Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/FKadg9_HPkDqBqRTF5cFE6bEWfU.roa
File:                     FKadg9_HPkDqBqRTF5cFE6bEWfU.roa (raw, json)
Hash identifier:          s4IzSfDC+j4OKyFzlOqvECSv+yAASCoQGx/qCExK4xA=
Subject key identifier:   14:A6:9D:83:DF:C7:3E:40:EA:06:A4:53:17:97:05:13:A6:C4:59:F5
Certificate issuer:       /CN=cb608201f88aeae9486b9fa87189d796c54027dd
Certificate serial:       018F961F9A17F0700F668FCC671CEA7074A9
Authority key identifier: CB:60:82:01:F8:8A:EA:E9:48:6B:9F:A8:71:89:D7:96:C5:40:27:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2CCAfiK6ulIa5-ocYnXlsVAJ90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/FKadg9_HPkDqBqRTF5cFE6bEWfU.roa
Signing time:             Mon 20 May 2024 13:10:04 +0000
ROA not before:           Mon 20 May 2024 13:10:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58232
IP address blocks:        89.23.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/y2CCAfiK6ulIa5-ocYnXlsVAJ90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/y2CCAfiK6ulIa5-ocYnXlsVAJ90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2CCAfiK6ulIa5-ocYnXlsVAJ90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:96:1f:9a:17:f0:70:0f:66:8f:cc:67:1c:ea:70:74:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb608201f88aeae9486b9fa87189d796c54027dd
        Validity
            Not Before: May 20 13:10:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14a69d83dfc73e40ea06a45317970513a6c459f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a5:2a:c1:be:1f:35:b0:07:eb:c5:70:56:3f:
                    d1:16:1f:3d:31:88:cf:51:a5:cf:49:e6:03:ec:fa:
                    7f:6d:8b:2f:6a:8c:a8:2a:cd:54:93:59:5b:35:90:
                    67:d0:e0:41:55:ff:29:43:37:d7:2e:01:85:fa:b1:
                    d4:14:26:44:f2:6a:fb:58:0b:3f:fb:fc:89:77:96:
                    f5:10:22:64:47:31:62:dc:d2:b3:51:0a:b3:36:71:
                    de:92:57:a6:72:d3:29:2a:6d:84:db:b1:7a:22:2e:
                    3d:81:f8:90:53:ed:09:81:e8:b1:85:56:e5:43:49:
                    a2:6f:b3:0c:b5:29:9a:a7:82:16:bf:32:84:45:c1:
                    c8:fb:12:66:f6:9a:b1:da:db:6b:b1:16:b5:bb:60:
                    6e:f9:9d:51:4f:41:61:72:91:f0:0c:95:74:d6:65:
                    56:8f:e8:d7:b2:56:be:e9:9c:5b:8a:34:66:1f:9d:
                    0d:c8:25:4e:d8:55:64:54:83:75:35:67:72:31:8c:
                    c8:d3:8c:95:92:ff:98:51:73:ff:a1:33:6c:0e:32:
                    08:05:22:45:7e:0f:aa:52:14:07:3b:46:e7:ff:9b:
                    5f:38:35:e0:c1:2c:6a:39:8d:46:f8:61:4e:3a:6d:
                    b8:94:64:f8:47:f0:47:7d:6e:76:20:b1:db:fe:15:
                    e5:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:A6:9D:83:DF:C7:3E:40:EA:06:A4:53:17:97:05:13:A6:C4:59:F5
            X509v3 Authority Key Identifier:
