Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/J6V2naBqyFkSWU9VBk9iy81ONb8.roa
File:                     J6V2naBqyFkSWU9VBk9iy81ONb8.roa (raw, json)
Hash identifier:          TeXdM+JB8HvVZkbj3mIoUdMGIT+7o8GmHpCBJkZW+1g=
Subject key identifier:   27:A5:76:9D:A0:6A:C8:59:12:59:4F:55:06:4F:62:CB:CD:4E:35:BF
Certificate issuer:       /CN=97310ada6a1bbd7aa68e140223bf9c625a33be41
Certificate serial:       018CC56ED3BE33A67B67D54A596AC12D5576
Authority key identifier: 97:31:0A:DA:6A:1B:BD:7A:A6:8E:14:02:23:BF:9C:62:5A:33:BE:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lzEK2mobvXqmjhQCI7-cYlozvkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/J6V2naBqyFkSWU9VBk9iy81ONb8.roa
Signing time:             Mon 01 Jan 2024 14:30:23 +0000
ROA not before:           Mon 01 Jan 2024 14:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        80.89.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/lzEK2mobvXqmjhQCI7-cYlozvkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/lzEK2mobvXqmjhQCI7-cYlozvkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lzEK2mobvXqmjhQCI7-cYlozvkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d3:be:33:a6:7b:67:d5:4a:59:6a:c1:2d:55:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97310ada6a1bbd7aa68e140223bf9c625a33be41
        Validity
            Not Before: Jan  1 14:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27a5769da06ac85912594f55064f62cbcd4e35bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:19:05:4d:7c:4f:8e:9d:71:c9:99:47:5d:07:
                    c7:e6:43:5c:ac:6f:af:5c:85:6f:c5:ab:09:16:c2:
                    5a:0e:19:b9:00:99:18:06:1c:31:e3:9f:f4:c5:e4:
                    e0:0e:1c:f9:fe:f5:45:fd:16:77:d8:d6:a3:c6:a7:
                    72:f3:db:92:fe:37:c7:28:5a:49:d3:51:81:96:68:
                    e7:17:ba:68:12:fa:1a:51:8f:0a:cf:d8:79:74:42:
                    17:74:18:ff:d5:bd:07:22:67:7f:5e:53:ca:8f:f5:
                    bd:9f:39:90:f5:e5:13:75:5a:04:7c:79:ca:2d:e3:
                    c3:ca:3a:7f:4c:c2:cd:18:a3:8b:2f:bb:13:87:bd:
                    f9:e3:2a:51:52:50:e3:8f:b5:34:23:3a:8e:46:25:
                    37:4b:74:dd:20:15:00:e1:42:41:80:43:6d:c1:76:
                    39:df:1d:5e:d0:2d:27:76:28:7d:03:6e:65:2b:45:
                    42:c1:f1:9d:67:7b:01:95:c5:49:76:7b:59:b9:4b:
                    8d:7b:94:2d:cd:3f:3f:ab:e3:97:04:1c:45:2b:36:
                    30:39:d4:ba:2f:8f:d2:79:0b:95:df:55:4b:f0:34:
                    eb:b2:e5:4f:1e:d3:a9:8f:a5:53:07:17:5f:a9:e8:
                    77:23:96:48:06:74:9f:dd:88:1c:b7:c7:5a:13:61:
                    ed:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:A5:76:9D:A0:6A:C8:59:12:59:4F:55:06:4F:62:CB:CD:4E:35:BF
            X509v3 Authority Key Identifier:
