Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/wPtdxRNZPDzyaKQ1i0f8x95GnC4.roa
File:                     wPtdxRNZPDzyaKQ1i0f8x95GnC4.roa (raw, json)
Hash identifier:          WKa+LyaNO21/Pg9zKtPnbQvHksKHLc6fPRTutTGAa/Y=
Subject key identifier:   C0:FB:5D:C5:13:59:3C:3C:F2:68:A4:35:8B:47:FC:C7:DE:46:9C:2E
Certificate issuer:       /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial:       018CCA2A9DD76E84E49F466E51EA5AC171AE
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/wPtdxRNZPDzyaKQ1i0f8x95GnC4.roa
Signing time:             Tue 02 Jan 2024 12:33:59 +0000
ROA not before:           Tue 02 Jan 2024 12:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50889
IP address blocks:        217.199.222.0/24 maxlen: 24
                          89.248.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:9d:d7:6e:84:e4:9f:46:6e:51:ea:5a:c1:71:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
        Validity
            Not Before: Jan  2 12:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0fb5dc513593c3cf268a4358b47fcc7de469c2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:da:54:52:a8:ef:78:52:ba:a7:9c:ef:37:90:
                    05:0a:f8:38:ce:a7:1e:24:42:d3:b6:2f:ff:60:79:
                    52:fc:57:e0:8a:28:5e:32:44:1d:4a:d0:e8:aa:45:
                    a4:70:ca:42:72:20:7b:b8:53:44:5c:7c:50:a0:86:
                    b6:2f:d6:8d:b3:85:7d:74:e4:de:59:e2:b4:68:d0:
                    9d:07:67:00:8f:78:53:2f:e8:12:a8:de:25:b2:81:
                    8e:d6:19:18:54:48:fb:76:44:d0:d1:80:d9:67:d8:
                    71:eb:02:fc:24:dc:cf:c4:9a:26:51:23:5d:04:90:
                    41:87:35:2d:47:e7:fd:fa:9e:be:01:e9:e0:af:4d:
                    92:e7:5f:cf:41:9f:d7:97:68:91:e5:78:27:3d:58:
                    89:77:b9:21:90:19:0f:18:34:5e:3a:54:58:47:48:
                    88:30:f4:5d:c4:b9:58:6c:0e:bd:53:21:84:92:9b:
                    39:ee:3f:66:42:12:ec:42:8c:6e:80:23:b8:a8:02:
                    f8:63:c8:41:80:7f:b1:55:ee:d1:b8:b3:a9:e7:8d:
                    2a:c9:19:0f:f0:86:c1:92:5a:3b:0b:e9:07:d0:93:
                    a5:4c:23:be:8b:7e:d9:d7:f3:52:62:02:59:8a:b2:
                    7b:1b:a4:38:aa:fc:e1:c6:58:cd:2f:f1:6e:64:be:
                    74:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:FB:5D:C5:13:59:3C:3C:F2:68:A4:35:8B:47:FC:C7:DE:46:9C:2E
            X509v3 Authority Key Identifier:
                keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/wPtdxRNZPDzyaKQ1i0f8x95GnC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.248.237.0/24
                  217.199.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:9b:f6:b6:07:b6:14:bd:5e:2f:6a:12:bd:40:98:76:be:24:
         4b:6a:35:af:a8:ad:c5:33:3a:e3:d2:bd:5a:d5:93:47:1d:29:
         8c:22:02:96:09:59:75:18:15:66:27:01:14:4f:f6:76:cc:91:
         a7:67:53:78:10:be:b1:c2:1f:64:71:2a:67:cf:9d:49:28:67:
         aa:8b:c7:0b:a5:db:99:47:15:fe:64:4c:06:b7:71:6a:23:c5:
         b9:3a:cd:cc:53:0e:05:1d:27:6d:d5:1a:99:59:7f:61:21:12:
         2b:a4:55:3d:28:55:4d:27:17:e0:d1:d9:0b:37:c7:08:59:de:
         4b:60:3e:ab:29:80:cc:ac:1b:fc:bd:16:fc:71:fb:18:32:54:
         b7:ce:f5:96:10:1e:46:22:aa:7b:80:3b:c0:bb:ae:db:12:7b:
         b7:37:55:06:91:7b:8d:8a:2b:b4:6e:94:a2:59:cc:32:24:75:
         20:ad:57:32:c4:a3:74:d7:af:4f:5d:72:6c:19:30:8c:1f:d5:
         fa:d0:ca:84:53:cc:06:70:a7:0b:72:3d:c2:34:eb:58:2b:d2:
         c6:d4:00:3f:1f:ef:07:cc:8f:69:53:c6:a2:ae:70:f7:a6:f4:
         ec:4a:94:32:a5:bf:48:10:04:bd:db:01:40:a9:e1:ef:b3:46:
         28:77:2e:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKp3XboTkn0ZuUepawXGuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjQwMTAyMTIzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGZiNWRjNTEzNTkzYzNjZjI2OGE0MzU4YjQ3ZmNjN2RlNDY5YzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39pUUqjveFK6p5zvN5AFCvg4zqce
JELTti//YHlS/FfgiiheMkQdStDoqkWkcMpCciB7uFNEXHxQoIa2L9aNs4V9dOTe
WeK0aNCdB2cAj3hTL+gSqN4lsoGO1hkYVEj7dkTQ0YDZZ9hx6wL8JNzPxJomUSNd
BJBBhzUtR+f9+p6+Aengr02S51/PQZ/Xl2iR5XgnPViJd7khkBkPGDReOlRYR0iI
MPRdxLlYbA69UyGEkps57j9mQhLsQoxugCO4qAL4Y8hBgH+xVe7RuLOp540qyRkP
8IbBklo7C+kH0JOlTCO+i37Z1/NSYgJZirJ7G6Q4qvzhxljNL/FuZL50lwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMD7XcUTWTw88mikNYtH/MfeRpwuMB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvd1B0ZHhSTlpQRHp5YUtRMWkwZjh4OTVHbkM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfjtAwQA
2cfeMA0GCSqGSIb3DQEBCwUAA4IBAQBKm/a2B7YUvV4vahK9QJh2viRLajWvqK3F
Mzrj0r1a1ZNHHSmMIgKWCVl1GBVmJwEUT/Z2zJGnZ1N4EL6xwh9kcSpnz51JKGeq
i8cLpduZRxX+ZEwGt3FqI8W5Os3MUw4FHSdt1RqZWX9hIRIrpFU9KFVNJxfg0dkL
N8cIWd5LYD6rKYDMrBv8vRb8cfsYMlS3zvWWEB5GIqp7gDvAu67bEnu3N1UGkXuN
iiu0bpSiWcwyJHUgrVcyxKN0169PXXJsGTCMH9X60MqEU8wGcKcLcj3CNOtYK9LG
1AA/H+8HzI9pU8airnD3pvTsSpQypb9IEAS92wFAqeHvs0Yody6I
-----END CERTIFICATE-----