Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/xr0XZn-DLpPEBKT4kJorEOzhb7E.roa
File:                     xr0XZn-DLpPEBKT4kJorEOzhb7E.roa (raw, json)
Hash identifier:          DxKiLqbzNxNjpnd+h8kspjqb+3P11eAFQezPAppKKZA=
Subject key identifier:   C6:BD:17:66:7F:83:2E:93:C4:04:A4:F8:90:9A:2B:10:EC:E1:6F:B1
Certificate issuer:       /CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Certificate serial:       018CC3B6968DDD1F09CD59BEDE3C22CAB34B
Authority key identifier: EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/xr0XZn-DLpPEBKT4kJorEOzhb7E.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51441
IP address blocks:        89.46.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:96:8d:dd:1f:09:cd:59:be:de:3c:22:ca:b3:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6bd17667f832e93c404a4f8909a2b10ece16fb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:6a:35:45:1f:f9:33:7c:21:91:ff:7b:54:3a:
                    78:59:b2:df:77:09:cb:90:24:c0:9a:63:f6:19:e5:
                    00:6b:53:83:dc:9b:9d:d9:57:6b:0a:49:b8:79:4f:
                    c5:78:79:0a:4e:07:56:c4:44:ac:5b:bf:39:d4:0b:
                    e3:22:cb:f4:48:21:67:36:d8:dd:19:b8:9e:24:c2:
                    ce:28:a3:f5:ce:3d:9a:bf:1d:60:bd:e2:6b:7c:3a:
                    95:d0:d8:52:85:25:3d:0b:48:68:18:40:ba:0c:98:
                    a7:32:a6:75:c8:36:80:b9:dc:58:0c:7a:97:bb:6a:
                    98:b0:b7:be:46:92:56:f4:77:50:e2:66:37:b8:c3:
                    eb:a1:ba:d0:81:b2:77:6b:12:68:89:2a:54:9d:39:
                    70:e4:ee:f4:d5:04:51:1b:f2:cd:76:44:19:ed:c0:
                    a2:0e:ec:0b:db:4a:01:96:00:2e:23:3e:12:fc:c7:
                    eb:89:ea:1d:49:66:a8:a5:0b:5c:1e:24:47:e1:47:
                    60:1c:4f:08:c8:8b:ea:90:e0:2e:41:93:90:66:07:
                    5d:8b:a8:e3:ad:22:8f:05:1d:73:fd:da:89:df:b7:
                    09:7d:f3:08:45:c1:50:eb:2e:7a:4b:3e:f4:9e:31:
                    33:cb:fa:30:5a:76:c4:46:91:74:6a:7c:a6:e6:48:
                    69:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:BD:17:66:7F:83:2E:93:C4:04:A4:F8:90:9A:2B:10:EC:E1:6F:B1
            X509v3 Authority Key Identifier:
                keyid:EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/xr0XZn-DLpPEBKT4kJorEOzhb7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:8d:55:02:53:47:07:36:8b:9c:96:26:ba:10:ac:bc:3f:ca:
         f0:f6:f1:6e:99:6f:af:8a:dd:4d:84:4c:c3:85:41:36:a1:7b:
         07:7b:bc:04:67:76:7d:9b:d6:58:37:3b:f9:01:68:7b:da:e8:
         e0:9e:cb:41:af:f3:9a:a6:e6:2b:ce:02:98:45:23:d9:87:16:
         08:c7:3c:a7:5f:73:fb:13:65:1c:49:42:ef:09:b8:e5:d5:a7:
         a4:7a:a0:ae:bd:b8:e1:5b:91:3d:ce:fa:ee:72:2a:b9:09:ae:
         82:34:4d:d0:d6:16:6e:ac:f2:94:b4:93:d5:57:da:3a:a8:c0:
         4f:3a:7a:81:2a:6a:37:8a:dc:53:87:2b:e2:64:bd:e3:48:80:
         ab:f7:0c:e6:b1:85:e7:ed:49:02:60:39:fd:a2:85:15:52:81:
         d1:eb:0a:13:f6:d9:5c:05:5f:e3:d6:17:d8:90:7d:81:32:19:
         23:60:49:10:64:5e:39:e6:08:45:0a:18:4a:48:6b:a5:43:6c:
         eb:b7:19:bd:8a:44:1a:0e:17:9b:4e:d3:90:24:ba:e0:a3:82:
         6e:99:f3:0d:67:d6:50:2a:2f:56:d2:b0:dc:4a:a3:84:8b:19:
         02:44:72:60:a7:6e:1c:e6:97:2f:5e:42:43:4a:c9:1d:48:4b:
         5a:c4:53:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpaN3R8JzVm+3jwiyrNLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjQyZTgwNjAyYWVkZjU4YTNjN2E4MTg4M2MxYTM0ZjY5
ZDJmYjQwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmJkMTc2NjdmODMyZTkzYzQwNGE0Zjg5MDlhMmIxMGVjZTE2ZmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmo1RR/5M3whkf97VDp4WbLfdwnL
kCTAmmP2GeUAa1OD3Jud2VdrCkm4eU/FeHkKTgdWxESsW7851AvjIsv0SCFnNtjd
GbieJMLOKKP1zj2avx1gveJrfDqV0NhShSU9C0hoGEC6DJinMqZ1yDaAudxYDHqX
u2qYsLe+RpJW9HdQ4mY3uMProbrQgbJ3axJoiSpUnTlw5O701QRRG/LNdkQZ7cCi
DuwL20oBlgAuIz4S/MfrieodSWaopQtcHiRH4UdgHE8IyIvqkOAuQZOQZgddi6jj
rSKPBR1z/dqJ37cJffMIRcFQ6y56Sz70njEzy/owWnbERpF0anym5khpMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMa9F2Z/gy6TxASk+JCaKxDs4W+xMB8GA1UdIwQY
MBaAFOv0LoBgKu31ijx6gYg8GjT2nS+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2Mt
MTkwM2VkYWZhOGJmLzEveHIwWFpuLURMcFBFQktUNGtKb3JFT3poYjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2MtMTkwM2VkYWZhOGJm
LzEvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS70MA0G
CSqGSIb3DQEBCwUAA4IBAQAxjVUCU0cHNouclia6EKy8P8rw9vFumW+vit1NhEzD
hUE2oXsHe7wEZ3Z9m9ZYNzv5AWh72ujgnstBr/OapuYrzgKYRSPZhxYIxzynX3P7
E2UcSULvCbjl1aekeqCuvbjhW5E9zvruciq5Ca6CNE3Q1hZurPKUtJPVV9o6qMBP
OnqBKmo3itxThyviZL3jSICr9wzmsYXn7UkCYDn9ooUVUoHR6woT9tlcBV/j1hfY
kH2BMhkjYEkQZF455ghFChhKSGulQ2zrtxm9ikQaDhebTtOQJLrgo4JumfMNZ9ZQ
Ki9W0rDcSqOEixkCRHJgp24c5pcvXkJDSskdSEtaxFPK
-----END CERTIFICATE-----