Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/UoADTvne6HB-FfWF_Km89ly3Kj4.roa
File:                     UoADTvne6HB-FfWF_Km89ly3Kj4.roa (raw, json)
Hash identifier:          BGFB8S6D6/vSPlYEMABSdRfbALOymkPFFl+Ki7V84TI=
Subject key identifier:   52:80:03:4E:F9:DE:E8:70:7E:15:F5:85:FC:A9:BC:F6:5C:B7:2A:3E
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019324E50A8EC061C4EE31FD81EBE8740ED5
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/UoADTvne6HB-FfWF_Km89ly3Kj4.roa
Signing time:             Wed 13 Nov 2024 09:40:10 +0000
ROA not before:           Wed 13 Nov 2024 09:40:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135402
IP address blocks:        89.185.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:24:e5:0a:8e:c0:61:c4:ee:31:fd:81:eb:e8:74:0e:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Nov 13 09:40:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5280034ef9dee8707e15f585fca9bcf65cb72a3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ed:98:29:67:dc:35:2e:e5:dc:fe:70:69:25:
                    a8:07:6c:c2:03:79:a2:f4:4e:dc:19:d5:dc:87:bc:
                    a6:15:9f:f4:2d:d2:c7:08:88:ca:52:cc:c2:f9:8a:
                    04:2b:fa:70:94:23:30:fc:9d:04:2e:9b:2d:f8:bc:
                    39:8f:02:7a:81:8a:1c:fe:e1:5e:fb:06:23:71:b4:
                    03:95:cf:f0:fc:a1:7d:ed:19:60:47:6c:e1:6d:c0:
                    0e:bb:e2:f3:2f:27:65:77:51:22:96:7c:d8:1a:9a:
                    69:5c:95:97:99:be:ba:f2:43:b8:1b:2e:fe:d4:51:
                    5c:8f:ce:c3:de:f6:9a:7a:26:51:f2:34:9c:53:96:
                    8a:f5:50:3e:02:58:e7:bf:ed:15:79:46:49:a4:44:
                    a0:14:5d:b7:fe:86:e4:e0:f7:69:90:1c:23:b9:95:
                    d9:4c:9c:38:e4:fd:c7:22:a3:c2:21:53:91:00:85:
                    fd:3d:c8:ab:dc:4f:4e:d2:f7:68:92:d5:52:84:48:
                    26:ad:2d:e9:18:3a:ec:a9:14:8f:2e:68:79:ff:1e:
                    c7:24:78:d2:13:b0:ac:d6:ac:fa:be:38:a0:5b:fd:
                    a0:ba:56:af:eb:b0:b0:69:72:4a:e9:ae:ab:48:15:
                    df:a8:7e:47:53:33:95:92:c9:d0:3c:50:9b:4f:57:
                    d2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:80:03:4E:F9:DE:E8:70:7E:15:F5:85:FC:A9:BC:F6:5C:B7:2A:3E
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/UoADTvne6HB-FfWF_Km89ly3Kj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:87:61:76:66:d2:65:1c:6e:0d:c2:f1:bb:a2:80:ab:4c:a8:
         61:62:9d:95:9e:05:72:7f:ca:62:1f:97:52:f8:3a:df:61:d6:
         1f:1e:46:4e:4a:04:a9:86:a6:cc:ae:80:df:ad:94:86:e3:33:
         90:ee:fc:14:bc:00:89:b0:39:f4:6a:ee:e0:5e:3c:31:7d:12:
         59:4c:94:14:1d:62:6a:4d:f9:86:27:7b:77:df:b5:04:45:71:
         44:56:51:81:1e:5f:88:5b:9e:9b:19:e6:51:a6:ae:c2:d3:ee:
         d4:f2:e9:67:d9:52:6c:5a:6b:14:8f:b8:19:d3:f3:0b:48:50:
         a4:eb:dc:e2:b8:6f:53:d2:cd:2b:33:8c:08:24:98:11:f6:b9:
         44:ce:2a:5e:c2:4f:0f:d3:e1:44:45:85:ce:c1:c8:eb:3b:5b:
         7f:c6:c3:3e:17:57:53:e4:45:59:48:74:ee:12:98:2c:88:b0:
         51:76:24:0c:8e:f4:bc:8e:55:6a:33:b2:50:0c:a1:48:3a:3e:
         78:d7:ab:76:4b:60:af:62:a4:fa:47:a8:56:dc:01:f9:1e:95:
         53:9e:a0:9b:12:e5:f8:0d:ae:66:2f:47:b1:82:94:a3:e7:05:
         d4:94:76:14:bf:f9:4b:92:30:87:d3:ee:dc:c9:0d:cf:18:d4:
         d6:5d:01:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMk5QqOwGHE7jH9gevodA7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQxMTEzMDk0MDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjgwMDM0ZWY5ZGVlODcwN2UxNWY1ODVmY2E5YmNmNjVjYjcyYTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxO2YKWfcNS7l3P5waSWoB2zCA3mi
9E7cGdXch7ymFZ/0LdLHCIjKUszC+YoEK/pwlCMw/J0ELpst+Lw5jwJ6gYoc/uFe
+wYjcbQDlc/w/KF97RlgR2zhbcAOu+LzLydld1EilnzYGpppXJWXmb668kO4Gy7+
1FFcj87D3vaaeiZR8jScU5aK9VA+Aljnv+0VeUZJpESgFF23/obk4PdpkBwjuZXZ
TJw45P3HIqPCIVORAIX9Pcir3E9O0vdoktVShEgmrS3pGDrsqRSPLmh5/x7HJHjS
E7Cs1qz6vjigW/2gulav67CwaXJK6a6rSBXfqH5HUzOVksnQPFCbT1fSdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKAA0753uhwfhX1hfypvPZctyo+MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvVW9BRFR2bmU2SEItRmZXRl9LbTg5bHkzS2o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbkWMA0G
CSqGSIb3DQEBCwUAA4IBAQBlh2F2ZtJlHG4NwvG7ooCrTKhhYp2VngVyf8piH5dS
+DrfYdYfHkZOSgSphqbMroDfrZSG4zOQ7vwUvACJsDn0au7gXjwxfRJZTJQUHWJq
TfmGJ3t337UERXFEVlGBHl+IW56bGeZRpq7C0+7U8uln2VJsWmsUj7gZ0/MLSFCk
69ziuG9T0s0rM4wIJJgR9rlEzipewk8P0+FERYXOwcjrO1t/xsM+F1dT5EVZSHTu
EpgsiLBRdiQMjvS8jlVqM7JQDKFIOj5416t2S2CvYqT6R6hW3AH5HpVTnqCbEuX4
Da5mL0exgpSj5wXUlHYUv/lLkjCH0+7cyQ3PGNTWXQGp
-----END CERTIFICATE-----