Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/FbJfXMZmyn4LQeQMFHWTu-237ds.roa
File:                     FbJfXMZmyn4LQeQMFHWTu-237ds.roa (raw, json)
Hash identifier:          UdkwSd2zeGSqhQ2VSRLCiX3cLHedHTMjIORr/pnypLI=
Subject key identifier:   15:B2:5F:5C:C6:66:CA:7E:0B:41:E4:0C:14:75:93:BB:ED:B7:ED:DB
Certificate issuer:       /CN=6c895335ba98f7c626f0c819e9e2894c61d44754
Certificate serial:       018CC726F5843D3C4735EE6C5BDDF6CD1992
Authority key identifier: 6C:89:53:35:BA:98:F7:C6:26:F0:C8:19:E9:E2:89:4C:61:D4:47:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/FbJfXMZmyn4LQeQMFHWTu-237ds.roa
Signing time:             Mon 01 Jan 2024 22:31:08 +0000
ROA not before:           Mon 01 Jan 2024 22:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41088
IP address blocks:        89.190.64.0/19 maxlen: 19
                          89.190.85.0/24 maxlen: 24
                          2a00:bfe0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f5:84:3d:3c:47:35:ee:6c:5b:dd:f6:cd:19:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c895335ba98f7c626f0c819e9e2894c61d44754
        Validity
            Not Before: Jan  1 22:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15b25f5cc666ca7e0b41e40c147593bbedb7eddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:92:1a:a2:c1:1b:d8:10:e3:1f:e4:05:3e:35:
                    17:9f:ef:35:4f:e4:d9:c2:7e:39:36:30:66:1d:2b:
                    09:b7:31:29:77:71:56:54:e1:f7:be:97:68:c3:3b:
                    51:41:f4:a1:14:c5:85:f7:a4:56:6c:41:54:e2:63:
                    05:11:37:e4:b2:c1:49:ba:de:a6:da:c8:50:21:99:
                    44:cc:f7:27:f1:94:d2:98:48:b6:d0:6d:12:5e:60:
                    ba:5f:90:71:bf:59:0b:23:47:20:ee:be:b8:0a:29:
                    f3:f5:d4:1f:30:30:de:00:3c:1d:f9:0d:ca:b0:01:
                    a9:ee:74:9a:3b:42:3b:93:c2:eb:d7:cd:da:63:3f:
                    89:e0:73:b5:3a:88:c6:82:70:1e:25:92:60:06:73:
                    a0:27:98:e5:b2:13:db:2b:9e:ac:b3:9e:14:2e:1e:
                    1e:a7:f7:b3:28:7f:ba:2d:4d:24:eb:75:ef:8f:9a:
                    58:10:b8:e7:75:ed:00:74:13:93:8e:56:3c:94:95:
                    9e:d7:39:e6:92:ce:f2:4d:27:89:bf:cf:23:ea:3f:
                    d4:56:3f:2e:b0:20:02:90:69:9b:4a:98:ec:a9:1f:
                    3a:80:df:4a:5b:45:6e:f5:6c:97:70:30:d9:8d:74:
                    bb:93:d8:1c:9a:07:69:ea:ae:8d:d5:28:e1:af:d5:
                    c1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:B2:5F:5C:C6:66:CA:7E:0B:41:E4:0C:14:75:93:BB:ED:B7:ED:DB
            X509v3 Authority Key Identifier:
                keyid:6C:89:53:35:BA:98:F7:C6:26:F0:C8:19:E9:E2:89:4C:61:D4:47:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/FbJfXMZmyn4LQeQMFHWTu-237ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.190.64.0/19
