Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/1-xFlsulLWCNBXXhhouXo9dkZIco.roa
File:                     1-xFlsulLWCNBXXhhouXo9dkZIco.roa (raw, json)
Hash identifier:          qBUqWTIRECDh8tt+RQfXd4KQH9UeakDvw2lDuieHcR0=
Subject key identifier:   FB:11:65:B2:E9:4B:58:23:41:5D:78:61:A2:E5:E8:F5:D9:19:21:CA
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       018D595B1BEF011E1E8A50477D971E38AF19
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/1-xFlsulLWCNBXXhhouXo9dkZIco.roa
Signing time:             Tue 30 Jan 2024 07:52:39 +0000
ROA not before:           Tue 30 Jan 2024 07:52:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13195
IP address blocks:        89.6.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:5b:1b:ef:01:1e:1e:8a:50:47:7d:97:1e:38:af:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan 30 07:52:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb1165b2e94b5823415d7861a2e5e8f5d91921ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f3:45:44:fc:4f:81:b6:3b:1a:85:a5:b0:7c:
                    d2:bb:af:c3:cd:94:db:79:0f:58:1a:e4:9b:63:3f:
                    8d:66:37:c9:eb:48:21:45:23:82:af:21:a0:81:2d:
                    3a:ae:e8:1b:a8:27:41:42:2c:91:ee:20:2e:a1:16:
                    ee:02:dd:e4:53:8a:dc:44:6d:f4:d3:77:71:14:73:
                    c0:28:66:46:d3:f2:bd:84:7e:94:95:d7:66:08:98:
                    74:f5:bd:d0:58:5f:0a:55:e7:01:92:59:4f:b9:03:
                    e1:cb:f6:45:1c:4a:ad:55:83:e7:8a:91:4b:f0:51:
                    1c:23:74:99:37:03:c8:95:f6:ae:0b:39:0a:ce:89:
                    14:bd:b0:12:dd:66:a6:53:d8:5b:3b:30:10:40:1d:
                    75:1c:f0:36:cb:14:04:27:4b:1b:25:87:5b:d4:c6:
                    f6:32:1d:0c:ce:8a:bb:03:0b:8c:b2:7c:8c:fd:c5:
                    3c:00:cf:ad:dd:59:d1:08:eb:3d:d6:d7:e9:ea:95:
                    7d:a1:99:1f:f7:eb:4f:57:d1:dc:1f:f5:12:7f:06:
                    19:c1:21:16:db:d4:d4:ff:10:ce:fd:b2:97:79:8a:
                    8c:97:e1:b4:38:59:47:24:f9:19:78:e9:9f:c4:24:
                    41:b8:60:55:3a:03:76:3f:da:ec:65:5e:12:82:4d:
                    f5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:11:65:B2:E9:4B:58:23:41:5D:78:61:A2:E5:E8:F5:D9:19:21:CA
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/1-xFlsulLWCNBXXhhouXo9dkZIco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.6.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:e8:fd:d9:ea:ce:c8:2c:b2:6e:7d:c9:6f:31:74:7e:b9:d8:
         b9:ce:84:54:48:83:17:0f:84:28:33:6d:cf:3f:65:72:76:da:
         db:c7:c4:f5:9b:22:b1:83:55:cf:12:97:17:a0:f8:12:96:9a:
         2c:99:72:19:36:a4:05:2c:e3:04:e5:21:30:86:05:d9:16:44:
         14:c5:d9:b2:49:5b:9c:e3:21:89:cf:a5:49:c7:3d:0b:64:25:
         7b:d9:8a:7e:3b:75:00:b6:e5:e6:fe:f4:4e:5c:9a:c8:31:a6:
         e9:1e:b6:9b:35:fa:53:1f:30:69:b3:be:52:06:87:9f:ba:04:
         b3:aa:35:b9:a6:1e:f5:52:04:bd:29:f8:87:7a:55:97:ae:a1:
         2e:63:36:ab:b2:57:b7:be:10:cf:e8:d8:c1:ef:2c:11:46:13:
         ce:53:dc:c5:d3:2d:51:1a:2b:4e:0d:b8:73:8a:59:70:f7:09:
         98:ec:89:a9:57:62:0d:c9:52:3a:6a:09:43:63:88:a4:08:be:
         9b:2d:2d:1e:8c:94:2d:dc:a1:f2:5f:08:54:14:ef:30:69:a9:
         c5:07:d8:9d:9b:03:c9:4f:c3:b8:82:55:09:21:a5:d3:10:9e:
         fc:f5:c7:0e:72:a2:ef:61:13:e3:0c:f8:3e:51:50:24:b8:16:
         99:bb:76:61
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY1ZWxvvAR4eilBHfZceOK8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjQwMTMwMDc1MjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjExNjViMmU5NGI1ODIzNDE1ZDc4NjFhMmU1ZThmNWQ5MTkyMWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPNFRPxPgbY7GoWlsHzSu6/DzZTb
eQ9YGuSbYz+NZjfJ60ghRSOCryGggS06rugbqCdBQiyR7iAuoRbuAt3kU4rcRG30
03dxFHPAKGZG0/K9hH6UlddmCJh09b3QWF8KVecBkllPuQPhy/ZFHEqtVYPnipFL
8FEcI3SZNwPIlfauCzkKzokUvbAS3WamU9hbOzAQQB11HPA2yxQEJ0sbJYdb1Mb2
Mh0Mzoq7AwuMsnyM/cU8AM+t3VnRCOs91tfp6pV9oZkf9+tPV9HcH/USfwYZwSEW
29TU/xDO/bKXeYqMl+G0OFlHJPkZeOmfxCRBuGBVOgN2P9rsZV4Sgk31DQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsRZbLpS1gjQV14YaLl6PXZGSHKMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvMS14RmxzdWxMV0NOQlhYaGhvdVhvOWRrWkljby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjcvYzU1YWIwLWVhMjItNGExOS04YjMzLTI1MDUwYzU5M2Fh
MS8xL05TcmpPeEd6YWpHYnFCTkgyRkpJRFk1MHlIMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFkGoDAN
BgkqhkiG9w0BAQsFAAOCAQEAUOj92erOyCyybn3JbzF0frnYuc6EVEiDFw+EKDNt
zz9lcnba28fE9ZsisYNVzxKXF6D4EpaaLJlyGTakBSzjBOUhMIYF2RZEFMXZsklb
nOMhic+lScc9C2Qle9mKfjt1ALbl5v70TlyayDGm6R62mzX6Ux8wabO+UgaHn7oE
s6o1uaYe9VIEvSn4h3pVl66hLmM2q7JXt74Qz+jYwe8sEUYTzlPcxdMtURorTg24
c4pZcPcJmOyJqVdiDclSOmoJQ2OIpAi+my0tHoyULdyh8l8IVBTvMGmpxQfYnZsD
yU/DuIJVCSGl0xCe/PXHDnKi72ET4wz4PlFQJLgWmbt2YQ==
-----END CERTIFICATE-----