7:08:d5:e1:ea:
         96:b5:c1:e9:be:b1:2d:05:7c:cc:2e:4e:6f:72:1b:81:0c:87:
         db:01:13:f6:22:f3:39:e1:cf:a1:17:14:5f:86:99:15:c3:4e:
         38:34:d3:97:f0:0e:42:0e:63:27:65:b2:85:e9:13:13:43:67:
         a5:88:4f:3d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlWBZHStCOpK5hjYgJMg9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzI3OWIwZWZhOGEwMjY1ZTYzMDM5NDBiNjMxZDM1N2MyM2QzNmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl52M1NcnHB2nWBCSB/3aHSxOViuC
lO+lRPC9MCTmBKPQP3oDyjefkDV5Sm6J1zIxEqKwOrGlUx1o7P8RaZNz1jO7v94w
20e6ONwZvHOp+6+HwBbTM/tEjcx4PUd112wN5kChZhrS4HrqIvu/fkfew4JGWMN3
aTG4Yv1O569eC72ARUJxFY2fNzSbM7MBTB1JGnDkiBbZG4I99R8bdWAzyBMZ2Cya
4c/VzYwuvAA980edTxbPu5MS3tYnzmHSa3yQdqLM0WZnN+qmyHCaTfT5ioVS/Vrc
yMygRkbDDzSBooc8Wn5V7LsyFG17Zo18s7eoaXK8LE0wHb4RDjTxyXiwJQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGwnmw76igJl5jA5QLYx01fCPTbAMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2JDZWJEdnFLQW1YbU1EbEF0akhUVjhJOU5zQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABZJI8D
BADZEwwwDQYJKoZIhvcNAQELBQADggEBAPC9k16WXxiqbf1+Kx91gXInw1YTuyvt
K6D2DZZfw/jyVUuCGBcgK7ssCZjq+8CExEoyi02e0yqm3SV1gTkErCNFNNRkd9Cm
eo2hSRSczD1v0RvjCuh7uxNcjIrGHbvi15aKuwsJM02R2Lzse1g1z4HY4FC3gV9C
PzXsah3Pyn5y8SJJWsEodr4ozeBuCbnSzWki9P/Pos9Q/g76KHkrD0YyKxR3H7mV
OxUVHtaBIcgDJT5CF/EWjwH309Az4SLiCPDHCNXh6pa1wem+sS0FfMwuTm9yG4EM
h9sBE/Yi8znhz6EXFF+GmRXDTjg005fwDkIOYydlsoXpExNDZ6WITz0=
-----END CERTIFICATE-----