Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/yRzwejVSauh5J3SqcIAz9T7xhWA.roa
File:                     yRzwejVSauh5J3SqcIAz9T7xhWA.roa (raw, json)
Hash identifier:          Wrqqoq5cwG+rMNTMWPlnF9/upXXQ0FhuIDv968WoD9s=
Subject key identifier:   C9:1C:F0:7A:35:52:6A:E8:79:27:74:AA:70:80:33:F5:3E:F1:85:60
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B944762A25F4DAB52A70B2D7FFFBCE
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/yRzwejVSauh5J3SqcIAz9T7xhWA.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        89.31.122.0/24 maxlen: 24
                          2a03:f80:420::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:44:76:2a:25:f4:da:b5:2a:70:b2:d7:ff:fb:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c91cf07a35526ae8792774aa708033f53ef18560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:22:84:ad:d8:30:54:f3:d5:38:e0:3b:51:3d:
                    d7:d6:28:82:58:4a:fc:59:fe:0c:ea:10:a5:55:a1:
                    41:a2:82:83:75:64:2f:da:7e:f4:4a:90:9c:2e:47:
                    45:f1:10:35:37:aa:22:df:cf:78:37:96:74:f0:4a:
                    2a:fe:53:53:88:39:9e:ad:96:87:01:81:b2:a9:53:
                    2f:d6:97:a7:72:51:d1:37:84:f4:f8:24:19:22:3b:
                    0f:83:ca:39:37:00:b3:cf:f6:a5:dc:e7:0a:6d:36:
                    2a:c5:cc:32:91:e2:85:29:eb:b5:03:fc:d1:20:dc:
                    81:1a:36:b6:0b:31:19:7a:77:f9:c8:ac:69:19:32:
                    cb:b7:0d:d3:58:9a:93:48:07:87:3f:04:d6:d3:e2:
                    47:29:96:e8:da:9f:a1:26:44:f6:00:0d:a7:ed:67:
                    a0:2e:4d:0e:b1:a4:34:90:42:b6:d9:19:27:07:d7:
                    d2:29:f0:63:82:71:6a:d9:de:fc:89:98:8b:26:06:
                    e9:05:2a:ad:2e:0b:dd:66:df:ff:47:1f:31:37:ad:
                    f3:e4:fd:23:d8:44:42:83:74:0f:a3:73:cc:9b:83:
                    0c:0e:90:b7:99:c5:b8:6b:d0:e0:20:23:4d:db:a2:
                    de:b4:71:80:57:74:81:5c:58:20:87:ab:82:f2:5b:
                    43:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:1C:F0:7A:35:52:6A:E8:79:27:74:AA:70:80:33:F5:3E:F1:85:60
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/yRzwejVSauh5J3SqcIAz9T7xhWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.122.0/24
                IPv6:
                  2a03:f80:420::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:2d:ca:85:b4:57:82:80:19:8b:68:94:12:6e:09:57:bb:69:
         7a:40:34:f3:cc:ad:82:39:7d:c5:2a:6e:62:42:cc:3d:55:8c:
         13:de:a1:d8:c4:7e:39:fb:a7:c0:fe:47:b2:20:5b:77:e6:19:
         11:2f:6e:ce:e6:64:f3:6a:a7:05:5c:a8:24:22:b8:dd:2b:38:
         1c:b9:51:1e:b5:a8:43:d7:aa:fe:d3:8c:01:ab:ad:e3:18:00:
         5d:a4:8c:e1:0b:8d:f0:42:b3:1e:c9:a1:5e:4c:d8:93:57:31:
         a2:4a:48:22:ca:a7:d5:ca:74:0b:f2:4d:be:7e:a0:98:ce:b5:
         0c:f2:6c:68:23:ba:9e:46:60:0f:c6:26:56:5a:3a:4a:1a:3c:
         5b:e1:12:c3:e3:28:d9:e4:74:0d:92:4b:7e:88:13:a1:04:40:
         a5:a2:38:5b:a6:f8:99:3e:de:3c:2f:4e:18:85:25:08:c0:ed:
         f8:14:a1:bf:01:79:39:06:b8:25:21:55:58:da:73:21:13:da:
         8b:07:51:b0:96:53:b3:6a:00:5d:30:52:93:ad:d2:90:7b:9f:
         26:3e:9d:76:f9:87:00:e7:ec:5d:90:09:e4:14:aa:58:77:60:
         fb:cd:58:12:10:c7:ec:01:71:96:23:99:7c:17:50:72:ad:7d:
         5e:9a:ec:14
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuUR2KiX02rUqcLLX//vOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTFjZjA3YTM1NTI2YWU4NzkyNzc0YWE3MDgwMzNmNTNlZjE4NTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCKErdgwVPPVOOA7UT3X1iiCWEr8
Wf4M6hClVaFBooKDdWQv2n70SpCcLkdF8RA1N6oi3894N5Z08Eoq/lNTiDmerZaH
AYGyqVMv1penclHRN4T0+CQZIjsPg8o5NwCzz/al3OcKbTYqxcwykeKFKeu1A/zR
INyBGja2CzEZenf5yKxpGTLLtw3TWJqTSAeHPwTW0+JHKZbo2p+hJkT2AA2n7Weg
Lk0OsaQ0kEK22RknB9fSKfBjgnFq2d78iZiLJgbpBSqtLgvdZt//Rx8xN63z5P0j
2ERCg3QPo3PMm4MMDpC3mcW4a9DgICNN26LetHGAV3SBXFggh6uC8ltD+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMkc8Ho1UmroeSd0qnCAM/U+8YVgMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEveVJ6d2VqVlNhdWg1SjNTcWNJQXo5VDd4aFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAWR96MA8E
AgACMAkDBwAqAw+ABCAwDQYJKoZIhvcNAQELBQADggEBAIwtyoW0V4KAGYtolBJu
CVe7aXpANPPMrYI5fcUqbmJCzD1VjBPeodjEfjn7p8D+R7IgW3fmGREvbs7mZPNq
pwVcqCQiuN0rOBy5UR61qEPXqv7TjAGrreMYAF2kjOELjfBCsx7JoV5M2JNXMaJK
SCLKp9XKdAvyTb5+oJjOtQzybGgjup5GYA/GJlZaOkoaPFvhEsPjKNnkdA2SS36I
E6EEQKWiOFum+Jk+3jwvThiFJQjA7fgUob8BeTkGuCUhVVjacyET2osHUbCWU7Nq
AF0wUpOt0pB7nyY+nXb5hwDn7F2QCeQUqlh3YPvNWBIQx+wBcZYjmXwXUHKtfV6a
7BQ=
-----END CERTIFICATE-----