Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/G5KL16MzdwCL8tVMNiSQS6aKQQ8.roa
File:                     G5KL16MzdwCL8tVMNiSQS6aKQQ8.roa (raw, json)
Hash identifier:          x59+65ZDKchVG4tmZ52HMyoP4xvaJ08gdt4dlBPdMr0=
Subject key identifier:   1B:92:8B:D7:A3:33:77:00:8B:F2:D5:4C:36:24:90:4B:A6:8A:41:0F
Certificate issuer:       /CN=62c66267943d413cdf760dc6850104c1c0fc1d65
Certificate serial:       018E560E5C5D095A1C8FF5CDB74113392B2E
Authority key identifier: 62:C6:62:67:94:3D:41:3C:DF:76:0D:C6:85:01:04:C1:C0:FC:1D:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/G5KL16MzdwCL8tVMNiSQS6aKQQ8.roa
Signing time:             Tue 19 Mar 2024 09:32:45 +0000
ROA not before:           Tue 19 Mar 2024 09:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15598
IP address blocks:        89.31.140.0/24 maxlen: 24
                          89.31.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:56:0e:5c:5d:09:5a:1c:8f:f5:cd:b7:41:13:39:2b:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62c66267943d413cdf760dc6850104c1c0fc1d65
        Validity
            Not Before: Mar 19 09:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b928bd7a33377008bf2d54c3624904ba68a410f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:57:8d:ac:84:7b:ff:f4:cb:14:e2:11:33:7b:
                    fc:04:37:31:c7:a5:72:3a:de:82:85:07:92:c8:a9:
                    23:53:07:d8:73:0f:ca:51:b7:fe:4e:12:ce:79:9f:
                    b0:1a:75:30:22:32:f3:51:7c:b7:7e:78:28:0d:0d:
                    c7:4a:5a:cc:e2:be:43:b0:1e:8d:8c:e0:89:41:ea:
                    45:44:9a:27:9c:b7:b9:74:93:13:67:a7:f8:8b:c8:
                    fe:4a:e3:fd:5c:fe:e0:e4:63:1b:95:51:c4:eb:e3:
                    2f:e8:7d:df:18:e6:5d:62:c0:28:94:57:20:4d:af:
                    f8:c7:39:af:b6:de:db:7e:d2:0e:1b:48:15:6f:67:
                    f9:7f:c0:e0:9f:2a:48:f3:6e:d6:01:2e:03:aa:85:
                    2b:31:60:40:04:e0:03:1b:ed:f3:ed:50:43:57:13:
                    27:fe:73:8c:79:fc:f7:7f:9b:c3:c1:98:c1:fc:2d:
                    6f:90:79:34:b4:6f:cd:0e:af:b6:26:77:2b:ce:13:
                    c1:da:d6:fa:22:65:b6:97:c7:90:09:eb:f2:e2:28:
                    f8:75:bf:32:9f:ae:20:fc:a0:88:71:be:80:bf:86:
                    b2:fe:b7:58:e9:3d:56:a5:ef:80:46:7d:e2:69:ea:
                    b6:40:f7:3e:3e:8e:66:e9:0a:fa:ee:b2:3b:f0:38:
                    dc:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:92:8B:D7:A3:33:77:00:8B:F2:D5:4C:36:24:90:4B:A6:8A:41:0F
            X509v3 Authority Key Identifier:
                keyid:62:C6:62:67:94:3D:41:3C:DF:76:0D:C6:85:01:04:C1:C0:FC:1D:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/G5KL16MzdwCL8tVMNiSQS6aKQQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.140.0/24
