Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/s4Uvt6XEWbcDW7aSlrV-JwmaFV8.roa
File:                     s4Uvt6XEWbcDW7aSlrV-JwmaFV8.roa (raw, json)
Hash identifier:          s9K7zCm46Hi1x5JApXU/ybMBPxvrjQ6jcBBs4QIQGB0=
Subject key identifier:   B3:85:2F:B7:A5:C4:59:B7:03:5B:B6:92:96:B5:7E:27:09:9A:15:5F
Certificate issuer:       /CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Certificate serial:       018CC3B694AFBF343BBC9D1C70DD4E9F6E98
Authority key identifier: EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/s4Uvt6XEWbcDW7aSlrV-JwmaFV8.roa
Signing time:             Mon 01 Jan 2024 06:29:31 +0000
ROA not before:           Mon 01 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44740
IP address blocks:        89.46.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:94:af:bf:34:3b:bc:9d:1c:70:dd:4e:9f:6e:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
        Validity
            Not Before: Jan  1 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3852fb7a5c459b7035bb69296b57e27099a155f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:bd:f0:2d:aa:f3:db:d7:e7:18:92:bc:ac:9b:
                    69:3b:85:ba:04:6e:c8:22:36:ec:dd:f9:03:4a:9c:
                    59:e8:4b:96:a9:53:12:24:1b:30:fc:a8:47:2a:3e:
                    3e:ac:81:69:d9:58:16:4d:1e:a9:dc:2c:64:59:7d:
                    e2:94:1d:f1:c2:6d:2b:22:8b:6e:94:59:4d:40:67:
                    2e:a3:96:b8:9c:5d:99:08:9c:8f:35:3a:39:b0:22:
                    ea:76:d2:be:a6:89:b9:21:f1:e7:5b:1d:59:1b:d4:
                    ca:e3:15:82:d3:81:80:30:3f:0a:95:88:81:60:49:
                    a8:c1:c4:b6:08:69:63:4c:3f:8e:8d:de:e4:e0:c1:
                    47:f0:f3:e5:49:94:e2:54:0b:3c:d5:66:c3:34:41:
                    b6:db:4e:cd:59:6f:0b:68:83:9d:e7:34:5f:7a:6d:
                    6e:4c:f7:f5:3b:40:72:c7:f9:c1:f3:17:d1:1a:82:
                    8d:f3:e6:db:5b:7a:f8:04:94:ca:f4:ee:d5:ca:3f:
                    db:8c:a3:3f:1c:1c:ea:35:77:ec:fc:41:13:df:48:
                    f3:51:88:a0:a2:16:f4:3f:9b:30:f7:20:3f:5b:d4:
                    cb:27:33:d3:95:fe:23:6c:51:e2:4a:29:09:19:d0:
                    e8:5b:4a:3f:3e:57:75:ab:97:76:b6:e8:1d:58:56:
                    7e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:85:2F:B7:A5:C4:59:B7:03:5B:B6:92:96:B5:7E:27:09:9A:15:5F
            X509v3 Authority Key Identifier:
                keyid:EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/s4Uvt6XEWbcDW7aSlrV-JwmaFV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:23:9a:d0:52:1d:9c:a2:07:a9:b5:a5:ec:7c:23:de:f8:27:
         68:21:96:9e:03:8d:8a:94:44:29:9f:4a:55:48:65:bf:77:e1:
         b0:5b:40:b2:5c:23:a2:c0:ca:b5:a4:e1:78:ba:cc:01:6c:8b:
         8b:11:86:5a:9a:d6:6a:ee:14:b5:d1:84:80:d9:06:8e:5c:9e:
         e3:a5:d3:ac:d9:22:a5:7b:bf:db:1c:1e:c5:cd:fd:4c:a6:73:
         fb:b3:df:c5:b2:25:4f:31:5d:23:3c:64:e3:41:80:16:f1:5b:
         cc:56:e7:19:08:1b:43:58:8b:43:25:a7:0a:85:83:9b:42:94:
         df:f7:45:19:b5:fc:fb:bf:32:65:79:8b:5f:26:68:a1:75:80:
         e0:0d:b5:92:c6:db:ce:27:35:c5:3c:eb:be:99:33:13:2e:4f:
         d9:1b:05:42:7c:6a:cb:61:3d:c0:15:c2:95:c2:9d:66:dc:22:
         73:9c:99:a2:4e:01:53:f0:d3:31:e9:59:c3:7c:94:65:6e:ee:
         e7:af:ab:99:c4:b9:56:b2:c7:e8:45:d7:a1:92:e4:f4:a9:03:
         d4:91:02:88:b9:b6:80:de:96:81:64:f0:ef:38:27:2f:df:3d:
         0b:7c:7b:c5:76:d0:75:86:b1:90:45:54:12:a2:31:2e:14:d8:
         c6:82:7f:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpSvvzQ7vJ0ccN1On26YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjQyZTgwNjAyYWVkZjU4YTNjN2E4MTg4M2MxYTM0ZjY5
ZDJmYjQwHhcNMjQwMTAxMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzg1MmZiN2E1YzQ1OWI3MDM1YmI2OTI5NmI1N2UyNzA5OWExNTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlL3wLarz29fnGJK8rJtpO4W6BG7I
Ijbs3fkDSpxZ6EuWqVMSJBsw/KhHKj4+rIFp2VgWTR6p3CxkWX3ilB3xwm0rIotu
lFlNQGcuo5a4nF2ZCJyPNTo5sCLqdtK+pom5IfHnWx1ZG9TK4xWC04GAMD8KlYiB
YEmowcS2CGljTD+Ojd7k4MFH8PPlSZTiVAs81WbDNEG2207NWW8LaIOd5zRfem1u
TPf1O0Byx/nB8xfRGoKN8+bbW3r4BJTK9O7Vyj/bjKM/HBzqNXfs/EET30jzUYig
ohb0P5sw9yA/W9TLJzPTlf4jbFHiSikJGdDoW0o/Pld1q5d2tugdWFZ+4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOFL7elxFm3A1u2kpa1ficJmhVfMB8GA1UdIwQY
MBaAFOv0LoBgKu31ijx6gYg8GjT2nS+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2Mt
MTkwM2VkYWZhOGJmLzEvczRVdnQ2WEVXYmNEVzdhU2xyVi1Kd21hRlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2MtMTkwM2VkYWZhOGJm
LzEvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS71MA0G
CSqGSIb3DQEBCwUAA4IBAQBeI5rQUh2cogeptaXsfCPe+CdoIZaeA42KlEQpn0pV
SGW/d+GwW0CyXCOiwMq1pOF4uswBbIuLEYZamtZq7hS10YSA2QaOXJ7jpdOs2SKl
e7/bHB7Fzf1MpnP7s9/FsiVPMV0jPGTjQYAW8VvMVucZCBtDWItDJacKhYObQpTf
90UZtfz7vzJleYtfJmihdYDgDbWSxtvOJzXFPOu+mTMTLk/ZGwVCfGrLYT3AFcKV
wp1m3CJznJmiTgFT8NMx6VnDfJRlbu7nr6uZxLlWssfoRdehkuT0qQPUkQKIubaA
3paBZPDvOCcv3z0LfHvFdtB1hrGQRVQSojEuFNjGgn8+
-----END CERTIFICATE-----