Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/zYAXFxi3O0aXhwywg6RsrTK7vrc.roa
File:                     zYAXFxi3O0aXhwywg6RsrTK7vrc.roa (raw, json)
Hash identifier:          UoC4eoFL1NgJx4KQaCTMYROsamJj+6sooAM5Y3c6yKE=
Subject key identifier:   CD:80:17:17:18:B7:3B:46:97:87:0C:B0:83:A4:6C:AD:32:BB:BE:B7
Certificate issuer:       /CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Certificate serial:       018CC3B69432F6AE8BEC152D84F61112CD17
Authority key identifier: EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/zYAXFxi3O0aXhwywg6RsrTK7vrc.roa
Signing time:             Mon 01 Jan 2024 06:29:31 +0000
ROA not before:           Mon 01 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41646
IP address blocks:        89.46.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:94:32:f6:ae:8b:ec:15:2d:84:f6:11:12:cd:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
        Validity
            Not Before: Jan  1 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd80171718b73b4697870cb083a46cad32bbbeb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:19:37:ff:38:6f:56:3b:50:17:1e:d8:95:8e:
                    6d:9b:b0:97:17:6e:0f:b3:9e:a4:9a:34:40:e0:e5:
                    88:9e:7c:5d:ae:96:b5:dd:b0:73:9a:67:95:9e:7e:
                    37:6c:2f:9c:43:9e:9e:2d:63:41:b0:db:6a:ed:72:
                    45:78:b4:17:d0:64:81:cd:62:5a:77:23:1b:52:36:
                    71:4c:fb:79:53:64:3f:7d:11:4e:65:63:99:75:55:
                    a8:d7:ab:fd:bc:6f:d9:d1:d2:c2:f4:cd:ce:78:f1:
                    23:95:6f:00:47:45:33:61:bb:a6:2a:e2:d8:64:70:
                    74:de:23:01:96:6d:74:f4:4d:05:7f:2c:ca:60:d0:
                    a5:04:90:d7:1a:40:23:04:0a:e2:49:6e:25:da:38:
                    a9:3e:4d:43:96:f8:2a:11:e2:ba:3b:28:91:f6:c8:
                    a6:50:5e:c3:3b:e3:62:b2:70:b6:21:c0:14:76:48:
                    22:fd:2b:54:a0:e8:0c:31:f4:97:64:be:a5:2f:ce:
                    5f:74:8d:96:d6:3f:6e:3e:46:11:4b:91:be:0b:d4:
                    f6:3d:52:10:6a:ae:d2:e0:58:37:86:da:54:37:31:
                    59:a5:1e:38:ab:d1:8d:bc:ba:5a:3b:f0:d4:99:af:
                    f9:31:8f:26:23:e5:8c:ea:0b:07:a7:3e:70:23:48:
                    80:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:80:17:17:18:B7:3B:46:97:87:0C:B0:83:A4:6C:AD:32:BB:BE:B7
            X509v3 Authority Key Identifier:
                keyid:EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/zYAXFxi3O0aXhwywg6RsrTK7vrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:d1:f2:2a:23:c5:18:48:8c:53:12:37:b2:39:0f:08:09:42:
         a0:cc:d3:13:ca:0d:4c:0f:bb:e6:1e:a7:a6:4f:59:f1:04:2e:
         2c:b2:69:83:f6:6e:cd:50:a1:08:4c:67:33:9b:6b:67:b4:fd:
         a4:a4:28:2d:e6:9a:11:e8:3e:57:7c:d9:06:73:2b:e7:76:df:
         84:22:73:a1:2b:b2:44:20:c5:a4:5f:cc:13:6f:f0:9d:a8:35:
         5b:05:0f:ad:02:be:53:1d:e7:ad:54:7c:0c:71:cf:ce:52:05:
         75:6d:ea:52:59:74:55:66:fc:0d:0b:13:2e:5f:b5:e5:5b:53:
         35:f9:58:ff:83:55:54:3b:cf:f0:59:d4:35:9b:f2:9f:f0:22:
         24:f5:c9:b3:05:aa:93:2f:13:ab:c1:ca:df:ce:01:51:86:c0:
         8f:5f:46:78:08:dc:4f:93:9c:40:e4:f5:48:64:b5:d5:b8:b5:
         94:09:b7:91:d5:f3:6c:cb:d5:62:26:30:9a:10:64:ac:d0:3b:
         22:7d:a7:64:92:bd:b6:76:db:59:32:85:f8:9c:4d:3d:a6:ca:
         2a:2e:eb:cc:04:4e:7f:f6:fd:3f:11:ad:be:5a:c7:3c:2c:c3:
         ce:7b:de:b4:0c:68:93:d5:1e:6b:8c:70:c9:6c:76:5b:34:a7:
         b4:56:8a:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpQy9q6L7BUthPYREs0XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjQyZTgwNjAyYWVkZjU4YTNjN2E4MTg4M2MxYTM0ZjY5
ZDJmYjQwHhcNMjQwMTAxMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDgwMTcxNzE4YjczYjQ2OTc4NzBjYjA4M2E0NmNhZDMyYmJiZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBk3/zhvVjtQFx7YlY5tm7CXF24P
s56kmjRA4OWInnxdrpa13bBzmmeVnn43bC+cQ56eLWNBsNtq7XJFeLQX0GSBzWJa
dyMbUjZxTPt5U2Q/fRFOZWOZdVWo16v9vG/Z0dLC9M3OePEjlW8AR0UzYbumKuLY
ZHB03iMBlm109E0FfyzKYNClBJDXGkAjBAriSW4l2jipPk1DlvgqEeK6OyiR9sim
UF7DO+NisnC2IcAUdkgi/StUoOgMMfSXZL6lL85fdI2W1j9uPkYRS5G+C9T2PVIQ
aq7S4Fg3htpUNzFZpR44q9GNvLpaO/DUma/5MY8mI+WM6gsHpz5wI0iAWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2AFxcYtztGl4cMsIOkbK0yu763MB8GA1UdIwQY
MBaAFOv0LoBgKu31ijx6gYg8GjT2nS+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2Mt
MTkwM2VkYWZhOGJmLzEvellBWEZ4aTNPMGFYaHd5d2c2UnNyVEs3dnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2MtMTkwM2VkYWZhOGJm
LzEvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS4mMA0G
CSqGSIb3DQEBCwUAA4IBAQAn0fIqI8UYSIxTEjeyOQ8ICUKgzNMTyg1MD7vmHqem
T1nxBC4ssmmD9m7NUKEITGczm2tntP2kpCgt5poR6D5XfNkGcyvndt+EInOhK7JE
IMWkX8wTb/CdqDVbBQ+tAr5THeetVHwMcc/OUgV1bepSWXRVZvwNCxMuX7XlW1M1
+Vj/g1VUO8/wWdQ1m/Kf8CIk9cmzBaqTLxOrwcrfzgFRhsCPX0Z4CNxPk5xA5PVI
ZLXVuLWUCbeR1fNsy9ViJjCaEGSs0Dsifadkkr22dttZMoX4nE09psoqLuvMBE5/
9v0/Ea2+Wsc8LMPOe960DGiT1R5rjHDJbHZbNKe0Voqo
-----END CERTIFICATE-----