Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/0x_idFjW9GzTs4eZFeDoCrnar7o.roa
File:                     0x_idFjW9GzTs4eZFeDoCrnar7o.roa (raw, json)
Hash identifier:          8RbXRnhGhbQ2ghaEdlbL24qkAq6xRMYXTt4rZS8VxxU=
Subject key identifier:   D3:1F:E2:74:58:D6:F4:6C:D3:B3:87:99:15:E0:E8:0A:B9:DA:AF:BA
Certificate issuer:       /CN=b9b350a0ae32e73e660c416c3f1406edd3615f82
Certificate serial:       018CC6B8EB9D27B257ECF3F32B8EB7A0C7FD
Authority key identifier: B9:B3:50:A0:AE:32:E7:3E:66:0C:41:6C:3F:14:06:ED:D3:61:5F:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubNQoK4y5z5mDEFsPxQG7dNhX4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/0x_idFjW9GzTs4eZFeDoCrnar7o.roa
Signing time:             Mon 01 Jan 2024 20:30:56 +0000
ROA not before:           Mon 01 Jan 2024 20:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34226
IP address blocks:        89.107.248.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/ubNQoK4y5z5mDEFsPxQG7dNhX4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/ubNQoK4y5z5mDEFsPxQG7dNhX4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubNQoK4y5z5mDEFsPxQG7dNhX4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:eb:9d:27:b2:57:ec:f3:f3:2b:8e:b7:a0:c7:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b350a0ae32e73e660c416c3f1406edd3615f82
        Validity
            Not Before: Jan  1 20:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d31fe27458d6f46cd3b3879915e0e80ab9daafba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:34:17:87:a6:dd:fb:1a:ca:73:53:67:4f:4d:
                    3b:59:b8:77:53:31:06:f6:a1:36:29:9b:19:18:3d:
                    80:94:da:0e:5b:93:75:5a:69:f9:a2:40:98:f7:a9:
                    02:c6:9e:e4:32:9e:02:ee:1c:d2:a9:13:9a:e9:29:
                    89:77:0b:fd:71:a1:98:ec:be:71:68:f5:fa:4a:32:
                    fb:38:c6:20:68:4c:6e:34:90:71:e0:cf:04:5e:1a:
                    ac:6f:39:1c:a8:b3:59:60:07:98:3b:ff:36:c7:dd:
                    8d:d0:32:92:41:83:08:f1:8c:62:8c:51:95:96:04:
                    a6:9c:58:5c:d8:a9:b9:04:fc:5a:e4:f3:91:78:28:
                    74:00:13:6d:5e:60:e2:57:6c:31:04:a4:4a:0d:72:
                    f2:16:a6:c1:6d:49:2d:21:8f:28:26:1d:6c:4d:21:
                    1a:58:ab:fe:3b:bb:bc:be:fd:90:a7:88:70:f4:6e:
                    71:0b:4b:a5:42:41:71:40:17:2d:90:92:c1:02:56:
                    3b:59:34:45:97:27:da:d8:4a:4d:3a:28:43:3d:d6:
                    a6:da:b9:a8:f1:51:e2:99:54:20:d2:6d:6f:e0:50:
                    a6:60:57:0e:71:c1:6d:16:73:b0:7c:9e:46:37:b8:
                    fc:54:ef:b1:50:9c:93:75:6e:9b:b0:ef:44:c6:6f:
                    10:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:1F:E2:74:58:D6:F4:6C:D3:B3:87:99:15:E0:E8:0A:B9:DA:AF:BA
            X509v3 Authority Key Identifier:
