Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/8yGLkmK87eRhMHKtXe9vzvHjv2o.roa
File:                     8yGLkmK87eRhMHKtXe9vzvHjv2o.roa (raw, json)
Hash identifier:          IgO7/eQbV7AtyHgkTa0trzo7kvUj1LliKC4r6D+m9wE=
Subject key identifier:   F3:21:8B:92:62:BC:ED:E4:61:30:72:AD:5D:EF:6F:CE:F1:E3:BF:6A
Certificate issuer:       /CN=827af17f0499627e4b3c8cc5c333ec4b8e7635e0
Certificate serial:       018CC79508FFDEF12F100D58182040213903
Authority key identifier: 82:7A:F1:7F:04:99:62:7E:4B:3C:8C:C5:C3:33:EC:4B:8E:76:35:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnrxfwSZYn5LPIzFwzPsS452NeA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/8yGLkmK87eRhMHKtXe9vzvHjv2o.roa
Signing time:             Tue 02 Jan 2024 00:31:21 +0000
ROA not before:           Tue 02 Jan 2024 00:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        89.104.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/gnrxfwSZYn5LPIzFwzPsS452NeA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/gnrxfwSZYn5LPIzFwzPsS452NeA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnrxfwSZYn5LPIzFwzPsS452NeA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:08:ff:de:f1:2f:10:0d:58:18:20:40:21:39:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827af17f0499627e4b3c8cc5c333ec4b8e7635e0
        Validity
            Not Before: Jan  2 00:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3218b9262bcede4613072ad5def6fcef1e3bf6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:94:e9:c7:fa:ea:21:4e:56:2d:e9:66:c3:4e:
                    79:1e:7d:e1:54:2d:20:cd:63:dd:c8:5a:07:16:62:
                    35:1e:d3:38:f0:fc:cd:81:ae:52:dd:07:ba:ba:01:
                    5a:62:c7:25:6b:2d:01:63:a5:61:dc:21:ba:2d:7b:
                    a5:71:a1:07:ce:17:e0:74:15:b0:8e:b9:97:6b:12:
                    01:74:29:ac:6e:7b:d9:a3:e7:04:90:25:41:77:27:
                    0d:14:f1:ee:c9:7e:b7:16:a9:9c:80:12:8a:81:3c:
                    29:4b:9e:d6:d3:40:da:c9:ad:dc:92:ff:2e:65:c2:
                    6c:dd:02:df:02:c5:a6:af:98:72:c5:61:72:cf:ec:
                    4b:de:03:4f:f4:83:0d:27:b7:67:dd:96:9c:86:ac:
                    07:a0:e7:22:39:40:53:85:0e:c1:44:77:56:03:07:
                    ec:64:7e:eb:3d:f3:f6:25:d1:04:64:40:7f:62:08:
                    b1:84:3c:44:75:1f:56:8b:1e:12:91:da:ae:5e:62:
                    1e:d3:30:3e:a2:17:71:31:bc:01:53:0a:8d:a8:71:
                    16:a9:76:5b:8e:b9:39:1b:d1:88:18:62:2c:73:66:
                    2a:bf:01:6c:bd:6e:36:c1:d6:d8:0e:35:0a:78:1d:
                    5f:12:27:a2:bf:7a:aa:47:39:35:db:ac:4a:d7:97:
                    ba:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:21:8B:92:62:BC:ED:E4:61:30:72:AD:5D:EF:6F:CE:F1:E3:BF:6A
            X509v3 Authority Key Identifier:
                keyid:82:7A:F1:7F:04:99:62:7E:4B:3C:8C:C5:C3:33:EC:4B:8E:76:35:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnrxfwSZYn5LPIzFwzPsS452NeA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/8yGLkmK87eRhMHKtXe9vzvHjv2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/gnrxfwSZYn5LPIzFwzPsS452NeA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.104.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:f4:12:61:e3:8b:01:92:55:3f:ff:aa:8c:c5:27:55:29:3b:
         8f:8e:36:63:8e:db:6e:59:70:12:c8:fb:1d:6e:43:48:35:e4:
         4f:23:92:29:56:5b:04:80:7f:0c:db:c4:a4:b9:57:bb:b0:8e:
         90:5d:be:83:15:5c:41:75:7a:f3:5f:73:5d:4e:80:a7:ac:8d:
         9e:b6:08:90:79:7f:3d:ab:40:99:40:25:6b:ef:5a:c4:a2:2a:
         83:4b:03:c2:91:08:70:1e:b3:cc:46:65:42:01:50:05:a4:1b:
         b2:28:0f:1b:fd:80:a4:45:1c:f0:3a:6b:3a:9a:d6:0a:06:1a:
         e9:31:93:a2:ee:be:f2:3b:a0:61:05:3f:e0:b0:33:bf:54:41:
         25:e5:aa:18:89:7f:fb:b8:5c:c2:90:42:c8:09:d7:46:e2:b8:
         10:65:22:32:d5:2d:cb:e1:85:2f:50:6b:7b:20:a3:8f:76:ba:
         4f:dc:77:5a:1a:d8:9c:3e:c6:77:ab:1a:a9:52:dc:d9:2d:50:
         66:ef:62:43:df:7f:a1:cb:4f:3b:a7:a4:af:a5:ff:87:0a:da:
         ec:84:f3:d2:29:93:ac:ac:bf:f5:6d:cb:17:cd:7e:ef:76:3b:
         b5:42:d6:a1:a5:08:8c:9c:b1:cd:d4:61:f8:af:59:be:87:c5:
         f3:47:a7:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlQj/3vEvEA1YGCBAITkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyN2FmMTdmMDQ5OTYyN2U0YjNjOGNjNWMzMzNlYzRiOGU3
NjM1ZTAwHhcNMjQwMTAyMDAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzIxOGI5MjYyYmNlZGU0NjEzMDcyYWQ1ZGVmNmZjZWYxZTNiZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5Tpx/rqIU5WLelmw055Hn3hVC0g
zWPdyFoHFmI1HtM48PzNga5S3Qe6ugFaYsclay0BY6Vh3CG6LXulcaEHzhfgdBWw
jrmXaxIBdCmsbnvZo+cEkCVBdycNFPHuyX63FqmcgBKKgTwpS57W00Daya3ckv8u
ZcJs3QLfAsWmr5hyxWFyz+xL3gNP9IMNJ7dn3ZachqwHoOciOUBThQ7BRHdWAwfs
ZH7rPfP2JdEEZEB/YgixhDxEdR9Wix4SkdquXmIe0zA+ohdxMbwBUwqNqHEWqXZb
jrk5G9GIGGIsc2YqvwFsvW42wdbYDjUKeB1fEieiv3qqRzk126xK15e62QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMhi5JivO3kYTByrV3vb87x479qMB8GA1UdIwQY
MBaAFIJ68X8EmWJ+SzyMxcMz7EuOdjXgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25yeGZ3U1pZbjVMUEl6Rnd6UHNTNDUyTmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jMmFlM2QtOThiNC00NDZmLWFiMjgt
NzMxM2M3ZjNjYTNmLzEvOHlHTGttSzg3ZVJoTUhLdFhlOXZ6dkhqdjJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jMmFlM2QtOThiNC00NDZmLWFiMjgtNzMxM2M3ZjNjYTNm
LzEvZ25yeGZ3U1pZbjVMUEl6Rnd6UHNTNDUyTmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWjdMA0G
CSqGSIb3DQEBCwUAA4IBAQAo9BJh44sBklU//6qMxSdVKTuPjjZjjttuWXASyPsd
bkNINeRPI5IpVlsEgH8M28SkuVe7sI6QXb6DFVxBdXrzX3NdToCnrI2etgiQeX89
q0CZQCVr71rEoiqDSwPCkQhwHrPMRmVCAVAFpBuyKA8b/YCkRRzwOms6mtYKBhrp
MZOi7r7yO6BhBT/gsDO/VEEl5aoYiX/7uFzCkELICddG4rgQZSIy1S3L4YUvUGt7
IKOPdrpP3HdaGticPsZ3qxqpUtzZLVBm72JD33+hy087p6Svpf+HCtrshPPSKZOs
rL/1bcsXzX7vdju1QtahpQiMnLHN1GH4r1m+h8XzR6fH
-----END CERTIFICATE-----