Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/R5nsU1-MDjIyjoMi28elsRic3PU.roa
File:                     R5nsU1-MDjIyjoMi28elsRic3PU.roa (raw, json)
Hash identifier:          Ld9PUBMQBAUDWm2tYhScVJkRDp0RL897MYM0Oc+CNk8=
Subject key identifier:   47:99:EC:53:5F:8C:0E:32:32:8E:83:22:DB:C7:A5:B1:18:9C:DC:F5
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0193070EA940943F8F3D226145FC725B7D81
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/R5nsU1-MDjIyjoMi28elsRic3PU.roa
Signing time:             Thu 07 Nov 2024 14:37:01 +0000
ROA not before:           Thu 07 Nov 2024 14:37:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        89.21.86.0/24 maxlen: 24
                          89.251.24.0/24 maxlen: 24
                          109.122.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:07:0e:a9:40:94:3f:8f:3d:22:61:45:fc:72:5b:7d:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Nov  7 14:37:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4799ec535f8c0e32328e8322dbc7a5b1189cdcf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f2:a9:1f:ea:b3:e4:a6:4d:6c:aa:ee:bf:24:
                    4e:78:ed:e6:b9:ea:8d:a2:84:b5:eb:3c:be:00:6b:
                    26:cf:b0:34:9d:1c:ce:af:1c:5f:98:80:ad:38:7a:
                    35:c3:55:20:4c:24:c7:2d:c7:01:82:21:f4:38:31:
                    e2:a3:d4:6f:97:0d:75:f6:9f:98:bb:6c:ec:ef:0a:
                    67:f1:2a:a2:50:aa:83:ef:b1:6c:a6:29:68:c1:fd:
                    6d:94:da:ab:b6:85:e6:17:26:4b:39:e3:50:be:cd:
                    f2:41:35:23:31:3d:4b:71:5a:6f:ae:08:d6:25:71:
                    09:e8:68:2d:bb:e9:38:c8:46:22:db:d5:9e:bc:2e:
                    a9:3e:93:81:85:e2:e5:dc:20:74:50:ce:5f:bb:76:
                    08:cb:9f:79:ca:f3:04:46:e4:11:9f:c4:8d:c9:62:
                    1b:90:93:cb:83:a3:b6:9a:f5:92:d5:7c:31:6b:ba:
                    44:a8:3f:17:3f:ba:69:2a:9a:22:75:17:5a:27:d8:
                    c8:e0:5f:82:52:a6:e8:a5:63:5f:b7:eb:64:07:29:
                    b5:3f:f8:05:b8:4b:23:a5:97:55:86:0c:47:6e:de:
                    af:ae:e7:41:3e:63:da:bc:8b:6c:f4:b0:20:a1:de:
                    26:31:00:61:18:24:cb:08:0e:1f:fa:92:62:ca:76:
                    cc:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:99:EC:53:5F:8C:0E:32:32:8E:83:22:DB:C7:A5:B1:18:9C:DC:F5
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/R5nsU1-MDjIyjoMi28elsRic3PU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.21.86.0/24
                  89.251.24.0/24
                  109.122.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:74:87:11:c9:b2:72:fb:15:c9:83:8b:b9:97:6b:20:e7:11:
         d6:16:b7:5e:58:56:1e:89:b9:df:4e:71:b1:b4:ca:a1:f9:fb:
         27:4b:97:b6:76:0f:85:1a:a1:e1:de:c6:89:20:14:ca:d4:28:
         bd:0b:67:12:a7:87:b3:7a:a5:05:41:5c:28:14:27:a1:17:cc:
         9e:ca:fd:c7:04:37:f6:66:0e:69:c2:11:43:c5:cc:97:82:0b:
         ae:1e:ad:38:40:32:dd:49:31:bb:f2:97:6d:df:1b:eb:8d:74:
         2b:cf:fc:54:72:cf:4a:ca:b1:bf:dd:5c:2c:be:60:b4:ea:ab:
         0d:14:d1:25:0a:14:ae:ad:50:51:5b:bd:8e:20:5e:8b:e3:13:
         6d:9a:e5:64:92:b4:d6:cc:8a:f2:68:db:2d:51:99:22:19:8f:
         bb:38:85:27:fc:30:ec:7f:16:c1:54:4d:52:84:62:9f:76:f6:
         ac:21:ba:bf:df:f2:97:fe:3e:cf:d2:f1:e9:90:60:b2:c4:3f:
         f4:af:1c:0d:7e:72:f9:50:b9:75:72:32:a8:61:b4:e2:45:e9:
         d4:5a:2d:9e:b2:cf:8b:5d:09:63:6d:3c:1b:24:7d:a0:4e:c7:
         5a:f2:7d:bd:46:66:77:87:30:0e:50:ef:ae:4f:ce:b0:3c:26:
         3a:0a:7b:94
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMHDqlAlD+PPSJhRfxyW32BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQxMTA3MTQzNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzk5ZWM1MzVmOGMwZTMyMzI4ZTgzMjJkYmM3YTViMTE4OWNkY2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/KpH+qz5KZNbKruvyROeO3mueqN
ooS16zy+AGsmz7A0nRzOrxxfmICtOHo1w1UgTCTHLccBgiH0ODHio9Rvlw119p+Y
u2zs7wpn8SqiUKqD77Fspilowf1tlNqrtoXmFyZLOeNQvs3yQTUjMT1LcVpvrgjW
JXEJ6Ggtu+k4yEYi29WevC6pPpOBheLl3CB0UM5fu3YIy595yvMERuQRn8SNyWIb
kJPLg6O2mvWS1Xwxa7pEqD8XP7ppKpoidRdaJ9jI4F+CUqbopWNft+tkBym1P/gF
uEsjpZdVhgxHbt6vrudBPmPavIts9LAgod4mMQBhGCTLCA4f+pJiynbMjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEeZ7FNfjA4yMo6DItvHpbEYnNz1MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvUjVuc1UxLU1Eakl5am9NaTI4ZWxzUmljM1BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWRVWAwQA
WfsYAwQAbXorMA0GCSqGSIb3DQEBCwUAA4IBAQAEdIcRybJy+xXJg4u5l2sg5xHW
FrdeWFYeibnfTnGxtMqh+fsnS5e2dg+FGqHh3saJIBTK1Ci9C2cSp4ezeqUFQVwo
FCehF8yeyv3HBDf2Zg5pwhFDxcyXgguuHq04QDLdSTG78pdt3xvrjXQrz/xUcs9K
yrG/3VwsvmC06qsNFNElChSurVBRW72OIF6L4xNtmuVkkrTWzIryaNstUZkiGY+7
OIUn/DDsfxbBVE1ShGKfdvasIbq/3/KX/j7P0vHpkGCyxD/0rxwNfnL5ULl1cjKo
YbTiRenUWi2ess+LXQljbTwbJH2gTsda8n29RmZ3hzAOUO+uT86wPCY6CnuU
-----END CERTIFICATE-----