                keyid:CB:60:82:01:F8:8A:EA:E9:48:6B:9F:A8:71:89:D7:96:C5:40:27:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2CCAfiK6ulIa5-ocYnXlsVAJ90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/FKadg9_HPkDqBqRTF5cFE6bEWfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/ff10a5-2fa3-4942-b2a9-bfe52b4af8b7/1/y2CCAfiK6ulIa5-ocYnXlsVAJ90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:5d:d7:74:dc:f3:b7:cf:71:5c:9c:50:1b:2b:3f:4f:3e:c9:
         24:93:73:d2:4c:88:0e:3d:73:d6:f7:76:22:86:9c:c4:e7:16:
         d0:c8:a0:09:4f:6f:96:7c:41:26:a5:47:26:e3:dc:34:13:c1:
         87:77:f5:4a:b3:c3:52:49:75:53:1a:d1:f2:8d:b6:d9:43:41:
         9d:a0:d5:d7:ee:a5:06:77:5a:9a:10:60:b2:6a:fd:58:e1:e0:
         39:94:c8:1e:a7:06:da:2f:20:8f:35:d9:0c:4d:16:d4:7f:9f:
         5a:f1:85:c5:f1:b7:8b:47:e6:5d:52:08:52:35:e5:09:97:ff:
         f7:cf:d2:33:23:22:b9:fb:54:2c:60:f0:dd:27:d1:cc:78:e9:
         8d:74:72:ac:60:de:b5:80:6c:6c:66:0a:3f:da:da:14:f5:34:
         bb:5e:93:bd:70:bb:e5:7c:e2:d3:2e:94:1b:db:40:fb:19:38:
         9f:f3:7c:c0:f9:e1:76:d5:16:59:70:93:b8:4b:36:7f:b3:5d:
         2d:d6:0a:1e:6a:7f:34:e0:b7:45:8b:4b:0b:5c:eb:5b:05:7b:
         26:ca:94:28:dd:b3:cd:01:e7:91:ec:66:1a:72:fa:db:e7:4a:
         55:ba:5b:65:f4:c4:7f:5e:d5:19:7f:ad:88:14:f2:ff:ef:a6:
         12:a2:70:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+WH5oX8HAPZo/MZxzqcHSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjA4MjAxZjg4YWVhZTk0ODZiOWZhODcxODlkNzk2YzU0
MDI3ZGQwHhcNMjQwNTIwMTMxMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGE2OWQ4M2RmYzczZTQwZWEwNmE0NTMxNzk3MDUxM2E2YzQ1OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqUqwb4fNbAH68VwVj/RFh89MYjP
UaXPSeYD7Pp/bYsvaoyoKs1Uk1lbNZBn0OBBVf8pQzfXLgGF+rHUFCZE8mr7WAs/
+/yJd5b1ECJkRzFi3NKzUQqzNnHeklemctMpKm2E27F6Ii49gfiQU+0JgeixhVbl
Q0mib7MMtSmap4IWvzKERcHI+xJm9pqx2ttrsRa1u2Bu+Z1RT0FhcpHwDJV01mVW
j+jXsla+6ZxbijRmH50NyCVO2FVkVIN1NWdyMYzI04yVkv+YUXP/oTNsDjIIBSJF
fg+qUhQHO0bn/5tfODXgwSxqOY1G+GFOOm24lGT4R/BHfW52ILHb/hXlWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSmnYPfxz5A6gakUxeXBROmxFn1MB8GA1UdIwQY
MBaAFMtgggH4iurpSGufqHGJ15bFQCfdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJDQ0FmaUs2dWxJYTUtb2NZblhsc1ZBSjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mZjEwYTUtMmZhMy00OTQyLWIyYTkt
YmZlNTJiNGFmOGI3LzEvRkthZGc5X0hQa0RxQnFSVEY1Y0ZFNmJFV2ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mZjEwYTUtMmZhMy00OTQyLWIyYTktYmZlNTJiNGFmOGI3
LzEveTJDQ0FmaUs2dWxJYTUtb2NZblhsc1ZBSjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRd+MA0G
CSqGSIb3DQEBCwUAA4IBAQCEXdd03PO3z3FcnFAbKz9PPskkk3PSTIgOPXPW93Yi
hpzE5xbQyKAJT2+WfEEmpUcm49w0E8GHd/VKs8NSSXVTGtHyjbbZQ0GdoNXX7qUG
d1qaEGCyav1Y4eA5lMgepwbaLyCPNdkMTRbUf59a8YXF8beLR+ZdUghSNeUJl//3
z9IzIyK5+1QsYPDdJ9HMeOmNdHKsYN61gGxsZgo/2toU9TS7XpO9cLvlfOLTLpQb
20D7GTif83zA+eF21RZZcJO4SzZ/s10t1goean804LdFi0sLXOtbBXsmypQo3bPN
AeeR7GYacvrb50pVultl9MR/XtUZf62IFPL/76YSonCI
-----END CERTIFICATE-----