Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/6f8f43-1a19-410f-a2f3-e4ac706da148/1/V8pZYIeO8OawoZ2nwE3EVfCDTRQ.roa
File:                     V8pZYIeO8OawoZ2nwE3EVfCDTRQ.roa (raw, json)
Hash identifier:          U1RcyurXzJkOGYBTR6dFvrHPU6WYfARMwZ/yCQlf3ow=
Subject key identifier:   57:CA:59:60:87:8E:F0:E6:B0:A1:9D:A7:C0:4D:C4:55:F0:83:4D:14
Certificate issuer:       /CN=31184c9e8b6aa407c0d73ed0ba063075f6314e36
Certificate serial:       018DAD1F72169FC13EA0B88CCB29E43A7FFE
Authority key identifier: 31:18:4C:9E:8B:6A:A4:07:C0:D7:3E:D0:BA:06:30:75:F6:31:4E:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MRhMnotqpAfA1z7QugYwdfYxTjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/6f8f43-1a19-410f-a2f3-e4ac706da148/1/V8pZYIeO8OawoZ2nwE3EVfCDTRQ.roa
Signing time:             Thu 15 Feb 2024 14:15:35 +0000
ROA not before:           Thu 15 Feb 2024 14:15:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        89.107.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/6f8f43-1a19-410f-a2f3-e4ac706da148/1/MRhMnotqpAfA1z7QugYwdfYxTjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/6f8f43-1a19-410f-a2f3-e4ac706da148/1/MRhMnotqpAfA1z7QugYwdfYxTjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MRhMnotqpAfA1z7QugYwdfYxTjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 20:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ad:1f:72:16:9f:c1:3e:a0:b8:8c:cb:29:e4:3a:7f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31184c9e8b6aa407c0d73ed0ba063075f6314e36
        Validity
            Not Before: Feb 15 14:15:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57ca5960878ef0e6b0a19da7c04dc455f0834d14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4d:b4:24:4d:cf:fa:a5:6f:ae:6a:b3:95:9c:
                    5f:24:b4:e7:b0:fa:f5:ec:8f:b7:c5:b2:23:d2:c3:
                    c7:fe:96:4f:ea:36:87:2c:b9:5d:02:88:60:f6:d2:
                    5e:92:5c:45:35:a0:04:fb:0b:b6:a7:1e:8f:56:41:
                    9c:ef:81:ab:83:b6:07:ef:00:4d:f1:3b:db:c9:35:
                    b8:c6:df:d4:ed:e7:fa:9a:58:2b:58:22:fb:e9:d3:
                    69:bf:19:50:11:a6:23:5e:fe:44:ea:a7:86:ff:b7:
                    34:8f:3b:9e:99:08:5d:40:f6:47:d1:8b:ed:77:4c:
                    0f:ea:b8:25:b5:4a:c1:86:65:98:c2:6f:d7:17:b9:
                    7d:6c:3f:a6:b4:5e:58:05:78:e1:fe:e6:40:8a:90:
                    01:23:4c:25:6e:1c:0b:0e:a2:83:31:f6:2e:75:f8:
                    06:6d:e5:fa:0a:37:cc:12:06:90:fb:fc:45:d8:0d:
                    e7:d9:08:70:40:08:7f:e0:32:aa:67:43:0f:54:78:
                    52:53:08:f3:55:00:7b:8b:bb:3d:b1:de:2f:b3:2c:
                    f6:d5:60:e1:f2:81:47:e2:1f:91:ce:93:c6:9d:d7:
                    0e:3c:d5:5f:69:22:df:0f:5b:28:f0:96:06:bf:31:
                    c5:12:10:4c:9d:a0:a6:1a:db:46:1f:50:9b:b9:70:
                    cb:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:CA:59:60:87:8E:F0:E6:B0:A1:9D:A7:C0:4D:C4:55:F0:83:4D:14
            X509v3 Authority Key Identifier:
                keyid:31:18:4C:9E:8B:6A:A4:07:C0:D7:3E:D0:BA:06:30:75:F6:31:4E:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MRhMnotqpAfA1z7QugYwdfYxTjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/6f8f43-1a19-410f-a2f3-e4ac706da148/1/V8pZYIeO8OawoZ2nwE3EVfCDTRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/6f8f43-1a19-410f-a2f3-e4ac706da148/1/MRhMnotqpAfA1z7QugYwdfYxTjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:e8:60:c2:bf:75:53:3a:63:6a:35:27:50:e5:c0:5a:54:6c:
         ec:f8:6b:0d:e4:62:cf:7d:53:da:0b:3f:74:28:e6:93:c2:ff:
         a8:c7:7e:39:06:9f:08:eb:81:6e:97:b9:32:22:e3:3e:4e:fd:
         6a:62:34:5b:1d:bb:5b:5f:01:c0:a3:01:77:d5:8f:f0:4a:00:
         bd:74:ea:cc:54:06:52:68:15:53:27:cb:01:1e:87:e3:da:c9:
         44:db:90:fd:61:ed:ae:d8:bf:16:ac:e8:43:d9:74:a1:e2:c4:
         ea:45:93:5c:ff:1e:ac:e7:5b:46:8f:38:04:98:bc:e8:dd:e8:
         7c:ff:28:b6:f5:27:bd:da:88:75:22:3f:71:54:31:39:4c:e5:
         f8:ff:60:2a:58:71:e6:2c:4f:4c:a2:9d:7b:b3:f6:7e:36:ce:
         c5:e9:bc:ca:55:dd:55:4a:02:6c:53:07:74:6b:75:93:06:69:
         99:ed:32:c1:44:4e:79:b2:da:b3:cb:93:72:c3:94:b4:bf:d4:
         10:29:ab:17:18:c3:07:f4:5f:54:02:1d:90:6e:c3:6d:ed:b9:
         42:a5:13:2a:5f:fb:31:6f:a4:9b:c2:a4:46:5e:c0:57:3f:d2:
         73:4b:52:58:72:3f:9d:3f:ff:b5:8d:71:70:a7:d1:cc:a1:e8:
         e9:6d:cf:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2tH3IWn8E+oLiMyynkOn/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMTg0YzllOGI2YWE0MDdjMGQ3M2VkMGJhMDYzMDc1ZjYz
MTRlMzYwHhcNMjQwMjE1MTQxNTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2NhNTk2MDg3OGVmMGU2YjBhMTlkYTdjMDRkYzQ1NWYwODM0ZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAik20JE3P+qVvrmqzlZxfJLTnsPr1
7I+3xbIj0sPH/pZP6jaHLLldAohg9tJeklxFNaAE+wu2px6PVkGc74Grg7YH7wBN
8TvbyTW4xt/U7ef6mlgrWCL76dNpvxlQEaYjXv5E6qeG/7c0jzuemQhdQPZH0Yvt
d0wP6rgltUrBhmWYwm/XF7l9bD+mtF5YBXjh/uZAipABI0wlbhwLDqKDMfYudfgG
beX6CjfMEgaQ+/xF2A3n2QhwQAh/4DKqZ0MPVHhSUwjzVQB7i7s9sd4vsyz21WDh
8oFH4h+RzpPGndcOPNVfaSLfD1so8JYGvzHFEhBMnaCmGttGH1CbuXDLNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfKWWCHjvDmsKGdp8BNxFXwg00UMB8GA1UdIwQY
MBaAFDEYTJ6LaqQHwNc+0LoGMHX2MU42MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVJoTW5vdHFwQWZBMXo3UXVnWXdkZll4VGpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy82ZjhmNDMtMWExOS00MTBmLWEyZjMt
ZTRhYzcwNmRhMTQ4LzEvVjhwWllJZU84T2F3b1oybndFM0VWZkNEVFJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy82ZjhmNDMtMWExOS00MTBmLWEyZjMtZTRhYzcwNmRhMTQ4
LzEvTVJoTW5vdHFwQWZBMXo3UXVnWXdkZll4VGpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWsNMA0G
CSqGSIb3DQEBCwUAA4IBAQAo6GDCv3VTOmNqNSdQ5cBaVGzs+GsN5GLPfVPaCz90
KOaTwv+ox345Bp8I64Ful7kyIuM+Tv1qYjRbHbtbXwHAowF31Y/wSgC9dOrMVAZS
aBVTJ8sBHofj2slE25D9Ye2u2L8WrOhD2XSh4sTqRZNc/x6s51tGjzgEmLzo3eh8
/yi29Se92oh1Ij9xVDE5TOX4/2AqWHHmLE9Mop17s/Z+Ns7F6bzKVd1VSgJsUwd0
a3WTBmmZ7TLBRE55stqzy5Nyw5S0v9QQKasXGMMH9F9UAh2QbsNt7blCpRMqX/sx
b6SbwqRGXsBXP9JzS1JYcj+dP/+1jXFwp9HMoejpbc89
-----END CERTIFICATE-----