Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/yzHNewA-W2PhscI-yK1eWSOxOlA.roa
File:                     yzHNewA-W2PhscI-yK1eWSOxOlA.roa (raw, json)
Hash identifier:          jTbDKKZVHsQj/gxaYHKGxOM1RjQbrR/ZV1etjsz4vmw=
Subject key identifier:   CB:31:CD:7B:00:3E:5B:63:E1:B1:C2:3E:C8:AD:5E:59:23:B1:3A:50
Certificate issuer:       /CN=9b200d0e7ad3cef72238b5164c4b2cdde23a6a1e
Certificate serial:       018CC8011584F0C35B096FDF45988CA05398
Authority key identifier: 9B:20:0D:0E:7A:D3:CE:F7:22:38:B5:16:4C:4B:2C:DD:E2:3A:6A:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/myANDnrTzvciOLUWTEss3eI6ah4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/yzHNewA-W2PhscI-yK1eWSOxOlA.roa
Signing time:             Tue 02 Jan 2024 02:29:23 +0000
ROA not before:           Tue 02 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205139
IP address blocks:        89.45.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/myANDnrTzvciOLUWTEss3eI6ah4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/myANDnrTzvciOLUWTEss3eI6ah4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/myANDnrTzvciOLUWTEss3eI6ah4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 18:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:15:84:f0:c3:5b:09:6f:df:45:98:8c:a0:53:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b200d0e7ad3cef72238b5164c4b2cdde23a6a1e
        Validity
            Not Before: Jan  2 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb31cd7b003e5b63e1b1c23ec8ad5e5923b13a50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d9:d8:fe:09:0b:50:5b:74:ac:eb:37:27:87:
                    0d:5b:23:06:07:96:1d:98:eb:90:1c:71:e4:a2:20:
                    27:c2:9e:f3:ff:40:35:44:43:2f:5a:e8:72:28:5c:
                    d4:20:02:8a:a3:9e:a1:32:7e:21:67:79:96:29:e9:
                    57:b4:06:d4:67:74:68:25:8a:e6:66:67:9b:b5:dd:
                    26:56:35:f3:46:65:c1:95:11:30:3c:56:0c:ac:e5:
                    bf:7a:ac:e0:c5:81:25:89:b2:ab:b2:c8:e2:7a:12:
                    7f:f3:c8:aa:39:6e:04:12:47:8e:ff:b7:08:ad:33:
                    5b:94:14:ea:f5:7c:b0:76:c6:40:3d:68:a6:94:b4:
                    17:d6:24:55:7e:42:d3:3b:24:55:e9:07:29:9f:56:
                    71:1b:57:0f:2d:9d:2e:cc:3b:77:7b:0b:5a:e4:bc:
                    aa:17:47:1b:44:06:83:21:ce:12:f2:15:19:b4:1b:
                    47:36:1b:47:f6:f7:14:65:e8:ab:03:f1:d2:60:4f:
                    5b:b1:86:3c:60:1c:36:97:ab:d5:44:f6:32:c0:78:
                    8a:85:b9:96:bf:14:57:41:7b:8b:8c:46:40:d6:41:
                    d7:80:d2:5c:1d:96:9a:18:d5:a8:29:1b:3e:fa:94:
                    9a:63:d9:0f:1b:14:21:e6:77:d6:ea:2a:cc:2a:ec:
                    5c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:31:CD:7B:00:3E:5B:63:E1:B1:C2:3E:C8:AD:5E:59:23:B1:3A:50
            X509v3 Authority Key Identifier:
