Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wHVNZZr76vn1zQi-Ud-UynYB76c.roa
File:                     wHVNZZr76vn1zQi-Ud-UynYB76c.roa (raw, json)
Hash identifier:          HMiKl4wNgWmlUXUSfbz+Ft1svPrMzaxnv/4V9Dd4pls=
Subject key identifier:   C0:75:4D:65:9A:FB:EA:F9:F5:CD:08:BE:51:DF:94:CA:76:01:EF:A7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01907450A0C6620299C9E3D3535EDAB450E6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wHVNZZr76vn1zQi-Ud-UynYB76c.roa
Signing time:             Tue 02 Jul 2024 16:39:19 +0000
ROA not before:           Tue 02 Jul 2024 16:39:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202364
IP address blocks:        89.213.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:74:50:a0:c6:62:02:99:c9:e3:d3:53:5e:da:b4:50:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  2 16:39:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0754d659afbeaf9f5cd08be51df94ca7601efa7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:fb:ec:4b:af:b8:66:e0:86:9f:dc:07:16:83:
                    09:e0:ec:20:17:48:ae:43:af:4f:17:d2:8c:0c:e9:
                    86:42:d3:f3:db:3d:ac:49:a8:ca:fb:d3:b3:fa:27:
                    2a:db:1d:aa:32:73:56:70:05:41:0a:92:64:fc:5c:
                    5a:4f:53:ad:0b:d1:28:db:b6:18:66:51:08:6b:c5:
                    00:67:d8:24:03:1f:e0:e2:2f:8e:3a:8b:ed:f3:3a:
                    6b:83:e9:dc:74:04:ce:80:f8:07:73:3c:8e:6b:b4:
                    8e:a6:da:24:ba:c2:71:c2:b5:ae:5b:13:52:6b:04:
                    69:25:a0:9f:c4:d5:f7:ab:73:1e:03:50:ed:d9:f7:
                    59:97:c6:99:64:60:4c:43:1a:4a:9b:5c:f3:06:a0:
                    90:cd:8e:ef:fe:9c:55:f0:8d:e9:18:b2:59:4f:5e:
                    87:d4:1f:66:14:c6:b3:38:be:11:a9:af:2c:3b:d0:
                    4e:7d:f0:36:2a:a2:b6:8c:bb:0e:3c:96:e6:42:86:
                    66:89:f5:4e:54:fa:5d:5a:77:e4:b8:24:f3:79:01:
                    6f:6c:84:65:02:b0:14:aa:d2:0f:d7:2d:1b:2d:14:
                    8d:af:60:ea:0f:65:77:00:a0:d4:3b:e1:d7:2c:a7:
                    c5:55:e4:ee:7b:5c:ef:56:d8:2b:39:1e:8c:55:7d:
                    f4:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:75:4D:65:9A:FB:EA:F9:F5:CD:08:BE:51:DF:94:CA:76:01:EF:A7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wHVNZZr76vn1zQi-Ud-UynYB76c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:51:d0:f9:b3:5e:16:64:ea:11:c1:4d:91:a4:93:f7:cc:10:
         69:b3:1a:0e:af:d4:a3:31:7f:9a:83:2c:09:89:6c:03:63:ac:
         a5:63:d2:ad:b5:20:b0:0f:0c:d6:7f:c4:df:f2:3c:72:b1:f8:
         af:4f:a3:42:1f:94:22:6e:e1:f0:1c:05:18:28:0a:93:b4:36:
         48:0f:e6:0b:04:ee:30:79:06:79:a2:a8:14:fa:76:78:ce:15:
         db:8f:75:71:ad:c8:0d:26:85:d2:56:02:bb:c2:c7:bd:6b:bc:
         54:91:d6:4d:05:03:fe:57:97:b2:de:4e:ac:49:84:00:f9:7d:
         f0:67:ad:af:60:8d:dd:d7:c6:d6:13:b7:ea:e7:28:fa:e4:fb:
         20:de:b0:3b:29:2c:ec:a7:ba:61:72:4e:8f:2a:4e:23:58:d3:
         70:d5:8f:57:cd:7c:15:e1:1e:03:78:28:20:ec:c2:aa:48:63:
         2a:af:37:27:d5:f4:d1:51:3d:a3:b4:69:57:3f:8b:f9:7b:eb:
         be:e8:c7:cd:d7:55:cd:f9:16:57:df:c7:3c:64:be:ac:24:ff:
         bc:36:2a:6a:68:07:64:4b:f2:c6:d3:32:99:f4:81:06:d2:37:
         1c:36:2a:59:95:5b:9f:28:5d:6d:41:cc:b2:2e:77:ef:46:de:
         46:d0:ed:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB0UKDGYgKZyePTU17atFDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzAyMTYzOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDc1NGQ2NTlhZmJlYWY5ZjVjZDA4YmU1MWRmOTRjYTc2MDFlZmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvvsS6+4ZuCGn9wHFoMJ4OwgF0iu
Q69PF9KMDOmGQtPz2z2sSajK+9Oz+icq2x2qMnNWcAVBCpJk/FxaT1OtC9Eo27YY
ZlEIa8UAZ9gkAx/g4i+OOovt8zprg+ncdATOgPgHczyOa7SOptokusJxwrWuWxNS
awRpJaCfxNX3q3MeA1Dt2fdZl8aZZGBMQxpKm1zzBqCQzY7v/pxV8I3pGLJZT16H
1B9mFMazOL4Rqa8sO9BOffA2KqK2jLsOPJbmQoZmifVOVPpdWnfkuCTzeQFvbIRl
ArAUqtIP1y0bLRSNr2DqD2V3AKDUO+HXLKfFVeTue1zvVtgrOR6MVX30SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMB1TWWa++r59c0IvlHflMp2Ae+nMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvd0hWTlpacjc2dm4xelFpLVVkLVV5bllCNzZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXAMA0G
CSqGSIb3DQEBCwUAA4IBAQABUdD5s14WZOoRwU2RpJP3zBBpsxoOr9SjMX+agywJ
iWwDY6ylY9KttSCwDwzWf8Tf8jxysfivT6NCH5QibuHwHAUYKAqTtDZID+YLBO4w
eQZ5oqgU+nZ4zhXbj3VxrcgNJoXSVgK7wse9a7xUkdZNBQP+V5ey3k6sSYQA+X3w
Z62vYI3d18bWE7fq5yj65Psg3rA7KSzsp7phck6PKk4jWNNw1Y9XzXwV4R4DeCgg
7MKqSGMqrzcn1fTRUT2jtGlXP4v5e+u+6MfN11XN+RZX38c8ZL6sJP+8NipqaAdk
S/LG0zKZ9IEG0jccNipZlVufKF1tQcyyLnfvRt5G0O0f
-----END CERTIFICATE-----