Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/cK8zCiRgcBBGx8o-2wmEDSog_Ss.roa
File:                     cK8zCiRgcBBGx8o-2wmEDSog_Ss.roa (raw, json)
Hash identifier:          BjWqO/bQh9o6UiOb54VpZi9rltkh2r4dfzYU2AXc4bk=
Subject key identifier:   70:AF:33:0A:24:60:70:10:46:C7:CA:3E:DB:09:84:0D:2A:20:FD:2B
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019112482970556DB75634190B5649AD8418
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/cK8zCiRgcBBGx8o-2wmEDSog_Ss.roa
Signing time:             Fri 02 Aug 2024 08:50:04 +0000
ROA not before:           Fri 02 Aug 2024 08:50:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199326
IP address blocks:        89.42.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:12:48:29:70:55:6d:b7:56:34:19:0b:56:49:ad:84:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Aug  2 08:50:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70af330a2460701046c7ca3edb09840d2a20fd2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ff:af:b0:1d:0b:ca:17:ab:a2:93:12:05:70:
                    5b:0a:c7:e1:d9:38:67:fa:0d:d6:f6:c5:35:8e:70:
                    10:29:8e:7d:da:a7:df:d8:fb:f9:7c:a8:a8:d5:c5:
                    33:87:e1:63:07:06:2a:2b:14:09:7d:05:01:e7:d6:
                    ec:19:f9:ed:19:e7:6f:fa:bf:2a:0c:c1:a6:ed:25:
                    e7:5f:0f:bc:a4:a4:d8:fe:8f:2b:b3:63:84:2d:d4:
                    2c:25:59:f9:09:4f:d2:1d:6a:46:2b:a7:8b:41:34:
                    14:c9:50:52:fa:d8:73:85:33:0a:1a:e6:1f:95:63:
                    11:bf:72:dd:2a:18:20:e6:0f:a1:15:4c:a5:18:f2:
                    b2:75:0f:fa:8e:16:16:9b:ac:05:d2:a6:41:65:78:
                    e7:dc:0c:95:3a:e9:f9:90:73:97:ae:2f:38:fb:8a:
                    03:8d:c0:54:04:16:d2:4c:78:d7:4a:0c:97:ef:6e:
                    d5:9a:89:1a:3f:b7:c6:a4:5a:54:ed:bf:de:aa:d9:
                    76:69:35:cf:9b:9c:37:19:9c:7f:21:ed:ab:96:45:
                    28:66:51:a5:d8:aa:6d:0a:ed:f1:a7:77:a5:45:62:
                    bb:bb:3b:7e:69:3a:30:50:12:df:b8:df:a6:48:96:
                    31:67:aa:81:66:7b:67:ec:95:55:c0:40:70:61:7b:
                    a9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:AF:33:0A:24:60:70:10:46:C7:CA:3E:DB:09:84:0D:2A:20:FD:2B
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/cK8zCiRgcBBGx8o-2wmEDSog_Ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:73:dc:91:7e:26:d4:c2:a5:aa:89:18:7a:2a:c8:d2:ff:72:
         59:db:32:ec:0c:a1:84:4c:43:67:86:7f:32:c4:ef:cb:62:3c:
         77:0e:30:87:5b:9a:c8:9a:40:5f:49:e0:78:da:33:ec:50:76:
         d3:25:9f:3e:e2:2c:6c:25:61:42:7a:56:21:5d:49:06:14:47:
         8d:60:f1:e7:16:c0:5a:a3:55:9d:75:9d:79:9e:a4:45:12:80:
         7c:bc:02:80:60:19:21:6b:3f:b8:f5:b6:19:05:8d:37:ef:c1:
         11:6b:f9:83:83:bf:34:10:52:a1:97:ee:59:10:01:f8:f2:1c:
         84:f0:ad:fa:ae:b9:78:1e:8a:44:1e:f6:0e:55:db:06:88:a9:
         e8:ce:fe:0f:3e:e4:cc:a3:2c:c8:57:d3:3a:0e:75:c2:f1:72:
         6b:c8:91:24:02:08:74:79:ce:ac:2c:5d:14:4a:4e:9a:de:f1:
         95:ce:fe:4d:2e:82:4f:39:e9:d4:75:5c:68:ff:24:ec:33:4c:
         06:d9:db:33:6f:a7:d2:d4:21:fe:99:5b:4a:7c:af:27:e7:9f:
         3b:15:cf:b1:b5:d6:54:da:56:2b:fa:0f:c0:1b:c6:55:a3:6a:
         1c:2f:79:a2:12:82:67:b2:e5:f5:8f:e1:dc:fc:a9:62:e2:6f:
         e1:97:de:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZESSClwVW23VjQZC1ZJrYQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwODAyMDg1MDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGFmMzMwYTI0NjA3MDEwNDZjN2NhM2VkYjA5ODQwZDJhMjBmZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0f+vsB0LyheropMSBXBbCsfh2Thn
+g3W9sU1jnAQKY592qff2Pv5fKio1cUzh+FjBwYqKxQJfQUB59bsGfntGedv+r8q
DMGm7SXnXw+8pKTY/o8rs2OELdQsJVn5CU/SHWpGK6eLQTQUyVBS+thzhTMKGuYf
lWMRv3LdKhgg5g+hFUylGPKydQ/6jhYWm6wF0qZBZXjn3AyVOun5kHOXri84+4oD
jcBUBBbSTHjXSgyX727VmokaP7fGpFpU7b/eqtl2aTXPm5w3GZx/Ie2rlkUoZlGl
2KptCu3xp3elRWK7uzt+aTowUBLfuN+mSJYxZ6qBZntn7JVVwEBwYXupoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCvMwokYHAQRsfKPtsJhA0qIP0rMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvY0s4ekNpUmdjQkJHeDhvLTJ3bUVEU29nX1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSrVMA0G
CSqGSIb3DQEBCwUAA4IBAQAHc9yRfibUwqWqiRh6KsjS/3JZ2zLsDKGETENnhn8y
xO/LYjx3DjCHW5rImkBfSeB42jPsUHbTJZ8+4ixsJWFCelYhXUkGFEeNYPHnFsBa
o1WddZ15nqRFEoB8vAKAYBkhaz+49bYZBY0378ERa/mDg780EFKhl+5ZEAH48hyE
8K36rrl4HopEHvYOVdsGiKnozv4PPuTMoyzIV9M6DnXC8XJryJEkAgh0ec6sLF0U
Sk6a3vGVzv5NLoJPOenUdVxo/yTsM0wG2dszb6fS1CH+mVtKfK8n5587Fc+xtdZU
2lYr+g/AG8ZVo2ocL3miEoJnsuX1j+Hc/Kli4m/hl941
-----END CERTIFICATE-----