                keyid:97:31:0A:DA:6A:1B:BD:7A:A6:8E:14:02:23:BF:9C:62:5A:33:BE:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lzEK2mobvXqmjhQCI7-cYlozvkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/J6V2naBqyFkSWU9VBk9iy81ONb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/lzEK2mobvXqmjhQCI7-cYlozvkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.89.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:19:dd:24:fc:a1:c1:c8:3d:ef:6b:0b:be:89:e9:c2:21:59:
         16:ac:45:96:30:17:a1:a1:6c:83:69:b2:70:d7:b4:9f:87:7d:
         8c:7f:4e:b1:2a:68:9d:a2:66:e5:6f:27:cf:ab:bf:61:83:5e:
         3e:38:2d:b5:78:7d:d4:ea:2d:04:56:83:18:59:db:98:67:6c:
         e4:2e:e9:62:74:9e:0a:17:64:79:02:56:bd:df:8c:3d:ba:8d:
         da:98:d2:8a:e7:25:a8:08:cb:87:b2:57:ff:b4:39:89:d4:6a:
         77:28:0d:a4:9e:f3:1c:36:05:2f:87:0d:a0:f0:a6:e0:4f:22:
         d4:79:96:0f:15:95:a8:c0:ec:94:a5:20:04:de:b4:da:01:86:
         34:2e:8e:03:db:23:ea:48:60:24:88:6d:5e:6c:96:28:b7:2e:
         2d:63:fd:0c:07:24:db:26:36:2d:84:37:d2:31:ae:32:19:e5:
         7e:57:35:24:92:bd:28:e1:40:1b:44:08:03:db:3e:ed:c5:59:
         6e:08:ca:1c:4f:2f:9d:44:87:ae:e5:93:cd:b1:ba:d4:b6:24:
         99:82:5c:06:a4:03:5d:78:a8:3d:7d:f2:fe:fe:a4:74:6f:a2:
         d5:13:30:96:5e:4b:62:7b:30:e9:46:c0:6b:f0:63:8e:2c:78:
         b1:f7:49:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtO+M6Z7Z9VKWWrBLVV2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MzEwYWRhNmExYmJkN2FhNjhlMTQwMjIzYmY5YzYyNWEz
M2JlNDEwHhcNMjQwMTAxMTQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2E1NzY5ZGEwNmFjODU5MTI1OTRmNTUwNjRmNjJjYmNkNGUzNWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhkFTXxPjp1xyZlHXQfH5kNcrG+v
XIVvxasJFsJaDhm5AJkYBhwx45/0xeTgDhz5/vVF/RZ32Najxqdy89uS/jfHKFpJ
01GBlmjnF7poEvoaUY8Kz9h5dEIXdBj/1b0HImd/XlPKj/W9nzmQ9eUTdVoEfHnK
LePDyjp/TMLNGKOLL7sTh7354ypRUlDjj7U0IzqORiU3S3TdIBUA4UJBgENtwXY5
3x1e0C0ndih9A25lK0VCwfGdZ3sBlcVJdntZuUuNe5QtzT8/q+OXBBxFKzYwOdS6
L4/SeQuV31VL8DTrsuVPHtOpj6VTBxdfqeh3I5ZIBnSf3Ygct8daE2HtNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeldp2gashZEllPVQZPYsvNTjW/MB8GA1UdIwQY
MBaAFJcxCtpqG716po4UAiO/nGJaM75BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHpFSzJtb2J2WHFtamhRQ0k3LWNZbG96dmtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81YjM2Y2UtZDhkZC00NTYxLThlYmYt
NTNlOWVmNjA3M2M1LzEvSjZWMm5hQnF5RmtTV1U5VkJrOWl5ODFPTmI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81YjM2Y2UtZDhkZC00NTYxLThlYmYtNTNlOWVmNjA3M2M1
LzEvbHpFSzJtb2J2WHFtamhRQ0k3LWNZbG96dmtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFkDMA0G
CSqGSIb3DQEBCwUAA4IBAQBxGd0k/KHByD3vawu+ienCIVkWrEWWMBehoWyDabJw
17Sfh32Mf06xKmidomblbyfPq79hg14+OC21eH3U6i0EVoMYWduYZ2zkLulidJ4K
F2R5Ala934w9uo3amNKK5yWoCMuHslf/tDmJ1Gp3KA2knvMcNgUvhw2g8KbgTyLU
eZYPFZWowOyUpSAE3rTaAYY0Lo4D2yPqSGAkiG1ebJYoty4tY/0MByTbJjYthDfS
Ma4yGeV+VzUkkr0o4UAbRAgD2z7txVluCMocTy+dRIeu5ZPNsbrUtiSZglwGpANd
eKg9ffL+/qR0b6LVEzCWXktiezDpRsBr8GOOLHix90l4
-----END CERTIFICATE-----