Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/MJys5jBJuCI4irsQ6wpnPeU1W-4.roa
File:                     MJys5jBJuCI4irsQ6wpnPeU1W-4.roa (raw, json)
Hash identifier:          uKoZZ4/RjrNfDIgoPkO12BK8cyrZZshyp/WVdQL5T2Q=
Subject key identifier:   30:9C:AC:E6:30:49:B8:22:38:8A:BB:10:EB:0A:67:3D:E5:35:5B:EE
Certificate issuer:       /CN=464952bc165441ec6e2e2010c933dc830f361731
Certificate serial:       018EBE9D7018F289CAC7CA486A2C13F0C147
Authority key identifier: 46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/MJys5jBJuCI4irsQ6wpnPeU1W-4.roa
Signing time:             Mon 08 Apr 2024 16:49:32 +0000
ROA not before:           Mon 08 Apr 2024 16:49:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58074
IP address blocks:        89.37.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:be:9d:70:18:f2:89:ca:c7:ca:48:6a:2c:13:f0:c1:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464952bc165441ec6e2e2010c933dc830f361731
        Validity
            Not Before: Apr  8 16:49:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=309cace63049b822388abb10eb0a673de5355bee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6d:ae:b7:27:b8:fe:f9:35:eb:6d:57:ae:3f:
                    87:b1:21:ac:c1:4a:ce:7d:1d:3b:f0:23:80:98:2d:
                    f2:c5:a6:c0:39:b1:78:84:ce:2c:94:2e:01:73:fd:
                    8e:3d:17:56:a9:3e:41:f0:80:91:a5:b6:21:8b:25:
                    69:ab:33:2e:34:4b:06:35:fd:1e:96:7a:b0:4b:44:
                    53:9e:28:96:93:d2:86:eb:2f:5e:f4:ba:fa:7b:96:
                    75:9b:92:ca:82:c6:a6:2f:13:72:e8:b4:18:88:bf:
                    69:ac:53:f0:28:a1:de:bc:95:71:12:ca:94:8b:70:
                    65:5b:b3:89:40:b0:84:2e:e0:5d:23:4d:d1:a8:2a:
                    f6:01:b7:26:f8:6e:ad:d4:32:58:81:34:3b:79:cb:
                    b7:be:aa:d0:ab:ef:c1:21:76:4b:00:b1:7f:61:42:
                    92:8a:eb:ae:8f:d9:85:bf:fe:04:d3:43:03:0e:79:
                    8b:4f:22:66:9f:bd:c8:8a:11:a3:8d:4d:67:e9:66:
                    08:3b:6d:f1:22:01:e2:0c:fe:a8:7b:38:9d:39:85:
                    fd:ef:05:47:c2:e4:70:96:9a:44:4f:e7:17:55:02:
                    41:17:d8:05:20:df:6c:ca:25:32:89:09:13:ef:75:
                    e8:8c:df:d0:9f:dd:11:02:85:d4:64:b6:1d:22:b5:
                    24:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:9C:AC:E6:30:49:B8:22:38:8A:BB:10:EB:0A:67:3D:E5:35:5B:EE
            X509v3 Authority Key Identifier:
                keyid:46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/MJys5jBJuCI4irsQ6wpnPeU1W-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:87:b4:b3:5b:e9:aa:7b:61:0f:d7:b4:f9:41:9c:b7:2c:7f:
         e7:6f:1f:e6:e3:07:18:5c:0b:32:4a:a0:28:66:a4:cf:b4:e4:
         aa:9b:f3:db:73:39:b6:e8:57:98:f6:c0:a9:31:7b:a4:bf:43:
         9a:55:58:7c:af:17:e9:e7:1d:79:50:07:60:60:d0:d2:c6:a6:
         12:99:a3:3f:af:02:96:dc:db:c8:17:4b:53:c5:f9:88:92:26:
         bc:b8:03:1f:80:51:6d:c6:50:3b:79:a0:e1:da:d9:14:d4:78:
         11:b0:0c:a9:78:48:23:71:cd:5c:23:58:04:75:33:e8:04:e4:
         7b:84:ea:be:ff:f6:ac:09:1e:8c:2a:9f:79:02:e0:a2:c5:b3:
         95:c4:ac:cf:b5:bc:df:ec:80:d4:c3:b3:37:28:54:cc:0c:2d:
         17:7a:ca:36:04:46:eb:77:bd:b1:ea:e0:fd:82:e6:6f:d9:60:
         f4:8d:1f:c0:0c:9c:46:d0:bd:3e:53:10:73:e9:3c:a7:74:83:
         23:20:2c:f7:24:8c:5f:00:4c:5a:cf:72:b2:60:78:67:cc:77:
         6e:09:07:3d:59:54:fb:16:c8:32:9d:72:a0:1e:e3:c7:bc:b0:
         0c:ff:3f:b7:33:9f:30:85:90:42:5f:42:38:f3:56:f5:08:81:
         e8:1a:d8:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6+nXAY8onKx8pIaiwT8MFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDk1MmJjMTY1NDQxZWM2ZTJlMjAxMGM5MzNkYzgzMGYz
NjE3MzEwHhcNMjQwNDA4MTY0OTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDljYWNlNjMwNDliODIyMzg4YWJiMTBlYjBhNjczZGU1MzU1YmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG2utye4/vk1621Xrj+HsSGswUrO
fR078COAmC3yxabAObF4hM4slC4Bc/2OPRdWqT5B8ICRpbYhiyVpqzMuNEsGNf0e
lnqwS0RTniiWk9KG6y9e9Lr6e5Z1m5LKgsamLxNy6LQYiL9prFPwKKHevJVxEsqU
i3BlW7OJQLCELuBdI03RqCr2Abcm+G6t1DJYgTQ7ecu3vqrQq+/BIXZLALF/YUKS
iuuuj9mFv/4E00MDDnmLTyJmn73IihGjjU1n6WYIO23xIgHiDP6oezidOYX97wVH
wuRwlppET+cXVQJBF9gFIN9syiUyiQkT73XojN/Qn90RAoXUZLYdIrUkvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCcrOYwSbgiOIq7EOsKZz3lNVvuMB8GA1UdIwQY
MBaAFEZJUrwWVEHsbi4gEMkz3IMPNhcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQt
ODQyODU4MTIyYmJjLzEvTUp5czVqQkp1Q0k0aXJzUTZ3cG5QZVUxVy00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQtODQyODU4MTIyYmJj
LzEvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSWLMA0G
CSqGSIb3DQEBCwUAA4IBAQBUh7SzW+mqe2EP17T5QZy3LH/nbx/m4wcYXAsySqAo
ZqTPtOSqm/Pbczm26FeY9sCpMXukv0OaVVh8rxfp5x15UAdgYNDSxqYSmaM/rwKW
3NvIF0tTxfmIkia8uAMfgFFtxlA7eaDh2tkU1HgRsAypeEgjcc1cI1gEdTPoBOR7
hOq+//asCR6MKp95AuCixbOVxKzPtbzf7IDUw7M3KFTMDC0Xeso2BEbrd72x6uD9
guZv2WD0jR/ADJxG0L0+UxBz6TyndIMjICz3JIxfAExaz3KyYHhnzHduCQc9WVT7
FsgynXKgHuPHvLAM/z+3M58whZBCX0I481b1CIHoGtjh
-----END CERTIFICATE-----