Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/sXzbQNQBjzFyc0T0hq_45hDsTrc.roa
File:                     sXzbQNQBjzFyc0T0hq_45hDsTrc.roa (raw, json)
Hash identifier:          PZQUV0lt+bBiA2j5dp06j7DjLZe3MxCA+1WTtH3DyFQ=
Subject key identifier:   B1:7C:DB:40:D4:01:8F:31:72:73:44:F4:86:AF:F8:E6:10:EC:4E:B7
Certificate issuer:       /CN=b9b350a0ae32e73e660c416c3f1406edd3615f82
Certificate serial:       018CC6B8EA4EC13DBA606F57B3202BDF645C
Authority key identifier: B9:B3:50:A0:AE:32:E7:3E:66:0C:41:6C:3F:14:06:ED:D3:61:5F:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubNQoK4y5z5mDEFsPxQG7dNhX4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/sXzbQNQBjzFyc0T0hq_45hDsTrc.roa
Signing time:             Mon 01 Jan 2024 20:30:56 +0000
ROA not before:           Mon 01 Jan 2024 20:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12301
IP address blocks:        89.107.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/ubNQoK4y5z5mDEFsPxQG7dNhX4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/ubNQoK4y5z5mDEFsPxQG7dNhX4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubNQoK4y5z5mDEFsPxQG7dNhX4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ea:4e:c1:3d:ba:60:6f:57:b3:20:2b:df:64:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b350a0ae32e73e660c416c3f1406edd3615f82
        Validity
            Not Before: Jan  1 20:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b17cdb40d4018f31727344f486aff8e610ec4eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e7:e4:2c:09:00:fd:b4:cf:f1:92:4c:ae:17:
                    08:23:d0:fe:c1:58:13:aa:13:0f:1e:2f:1c:d0:f0:
                    df:0e:ea:ab:aa:65:24:bd:07:61:da:e9:c0:fd:24:
                    46:0c:47:f3:39:4f:2e:87:ca:6f:c5:07:2f:65:aa:
                    c8:d6:84:d5:40:2e:5a:b0:1c:78:84:d0:21:cc:c9:
                    b7:a1:87:41:42:10:66:30:ee:7d:34:80:99:d6:f7:
                    34:6c:66:05:94:3e:e1:8c:b1:1c:92:2d:f7:7a:a1:
                    17:b8:08:28:0a:41:59:f7:f4:f3:d4:1e:a1:79:c1:
                    b4:be:d2:dc:fd:a1:43:b2:c6:3a:1c:5d:29:8e:67:
                    03:da:2c:ad:d0:95:d0:0a:d4:8d:8f:de:72:f3:e9:
                    8b:88:6f:94:4c:e9:62:36:5c:e2:73:98:c3:dd:3a:
                    7a:43:1b:8d:bf:b3:3a:a5:b4:92:2a:e1:60:74:8b:
                    5d:8d:22:7e:cf:88:e9:65:d4:38:5e:42:d4:d5:7c:
                    09:01:09:4e:eb:1b:13:e1:12:d3:97:12:cc:3b:01:
                    4b:c4:89:f3:12:f5:ae:54:56:7a:e8:9c:d3:78:6f:
                    55:c2:89:43:9f:8c:18:a6:b6:54:7a:b2:20:3d:0c:
                    46:40:94:c9:bf:0b:8a:45:51:fb:8b:64:76:c2:aa:
                    32:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:7C:DB:40:D4:01:8F:31:72:73:44:F4:86:AF:F8:E6:10:EC:4E:B7
            X509v3 Authority Key Identifier:
