Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/SXbBj228KknWyJ4NGCiu_mOFQYI.roa
File:                     SXbBj228KknWyJ4NGCiu_mOFQYI.roa (raw, json)
Hash identifier:          R6eiTIRwjaSy7LartuumzILGaB5bCfKTAZexTfV3iAU=
Subject key identifier:   49:76:C1:8F:6D:BC:2A:49:D6:C8:9E:0D:18:28:AE:FE:63:85:41:82
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019251ADAC92509720E45760D7A5BC9E1DC2
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/SXbBj228KknWyJ4NGCiu_mOFQYI.roa
Signing time:             Thu 03 Oct 2024 09:19:49 +0000
ROA not before:           Thu 03 Oct 2024 09:19:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        89.251.20.0/24 maxlen: 24
                          109.122.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:ad:ac:92:50:97:20:e4:57:60:d7:a5:bc:9e:1d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Oct  3 09:19:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4976c18f6dbc2a49d6c89e0d1828aefe63854182
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9e:af:f8:6d:79:e3:7a:64:db:ba:96:c5:2d:
                    aa:fd:59:0a:a7:a3:b3:c9:62:7d:75:96:f2:1a:ac:
                    f5:71:a9:89:b4:c4:3b:02:b6:82:f0:7f:fa:a6:32:
                    e4:ef:c9:58:21:53:d5:4c:86:88:90:39:25:61:06:
                    d4:56:24:f8:e3:80:65:22:c9:82:90:c1:1e:c0:f3:
                    73:83:52:59:6b:ff:1f:58:b0:ba:f7:a7:88:9c:ee:
                    ec:6e:e0:3e:42:e0:0f:89:73:59:32:d9:bd:ba:3a:
                    bc:e5:a5:e6:d6:9e:9f:4e:63:d7:ac:e0:57:ec:f3:
                    93:56:4d:2a:8f:7f:e7:66:a1:01:82:91:b0:77:64:
                    04:fe:df:45:a5:1b:04:cf:c6:71:1d:c5:a4:5d:ed:
                    3c:53:c6:85:1c:be:ad:de:08:e9:f7:e1:b2:25:29:
                    f9:e2:f0:36:87:4b:81:a9:59:23:6d:f6:d7:85:84:
                    33:94:59:ad:69:b8:22:32:12:ae:91:7a:7f:0b:24:
                    78:3d:08:4a:d0:14:2d:e2:e0:8d:97:2d:04:28:23:
                    ac:dd:a1:02:76:e9:e7:03:84:19:ba:1a:c4:26:32:
                    0a:74:11:59:3d:52:ff:3b:83:0b:f9:81:94:87:9c:
                    28:77:bf:f6:d0:9f:bc:ad:bb:bb:cb:3b:b4:75:71:
                    4b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:76:C1:8F:6D:BC:2A:49:D6:C8:9E:0D:18:28:AE:FE:63:85:41:82
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/SXbBj228KknWyJ4NGCiu_mOFQYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.20.0/24
                  109.122.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:3e:e0:52:68:57:9b:c6:a8:5d:43:15:4c:98:7b:4a:83:04:
         31:11:22:08:ad:56:eb:e3:20:f9:de:c0:ed:73:cc:86:94:40:
         ca:ac:57:18:a1:22:05:65:14:a5:e3:c8:64:3c:ee:b6:a6:e8:
         b1:42:c2:20:02:9e:c7:2b:2a:08:b5:11:3d:47:c6:c8:e3:33:
         d0:42:a7:02:77:5a:a0:9a:cf:2a:49:0e:25:fb:60:0e:26:5a:
         db:eb:f7:56:1d:d1:97:de:4e:9f:4a:64:2b:57:d7:c7:84:6e:
         c9:22:c3:7c:ae:f3:27:77:38:1c:ce:46:8d:e4:33:34:09:7d:
         54:97:65:d0:8c:a9:a4:03:a0:5f:f0:68:8c:e9:19:41:95:87:
         cf:a7:a9:66:fa:d0:c6:bf:d0:71:32:3c:39:ef:07:27:29:41:
         c5:f1:88:c0:fb:c3:9c:7d:2a:de:1e:a5:c8:90:26:d8:28:4b:
         8d:1b:2e:c6:10:91:16:5e:a7:ed:d0:23:79:d4:ef:d9:d5:45:
         b0:10:25:c5:1d:79:5a:68:0e:44:dc:30:20:51:85:0e:d2:5d:
         ef:a3:80:c3:0d:03:b6:53:10:ba:16:bc:27:69:ef:0a:e8:55:
         8f:84:ce:fb:af:99:b3:06:09:d3:b8:a3:5d:d6:f6:f3:f7:48:
         ec:8a:51:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJRraySUJcg5Fdg16W8nh3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQxMDAzMDkxOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTc2YzE4ZjZkYmMyYTQ5ZDZjODllMGQxODI4YWVmZTYzODU0MTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj56v+G1543pk27qWxS2q/VkKp6Oz
yWJ9dZbyGqz1camJtMQ7AraC8H/6pjLk78lYIVPVTIaIkDklYQbUViT444BlIsmC
kMEewPNzg1JZa/8fWLC696eInO7sbuA+QuAPiXNZMtm9ujq85aXm1p6fTmPXrOBX
7POTVk0qj3/nZqEBgpGwd2QE/t9FpRsEz8ZxHcWkXe08U8aFHL6t3gjp9+GyJSn5
4vA2h0uBqVkjbfbXhYQzlFmtabgiMhKukXp/CyR4PQhK0BQt4uCNly0EKCOs3aEC
dunnA4QZuhrEJjIKdBFZPVL/O4ML+YGUh5wod7/20J+8rbu7yzu0dXFLAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEl2wY9tvCpJ1sieDRgorv5jhUGCMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvU1hiQmoyMjhLa25XeUo0TkdDaXVfbU9GUVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfsUAwQA
bXosMA0GCSqGSIb3DQEBCwUAA4IBAQB+PuBSaFebxqhdQxVMmHtKgwQxESIIrVbr
4yD53sDtc8yGlEDKrFcYoSIFZRSl48hkPO62puixQsIgAp7HKyoItRE9R8bI4zPQ
QqcCd1qgms8qSQ4l+2AOJlrb6/dWHdGX3k6fSmQrV9fHhG7JIsN8rvMndzgczkaN
5DM0CX1Ul2XQjKmkA6Bf8GiM6RlBlYfPp6lm+tDGv9BxMjw57wcnKUHF8YjA+8Oc
fSreHqXIkCbYKEuNGy7GEJEWXqft0CN51O/Z1UWwECXFHXlaaA5E3DAgUYUO0l3v
o4DDDQO2UxC6Frwnae8K6FWPhM77r5mzBgnTuKNd1vbz90jsilGx
-----END CERTIFICATE-----