Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/8716d1-eeda-4505-a0c9-078fd395859f/1/9TruYNnifZvDb9SVPVW7iXJ7wYA.roa
File:                     9TruYNnifZvDb9SVPVW7iXJ7wYA.roa (raw, json)
Hash identifier:          xKpFXoNKmLpqBIduSytI40Tek1KjGO3BXtm0sLeiS0E=
Subject key identifier:   F5:3A:EE:60:D9:E2:7D:9B:C3:6F:D4:95:3D:55:BB:89:72:7B:C1:80
Certificate issuer:       /CN=8dc8972b4dba0d2049d37c848a4a21d4a43b2e3b
Certificate serial:       018FDD1C42282C857ED9C26F01029895A97E
Authority key identifier: 8D:C8:97:2B:4D:BA:0D:20:49:D3:7C:84:8A:4A:21:D4:A4:3B:2E:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jciXK026DSBJ03yEikoh1KQ7Ljs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/8716d1-eeda-4505-a0c9-078fd395859f/1/9TruYNnifZvDb9SVPVW7iXJ7wYA.roa
Signing time:             Mon 03 Jun 2024 07:59:27 +0000
ROA not before:           Mon 03 Jun 2024 07:59:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215264
IP address blocks:        89.187.93.0/24 maxlen: 24
                          2a14:2540::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/8716d1-eeda-4505-a0c9-078fd395859f/1/jciXK026DSBJ03yEikoh1KQ7Ljs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/8716d1-eeda-4505-a0c9-078fd395859f/1/jciXK026DSBJ03yEikoh1KQ7Ljs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jciXK026DSBJ03yEikoh1KQ7Ljs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:1c:42:28:2c:85:7e:d9:c2:6f:01:02:98:95:a9:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dc8972b4dba0d2049d37c848a4a21d4a43b2e3b
        Validity
            Not Before: Jun  3 07:59:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f53aee60d9e27d9bc36fd4953d55bb89727bc180
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2a:cc:82:74:da:5f:51:b6:72:82:1e:a1:52:
                    e3:12:32:12:f9:18:84:19:5e:8d:6e:8d:2c:44:f6:
                    a0:a5:55:4d:44:c1:7a:cd:54:6f:c5:3a:15:f1:13:
                    46:e8:8f:d2:a3:31:ec:9b:66:6a:42:d8:b7:55:b2:
                    f4:62:89:63:d6:17:fd:31:97:7c:21:94:f4:53:db:
                    b4:e9:a4:d6:51:ec:58:c3:41:2a:33:7e:77:de:af:
                    02:82:39:72:a6:f8:1f:d1:41:c5:31:9c:c3:5e:4c:
                    16:8f:fe:16:70:51:1f:70:43:02:42:76:fe:a8:ad:
                    5e:6a:23:39:fb:33:9b:0b:fe:3b:e3:ba:ba:9f:9a:
                    52:02:31:87:70:39:50:99:2d:5d:d7:73:e8:81:d0:
                    ca:b0:8d:f7:f6:47:ba:61:11:fe:26:84:80:6e:0c:
                    dc:c8:a4:b1:bb:c0:89:ce:b1:3e:6b:46:ab:7a:7a:
                    64:4d:55:89:96:1f:66:ec:c0:33:58:63:95:d5:37:
                    c6:02:a5:07:fc:cf:c2:75:83:58:89:4e:a3:ca:cc:
                    46:a6:15:6b:5e:5c:c5:b0:12:83:16:9d:05:bf:fd:
                    a6:5f:6a:a0:c1:7e:5e:98:cf:3d:8c:88:ca:60:43:
                    f0:48:0c:3d:a9:40:d1:af:a7:9c:e4:a1:85:30:0a:
                    31:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:3A:EE:60:D9:E2:7D:9B:C3:6F:D4:95:3D:55:BB:89:72:7B:C1:80
            X509v3 Authority Key Identifier:
