Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/goFXT3A5q-_-SiTBuqcAGcYOPpc.roa
File:                     goFXT3A5q-_-SiTBuqcAGcYOPpc.roa (raw, json)
Hash identifier:          ZTMruwS9wJsCRmfEiCL7nQAlbEp2vFJI/okS3y04FBU=
Subject key identifier:   82:81:57:4F:70:39:AB:EF:FE:4A:24:C1:BA:A7:00:19:C6:0E:3E:97
Certificate issuer:       /CN=ef7cca8aa3f178b999a46e5ff4fa7daf9f9f2e6f
Certificate serial:       018CC50051EDE7C7C543FC0E8A01FB5295FA
Authority key identifier: EF:7C:CA:8A:A3:F1:78:B9:99:A4:6E:5F:F4:FA:7D:AF:9F:9F:2E:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/73zKiqPxeLmZpG5f9Pp9r5-fLm8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/goFXT3A5q-_-SiTBuqcAGcYOPpc.roa
Signing time:             Mon 01 Jan 2024 12:29:41 +0000
ROA not before:           Mon 01 Jan 2024 12:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        89.251.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/73zKiqPxeLmZpG5f9Pp9r5-fLm8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/73zKiqPxeLmZpG5f9Pp9r5-fLm8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/73zKiqPxeLmZpG5f9Pp9r5-fLm8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:51:ed:e7:c7:c5:43:fc:0e:8a:01:fb:52:95:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef7cca8aa3f178b999a46e5ff4fa7daf9f9f2e6f
        Validity
            Not Before: Jan  1 12:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8281574f7039abeffe4a24c1baa70019c60e3e97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:b2:d1:49:db:46:5a:dc:92:9a:d1:53:ed:c0:
                    0e:44:06:e4:1c:87:f5:a9:95:e7:73:f6:a1:56:77:
                    b3:b1:1c:38:2f:14:15:be:d1:e7:48:b9:ab:35:88:
                    4c:ea:71:e4:62:bb:dd:24:db:73:09:85:67:ca:3a:
                    db:02:41:7d:74:24:d4:21:fd:45:37:1a:e1:1c:3b:
                    30:66:31:f3:76:bd:8b:4e:c8:1c:c6:aa:8c:89:9e:
                    c6:1b:f8:11:37:ec:27:18:55:72:f8:d2:8f:4b:2c:
                    5d:45:72:56:9c:7b:8b:8b:f2:19:30:79:26:6f:1e:
                    da:e4:4b:9c:1c:f0:36:46:f6:aa:91:7f:b9:c2:0b:
                    95:3e:d9:6b:21:4c:9b:de:2a:19:ff:18:dd:10:05:
                    5c:1f:ef:95:90:4b:44:00:28:91:34:44:b0:18:5f:
                    a3:53:e4:01:7d:fa:63:58:00:4e:e2:31:de:dc:fd:
                    1d:4c:8c:2a:2d:c9:e4:40:c9:16:73:d5:32:23:4c:
                    a9:49:e5:3b:78:25:27:74:2f:73:38:aa:a4:12:52:
                    c5:8b:b9:66:ad:d5:78:06:49:2b:21:1b:39:35:2e:
                    6f:b9:ff:87:e3:b1:2a:d0:95:b9:88:39:7b:dc:c2:
                    17:87:83:27:a9:32:7f:e5:ec:1f:28:e2:fe:c9:41:
                    59:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:81:57:4F:70:39:AB:EF:FE:4A:24:C1:BA:A7:00:19:C6:0E:3E:97
            X509v3 Authority Key Identifier:
                keyid:EF:7C:CA:8A:A3:F1:78:B9:99:A4:6E:5F:F4:FA:7D:AF:9F:9F:2E:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/73zKiqPxeLmZpG5f9Pp9r5-fLm8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/goFXT3A5q-_-SiTBuqcAGcYOPpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/36d642-5643-454f-b5c0-990777c357e3/1/73zKiqPxeLmZpG5f9Pp9r5-fLm8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:ab:50:c5:7e:52:8d:86:97:f0:b9:08:66:8d:54:c9:a7:90:
         6b:e5:65:55:42:3e:f5:45:9d:b9:ad:1d:f3:4e:cc:05:6e:2b:
         7f:d4:c2:d3:e9:5d:e7:cb:08:a8:51:dc:3d:00:10:6f:f6:0d:
         ad:b7:a8:1d:97:7a:ca:77:d4:2d:ae:b6:83:45:29:fd:34:10:
         14:c5:bd:d6:fc:43:ff:39:91:7d:f6:d0:1c:39:74:3a:3e:70:
         b9:e7:b3:2e:87:02:12:25:34:4a:d4:c2:26:29:2f:6c:11:75:
         05:56:71:91:c5:02:fc:62:08:96:08:b0:5b:e2:d5:4c:8f:4a:
         48:b7:4f:36:a2:ff:e0:79:e1:19:bd:24:8a:f9:8e:e2:ea:c9:
         5b:c1:de:b9:ac:0f:f1:78:0c:77:53:26:36:07:9f:ab:1c:89:
         d0:6d:5a:07:37:d0:31:d4:f4:86:9b:82:03:d8:e4:b1:b1:5f:
         f8:d2:2f:4d:78:02:63:cf:8c:0a:55:b9:fa:29:0d:76:fb:3a:
         e7:e0:18:44:7c:28:e1:4e:1d:1b:3f:c1:4d:bd:28:40:f6:89:
         11:37:5c:4f:19:eb:9e:14:e1:16:6d:f9:34:5e:9d:4c:df:a8:
         20:ae:d6:16:49:10:d0:29:19:8d:63:cb:32:d1:02:40:48:da:
         0e:19:05:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFHt58fFQ/wOigH7UpX6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmN2NjYThhYTNmMTc4Yjk5OWE0NmU1ZmY0ZmE3ZGFmOWY5
ZjJlNmYwHhcNMjQwMTAxMTIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjgxNTc0ZjcwMzlhYmVmZmU0YTI0YzFiYWE3MDAxOWM2MGUzZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57LRSdtGWtySmtFT7cAORAbkHIf1
qZXnc/ahVnezsRw4LxQVvtHnSLmrNYhM6nHkYrvdJNtzCYVnyjrbAkF9dCTUIf1F
NxrhHDswZjHzdr2LTsgcxqqMiZ7GG/gRN+wnGFVy+NKPSyxdRXJWnHuLi/IZMHkm
bx7a5EucHPA2RvaqkX+5wguVPtlrIUyb3ioZ/xjdEAVcH++VkEtEACiRNESwGF+j
U+QBffpjWABO4jHe3P0dTIwqLcnkQMkWc9UyI0ypSeU7eCUndC9zOKqkElLFi7lm
rdV4BkkrIRs5NS5vuf+H47Eq0JW5iDl73MIXh4MnqTJ/5ewfKOL+yUFZIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKBV09wOavv/kokwbqnABnGDj6XMB8GA1UdIwQY
MBaAFO98yoqj8Xi5maRuX/T6fa+fny5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzN6S2lxUHhlTG1acEc1ZjlQcDlyNS1mTG04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8zNmQ2NDItNTY0My00NTRmLWI1YzAt
OTkwNzc3YzM1N2UzLzEvZ29GWFQzQTVxLV8tU2lUQnVxY0FHY1lPUHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8zNmQ2NDItNTY0My00NTRmLWI1YzAtOTkwNzc3YzM1N2Uz
LzEvNzN6S2lxUHhlTG1acEc1ZjlQcDlyNS1mTG04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWfsMMA0G
CSqGSIb3DQEBCwUAA4IBAQCeq1DFflKNhpfwuQhmjVTJp5Br5WVVQj71RZ25rR3z
TswFbit/1MLT6V3nywioUdw9ABBv9g2tt6gdl3rKd9QtrraDRSn9NBAUxb3W/EP/
OZF99tAcOXQ6PnC557MuhwISJTRK1MImKS9sEXUFVnGRxQL8YgiWCLBb4tVMj0pI
t082ov/geeEZvSSK+Y7i6slbwd65rA/xeAx3UyY2B5+rHInQbVoHN9Ax1PSGm4ID
2OSxsV/40i9NeAJjz4wKVbn6KQ12+zrn4BhEfCjhTh0bP8FNvShA9okRN1xPGeue
FOEWbfk0Xp1M36ggrtYWSRDQKRmNY8sy0QJASNoOGQXo
-----END CERTIFICATE-----