                IPv6:
                  2a00:bfe0::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:69:78:d1:47:34:51:34:30:b9:38:23:c0:0c:72:d6:1a:d9:
         e8:24:75:59:8d:58:0e:45:28:63:39:a4:1b:46:66:9b:38:1f:
         e7:b2:4b:d7:21:1b:b7:67:b7:37:63:c8:ea:f7:55:6d:c8:b4:
         d9:a2:c4:a5:2c:dc:c9:f1:d4:7d:3a:d2:ee:95:35:28:d8:b0:
         a9:fb:41:c2:de:23:4d:b6:96:f8:fe:7b:57:1c:10:36:61:be:
         ce:2a:d0:de:5c:61:4e:c5:74:b2:c0:24:96:2c:a0:f2:d3:f5:
         f9:76:80:ee:8e:4a:0e:cf:03:f6:0c:ea:40:4a:0d:e9:c4:23:
         bd:40:da:7f:b1:58:83:f8:2c:10:19:7e:e6:f0:39:f7:6b:94:
         5c:d1:96:67:9e:f8:cf:8a:5d:02:24:ac:95:74:d3:3f:72:cb:
         a5:a9:c0:b8:c5:fe:2e:a6:13:3f:a3:c4:12:0e:1c:bd:0e:79:
         2a:ff:fe:bb:6d:00:a4:c8:f2:d4:23:df:65:4d:42:ac:21:bf:
         b2:d8:9b:5a:20:5c:f6:61:7c:99:39:f2:6b:5d:c6:17:d2:b3:
         c5:b0:34:4c:5c:5c:44:66:25:46:db:a0:37:21:d0:5a:b4:9c:
         00:69:5f:64:b0:bd:a0:1a:67:86:6b:6a:0e:22:0d:62:b8:e3:
         10:4b:3c:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJvWEPTxHNe5sW932zRmSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjODk1MzM1YmE5OGY3YzYyNmYwYzgxOWU5ZTI4OTRjNjFk
NDQ3NTQwHhcNMjQwMTAxMjIzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWIyNWY1Y2M2NjZjYTdlMGI0MWU0MGMxNDc1OTNiYmVkYjdlZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5IaosEb2BDjH+QFPjUXn+81T+TZ
wn45NjBmHSsJtzEpd3FWVOH3vpdowztRQfShFMWF96RWbEFU4mMFETfkssFJut6m
2shQIZlEzPcn8ZTSmEi20G0SXmC6X5Bxv1kLI0cg7r64Cinz9dQfMDDeADwd+Q3K
sAGp7nSaO0I7k8Lr183aYz+J4HO1OojGgnAeJZJgBnOgJ5jlshPbK56ss54ULh4e
p/ezKH+6LU0k63Xvj5pYELjnde0AdBOTjlY8lJWe1znmks7yTSeJv88j6j/UVj8u
sCACkGmbSpjsqR86gN9KW0Vu9WyXcDDZjXS7k9gcmgdp6q6N1Sjhr9XBlwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBWyX1zGZsp+C0HkDBR1k7vtt+3bMB8GA1UdIwQY
MBaAFGyJUzW6mPfGJvDIGeniiUxh1EdUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklsVE5icVk5OFltOE1nWjZlS0pUR0hVUjFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yYTU1ZjUtM2NkYy00M2VhLTk4MDMt
NzRlZTgzNzM2ZTk3LzEvRmJKZlhNWm15bjRMUWVRTUZIV1R1LTIzN2RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yYTU1ZjUtM2NkYy00M2VhLTk4MDMtNzRlZTgzNzM2ZTk3
LzEvYklsVE5icVk5OFltOE1nWjZlS0pUR0hVUjFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFWb5AMA0E
AgACMAcDBQAqAL/gMA0GCSqGSIb3DQEBCwUAA4IBAQCZaXjRRzRRNDC5OCPADHLW
GtnoJHVZjVgORShjOaQbRmabOB/nskvXIRu3Z7c3Y8jq91VtyLTZosSlLNzJ8dR9
OtLulTUo2LCp+0HC3iNNtpb4/ntXHBA2Yb7OKtDeXGFOxXSywCSWLKDy0/X5doDu
jkoOzwP2DOpASg3pxCO9QNp/sViD+CwQGX7m8Dn3a5Rc0ZZnnvjPil0CJKyVdNM/
csulqcC4xf4uphM/o8QSDhy9Dnkq//67bQCkyPLUI99lTUKsIb+y2JtaIFz2YXyZ
OfJrXcYX0rPFsDRMXFxEZiVG26A3IdBatJwAaV9ksL2gGmeGa2oOIg1iuOMQSzyy
-----END CERTIFICATE-----