                  89.31.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:15:9b:58:0c:d6:ae:06:62:dc:e7:4f:df:e4:e7:c5:91:6b:
         b5:be:03:37:3c:b8:3d:e5:85:bb:ad:7d:39:e9:1e:9d:56:43:
         bd:0c:f3:51:51:a3:17:d6:6a:e4:b8:b8:84:dc:f7:e9:27:43:
         91:c7:c7:1f:0f:3f:8e:92:8a:c2:40:1a:0d:ea:0e:a8:c2:20:
         5c:64:2b:8e:53:ad:fd:1b:9f:36:7d:46:6f:0e:a3:3d:01:7d:
         c3:60:d4:7a:17:90:62:1a:78:69:18:9b:b4:db:85:ef:c7:98:
         ac:5f:d4:00:6c:2d:e4:52:50:81:c6:9a:99:f6:ee:12:b2:54:
         16:9b:2f:f6:de:5d:7b:f3:01:15:85:be:c6:ef:45:97:71:29:
         bd:d6:cc:28:84:8e:55:11:f0:9f:ce:4b:36:5a:a3:4e:eb:e4:
         a8:55:9c:2b:52:e7:83:89:3a:98:67:18:28:a7:bd:01:1a:42:
         9e:3a:44:24:32:58:04:bf:74:e3:f1:8f:39:b6:91:25:5f:34:
         23:49:25:da:02:b7:e3:cb:4b:f2:b9:db:3b:48:cd:7d:65:dd:
         7b:7e:ad:73:51:36:66:ab:61:51:e1:93:64:bd:ea:01:42:34:
         b2:2b:a2:b2:5d:9b:f7:d0:0c:28:62:c4:cd:0c:c1:04:de:aa:
         90:88:a3:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5WDlxdCVocj/XNt0ETOSsuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYzY2MjY3OTQzZDQxM2NkZjc2MGRjNjg1MDEwNGMxYzBm
YzFkNjUwHhcNMjQwMzE5MDkzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjkyOGJkN2EzMzM3NzAwOGJmMmQ1NGMzNjI0OTA0YmE2OGE0MTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhleNrIR7//TLFOIRM3v8BDcxx6Vy
Ot6ChQeSyKkjUwfYcw/KUbf+ThLOeZ+wGnUwIjLzUXy3fngoDQ3HSlrM4r5DsB6N
jOCJQepFRJonnLe5dJMTZ6f4i8j+SuP9XP7g5GMblVHE6+Mv6H3fGOZdYsAolFcg
Ta/4xzmvtt7bftIOG0gVb2f5f8DgnypI827WAS4DqoUrMWBABOADG+3z7VBDVxMn
/nOMefz3f5vDwZjB/C1vkHk0tG/NDq+2JncrzhPB2tb6ImW2l8eQCevy4ij4db8y
n64g/KCIcb6Av4ay/rdY6T1Wpe+ARn3iaeq2QPc+Po5m6Qr67rI78DjcTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBuSi9ejM3cAi/LVTDYkkEumikEPMB8GA1UdIwQY
MBaAFGLGYmeUPUE833YNxoUBBMHA/B1lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXNaaVo1UTlRVHpmZGczR2hRRUV3Y0Q4SFdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81MGY0ZjctNDljYy00YzgyLTkzMjQt
YTlkN2FkNDQyYjNiLzEvRzVLTDE2TXpkd0NMOHRWTU5pU1FTNmFLUVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81MGY0ZjctNDljYy00YzgyLTkzMjQtYTlkN2FkNDQyYjNi
LzEvWXNaaVo1UTlRVHpmZGczR2hRRUV3Y0Q4SFdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWR+MAwQA
WR+PMA0GCSqGSIb3DQEBCwUAA4IBAQAyFZtYDNauBmLc50/f5OfFkWu1vgM3PLg9
5YW7rX056R6dVkO9DPNRUaMX1mrkuLiE3PfpJ0ORx8cfDz+OkorCQBoN6g6owiBc
ZCuOU639G582fUZvDqM9AX3DYNR6F5BiGnhpGJu024Xvx5isX9QAbC3kUlCBxpqZ
9u4SslQWmy/23l178wEVhb7G70WXcSm91swohI5VEfCfzks2WqNO6+SoVZwrUueD
iTqYZxgop70BGkKeOkQkMlgEv3Tj8Y85tpElXzQjSSXaArfjy0vyuds7SM19Zd17
fq1zUTZmq2FR4ZNkveoBQjSyK6KyXZv30AwoYsTNDMEE3qqQiKN8
-----END CERTIFICATE-----