Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jLsiR0vIziUmmi3OXzz7dwCd7Ao.roa
File:                     jLsiR0vIziUmmi3OXzz7dwCd7Ao.roa (raw, json)
Hash identifier:          /sUJ45i83KF8adnk4jpqvfzDc1+ZHfSqJKBxBC46bIM=
Subject key identifier:   8C:BB:22:47:4B:C8:CE:25:26:9A:2D:CE:5F:3C:FB:77:00:9D:EC:0A
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7954D70ED0E8F63D860815CEDA9E6CB
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jLsiR0vIziUmmi3OXzz7dwCd7Ao.roa
Signing time:             Tue 02 Jan 2024 00:31:39 +0000
ROA not before:           Tue 02 Jan 2024 00:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42756
IP address blocks:        89.44.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4d:70:ed:0e:8f:63:d8:60:81:5c:ed:a9:e6:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cbb22474bc8ce25269a2dce5f3cfb77009dec0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e5:93:db:7a:46:49:80:de:6a:01:4d:88:8a:
                    88:9a:5b:a5:5a:c8:7f:ae:08:33:87:af:a1:8a:dd:
                    90:de:1f:3f:ee:79:cb:5f:20:55:73:29:f5:7b:0d:
                    a1:e2:14:6c:79:57:fa:4f:dd:bd:25:d1:51:3b:8e:
                    db:30:55:37:75:ff:eb:5d:95:44:06:e8:d6:5e:f5:
                    51:52:f8:c2:7d:93:54:18:1e:b3:fa:ed:d9:7f:00:
                    87:ac:0b:0a:d1:d5:dc:6b:38:0d:3b:f8:f1:25:08:
                    26:a6:39:14:3e:3a:44:1a:dc:2c:2d:c2:5b:b8:a7:
                    c6:7a:49:13:25:07:95:7a:0c:a8:53:e0:4e:fb:83:
                    b2:03:21:3b:13:cd:6e:ea:ee:d4:96:70:5a:46:8a:
                    e6:36:c9:99:01:cb:c3:b2:1d:06:44:41:51:68:f1:
                    c9:24:7e:62:31:50:57:5e:91:34:52:ae:1a:9a:15:
                    0d:cf:8b:7e:f1:52:e3:be:c7:e7:21:57:41:08:44:
                    d8:e2:75:0f:47:db:c5:12:96:69:c8:ef:c8:76:ee:
                    3d:d0:c1:1d:41:9a:46:e2:30:b9:4d:c3:eb:36:8b:
                    aa:eb:68:53:03:7c:65:ac:99:54:b4:3e:4d:fc:14:
                    b6:e3:6d:52:e1:6e:4c:95:7d:67:ea:0b:63:82:6e:
                    2c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:BB:22:47:4B:C8:CE:25:26:9A:2D:CE:5F:3C:FB:77:00:9D:EC:0A
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jLsiR0vIziUmmi3OXzz7dwCd7Ao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:29:e5:c6:74:ae:73:b2:5d:de:6e:b2:c6:9b:b4:c6:93:13:
         9d:63:a9:0e:47:93:34:d3:42:87:dd:70:9e:a2:ed:95:51:3e:
         73:a6:79:e8:24:bb:d5:3d:16:2f:61:57:82:45:7d:ae:3c:74:
         e2:d9:f1:0b:5f:c9:d2:28:8d:67:c5:0c:26:14:f0:b5:e9:ec:
         af:c9:14:f1:ae:d3:1c:c7:af:94:05:d4:2f:3d:ed:5a:b9:dc:
         a0:07:4c:ae:a7:5a:c0:8a:96:3a:18:34:eb:cb:72:c1:40:76:
         21:39:6a:ce:b3:83:32:6d:a1:41:44:1c:2a:4b:c5:02:fa:96:
         03:3c:81:79:23:df:5c:ef:96:98:1b:6b:1a:19:ce:30:22:ac:
         84:5a:2a:c4:3a:22:39:15:95:ed:dd:50:d3:14:a1:b3:d7:7b:
         30:90:61:92:35:1e:06:19:22:f5:7e:30:59:df:b4:37:24:84:
         16:dc:dc:44:cc:9c:ee:49:ca:9f:29:98:73:02:c2:20:e6:36:
         95:ed:09:b6:86:7c:80:c5:3e:46:17:66:3f:6d:19:b9:c7:26:
         0b:ef:83:17:1e:ff:2a:32:35:93:71:b7:30:bc:26:2b:96:a9:
         5d:2d:d0:1e:59:1f:fd:f1:2f:fe:3e:fb:35:50:d7:c4:da:30:
         39:36:d0:26
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlU1w7Q6PY9hggVztqebLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2JiMjI0NzRiYzhjZTI1MjY5YTJkY2U1ZjNjZmI3NzAwOWRlYzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuWT23pGSYDeagFNiIqImlulWsh/
rggzh6+hit2Q3h8/7nnLXyBVcyn1ew2h4hRseVf6T929JdFRO47bMFU3df/rXZVE
BujWXvVRUvjCfZNUGB6z+u3ZfwCHrAsK0dXcazgNO/jxJQgmpjkUPjpEGtwsLcJb
uKfGekkTJQeVegyoU+BO+4OyAyE7E81u6u7UlnBaRormNsmZAcvDsh0GREFRaPHJ
JH5iMVBXXpE0Uq4amhUNz4t+8VLjvsfnIVdBCETY4nUPR9vFEpZpyO/Idu490MEd
QZpG4jC5TcPrNouq62hTA3xlrJlUtD5N/BS2421S4W5MlX1n6gtjgm4sLQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIy7IkdLyM4lJpotzl88+3cAnewKMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2pMc2lSMHZJemlVbW1pM09Yeno3ZHdDZDdBby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZLJAw
DQYJKoZIhvcNAQELBQADggEBABUp5cZ0rnOyXd5ussabtMaTE51jqQ5HkzTTQofd
cJ6i7ZVRPnOmeegku9U9Fi9hV4JFfa48dOLZ8QtfydIojWfFDCYU8LXp7K/JFPGu
0xzHr5QF1C897Vq53KAHTK6nWsCKljoYNOvLcsFAdiE5as6zgzJtoUFEHCpLxQL6
lgM8gXkj31zvlpgbaxoZzjAirIRaKsQ6IjkVle3dUNMUobPXezCQYZI1HgYZIvV+
MFnftDckhBbc3ETMnO5Jyp8pmHMCwiDmNpXtCbaGfIDFPkYXZj9tGbnHJgvvgxce
/yoyNZNxtzC8JiuWqV0t0B5ZH/3xL/4++zVQ18TaMDk20CY=
-----END CERTIFICATE-----