Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/kKL50WbZsD6OfQmp80uotWvJNpo.roa
File:                     kKL50WbZsD6OfQmp80uotWvJNpo.roa (raw, json)
Hash identifier:          OH3QSN4bN2jDTNJBfAyXQrq98x0xm0sOK3vvWf693YM=
Subject key identifier:   90:A2:F9:D1:66:D9:B0:3E:8E:7D:09:A9:F3:4B:A8:B5:6B:C9:36:9A
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       018CCA2BDE446860BDDC26A2506D7FCB21B0
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/kKL50WbZsD6OfQmp80uotWvJNpo.roa
Signing time:             Tue 02 Jan 2024 12:35:21 +0000
ROA not before:           Tue 02 Jan 2024 12:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        152.89.192.0/24 maxlen: 24
                          152.89.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:de:44:68:60:bd:dc:26:a2:50:6d:7f:cb:21:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  2 12:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90a2f9d166d9b03e8e7d09a9f34ba8b56bc9369a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:15:ca:e2:9d:8f:78:dd:62:7e:30:e5:fc:c9:
                    d6:2e:17:20:ee:5f:20:e8:ef:ff:d7:37:ac:be:52:
                    a9:95:da:c0:30:61:2e:4d:d7:70:a7:78:ea:7f:d7:
                    06:e4:95:7c:f1:d3:1a:7e:e9:b7:73:03:48:29:d5:
                    bf:3e:e3:61:dd:8c:39:a6:0c:75:a8:c8:97:71:0e:
                    e8:33:d3:7b:ab:8a:61:88:59:28:dc:12:f2:23:3c:
                    3e:95:c1:c6:fd:d0:d9:46:95:4b:44:c7:3b:47:2e:
                    8c:9f:30:c2:7a:91:57:ff:1b:fc:05:6f:db:bd:b4:
                    e3:22:9c:50:f6:85:57:f6:fb:f8:fa:18:37:a2:77:
                    17:99:aa:38:b9:62:fe:9d:81:09:3d:bb:37:3a:11:
                    86:a8:26:13:8b:3b:97:30:f9:a9:1b:11:0c:d5:02:
                    4c:a5:15:3f:a2:e0:d1:b2:5f:1f:43:b1:b1:21:96:
                    dc:12:13:e8:38:ff:9e:a4:e5:a5:13:76:3b:85:5e:
                    32:53:b0:91:a3:61:2b:9f:36:31:ab:ea:ac:d9:07:
                    16:bb:ee:bf:c3:0c:28:4d:3f:44:c2:2b:d7:4f:3c:
                    3b:a5:6f:21:99:48:d1:64:68:84:02:b0:cc:a5:b6:
                    01:ca:cb:9e:84:26:61:ca:e8:42:39:35:75:e9:0b:
                    f2:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:A2:F9:D1:66:D9:B0:3E:8E:7D:09:A9:F3:4B:A8:B5:6B:C9:36:9A
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/kKL50WbZsD6OfQmp80uotWvJNpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:ce:aa:9c:b9:12:44:4d:9e:10:b8:b0:d1:00:e6:49:c5:20:
         f2:f8:ab:fc:89:1f:1d:0a:f1:c7:d2:e8:58:22:a4:db:99:10:
         ac:22:39:dd:c9:32:1a:da:61:59:6b:0d:e1:a0:89:ea:b7:c9:
         a1:5d:e4:06:34:e8:19:f6:0a:be:63:ee:13:dd:83:d2:a3:5b:
         83:86:4e:11:40:18:b4:31:23:f3:81:80:5a:97:4a:b6:b5:eb:
         99:55:75:35:bb:0d:70:93:9a:a7:0a:aa:fb:ba:27:02:6d:ab:
         d4:e6:6e:2a:e3:77:a4:69:61:e8:b0:df:85:fa:fa:da:dc:7f:
         c5:6c:eb:a3:90:a7:c9:3f:d6:b2:fe:86:99:d3:42:76:bc:09:
         86:d7:59:b4:3e:05:4e:b2:ce:ef:f9:41:e4:26:b6:63:a2:87:
         f5:ef:9d:76:c2:7b:88:22:fd:f6:59:d5:7d:2c:ab:a5:71:a9:
         07:68:58:8f:15:73:6e:c8:26:fe:61:a0:10:cd:2f:f2:e0:25:
         d0:97:a0:b1:15:d4:ba:6f:93:1d:7b:08:9c:47:27:9d:d0:9d:
         ed:4e:e1:73:62:80:cb:f0:fd:d6:5f:07:2f:a2:8f:09:d1:ba:
         b0:e8:cb:3f:90:30:b3:57:fe:ba:3a:30:7c:f1:b4:bd:df:69:
         99:d8:77:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK95EaGC93CaiUG1/yyGwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjQwMTAyMTIzNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGEyZjlkMTY2ZDliMDNlOGU3ZDA5YTlmMzRiYThiNTZiYzkzNjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxXK4p2PeN1ifjDl/MnWLhcg7l8g
6O//1zesvlKpldrAMGEuTddwp3jqf9cG5JV88dMafum3cwNIKdW/PuNh3Yw5pgx1
qMiXcQ7oM9N7q4phiFko3BLyIzw+lcHG/dDZRpVLRMc7Ry6MnzDCepFX/xv8BW/b
vbTjIpxQ9oVX9vv4+hg3oncXmao4uWL+nYEJPbs3OhGGqCYTizuXMPmpGxEM1QJM
pRU/ouDRsl8fQ7GxIZbcEhPoOP+epOWlE3Y7hV4yU7CRo2ErnzYxq+qs2QcWu+6/
wwwoTT9EwivXTzw7pW8hmUjRZGiEArDMpbYBysuehCZhyuhCOTV16QvyJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCi+dFm2bA+jn0JqfNLqLVryTaaMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEva0tMNTBXYlpzRDZPZlFtcDgwdW90V3ZKTnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmFnAMA0G
CSqGSIb3DQEBCwUAA4IBAQB1zqqcuRJETZ4QuLDRAOZJxSDy+Kv8iR8dCvHH0uhY
IqTbmRCsIjndyTIa2mFZaw3hoInqt8mhXeQGNOgZ9gq+Y+4T3YPSo1uDhk4RQBi0
MSPzgYBal0q2teuZVXU1uw1wk5qnCqr7uicCbavU5m4q43ekaWHosN+F+vra3H/F
bOujkKfJP9ay/oaZ00J2vAmG11m0PgVOss7v+UHkJrZjoof17512wnuIIv32WdV9
LKulcakHaFiPFXNuyCb+YaAQzS/y4CXQl6CxFdS6b5MdewicRyed0J3tTuFzYoDL
8P3WXwcvoo8J0bqw6Ms/kDCzV/66OjB88bS932mZ2Hcr
-----END CERTIFICATE-----