Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/fTAOnzvw89k_qO5dnbvE2hFJTVk.roa
File:                     fTAOnzvw89k_qO5dnbvE2hFJTVk.roa (raw, json)
Hash identifier:          ehTWXlh/ZbfxijH2EvHAJxgTlUXKqttSpVN7Tzz2izs=
Subject key identifier:   7D:30:0E:9F:3B:F0:F3:D9:3F:A8:EE:5D:9D:BB:C4:DA:11:49:4D:59
Certificate issuer:       /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial:       018CC56E30D853AB9B93FF4AA57C1649FC67
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/fTAOnzvw89k_qO5dnbvE2hFJTVk.roa
Signing time:             Mon 01 Jan 2024 14:29:42 +0000
ROA not before:           Mon 01 Jan 2024 14:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58238
IP address blocks:        89.188.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:30:d8:53:ab:9b:93:ff:4a:a5:7c:16:49:fc:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
        Validity
            Not Before: Jan  1 14:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d300e9f3bf0f3d93fa8ee5d9dbbc4da11494d59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:3b:bb:a4:c2:9b:48:b1:40:6f:10:03:d9:65:
                    55:51:0d:18:84:89:d8:7d:af:e7:50:82:1a:fc:8f:
                    dc:0a:d4:3b:06:3f:be:2b:ed:ab:ef:a1:86:25:30:
                    55:f3:7b:71:f5:57:4a:61:55:5b:6a:e0:06:9e:65:
                    c8:ea:c8:93:8c:3f:07:dd:e8:7d:54:18:a9:ba:6d:
                    76:45:8e:1d:87:b9:6c:4e:23:5f:6a:6b:d0:3e:09:
                    a2:79:54:69:08:26:1f:2b:6f:66:b7:df:4e:9c:05:
                    1c:10:7a:73:51:9e:e6:08:cf:b4:cd:ef:91:30:5e:
                    5e:63:d7:34:bf:b7:f3:38:ac:3d:ef:e4:b1:5a:bd:
                    cd:be:75:c7:0f:72:ef:0d:ff:1a:aa:2f:8d:12:79:
                    27:52:ae:eb:f9:dd:3f:2a:42:db:f1:f7:eb:e1:e0:
                    73:d3:8c:f0:6d:94:06:80:bb:22:cd:b4:42:bf:be:
                    e7:bb:65:e5:a4:b0:10:d4:bc:43:56:be:2a:f3:b4:
                    82:94:32:2c:d5:d9:23:0c:a7:8b:08:a9:1e:f3:5a:
                    1c:4e:56:d7:33:f5:c3:ee:5a:5b:31:43:42:3d:d0:
                    73:cc:a1:ac:85:3b:6b:e1:8c:60:8c:44:88:ac:e3:
                    de:c5:01:af:89:36:f8:68:f1:6b:b7:60:b5:35:1e:
                    da:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:30:0E:9F:3B:F0:F3:D9:3F:A8:EE:5D:9D:BB:C4:DA:11:49:4D:59
            X509v3 Authority Key Identifier:
                keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/fTAOnzvw89k_qO5dnbvE2hFJTVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.188.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c5:3f:3f:2d:f4:0a:2e:3b:06:5a:b5:da:e2:e2:73:47:15:
         6f:3e:93:e1:11:6c:8a:df:0b:54:46:a1:8a:d6:37:fd:7f:0a:
         0f:44:3f:5e:29:97:68:52:08:9a:02:9e:65:39:43:ba:a1:ce:
         dd:be:20:a1:8b:8f:02:d3:58:4a:18:3d:62:6e:98:5a:45:14:
         54:f4:9b:c0:52:19:64:e2:a6:c0:3e:27:7f:f3:f2:77:83:f7:
         5f:3e:d8:8a:69:a5:46:1f:8a:1a:38:9e:91:82:1c:77:c3:d7:
         96:47:94:07:34:a3:af:c6:ae:a5:43:0f:67:8a:34:6e:a3:de:
         ca:d2:c8:13:3a:5f:0f:22:eb:04:80:6c:d9:ff:fa:97:23:d4:
         d2:bc:d3:3d:75:cd:da:86:d1:db:95:94:cc:7c:58:72:f2:92:
         24:26:bc:ac:5a:9a:14:a8:10:8e:47:46:0a:2d:7d:17:68:2c:
         57:8a:2c:dd:5d:32:ca:f3:aa:b6:ac:28:4b:8d:4d:9e:83:1d:
         fb:72:a0:86:ed:49:02:a8:e0:d0:a2:a2:c6:bb:5c:fd:7e:00:
         6e:21:83:44:0f:6b:f0:17:4b:44:ed:ce:2a:a6:e9:5d:54:bc:
         21:4b:04:73:fb:7f:6d:68:03:65:02:5a:a5:b0:4b:87:7c:b7:
         ce:58:43:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbjDYU6ubk/9KpXwWSfxnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjQwMTAxMTQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDMwMGU5ZjNiZjBmM2Q5M2ZhOGVlNWQ5ZGJiYzRkYTExNDk0ZDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5zu7pMKbSLFAbxAD2WVVUQ0YhInY
fa/nUIIa/I/cCtQ7Bj++K+2r76GGJTBV83tx9VdKYVVbauAGnmXI6siTjD8H3eh9
VBipum12RY4dh7lsTiNfamvQPgmieVRpCCYfK29mt99OnAUcEHpzUZ7mCM+0ze+R
MF5eY9c0v7fzOKw97+SxWr3NvnXHD3LvDf8aqi+NEnknUq7r+d0/KkLb8ffr4eBz
04zwbZQGgLsizbRCv77nu2XlpLAQ1LxDVr4q87SClDIs1dkjDKeLCKke81ocTlbX
M/XD7lpbMUNCPdBzzKGshTtr4YxgjESIrOPexQGviTb4aPFrt2C1NR7aAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0wDp878PPZP6juXZ27xNoRSU1ZMB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvZlRBT256dnc4OWtfcU81ZG5idkUyaEZKVFZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbymMA0G
CSqGSIb3DQEBCwUAA4IBAQBJxT8/LfQKLjsGWrXa4uJzRxVvPpPhEWyK3wtURqGK
1jf9fwoPRD9eKZdoUgiaAp5lOUO6oc7dviChi48C01hKGD1ibphaRRRU9JvAUhlk
4qbAPid/8/J3g/dfPtiKaaVGH4oaOJ6Rghx3w9eWR5QHNKOvxq6lQw9nijRuo97K
0sgTOl8PIusEgGzZ//qXI9TSvNM9dc3ahtHblZTMfFhy8pIkJrysWpoUqBCOR0YK
LX0XaCxXiizdXTLK86q2rChLjU2egx37cqCG7UkCqODQoqLGu1z9fgBuIYNED2vw
F0tE7c4qpuldVLwhSwRz+39taANlAlqlsEuHfLfOWEPJ
-----END CERTIFICATE-----