Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/TC8GeTJF6booBA8vWHSvib0nyUc.roa
File:                     TC8GeTJF6booBA8vWHSvib0nyUc.roa (raw, json)
Hash identifier:          cH9M6gHcjTckRFqEhryLFaUlqy3lGUR11VQrbZK4Uos=
Subject key identifier:   4C:2F:06:79:32:45:E9:BA:28:04:0F:2F:58:74:AF:89:BD:27:C9:47
Certificate issuer:       /CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Certificate serial:       018CC26D3847F370C444B25AE0FBF9437485
Authority key identifier: 5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/TC8GeTJF6booBA8vWHSvib0nyUc.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202187
IP address blocks:        89.30.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:38:47:f3:70:c4:44:b2:5a:e0:fb:f9:43:74:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e400ac2396ae228d2b2e56f4b06739969379e44
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c2f06793245e9ba28040f2f5874af89bd27c947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b8:19:89:fa:05:e2:0a:db:eb:9f:57:2f:ec:
                    dd:3e:78:d0:02:96:a0:5a:d8:78:34:2f:19:bc:bb:
                    5b:b6:85:50:e7:72:97:19:3b:39:24:7a:0d:c7:85:
                    ca:cd:69:7f:87:8d:fb:02:9c:4d:3f:db:3a:8b:a6:
                    bf:95:0f:9c:65:83:c9:e1:f0:84:50:17:2e:12:29:
                    af:21:47:8c:2d:ba:64:f4:74:5b:78:dd:b5:4e:f7:
                    f3:93:2f:15:14:8e:d3:2a:a5:e4:41:85:04:b2:94:
                    12:43:7d:17:70:01:a4:4e:79:31:86:4e:58:28:a9:
                    52:ce:2e:21:4a:6d:52:11:62:a9:50:4d:7c:fb:ed:
                    b9:0c:0f:aa:7e:19:46:f1:d9:e5:ae:3a:79:9c:a2:
                    b0:4f:b6:77:e0:31:41:8e:bc:3b:06:38:3a:03:63:
                    93:90:d9:12:04:78:03:ab:75:8a:ef:57:f5:d1:2c:
                    87:55:3a:72:fb:e6:f8:6a:98:6e:f8:54:c3:06:df:
                    4b:9a:ce:d7:30:26:c3:b2:73:ac:30:94:18:28:4f:
                    8b:e0:de:25:42:0f:a6:ce:87:ee:74:14:f7:77:b8:
                    20:95:81:21:7f:b4:cd:b4:a8:32:21:6e:86:65:6c:
                    1c:3d:24:51:13:c8:e7:f5:d0:c0:ec:55:53:8a:1b:
                    45:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:2F:06:79:32:45:E9:BA:28:04:0F:2F:58:74:AF:89:BD:27:C9:47
            X509v3 Authority Key Identifier:
                keyid:5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/TC8GeTJF6booBA8vWHSvib0nyUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.30.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:bf:88:bd:e1:aa:22:3e:e1:2b:40:11:67:47:73:8b:59:5d:
         89:13:35:bb:08:6f:39:6a:f8:8b:52:23:0a:dc:fd:0e:83:bd:
         50:d3:33:71:e1:68:42:d7:de:c7:8b:dc:1d:3c:8e:cf:0d:c7:
         88:19:da:a4:87:18:f7:dd:fc:fa:bb:57:31:2f:82:ec:20:a1:
         97:b3:45:f5:bb:27:fd:57:a4:a7:a1:b1:83:06:2a:ef:67:9e:
         f9:b2:df:27:55:7c:5e:dd:30:a8:d4:3d:53:30:75:11:f4:58:
         b0:60:8b:fb:0a:71:13:da:07:a0:c0:ca:c7:9e:09:81:63:c6:
         dd:81:f6:51:fd:ff:3f:dc:34:1a:fb:e8:d9:43:f1:08:b2:bf:
         4e:58:98:83:56:bd:e7:1b:41:c8:d4:e2:8c:9f:74:b4:c8:15:
         6e:1a:90:36:19:fb:98:43:5e:4b:a5:45:3d:5d:63:fa:e4:77:
         9f:08:29:7a:66:5c:e6:24:2b:aa:21:c6:02:2f:1e:09:a4:6b:
         37:20:ea:ab:b5:7d:38:ca:c2:19:e4:5d:4f:02:0e:a9:d0:89:
         3b:f9:20:38:0c:7f:17:77:d0:20:82:c2:07:fc:50:a4:55:a7:
         de:ca:ff:a9:26:c6:15:dd:a1:1a:d8:be:43:e9:63:52:35:0f:
         f6:a8:72:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbThH83DERLJa4Pv5Q3SFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNDAwYWMyMzk2YWUyMjhkMmIyZTU2ZjRiMDY3Mzk5Njkz
NzllNDQwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzJmMDY3OTMyNDVlOWJhMjgwNDBmMmY1ODc0YWY4OWJkMjdjOTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7gZifoF4grb659XL+zdPnjQApag
Wth4NC8ZvLtbtoVQ53KXGTs5JHoNx4XKzWl/h437ApxNP9s6i6a/lQ+cZYPJ4fCE
UBcuEimvIUeMLbpk9HRbeN21Tvfzky8VFI7TKqXkQYUEspQSQ30XcAGkTnkxhk5Y
KKlSzi4hSm1SEWKpUE18++25DA+qfhlG8dnlrjp5nKKwT7Z34DFBjrw7Bjg6A2OT
kNkSBHgDq3WK71f10SyHVTpy++b4aphu+FTDBt9Lms7XMCbDsnOsMJQYKE+L4N4l
Qg+mzofudBT3d7gglYEhf7TNtKgyIW6GZWwcPSRRE8jn9dDA7FVTihtFqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwvBnkyRem6KAQPL1h0r4m9J8lHMB8GA1UdIwQY
MBaAFF5ACsI5auIo0rLlb0sGc5lpN55EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYt
ZGZlZDEyZjFhMDFlLzEvVEM4R2VUSkY2Ym9vQkE4dldIU3ZpYjBueVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYtZGZlZDEyZjFhMDFl
LzEvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWR5sMA0G
CSqGSIb3DQEBCwUAA4IBAQBwv4i94aoiPuErQBFnR3OLWV2JEzW7CG85aviLUiMK
3P0Og71Q0zNx4WhC197Hi9wdPI7PDceIGdqkhxj33fz6u1cxL4LsIKGXs0X1uyf9
V6SnobGDBirvZ575st8nVXxe3TCo1D1TMHUR9FiwYIv7CnET2gegwMrHngmBY8bd
gfZR/f8/3DQa++jZQ/EIsr9OWJiDVr3nG0HI1OKMn3S0yBVuGpA2GfuYQ15LpUU9
XWP65HefCCl6ZlzmJCuqIcYCLx4JpGs3IOqrtX04ysIZ5F1PAg6p0Ik7+SA4DH8X
d9AggsIH/FCkVafeyv+pJsYV3aEa2L5D6WNSNQ/2qHIg
-----END CERTIFICATE-----