                keyid:9B:20:0D:0E:7A:D3:CE:F7:22:38:B5:16:4C:4B:2C:DD:E2:3A:6A:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/myANDnrTzvciOLUWTEss3eI6ah4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/yzHNewA-W2PhscI-yK1eWSOxOlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/fcbcc6-739b-4f5c-ae3c-a4f08dbb85a5/1/myANDnrTzvciOLUWTEss3eI6ah4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:b0:d5:05:22:a0:0d:75:8c:78:26:db:75:1f:d8:a4:2c:df:
         71:10:e1:ab:ad:7c:b2:3f:66:d6:6e:8b:4a:97:fa:e9:2d:20:
         f3:a9:df:d4:4e:77:44:b3:6d:ef:a1:e0:66:87:85:fe:e4:53:
         54:ff:38:21:89:39:fd:01:6e:b5:b8:d8:c3:34:59:ed:9e:15:
         9b:99:3d:73:5a:31:97:e1:4e:97:0c:14:a1:8f:f9:4d:36:80:
         1b:01:08:84:21:5f:42:78:3f:00:77:66:1b:5b:a5:f8:19:08:
         f1:e3:a9:23:77:66:4e:c8:29:0e:d0:bf:a5:ff:bf:48:ef:27:
         99:f5:16:a6:19:ea:ca:b2:de:35:4b:b5:ef:ad:2d:62:c0:f1:
         bb:3e:94:13:33:7e:a2:39:9c:be:02:59:f5:75:7d:29:6e:01:
         20:54:bb:69:2d:55:0a:2a:99:b6:c3:3e:b7:10:c0:68:85:fe:
         2d:3e:16:b8:0e:1b:e2:ea:d6:ba:25:0c:90:3d:c4:82:41:1c:
         eb:f1:01:fa:14:8a:b1:47:d6:f2:b3:53:02:f7:c4:1c:84:1e:
         db:40:ef:dc:e7:11:eb:49:80:52:53:9e:1e:18:57:fd:30:6b:
         6f:7b:00:17:72:af:e2:44:81:80:95:b6:3b:62:9a:4a:36:d3:
         fc:f4:18:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARWE8MNbCW/fRZiMoFOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMjAwZDBlN2FkM2NlZjcyMjM4YjUxNjRjNGIyY2RkZTIz
YTZhMWUwHhcNMjQwMTAyMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjMxY2Q3YjAwM2U1YjYzZTFiMWMyM2VjOGFkNWU1OTIzYjEzYTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtnY/gkLUFt0rOs3J4cNWyMGB5Yd
mOuQHHHkoiAnwp7z/0A1REMvWuhyKFzUIAKKo56hMn4hZ3mWKelXtAbUZ3RoJYrm
Zmebtd0mVjXzRmXBlREwPFYMrOW/eqzgxYElibKrssjiehJ/88iqOW4EEkeO/7cI
rTNblBTq9XywdsZAPWimlLQX1iRVfkLTOyRV6Qcpn1ZxG1cPLZ0uzDt3ewta5Lyq
F0cbRAaDIc4S8hUZtBtHNhtH9vcUZeirA/HSYE9bsYY8YBw2l6vVRPYywHiKhbmW
vxRXQXuLjEZA1kHXgNJcHZaaGNWoKRs++pSaY9kPGxQh5nfW6irMKuxcDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsxzXsAPltj4bHCPsitXlkjsTpQMB8GA1UdIwQY
MBaAFJsgDQ560873Iji1FkxLLN3iOmoeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXlBTkRuclR6dmNpT0xVV1RFc3MzZUk2YWg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9mY2JjYzYtNzM5Yi00ZjVjLWFlM2Mt
YTRmMDhkYmI4NWE1LzEveXpITmV3QS1XMlBoc2NJLXlLMWVXU094T2xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9mY2JjYzYtNzM5Yi00ZjVjLWFlM2MtYTRmMDhkYmI4NWE1
LzEvbXlBTkRuclR6dmNpT0xVV1RFc3MzZUk2YWg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWS3YMA0G
CSqGSIb3DQEBCwUAA4IBAQASsNUFIqANdYx4Jtt1H9ikLN9xEOGrrXyyP2bWbotK
l/rpLSDzqd/UTndEs23voeBmh4X+5FNU/zghiTn9AW61uNjDNFntnhWbmT1zWjGX
4U6XDBShj/lNNoAbAQiEIV9CeD8Ad2YbW6X4GQjx46kjd2ZOyCkO0L+l/79I7yeZ
9RamGerKst41S7XvrS1iwPG7PpQTM36iOZy+Aln1dX0pbgEgVLtpLVUKKpm2wz63
EMBohf4tPha4Dhvi6ta6JQyQPcSCQRzr8QH6FIqxR9bys1MC98QchB7bQO/c5xHr
SYBSU54eGFf9MGtvewAXcq/iRIGAlbY7YppKNtP89Bia
-----END CERTIFICATE-----