                keyid:B9:B3:50:A0:AE:32:E7:3E:66:0C:41:6C:3F:14:06:ED:D3:61:5F:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubNQoK4y5z5mDEFsPxQG7dNhX4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/sXzbQNQBjzFyc0T0hq_45hDsTrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/ubNQoK4y5z5mDEFsPxQG7dNhX4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:0e:b6:0e:5f:86:5c:15:a6:b7:f4:98:12:f6:6a:e3:e5:10:
         c3:33:fc:12:36:6b:85:f1:1c:50:3a:a8:dd:10:ce:83:b0:ef:
         a7:84:7e:9d:1b:25:86:ea:b1:18:63:2b:42:c1:4e:48:db:45:
         ca:46:69:c5:6e:1c:31:5b:b6:80:20:20:b7:ae:41:cf:f6:ff:
         15:dd:bc:37:ed:e0:ce:ec:8f:57:70:35:42:e4:ea:41:5f:b9:
         77:47:d0:8b:ef:a1:85:20:72:5a:d7:85:97:96:62:6c:0f:1d:
         b1:2e:2c:e5:5b:d0:5c:90:9c:c2:8c:fd:5b:62:d0:14:3a:bc:
         07:10:c5:ee:07:2c:8d:4b:46:ba:a8:82:1e:a6:54:98:fb:1a:
         c1:1b:fb:f0:18:95:dc:c2:0a:dd:41:e7:1e:6f:dc:1d:ac:11:
         ff:ae:20:d9:1f:1d:39:97:f0:3f:32:a1:51:2d:67:d5:c2:57:
         14:54:ca:92:1e:d2:02:3b:e3:45:54:c9:09:20:72:26:8e:4a:
         e9:4b:44:02:be:35:82:59:e7:78:84:7e:b8:15:2f:71:28:2c:
         07:3c:e4:32:3a:20:fe:ee:f8:97:e1:fc:f1:f7:40:71:6b:a9:
         6e:d2:4e:53:03:62:97:b4:7b:bd:24:3f:47:4b:15:e0:7b:4b:
         7b:37:9b:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuOpOwT26YG9XsyAr32RcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YjM1MGEwYWUzMmU3M2U2NjBjNDE2YzNmMTQwNmVkZDM2
MTVmODIwHhcNMjQwMTAxMjAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTdjZGI0MGQ0MDE4ZjMxNzI3MzQ0ZjQ4NmFmZjhlNjEwZWM0ZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOfkLAkA/bTP8ZJMrhcII9D+wVgT
qhMPHi8c0PDfDuqrqmUkvQdh2unA/SRGDEfzOU8uh8pvxQcvZarI1oTVQC5asBx4
hNAhzMm3oYdBQhBmMO59NICZ1vc0bGYFlD7hjLEcki33eqEXuAgoCkFZ9/Tz1B6h
ecG0vtLc/aFDssY6HF0pjmcD2iyt0JXQCtSNj95y8+mLiG+UTOliNlzic5jD3Tp6
QxuNv7M6pbSSKuFgdItdjSJ+z4jpZdQ4XkLU1XwJAQlO6xsT4RLTlxLMOwFLxInz
EvWuVFZ66JzTeG9VwolDn4wYprZUerIgPQxGQJTJvwuKRVH7i2R2wqoyHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLF820DUAY8xcnNE9Iav+OYQ7E63MB8GA1UdIwQY
MBaAFLmzUKCuMuc+ZgxBbD8UBu3TYV+CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJOUW9LNHk1ejVtREVGc1B4UUc3ZE5oWDRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MjdlNjAtMDBhNi00ZDI2LWI5M2Et
ZWY3M2I3YjRjYTNjLzEvc1h6YlFOUUJqekZ5YzBUMGhxXzQ1aERzVHJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MjdlNjAtMDBhNi00ZDI2LWI5M2EtZWY3M2I3YjRjYTNj
LzEvdWJOUW9LNHk1ejVtREVGc1B4UUc3ZE5oWDRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWv9MA0G
CSqGSIb3DQEBCwUAA4IBAQASDrYOX4ZcFaa39JgS9mrj5RDDM/wSNmuF8RxQOqjd
EM6DsO+nhH6dGyWG6rEYYytCwU5I20XKRmnFbhwxW7aAICC3rkHP9v8V3bw37eDO
7I9XcDVC5OpBX7l3R9CL76GFIHJa14WXlmJsDx2xLizlW9BckJzCjP1bYtAUOrwH
EMXuByyNS0a6qIIeplSY+xrBG/vwGJXcwgrdQeceb9wdrBH/riDZHx05l/A/MqFR
LWfVwlcUVMqSHtICO+NFVMkJIHImjkrpS0QCvjWCWed4hH64FS9xKCwHPOQyOiD+
7viX4fzx90Bxa6lu0k5TA2KXtHu9JD9HSxXge0t7N5uC
-----END CERTIFICATE-----