Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/DaNcSDtMb3AgSPe0L0NvYI4F0OU.roa
File:                     DaNcSDtMb3AgSPe0L0NvYI4F0OU.roa (raw, json)
Hash identifier:          +inXHH0Kl3XPEWY1obM8WYiyja7sVlWHzE8KPvglIBk=
Subject key identifier:   0D:A3:5C:48:3B:4C:6F:70:20:48:F7:B4:2F:43:6F:60:8E:05:D0:E5
Certificate issuer:       /CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Certificate serial:       018FAB9E802EB3054C7D211F7893C58281FC
Authority key identifier: DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/DaNcSDtMb3AgSPe0L0NvYI4F0OU.roa
Signing time:             Fri 24 May 2024 17:20:42 +0000
ROA not before:           Fri 24 May 2024 17:20:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210656
IP address blocks:        89.223.20.0/24 maxlen: 24
                          2a0d:d6c2::/48 maxlen: 48
                          2a0d:d6c7:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ab:9e:80:2e:b3:05:4c:7d:21:1f:78:93:c5:82:81:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
        Validity
            Not Before: May 24 17:20:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0da35c483b4c6f702048f7b42f436f608e05d0e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:72:32:b5:3d:7b:74:de:72:81:4d:6e:75:dd:
                    1d:81:5a:79:ad:d9:c8:73:42:19:2e:df:13:d3:dd:
                    4e:d3:e4:10:dd:a6:5b:ce:ba:ff:cd:8c:b8:ee:49:
                    8c:5a:83:2a:f4:d6:f5:6e:e2:84:bc:48:c3:e6:d4:
                    44:fe:ee:6f:cd:8d:39:33:49:bc:fc:95:5f:80:8d:
                    db:c9:d7:9a:81:4c:3f:4b:c2:76:7b:88:55:a2:2b:
                    78:ec:fe:82:b2:a0:5b:04:d3:0e:5d:27:64:fa:d6:
                    d0:eb:f8:39:16:07:e7:cf:96:61:18:5d:73:0a:d9:
                    63:8c:5a:96:ba:85:ab:69:61:d4:61:78:ff:4f:f5:
                    55:ee:9b:83:14:36:23:e8:cb:6c:8b:43:b4:50:f3:
                    69:45:de:bc:75:7f:dd:c4:2f:93:80:5b:30:c4:6a:
                    09:09:af:c9:99:5f:7d:ac:3f:45:b5:01:99:af:9d:
                    13:c0:65:70:16:fb:40:a9:01:a5:c9:88:c5:a3:51:
                    7d:d5:c0:2d:d4:b6:e7:a0:56:92:00:eb:51:a7:ac:
                    ac:eb:c6:b9:37:80:01:70:b9:9e:03:7d:36:a0:c3:
                    ba:5c:89:d9:38:82:7f:7a:09:4f:e9:03:31:d6:bd:
                    a3:d1:ad:d1:cc:13:13:17:16:f5:86:ec:39:c8:bc:
                    e3:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:A3:5C:48:3B:4C:6F:70:20:48:F7:B4:2F:43:6F:60:8E:05:D0:E5
            X509v3 Authority Key Identifier:
                keyid:DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/DaNcSDtMb3AgSPe0L0NvYI4F0OU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.223.20.0/24
                IPv6:
                  2a0d:d6c2::/48
                  2a0d:d6c7:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:e9:89:e2:d1:2d:87:56:45:25:4d:22:0a:07:5d:92:d5:f9:
         56:81:b1:dc:61:c2:5b:cd:56:72:c3:4d:fb:b7:08:f4:42:93:
         43:37:10:27:1b:1e:4b:2c:10:e3:4e:70:8b:7c:5c:59:70:18:
         d5:32:62:da:dc:ef:7b:68:e8:b3:f4:14:a3:23:28:45:a9:58:
         6b:02:b2:be:ca:94:76:99:f4:a7:5b:7b:8f:ea:b6:44:4d:ba:
         a0:97:34:ef:f6:04:90:4c:2a:c1:6d:8b:ae:de:54:66:5b:ae:
         4e:e3:e2:60:e0:9b:98:72:6c:ab:74:b9:c8:9f:f2:3e:33:86:
         85:63:10:a4:09:ea:fd:bb:ca:3c:92:ca:52:d6:30:95:30:be:
         8d:ef:0c:10:5c:68:09:83:99:7c:e6:27:4a:c2:c2:0b:c0:7e:
         1e:b2:f1:cb:32:66:99:b8:f3:4d:51:be:7b:ec:68:0e:d7:03:
         a0:4b:dd:91:bf:ab:7c:a6:15:df:92:79:59:32:31:5e:ab:90:
         b0:dc:9b:86:8f:37:4e:a5:85:ec:dd:f8:35:d9:de:34:c8:13:
         24:18:8e:ff:6a:ab:2f:9d:94:48:61:1d:a2:56:57:a5:ea:f3:
         35:3a:ea:99:cc:5c:ed:e0:0e:30:e0:c0:90:e6:ed:a8:fb:dd:
         e1:1d:74:6f
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY+rnoAuswVMfSEfeJPFgoH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODZlM2U5MjhjN2YwYzlkYjY5NTE1ZmYzYWExZjY3OGNl
ZTQzYzAwHhcNMjQwNTI0MTcyMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGEzNWM0ODNiNGM2ZjcwMjA0OGY3YjQyZjQzNmY2MDhlMDVkMGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3IytT17dN5ygU1udd0dgVp5rdnI
c0IZLt8T091O0+QQ3aZbzrr/zYy47kmMWoMq9Nb1buKEvEjD5tRE/u5vzY05M0m8
/JVfgI3bydeagUw/S8J2e4hVoit47P6CsqBbBNMOXSdk+tbQ6/g5Fgfnz5ZhGF1z
CtljjFqWuoWraWHUYXj/T/VV7puDFDYj6Mtsi0O0UPNpRd68dX/dxC+TgFswxGoJ
Ca/JmV99rD9FtQGZr50TwGVwFvtAqQGlyYjFo1F91cAt1LbnoFaSAOtRp6ys68a5
N4ABcLmeA302oMO6XInZOIJ/eglP6QMx1r2j0a3RzBMTFxb1huw5yLzjcwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFA2jXEg7TG9wIEj3tC9Db2COBdDlMB8GA1UdIwQY
MBaAFNyG4+kox/DJ22lRX/OqH2eM7kPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjIt
OWM4ZTU5YzI3NzFjLzEvRGFOY1NEdE1iM0FnU1BlMEwwTnZZSTRGME9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjItOWM4ZTU5YzI3NzFj
LzEvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAWd8UMBgE
AgACMBIDBwAqDdbCAAADBwAqDdbHAAMwDQYJKoZIhvcNAQELBQADggEBACTpieLR
LYdWRSVNIgoHXZLV+VaBsdxhwlvNVnLDTfu3CPRCk0M3ECcbHkssEONOcIt8XFlw
GNUyYtrc73to6LP0FKMjKEWpWGsCsr7KlHaZ9Kdbe4/qtkRNuqCXNO/2BJBMKsFt
i67eVGZbrk7j4mDgm5hybKt0ucif8j4zhoVjEKQJ6v27yjySylLWMJUwvo3vDBBc
aAmDmXzmJ0rCwgvAfh6y8csyZpm4801RvnvsaA7XA6BL3ZG/q3ymFd+SeVkyMV6r
kLDcm4aPN06lhezd+DXZ3jTIEyQYjv9qqy+dlEhhHaJWV6Xq8zU66pnMXO3gDjDg
wJDm7aj73eEddG8=
-----END CERTIFICATE-----