                keyid:B9:B3:50:A0:AE:32:E7:3E:66:0C:41:6C:3F:14:06:ED:D3:61:5F:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubNQoK4y5z5mDEFsPxQG7dNhX4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/0x_idFjW9GzTs4eZFeDoCrnar7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/ubNQoK4y5z5mDEFsPxQG7dNhX4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         78:1c:2a:27:35:52:2b:78:ee:c3:85:86:7d:f1:2f:0a:30:c3:
         29:0b:43:d7:08:1f:2c:3f:90:fc:a1:8b:be:26:cb:f6:2e:a3:
         fc:e0:8a:60:be:93:55:1f:15:62:5e:b7:8b:15:87:7c:83:2e:
         8e:4b:21:48:4f:0c:ca:7b:89:af:ea:2b:d3:ce:59:d5:16:e5:
         ad:15:fc:d1:38:ee:00:fe:b7:a2:55:90:38:69:62:90:dc:d3:
         ef:01:1c:96:c7:f3:40:4a:68:fe:7c:7c:7a:3c:da:59:4f:87:
         28:31:b3:27:c0:af:7c:65:26:f4:ae:82:12:69:70:60:9c:e4:
         38:3f:aa:02:17:c8:24:25:83:4b:d0:13:c9:a7:dd:1c:3c:fd:
         9b:4b:79:0f:de:f6:1c:c6:7c:ea:28:3a:9b:23:15:3d:96:8e:
         57:b1:06:28:f7:a1:56:bc:3a:a0:ee:74:15:28:8c:52:53:74:
         a2:69:5a:bb:f4:54:e9:3e:10:bf:d9:05:f2:e2:a7:30:12:8c:
         8d:f5:91:1c:b3:20:11:a8:1e:e7:c3:b1:ca:0d:97:c9:a8:54:
         b0:fe:09:eb:43:2a:34:1f:f1:d1:82:11:f8:b7:9c:99:99:ef:
         43:27:f6:c4:ed:5a:98:80:84:cc:fd:4f:72:1c:37:0a:8e:7d:
         bc:02:d1:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuOudJ7JX7PPzK463oMf9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YjM1MGEwYWUzMmU3M2U2NjBjNDE2YzNmMTQwNmVkZDM2
MTVmODIwHhcNMjQwMTAxMjAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzFmZTI3NDU4ZDZmNDZjZDNiMzg3OTkxNWUwZTgwYWI5ZGFhZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozQXh6bd+xrKc1NnT007Wbh3UzEG
9qE2KZsZGD2AlNoOW5N1Wmn5okCY96kCxp7kMp4C7hzSqROa6SmJdwv9caGY7L5x
aPX6SjL7OMYgaExuNJBx4M8EXhqsbzkcqLNZYAeYO/82x92N0DKSQYMI8YxijFGV
lgSmnFhc2Km5BPxa5POReCh0ABNtXmDiV2wxBKRKDXLyFqbBbUktIY8oJh1sTSEa
WKv+O7u8vv2Qp4hw9G5xC0ulQkFxQBctkJLBAlY7WTRFlyfa2EpNOihDPdam2rmo
8VHimVQg0m1v4FCmYFcOccFtFnOwfJ5GN7j8VO+xUJyTdW6bsO9Exm8QEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMf4nRY1vRs07OHmRXg6Aq52q+6MB8GA1UdIwQY
MBaAFLmzUKCuMuc+ZgxBbD8UBu3TYV+CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJOUW9LNHk1ejVtREVGc1B4UUc3ZE5oWDRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MjdlNjAtMDBhNi00ZDI2LWI5M2Et
ZWY3M2I3YjRjYTNjLzEvMHhfaWRGalc5R3pUczRlWkZlRG9Dcm5hcjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MjdlNjAtMDBhNi00ZDI2LWI5M2EtZWY3M2I3YjRjYTNj
LzEvdWJOUW9LNHk1ejVtREVGc1B4UUc3ZE5oWDRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWWv4MA0G
CSqGSIb3DQEBCwUAA4IBAQB4HConNVIreO7DhYZ98S8KMMMpC0PXCB8sP5D8oYu+
Jsv2LqP84IpgvpNVHxViXreLFYd8gy6OSyFITwzKe4mv6ivTzlnVFuWtFfzROO4A
/reiVZA4aWKQ3NPvARyWx/NASmj+fHx6PNpZT4coMbMnwK98ZSb0roISaXBgnOQ4
P6oCF8gkJYNL0BPJp90cPP2bS3kP3vYcxnzqKDqbIxU9lo5XsQYo96FWvDqg7nQV
KIxSU3SiaVq79FTpPhC/2QXy4qcwEoyN9ZEcsyARqB7nw7HKDZfJqFSw/gnrQyo0
H/HRghH4t5yZme9DJ/bE7VqYgITM/U9yHDcKjn28AtFx
-----END CERTIFICATE-----