Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/6unLtWNICGMeGYTCWaUM6Uy6ces.roa
File:                     6unLtWNICGMeGYTCWaUM6Uy6ces.roa (raw, json)
Hash identifier:          7vFerFQUkKkiCsw+N/lg+8PYDLsZ2hkBTymHptcqKO8=
Subject key identifier:   EA:E9:CB:B5:63:48:08:63:1E:19:84:C2:59:A5:0C:E9:4C:BA:71:EB
Certificate issuer:       /CN=464952bc165441ec6e2e2010c933dc830f361731
Certificate serial:       01906033B06965FED7C13D3FB8401D7DF8BA
Authority key identifier: 46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/6unLtWNICGMeGYTCWaUM6Uy6ces.roa
Signing time:             Fri 28 Jun 2024 18:55:18 +0000
ROA not before:           Fri 28 Jun 2024 18:55:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50424
IP address blocks:        89.37.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:60:33:b0:69:65:fe:d7:c1:3d:3f:b8:40:1d:7d:f8:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464952bc165441ec6e2e2010c933dc830f361731
        Validity
            Not Before: Jun 28 18:55:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eae9cbb5634808631e1984c259a50ce94cba71eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d2:c5:b5:70:6d:35:c1:9b:32:06:7b:a3:5f:
                    24:23:6e:c7:00:d8:9e:ca:fc:e5:b6:c6:ad:a0:03:
                    20:11:52:9f:51:2d:70:f1:05:0f:40:e3:e9:97:bd:
                    11:69:26:c9:0b:78:b1:e0:a1:70:3f:67:48:40:dc:
                    1e:80:8e:7a:d8:e1:29:0c:3c:48:b6:72:ab:71:d1:
                    13:86:c0:ca:fc:01:e4:67:96:fc:fa:e1:60:59:fd:
                    19:c4:b7:d7:2a:70:e5:59:31:18:2d:1a:7f:45:30:
                    7b:a1:d2:16:2b:d3:64:bf:76:7d:8c:31:f3:d2:da:
                    ac:2e:9f:fd:33:99:79:5d:32:39:ca:45:83:d7:4e:
                    af:44:c4:e7:37:ba:d8:67:b6:f6:f5:27:54:4a:64:
                    63:e0:27:c5:83:4e:b1:8a:86:6c:5f:16:41:60:8b:
                    a0:d7:3c:f2:0b:d6:10:a8:d9:f5:d8:0f:de:7c:fc:
                    0e:42:81:3e:0c:ee:d5:41:71:8c:2e:48:98:b9:b5:
                    15:68:59:fd:b2:21:7b:c4:b9:62:0c:48:44:6f:c6:
                    84:66:13:a7:01:f7:db:97:c2:5d:cb:06:85:3f:0f:
                    54:cc:77:db:86:bb:0e:f5:2c:2c:db:3b:af:6f:fb:
                    b6:c5:cc:24:1c:f4:29:29:85:fb:f7:d2:52:7c:16:
                    15:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:E9:CB:B5:63:48:08:63:1E:19:84:C2:59:A5:0C:E9:4C:BA:71:EB
            X509v3 Authority Key Identifier:
                keyid:46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/6unLtWNICGMeGYTCWaUM6Uy6ces.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:f3:83:1f:3d:ce:e6:16:76:8d:64:9f:f4:84:d9:ca:f7:77:
         2a:44:53:5e:39:07:46:f9:bc:a0:97:3b:2b:ba:2e:88:90:dc:
         a4:df:ab:a1:c3:40:cf:0e:94:41:44:e0:11:88:99:93:0a:1f:
         9c:f1:30:f9:69:fa:78:75:51:9a:73:47:df:39:0a:42:41:00:
         f0:73:44:70:da:be:f9:20:a1:83:da:d2:9c:f2:68:47:4a:ff:
         67:90:1d:fc:d6:c7:b4:44:15:72:60:b6:34:8b:18:41:2e:70:
         14:39:6e:14:c8:59:9f:3b:cb:3d:e4:f4:0e:76:69:6e:a9:88:
         db:bb:55:e6:ea:cf:55:42:ff:bd:08:9e:20:03:ea:9b:76:53:
         91:6b:10:15:02:b6:e7:9b:92:50:20:98:e3:60:32:db:38:d7:
         50:82:3e:71:76:f8:1d:32:c5:17:f2:e4:9a:8f:52:79:0f:78:
         a2:c3:ff:80:8d:ae:f7:ef:21:54:03:f3:09:c3:5b:c6:8e:d4:
         06:b5:3e:22:5e:0d:b0:1b:3b:b4:4f:91:11:08:8a:47:3d:d4:
         d3:e6:92:9e:6c:34:16:a9:55:f6:f4:ac:2a:98:0c:d2:bf:b1:
         af:a1:f2:cd:6c:9c:f5:6f:0a:98:61:a5:e3:cd:72:a0:e9:56:
         64:dc:8b:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBgM7BpZf7XwT0/uEAdffi6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDk1MmJjMTY1NDQxZWM2ZTJlMjAxMGM5MzNkYzgzMGYz
NjE3MzEwHhcNMjQwNjI4MTg1NTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWU5Y2JiNTYzNDgwODYzMWUxOTg0YzI1OWE1MGNlOTRjYmE3MWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9LFtXBtNcGbMgZ7o18kI27HANie
yvzltsatoAMgEVKfUS1w8QUPQOPpl70RaSbJC3ix4KFwP2dIQNwegI562OEpDDxI
tnKrcdEThsDK/AHkZ5b8+uFgWf0ZxLfXKnDlWTEYLRp/RTB7odIWK9Nkv3Z9jDHz
0tqsLp/9M5l5XTI5ykWD106vRMTnN7rYZ7b29SdUSmRj4CfFg06xioZsXxZBYIug
1zzyC9YQqNn12A/efPwOQoE+DO7VQXGMLkiYubUVaFn9siF7xLliDEhEb8aEZhOn
Affbl8JdywaFPw9UzHfbhrsO9Sws2zuvb/u2xcwkHPQpKYX799JSfBYVUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrpy7VjSAhjHhmEwlmlDOlMunHrMB8GA1UdIwQY
MBaAFEZJUrwWVEHsbi4gEMkz3IMPNhcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQt
ODQyODU4MTIyYmJjLzEvNnVuTHRXTklDR01lR1lUQ1dhVU02VXk2Y2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQtODQyODU4MTIyYmJj
LzEvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSWNMA0G
CSqGSIb3DQEBCwUAA4IBAQCY84MfPc7mFnaNZJ/0hNnK93cqRFNeOQdG+byglzsr
ui6IkNyk36uhw0DPDpRBROARiJmTCh+c8TD5afp4dVGac0ffOQpCQQDwc0Rw2r75
IKGD2tKc8mhHSv9nkB381se0RBVyYLY0ixhBLnAUOW4UyFmfO8s95PQOdmluqYjb
u1Xm6s9VQv+9CJ4gA+qbdlORaxAVArbnm5JQIJjjYDLbONdQgj5xdvgdMsUX8uSa
j1J5D3iiw/+Aja737yFUA/MJw1vGjtQGtT4iXg2wGzu0T5ERCIpHPdTT5pKebDQW
qVX29KwqmAzSv7GvofLNbJz1bwqYYaXjzXKg6VZk3Ivd
-----END CERTIFICATE-----