Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/Y6LjsWBM6h__cl7OJs1s3K0dsJk.roa
File:                     Y6LjsWBM6h__cl7OJs1s3K0dsJk.roa (raw, json)
Hash identifier:          H8exkjKP/7HAv0CTjzjTvnpSB1ekOwFNbv17f+65MWU=
Subject key identifier:   63:A2:E3:B1:60:4C:EA:1F:FF:72:5E:CE:26:CD:6C:DC:AD:1D:B0:99
Certificate issuer:       /CN=3e8c1897624f57be34e0f760b97f110ad5b5da3a
Certificate serial:       018CC6B77DF24888AD1C17BE38457F91C55F
Authority key identifier: 3E:8C:18:97:62:4F:57:BE:34:E0:F7:60:B9:7F:11:0A:D5:B5:DA:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PowYl2JPV7404PdguX8RCtW12jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/Y6LjsWBM6h__cl7OJs1s3K0dsJk.roa
Signing time:             Mon 01 Jan 2024 20:29:23 +0000
ROA not before:           Mon 01 Jan 2024 20:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206031
IP address blocks:        89.207.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/PowYl2JPV7404PdguX8RCtW12jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/PowYl2JPV7404PdguX8RCtW12jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PowYl2JPV7404PdguX8RCtW12jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7d:f2:48:88:ad:1c:17:be:38:45:7f:91:c5:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e8c1897624f57be34e0f760b97f110ad5b5da3a
        Validity
            Not Before: Jan  1 20:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63a2e3b1604cea1fff725ece26cd6cdcad1db099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:35:65:31:31:33:6b:8e:81:42:1e:17:35:32:
                    28:e9:ed:d8:e1:2e:16:e9:84:3b:02:e7:6b:9c:db:
                    8b:78:7d:ee:10:ec:92:aa:db:f7:3e:2e:8b:55:95:
                    2e:0e:e1:d8:5c:53:2e:16:7c:de:fc:95:59:44:8e:
                    27:60:8a:e6:60:f8:8e:7a:56:f8:16:31:da:25:dd:
                    11:e7:14:8d:f9:43:21:a4:03:7a:01:a6:49:24:ae:
                    ec:52:d1:d3:8e:76:ec:28:e8:96:51:5a:a4:bc:c9:
                    9c:30:43:bc:93:8e:ff:4b:16:42:c1:48:a4:2c:a8:
                    09:f1:4e:41:58:44:b7:f9:f6:06:4a:c7:51:9b:57:
                    14:4b:13:b7:7c:88:1b:00:24:87:cd:58:fc:9f:44:
                    c5:a9:2e:80:04:3a:c5:ac:0b:58:22:28:2c:0d:53:
                    a5:03:d0:5c:60:fc:2e:24:3d:54:a7:3c:98:50:0b:
                    01:e9:d8:8a:0e:25:54:54:7e:ce:21:47:23:1a:0c:
                    88:26:30:7d:a3:82:49:ff:59:43:e6:de:33:cd:9f:
                    d9:69:a7:6c:9b:55:5e:bc:f0:3f:c2:33:c8:bc:df:
                    6e:ca:7d:e8:b5:27:c3:26:ff:d1:ee:ea:6a:8c:2d:
                    0b:3b:65:e8:82:e7:2f:2d:a5:3a:1d:3d:ab:73:05:
                    73:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:A2:E3:B1:60:4C:EA:1F:FF:72:5E:CE:26:CD:6C:DC:AD:1D:B0:99
            X509v3 Authority Key Identifier:
                keyid:3E:8C:18:97:62:4F:57:BE:34:E0:F7:60:B9:7F:11:0A:D5:B5:DA:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PowYl2JPV7404PdguX8RCtW12jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/Y6LjsWBM6h__cl7OJs1s3K0dsJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/57ea8d-c680-40a7-8a29-f076a08e6003/1/PowYl2JPV7404PdguX8RCtW12jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:7f:f5:bd:0b:d2:f6:7e:2a:12:a7:88:f5:ea:80:12:4f:e9:
         e9:42:c5:27:97:0e:27:7c:3d:8d:f6:23:5a:48:16:35:08:06:
         cd:f0:47:a2:ed:06:e9:bd:bc:1b:6c:91:a9:c1:a4:ff:7d:fa:
         83:eb:26:09:c6:3b:77:76:3f:d5:2d:de:11:ba:d8:92:b4:c9:
         33:a8:af:f9:44:56:82:4f:02:4c:af:ea:50:5c:bb:b6:bd:f3:
         53:7b:9e:f4:d6:be:c7:bb:5b:fd:5b:47:fa:ce:a7:43:f0:d3:
         81:d9:d8:6e:fe:38:0f:9c:7e:0f:aa:28:2c:b6:11:ec:62:46:
         a1:cb:e6:12:e2:84:d1:02:c6:a6:21:ba:79:39:01:dc:93:f6:
         22:fa:2c:fb:35:57:e3:c4:74:4d:e6:9e:14:b7:a4:cf:08:d9:
         5c:3a:74:f9:85:88:ab:86:fe:c9:f3:4d:73:b2:2f:d3:86:7a:
         e9:0f:29:a7:0e:cc:b5:16:78:9c:34:c9:e8:41:0a:0f:82:19:
         00:bb:54:c2:1e:3b:f8:f9:d5:6f:86:3b:1d:ff:be:9d:ba:34:
         7e:25:09:73:e7:09:6d:ab:1c:b4:2b:b8:f1:1b:2d:b9:da:2e:
         d8:22:0b:09:06:de:69:81:8f:f3:23:0c:b0:dd:67:9f:8e:d3:
         3d:97:de:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt33ySIitHBe+OEV/kcVfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlOGMxODk3NjI0ZjU3YmUzNGUwZjc2MGI5N2YxMTBhZDVi
NWRhM2EwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2EyZTNiMTYwNGNlYTFmZmY3MjVlY2UyNmNkNmNkY2FkMWRiMDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDVlMTEza46BQh4XNTIo6e3Y4S4W
6YQ7AudrnNuLeH3uEOySqtv3Pi6LVZUuDuHYXFMuFnze/JVZRI4nYIrmYPiOelb4
FjHaJd0R5xSN+UMhpAN6AaZJJK7sUtHTjnbsKOiWUVqkvMmcMEO8k47/SxZCwUik
LKgJ8U5BWES3+fYGSsdRm1cUSxO3fIgbACSHzVj8n0TFqS6ABDrFrAtYIigsDVOl
A9BcYPwuJD1UpzyYUAsB6diKDiVUVH7OIUcjGgyIJjB9o4JJ/1lD5t4zzZ/Zaads
m1VevPA/wjPIvN9uyn3otSfDJv/R7upqjC0LO2XogucvLaU6HT2rcwVzGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOi47FgTOof/3JezibNbNytHbCZMB8GA1UdIwQY
MBaAFD6MGJdiT1e+NOD3YLl/EQrVtdo6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG93WWwySlBWNzQwNFBkZ3VYOFJDdFcxMmpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy81N2VhOGQtYzY4MC00MGE3LThhMjkt
ZjA3NmEwOGU2MDAzLzEvWTZManNXQk02aF9fY2w3T0pzMXMzSzBkc0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy81N2VhOGQtYzY4MC00MGE3LThhMjktZjA3NmEwOGU2MDAz
LzEvUG93WWwySlBWNzQwNFBkZ3VYOFJDdFcxMmpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWc98MA0G
CSqGSIb3DQEBCwUAA4IBAQA+f/W9C9L2fioSp4j16oAST+npQsUnlw4nfD2N9iNa
SBY1CAbN8Eei7QbpvbwbbJGpwaT/ffqD6yYJxjt3dj/VLd4RutiStMkzqK/5RFaC
TwJMr+pQXLu2vfNTe5701r7Hu1v9W0f6zqdD8NOB2dhu/jgPnH4PqigsthHsYkah
y+YS4oTRAsamIbp5OQHck/Yi+iz7NVfjxHRN5p4Ut6TPCNlcOnT5hYirhv7J801z
si/ThnrpDymnDsy1FnicNMnoQQoPghkAu1TCHjv4+dVvhjsd/76dujR+JQlz5wlt
qxy0K7jxGy252i7YIgsJBt5pgY/zIwyw3WefjtM9l94H
-----END CERTIFICATE-----