Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/O2ma6e4n9J_y5lNwB7YrpxV4giQ.roa
File:                     O2ma6e4n9J_y5lNwB7YrpxV4giQ.roa (raw, json)
Hash identifier:          JvdcaPCJpCW3i/maN1O2X0Nq+DG0mX/pWbO1b86Irbo=
Subject key identifier:   3B:69:9A:E9:EE:27:F4:9F:F2:E6:53:70:07:B6:2B:A7:15:78:82:24
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0192688B8D7F59014007F134A2A8359B0EC7
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/O2ma6e4n9J_y5lNwB7YrpxV4giQ.roa
Signing time:             Mon 07 Oct 2024 19:53:49 +0000
ROA not before:           Mon 07 Oct 2024 19:53:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60949
IP address blocks:        89.251.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:68:8b:8d:7f:59:01:40:07:f1:34:a2:a8:35:9b:0e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Oct  7 19:53:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b699ae9ee27f49ff2e6537007b62ba715788224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fb:88:a1:da:ba:6e:d9:31:33:0e:31:ff:55:
                    f5:28:b6:bf:6e:ee:eb:4f:e5:76:2a:9b:55:51:cf:
                    58:20:b7:85:d1:2f:c7:bc:64:24:36:ec:ad:f8:31:
                    ce:4b:a7:24:eb:11:66:7a:bf:dd:1b:52:09:d0:06:
                    56:eb:70:82:d0:4d:2b:fa:c6:eb:70:70:d8:6f:e9:
                    6b:14:8b:e3:43:d4:42:a7:43:59:a9:50:17:7c:f8:
                    a7:cb:1c:20:51:99:5a:25:40:02:6c:50:e9:38:b1:
                    fa:92:25:1c:99:c2:0b:a3:24:c2:17:58:28:0a:03:
                    2e:7f:b1:af:09:ec:b4:f0:44:5c:b3:29:61:d6:9e:
                    82:37:69:6d:07:ef:75:c1:2a:23:66:38:fd:d4:6b:
                    f0:aa:a9:fd:f8:79:e9:7c:d9:54:89:1b:0b:b7:ab:
                    a1:2c:b5:86:12:e7:ee:e5:e9:d8:7c:65:15:b3:1c:
                    15:02:72:49:0a:05:58:da:f1:ee:4e:88:45:30:f8:
                    94:81:25:4d:a1:d1:6c:2e:46:a0:a5:a1:2e:9d:56:
                    14:02:7d:de:fe:5a:ac:b3:eb:d0:44:2e:39:ba:09:
                    65:40:7c:72:37:1e:1d:15:00:e6:54:bc:94:ef:11:
                    99:f7:33:66:0e:67:32:67:51:45:e5:e6:bb:76:6f:
                    3f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:69:9A:E9:EE:27:F4:9F:F2:E6:53:70:07:B6:2B:A7:15:78:82:24
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/O2ma6e4n9J_y5lNwB7YrpxV4giQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:2f:db:36:96:28:25:a6:44:63:0b:27:ae:77:0e:a8:36:a7:
         f5:46:65:83:dc:ff:d2:43:7b:95:1e:98:89:38:79:24:10:2c:
         f0:da:5d:2f:1d:e8:f9:e8:ae:6a:d3:70:c1:e1:f5:d0:a6:19:
         35:90:b6:d8:f7:c4:d9:27:2d:2a:28:5f:68:a5:da:94:3a:af:
         15:b9:29:84:5a:01:6f:55:ef:c6:61:7a:37:f2:f6:ea:59:c5:
         46:40:db:b1:57:f1:38:01:a8:fd:22:96:e1:64:30:90:d0:4f:
         ef:06:23:ae:65:60:dc:7b:bf:20:a5:d5:24:9b:59:79:85:41:
         6f:57:7a:80:b0:b8:3e:77:24:6a:b3:a3:c1:f9:37:e2:b2:c2:
         25:e5:95:b7:2a:b6:77:8b:a5:3f:5a:cc:99:09:38:70:d9:ef:
         c0:38:1a:cb:4a:83:7b:93:f0:2a:ca:96:1f:bf:eb:dc:b2:90:
         92:0b:51:78:76:e9:85:43:fc:06:1c:58:94:24:cf:ac:76:9a:
         47:c2:63:f0:99:6a:5c:67:8c:a4:78:e4:13:9f:fa:fe:2c:ce:
         e4:8c:c3:25:4d:03:3d:e6:72:99:b2:44:b4:8d:ec:c4:9f:d3:
         6e:ba:bc:56:5e:86:f8:9f:d1:09:35:f1:1f:fd:39:62:41:84:
         fa:00:88:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJoi41/WQFAB/E0oqg1mw7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQxMDA3MTk1MzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjY5OWFlOWVlMjdmNDlmZjJlNjUzNzAwN2I2MmJhNzE1Nzg4MjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufuIodq6btkxMw4x/1X1KLa/bu7r
T+V2KptVUc9YILeF0S/HvGQkNuyt+DHOS6ck6xFmer/dG1IJ0AZW63CC0E0r+sbr
cHDYb+lrFIvjQ9RCp0NZqVAXfPinyxwgUZlaJUACbFDpOLH6kiUcmcILoyTCF1go
CgMuf7GvCey08ERcsylh1p6CN2ltB+91wSojZjj91Gvwqqn9+HnpfNlUiRsLt6uh
LLWGEufu5enYfGUVsxwVAnJJCgVY2vHuTohFMPiUgSVNodFsLkagpaEunVYUAn3e
/lqss+vQRC45ugllQHxyNx4dFQDmVLyU7xGZ9zNmDmcyZ1FF5ea7dm8/5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtpmunuJ/Sf8uZTcAe2K6cVeIIkMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvTzJtYTZlNG45Sl95NWxOd0I3WXJweFY0Z2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsbMA0G
CSqGSIb3DQEBCwUAA4IBAQBTL9s2liglpkRjCyeudw6oNqf1RmWD3P/SQ3uVHpiJ
OHkkECzw2l0vHej56K5q03DB4fXQphk1kLbY98TZJy0qKF9opdqUOq8VuSmEWgFv
Ve/GYXo38vbqWcVGQNuxV/E4Aaj9IpbhZDCQ0E/vBiOuZWDce78gpdUkm1l5hUFv
V3qAsLg+dyRqs6PB+TfissIl5ZW3KrZ3i6U/WsyZCThw2e/AOBrLSoN7k/AqypYf
v+vcspCSC1F4dumFQ/wGHFiUJM+sdppHwmPwmWpcZ4ykeOQTn/r+LM7kjMMlTQM9
5nKZskS0jezEn9NuurxWXob4n9EJNfEf/TliQYT6AIia
-----END CERTIFICATE-----