                keyid:8D:C8:97:2B:4D:BA:0D:20:49:D3:7C:84:8A:4A:21:D4:A4:3B:2E:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jciXK026DSBJ03yEikoh1KQ7Ljs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8716d1-eeda-4505-a0c9-078fd395859f/1/9TruYNnifZvDb9SVPVW7iXJ7wYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8716d1-eeda-4505-a0c9-078fd395859f/1/jciXK026DSBJ03yEikoh1KQ7Ljs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.93.0/24
                IPv6:
                  2a14:2540::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:a2:f3:fa:fe:35:70:5c:af:24:be:81:8f:5d:64:ef:fb:36:
         fe:83:06:03:7d:16:fb:c6:1d:63:04:6f:b5:52:ed:c0:96:10:
         f5:72:eb:11:23:89:0f:41:c0:96:02:9f:47:0f:bb:0d:0a:74:
         65:49:09:99:7b:06:36:9f:e3:7f:8d:2b:fe:e1:c5:75:4d:1f:
         8f:1c:d4:84:58:ca:b2:81:da:1c:09:34:70:a6:db:cb:aa:27:
         62:43:86:ea:fc:89:e1:7c:a8:e1:d2:37:77:7d:e1:93:f6:ae:
         8d:bf:d1:3f:ae:66:37:da:30:e6:a1:14:a6:f3:cd:de:04:78:
         ed:8a:39:41:d4:da:a3:b5:c4:fc:be:ab:1c:02:56:98:53:77:
         a4:44:9f:ab:f9:f3:67:72:a5:fc:2b:f5:b7:43:a9:da:1b:e9:
         77:79:ea:53:af:da:88:af:da:ad:47:33:53:39:48:5b:54:d2:
         24:d0:08:ac:63:d8:bf:66:8d:0f:a5:9c:92:19:67:10:7a:1f:
         a0:48:90:2f:1a:e7:0c:07:b7:30:cd:8a:1f:0c:f7:8b:31:2d:
         f3:d9:9e:0a:9a:5d:8a:b1:de:12:9e:67:9c:10:46:11:1f:91:
         21:2f:b1:b8:90:97:d3:4d:b9:47:de:fb:cf:65:d6:55:3a:83:
         fe:44:77:ec
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY/dHEIoLIV+2cJvAQKYlal+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYzg5NzJiNGRiYTBkMjA0OWQzN2M4NDhhNGEyMWQ0YTQz
YjJlM2IwHhcNMjQwNjAzMDc1OTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTNhZWU2MGQ5ZTI3ZDliYzM2ZmQ0OTUzZDU1YmI4OTcyN2JjMTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSrMgnTaX1G2coIeoVLjEjIS+RiE
GV6Nbo0sRPagpVVNRMF6zVRvxToV8RNG6I/SozHsm2ZqQti3VbL0Yolj1hf9MZd8
IZT0U9u06aTWUexYw0EqM3533q8Cgjlypvgf0UHFMZzDXkwWj/4WcFEfcEMCQnb+
qK1eaiM5+zObC/4747q6n5pSAjGHcDlQmS1d13PogdDKsI339ke6YRH+JoSAbgzc
yKSxu8CJzrE+a0arenpkTVWJlh9m7MAzWGOV1TfGAqUH/M/CdYNYiU6jysxGphVr
XlzFsBKDFp0Fv/2mX2qgwX5emM89jIjKYEPwSAw9qUDRr6ec5KGFMAoxbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPU67mDZ4n2bw2/UlT1Vu4lye8GAMB8GA1UdIwQY
MBaAFI3IlytNug0gSdN8hIpKIdSkOy47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamNpWEswMjZEU0JKMDN5RWlrb2gxS1E3TGpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi84NzE2ZDEtZWVkYS00NTA1LWEwYzkt
MDc4ZmQzOTU4NTlmLzEvOVRydVlObmlmWnZEYjlTVlBWVzdpWEo3d1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi84NzE2ZDEtZWVkYS00NTA1LWEwYzktMDc4ZmQzOTU4NTlm
LzEvamNpWEswMjZEU0JKMDN5RWlrb2gxS1E3TGpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAWbtdMA0E
AgACMAcDBQMqFCVAMA0GCSqGSIb3DQEBCwUAA4IBAQAkovP6/jVwXK8kvoGPXWTv
+zb+gwYDfRb7xh1jBG+1Uu3AlhD1cusRI4kPQcCWAp9HD7sNCnRlSQmZewY2n+N/
jSv+4cV1TR+PHNSEWMqygdocCTRwptvLqidiQ4bq/InhfKjh0jd3feGT9q6Nv9E/
rmY32jDmoRSm883eBHjtijlB1NqjtcT8vqscAlaYU3ekRJ+r+fNncqX8K/W3Q6na
G+l3eepTr9qIr9qtRzNTOUhbVNIk0AisY9i/Zo0PpZySGWcQeh+gSJAvGucMB7cw
zYofDPeLMS3z2Z4Kml2Ksd4SnmecEEYRH5EhL7G4kJfTTblH3vvPZdZVOoP+RHfs
-----END CERTIFICATE-----