Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/4f6ee4-fa6e-436e-b349-6ef7e1199698/1/_ei8IqTWHXnF5_6rz7c-bgU4CMc.roa
File:                     _ei8IqTWHXnF5_6rz7c-bgU4CMc.roa (raw, json)
Hash identifier:          Vyug6oz5M4oeDfjTZcHqXGyN0i15FV7uXyPJ6ZmNMT0=
Subject key identifier:   FD:E8:BC:22:A4:D6:1D:79:C5:E7:FE:AB:CF:B7:3E:6E:05:38:08:C7
Certificate issuer:       /CN=dc8e059d5eb77649fbf19b84af35f6891d9c5807
Certificate serial:       018CC4253F4D87327AFB1A4572714923EE7C
Authority key identifier: DC:8E:05:9D:5E:B7:76:49:FB:F1:9B:84:AF:35:F6:89:1D:9C:58:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3I4FnV63dkn78ZuErzX2iR2cWAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/4f6ee4-fa6e-436e-b349-6ef7e1199698/1/_ei8IqTWHXnF5_6rz7c-bgU4CMc.roa
Signing time:             Mon 01 Jan 2024 08:30:24 +0000
ROA not before:           Mon 01 Jan 2024 08:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25081
IP address blocks:        81.89.192.0/20 maxlen: 20
                          2a04:c940::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/4f6ee4-fa6e-436e-b349-6ef7e1199698/1/3I4FnV63dkn78ZuErzX2iR2cWAc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/4f6ee4-fa6e-436e-b349-6ef7e1199698/1/3I4FnV63dkn78ZuErzX2iR2cWAc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3I4FnV63dkn78ZuErzX2iR2cWAc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3f:4d:87:32:7a:fb:1a:45:72:71:49:23:ee:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc8e059d5eb77649fbf19b84af35f6891d9c5807
        Validity
            Not Before: Jan  1 08:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fde8bc22a4d61d79c5e7feabcfb73e6e053808c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:01:53:7e:be:f7:7c:0a:f2:2a:de:67:bf:7b:
                    69:88:ab:00:67:ed:2a:9a:b3:a3:3a:ee:20:b4:a8:
                    07:49:78:65:2b:3e:89:6a:74:c6:5d:f6:c9:75:9e:
                    5d:a5:1d:6e:27:c0:c0:f3:43:17:e5:3b:11:82:11:
                    fc:61:f1:63:5e:ec:9b:74:41:94:e7:df:7c:48:90:
                    2e:89:da:1a:a3:aa:49:f6:17:fd:e5:38:90:12:e2:
                    fb:67:56:6b:18:1e:81:ce:4c:40:cc:b4:70:ba:ed:
                    51:d8:36:79:29:17:9f:b6:c2:f9:36:b8:c1:0b:cd:
                    9d:f5:63:1b:35:07:08:b0:2f:50:6c:a8:33:3a:11:
                    c4:85:e6:f0:3a:60:88:dd:cd:95:fd:58:f7:c0:a9:
                    f7:7e:79:a4:52:5f:1f:d7:99:33:13:72:01:6e:4a:
                    fa:d9:be:80:d7:ea:ee:78:36:f0:af:ff:0d:b7:ff:
                    8b:0a:fe:0c:95:f3:59:41:4f:3b:ff:e8:e3:7b:e8:
                    36:9c:00:2c:fc:5d:11:ee:1d:fb:d2:8a:a7:f1:47:
                    52:06:83:53:7a:c5:ca:60:1a:62:81:be:2a:08:b3:
                    bb:ab:22:83:d2:3e:8b:ab:27:44:62:a6:73:69:14:
                    bf:b3:3c:24:ea:a6:31:87:18:f9:42:df:84:a6:9a:
                    0d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:E8:BC:22:A4:D6:1D:79:C5:E7:FE:AB:CF:B7:3E:6E:05:38:08:C7
            X509v3 Authority Key Identifier:
                keyid:DC:8E:05:9D:5E:B7:76:49:FB:F1:9B:84:AF:35:F6:89:1D:9C:58:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3I4FnV63dkn78ZuErzX2iR2cWAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/4f6ee4-fa6e-436e-b349-6ef7e1199698/1/_ei8IqTWHXnF5_6rz7c-bgU4CMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/4f6ee4-fa6e-436e-b349-6ef7e1199698/1/3I4FnV63dkn78ZuErzX2iR2cWAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.89.192.0/20
                IPv6:
                  2a04:c940::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:d4:c8:04:5e:e8:70:16:8a:c9:c4:26:96:ca:1e:a2:95:34:
         5d:70:f7:76:72:ef:20:0e:24:3a:1b:17:e0:79:1b:53:85:a7:
         19:09:d0:46:0a:38:ad:16:4d:54:9c:80:b5:72:d0:73:ec:a3:
         04:c7:81:b9:62:d1:6c:de:db:41:ac:54:59:f4:a9:51:b2:73:
         e0:45:56:0d:01:e1:52:da:74:0f:12:cb:1e:01:a7:a9:97:ba:
         60:02:6f:a2:94:a8:b2:94:0b:a9:62:dc:52:31:65:42:36:8b:
         bc:a9:2e:ca:95:5e:89:9f:a3:66:c6:a3:c9:65:b1:08:0c:b0:
         95:c0:5b:36:d4:17:c0:b4:99:48:38:0d:12:0b:5d:44:a2:c0:
         4a:7a:04:08:69:1d:a3:1f:e1:6e:74:30:d7:b4:14:47:9c:0c:
         8b:b8:b9:1d:1a:ca:95:90:1f:6a:d3:28:db:ce:07:80:54:0e:
         d4:99:7a:f2:74:8a:32:7c:7a:73:dd:36:ba:a4:44:3f:38:07:
         b7:7e:65:bb:95:47:d0:ee:dd:49:e4:4f:72:8a:18:6a:0e:d0:
         54:b5:1a:86:a5:84:a9:32:f0:8c:88:c2:ab:5c:ad:42:5a:ab:
         9e:98:cc:41:d4:2e:7a:57:ae:77:78:7d:c4:c1:8f:63:78:79:
         2e:e5:1d:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJT9NhzJ6+xpFcnFJI+58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjOGUwNTlkNWViNzc2NDlmYmYxOWI4NGFmMzVmNjg5MWQ5
YzU4MDcwHhcNMjQwMTAxMDgzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGU4YmMyMmE0ZDYxZDc5YzVlN2ZlYWJjZmI3M2U2ZTA1MzgwOGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QFTfr73fAryKt5nv3tpiKsAZ+0q
mrOjOu4gtKgHSXhlKz6JanTGXfbJdZ5dpR1uJ8DA80MX5TsRghH8YfFjXuybdEGU
5998SJAuidoao6pJ9hf95TiQEuL7Z1ZrGB6BzkxAzLRwuu1R2DZ5KReftsL5NrjB
C82d9WMbNQcIsC9QbKgzOhHEhebwOmCI3c2V/Vj3wKn3fnmkUl8f15kzE3IBbkr6
2b6A1+rueDbwr/8Nt/+LCv4MlfNZQU87/+jje+g2nAAs/F0R7h370oqn8UdSBoNT
esXKYBpigb4qCLO7qyKD0j6LqydEYqZzaRS/szwk6qYxhxj5Qt+EppoNJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP3ovCKk1h15xef+q8+3Pm4FOAjHMB8GA1UdIwQY
MBaAFNyOBZ1et3ZJ+/GbhK819okdnFgHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0k0Rm5WNjNka243OFp1RXJ6WDJpUjJjV0FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS80ZjZlZTQtZmE2ZS00MzZlLWIzNDkt
NmVmN2UxMTk5Njk4LzEvX2VpOElxVFdIWG5GNV82cno3Yy1iZ1U0Q01jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS80ZjZlZTQtZmE2ZS00MzZlLWIzNDktNmVmN2UxMTk5Njk4
LzEvM0k0Rm5WNjNka243OFp1RXJ6WDJpUjJjV0FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEUVnAMA0E
AgACMAcDBQMqBMlAMA0GCSqGSIb3DQEBCwUAA4IBAQBK1MgEXuhwForJxCaWyh6i
lTRdcPd2cu8gDiQ6GxfgeRtThacZCdBGCjitFk1UnIC1ctBz7KMEx4G5YtFs3ttB
rFRZ9KlRsnPgRVYNAeFS2nQPEsseAaepl7pgAm+ilKiylAupYtxSMWVCNou8qS7K
lV6Jn6NmxqPJZbEIDLCVwFs21BfAtJlIOA0SC11EosBKegQIaR2jH+FudDDXtBRH
nAyLuLkdGsqVkB9q0yjbzgeAVA7UmXrydIoyfHpz3Ta6pEQ/OAe3fmW7lUfQ7t1J
5E9yihhqDtBUtRqGpYSpMvCMiMKrXK1CWquemMxB1C56V653eH3EwY9jeHku5R04
-----END CERTIFICATE-----