Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/1-nBCVdTynpFtBXhHHuJZz-oDZa0.roa
File:                     1-nBCVdTynpFtBXhHHuJZz-oDZa0.roa (raw, json)
Hash identifier:          VFMS0PETIOvz1Eh23jZS7n7xwjh2hsKANuE7RG66Bnk=
Subject key identifier:   FA:70:42:55:D4:F2:9E:91:6D:05:78:47:1E:E2:59:CF:EA:03:65:AD
Certificate issuer:       /CN=0146b429f8c49611fcfea1efa1a51b9c0eddb6e7
Certificate serial:       018CC9BBFC460EC21A3F69F25619D2F28D91
Authority key identifier: 01:46:B4:29:F8:C4:96:11:FC:FE:A1:EF:A1:A5:1B:9C:0E:DD:B6:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/1-nBCVdTynpFtBXhHHuJZz-oDZa0.roa
Signing time:             Tue 02 Jan 2024 10:33:09 +0000
ROA not before:           Tue 02 Jan 2024 10:33:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44739
IP address blocks:        89.47.92.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:fc:46:0e:c2:1a:3f:69:f2:56:19:d2:f2:8d:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0146b429f8c49611fcfea1efa1a51b9c0eddb6e7
        Validity
            Not Before: Jan  2 10:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa704255d4f29e916d0578471ee259cfea0365ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:cd:e6:4a:d0:b7:58:0e:66:0f:d5:94:0b:b7:
                    d2:81:1b:3f:45:1d:94:fa:07:ed:08:3d:88:84:7f:
                    a0:33:21:10:91:ea:90:e3:57:b0:59:2d:e0:ff:a7:
                    00:0f:a4:ac:9d:67:53:14:3e:54:df:2f:62:d4:4d:
                    87:8f:1b:48:a6:4d:83:d9:3c:6a:63:b1:3e:9c:c5:
                    55:69:e5:ab:80:44:39:4f:db:e0:a9:46:2d:d9:23:
                    f4:27:44:3d:82:e6:62:02:b1:e6:68:ec:5d:58:ad:
                    58:30:81:58:76:0a:95:6c:2c:f5:5a:de:d7:81:ad:
                    eb:45:cc:30:76:ea:08:be:0c:4f:ea:ff:2e:19:b6:
                    a8:fd:45:83:ec:e2:fd:ce:1c:af:e9:b6:b5:52:4a:
                    63:d4:c1:ae:b2:75:c7:8f:7d:0e:10:a6:91:e8:5c:
                    68:af:5e:3c:a3:91:67:03:2c:99:a9:aa:15:e9:b1:
                    80:a7:5e:aa:13:8b:d6:83:8a:93:9c:de:08:9a:b8:
                    0d:d6:e3:28:de:ea:f8:04:4b:c2:49:0d:48:da:b6:
                    9b:83:be:e3:df:2f:c9:7f:4e:06:a0:64:b6:25:4d:
                    c7:ea:86:1a:64:be:71:e7:d7:88:c4:bc:ca:87:df:
                    43:d9:6b:08:48:43:0b:af:93:01:85:02:ce:35:be:
                    f0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:70:42:55:D4:F2:9E:91:6D:05:78:47:1E:E2:59:CF:EA:03:65:AD
            X509v3 Authority Key Identifier:
                keyid:01:46:B4:29:F8:C4:96:11:FC:FE:A1:EF:A1:A5:1B:9C:0E:DD:B6:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/1-nBCVdTynpFtBXhHHuJZz-oDZa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:65:b7:67:3e:a7:6c:1b:c7:cb:ef:50:47:4d:db:3d:55:87:
         43:03:58:39:cb:b8:6c:7d:a8:a2:4f:bd:62:33:19:9b:b6:59:
         42:9c:a8:18:cd:48:99:29:9c:eb:cd:69:d0:7b:b9:b1:3d:74:
         2d:c7:17:ac:97:19:a8:b8:99:36:d3:ea:9f:1b:22:ea:55:11:
         ff:62:54:68:08:4d:72:dd:b4:59:8b:44:2c:ea:e5:46:25:d5:
         a6:0c:7a:55:29:e6:1d:39:6b:2f:a2:32:ac:68:32:a6:cb:2c:
         0a:a8:82:f8:d0:0d:c1:23:71:da:3b:c6:60:23:3d:b3:d7:69:
         8d:40:16:de:27:9c:af:82:cc:48:3d:41:8b:b8:e2:13:84:0b:
         d0:64:5b:b4:1d:5e:0b:d0:f9:33:65:73:61:b1:d1:c0:b5:ea:
         f3:53:0e:da:a2:62:b9:7a:e7:43:c2:06:f4:48:db:c9:18:4c:
         00:52:ec:27:0f:a8:4a:ab:24:69:f8:bd:ea:9a:8c:9b:d3:00:
         dc:eb:23:85:b0:d4:43:fe:32:ed:10:3b:21:52:11:c4:10:93:
         3e:48:95:24:ae:15:8a:5e:0d:3a:fd:a9:36:dd:aa:39:53:1a:
         d8:ab:e6:52:0d:1b:77:24:eb:8c:bf:c1:23:6b:86:59:26:2b:
         b8:27:d3:9e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJu/xGDsIaP2nyVhnS8o2RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNDZiNDI5ZjhjNDk2MTFmY2ZlYTFlZmExYTUxYjljMGVk
ZGI2ZTcwHhcNMjQwMTAyMTAzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTcwNDI1NWQ0ZjI5ZTkxNmQwNTc4NDcxZWUyNTljZmVhMDM2NWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAis3mStC3WA5mD9WUC7fSgRs/RR2U
+gftCD2IhH+gMyEQkeqQ41ewWS3g/6cAD6SsnWdTFD5U3y9i1E2HjxtIpk2D2Txq
Y7E+nMVVaeWrgEQ5T9vgqUYt2SP0J0Q9guZiArHmaOxdWK1YMIFYdgqVbCz1Wt7X
ga3rRcwwduoIvgxP6v8uGbao/UWD7OL9zhyv6ba1Ukpj1MGusnXHj30OEKaR6Fxo
r148o5FnAyyZqaoV6bGAp16qE4vWg4qTnN4ImrgN1uMo3ur4BEvCSQ1I2rabg77j
3y/Jf04GoGS2JU3H6oYaZL5x59eIxLzKh99D2WsISEMLr5MBhQLONb7whQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpwQlXU8p6RbQV4Rx7iWc/qA2WtMB8GA1UdIwQY
MBaAFAFGtCn4xJYR/P6h76GlG5wO3bbnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVVhMEtmakVsaEg4X3FIdm9hVWJuQTdkdHVjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9lNWUzNzktNjU2ZC00NjIyLWE3YmMt
ZWEyNmU3NDZhMGFkLzEvMS1uQkNWZFR5bnBGdEJYaEhIdUpaei1vRFphMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTQvZTVlMzc5LTY1NmQtNDYyMi1hN2JjLWVhMjZlNzQ2YTBh
ZC8xL0FVYTBLZmpFbGhIOF9xSHZvYVVibkE3ZHR1Yy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVkvXDAN
BgkqhkiG9w0BAQsFAAOCAQEAdGW3Zz6nbBvHy+9QR03bPVWHQwNYOcu4bH2ook+9
YjMZm7ZZQpyoGM1ImSmc681p0Hu5sT10LccXrJcZqLiZNtPqnxsi6lUR/2JUaAhN
ct20WYtELOrlRiXVpgx6VSnmHTlrL6IyrGgypsssCqiC+NANwSNx2jvGYCM9s9dp
jUAW3iecr4LMSD1Bi7jiE4QL0GRbtB1eC9D5M2VzYbHRwLXq81MO2qJiuXrnQ8IG
9EjbyRhMAFLsJw+oSqskafi96pqMm9MA3OsjhbDUQ/4y7RA7IVIRxBCTPkiVJK4V
il4NOv2pNt2qOVMa2KvmUg0bdyTrjL/BI2uGWSYruCfTng==
-----END CERTIFICATE-----