Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/BZaO1sP7MOhJq2rOiVjmlLYSGUo.roa
File:                     BZaO1sP7MOhJq2rOiVjmlLYSGUo.roa (raw, json)
Hash identifier:          vd6WIxbRL19nu34YKQlZanBk2BFKTIdpVBh0aLvBEfI=
Subject key identifier:   05:96:8E:D6:C3:FB:30:E8:49:AB:6A:CE:89:58:E6:94:B6:12:19:4A
Certificate issuer:       /CN=87be093097097c4457ff5aa3e5893c8c15432612
Certificate serial:       018CC8DF822161653E54FD2A6A1E8FDE012E
Authority key identifier: 87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/BZaO1sP7MOhJq2rOiVjmlLYSGUo.roa
Signing time:             Tue 02 Jan 2024 06:32:20 +0000
ROA not before:           Tue 02 Jan 2024 06:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50917
IP address blocks:        89.37.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:82:21:61:65:3e:54:fd:2a:6a:1e:8f:de:01:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87be093097097c4457ff5aa3e5893c8c15432612
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05968ed6c3fb30e849ab6ace8958e694b612194a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:72:78:97:a5:84:81:d7:ef:2c:8e:b5:95:a8:
                    82:28:5f:2d:88:35:f1:ef:15:a6:9a:89:78:8f:c8:
                    64:0f:18:5c:06:af:74:55:b2:f7:c6:c7:d3:13:90:
                    98:f0:8a:43:d9:bd:86:8d:ac:34:df:bd:e5:44:d5:
                    df:87:cb:42:30:08:d7:ba:ce:c3:54:f0:b5:14:66:
                    e6:e5:ad:22:f5:86:3e:b7:42:13:14:e1:4d:d4:ea:
                    f6:b5:82:24:d6:0d:73:76:37:17:3c:71:2c:83:c9:
                    52:8e:58:46:04:c2:72:db:f0:ab:2d:61:80:74:ea:
                    24:18:16:dc:7c:38:93:cb:3a:4c:23:ee:72:d4:5f:
                    8c:20:84:6a:10:c5:9b:a3:e3:9e:3a:77:aa:19:fb:
                    d3:20:dd:ae:6a:8f:f8:90:a2:27:cc:30:4c:6c:6e:
                    8e:f3:e2:7a:cf:9d:2f:ae:39:23:23:c9:b8:28:ea:
                    f6:b3:04:1e:dc:23:b8:79:73:06:ba:03:df:16:ce:
                    63:72:a8:19:ab:03:80:8e:a8:f6:a6:fa:06:24:c5:
                    06:0e:30:2e:2c:bb:7c:2b:0f:3c:6a:95:9d:6d:bb:
                    fa:e4:7b:5d:68:68:04:ca:35:9a:dc:e7:be:69:b3:
                    40:99:15:71:1d:9b:ce:c1:7a:27:0b:83:53:db:a5:
                    43:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:96:8E:D6:C3:FB:30:E8:49:AB:6A:CE:89:58:E6:94:B6:12:19:4A
            X509v3 Authority Key Identifier:
                keyid:87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/BZaO1sP7MOhJq2rOiVjmlLYSGUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:35:5f:f5:76:83:be:19:63:48:04:9a:60:31:2a:e4:fa:53:
         1c:92:74:98:71:83:a6:d0:cd:10:a4:84:5f:d4:a4:bb:b5:68:
         fb:99:d3:2e:14:3a:c3:a5:50:39:be:40:e9:0a:70:5e:a1:95:
         0a:01:91:4d:41:91:89:74:cf:1d:af:11:44:05:73:f1:41:ac:
         22:76:f2:51:b9:8d:19:36:55:f4:7b:3e:86:c1:b7:36:d8:64:
         c2:7b:79:30:94:cc:f0:1d:d3:fe:e4:7c:9f:f6:ee:07:fc:14:
         25:a6:eb:e5:6d:70:3d:e3:bf:bd:8c:7a:40:4a:f4:9b:d5:c2:
         77:a0:dc:e1:98:31:a2:74:43:d6:58:63:dc:0f:d8:8f:fa:23:
         34:84:38:af:3e:8a:f2:bc:1c:ae:19:8a:f6:91:14:f2:d6:5b:
         7b:c7:17:19:66:76:b6:cb:fc:fd:19:42:b1:c6:d7:49:3c:13:
         a9:4e:e9:42:44:3a:10:e2:38:5d:26:f3:55:87:53:4b:4c:06:
         95:d6:2b:fe:77:3a:df:4d:f6:be:22:eb:0d:5e:66:38:8e:af:
         97:6f:21:ec:8c:6e:b2:dc:ea:58:c4:ae:68:9d:f1:2e:d2:e0:
         e7:ce:f9:a2:10:98:ce:69:c5:f0:2e:f5:5e:70:dd:3f:3b:a1:
         9f:26:94:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34IhYWU+VP0qah6P3gEuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YmUwOTMwOTcwOTdjNDQ1N2ZmNWFhM2U1ODkzYzhjMTU0
MzI2MTIwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTk2OGVkNmMzZmIzMGU4NDlhYjZhY2U4OTU4ZTY5NGI2MTIxOTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXJ4l6WEgdfvLI61laiCKF8tiDXx
7xWmmol4j8hkDxhcBq90VbL3xsfTE5CY8IpD2b2Gjaw0373lRNXfh8tCMAjXus7D
VPC1FGbm5a0i9YY+t0ITFOFN1Or2tYIk1g1zdjcXPHEsg8lSjlhGBMJy2/CrLWGA
dOokGBbcfDiTyzpMI+5y1F+MIIRqEMWbo+OeOneqGfvTIN2uao/4kKInzDBMbG6O
8+J6z50vrjkjI8m4KOr2swQe3CO4eXMGugPfFs5jcqgZqwOAjqj2pvoGJMUGDjAu
LLt8Kw88apWdbbv65HtdaGgEyjWa3Oe+abNAmRVxHZvOwXonC4NT26VD1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWWjtbD+zDoSatqzolY5pS2EhlKMB8GA1UdIwQY
MBaAFIe+CTCXCXxEV/9ao+WJPIwVQyYSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMt
MmNkZTY1ZjMxMTJhLzEvQlphTzFzUDdNT2hKcTJyT2lWam1sTFlTR1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMtMmNkZTY1ZjMxMTJh
LzEvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSViMA0G
CSqGSIb3DQEBCwUAA4IBAQBzNV/1doO+GWNIBJpgMSrk+lMcknSYcYOm0M0QpIRf
1KS7tWj7mdMuFDrDpVA5vkDpCnBeoZUKAZFNQZGJdM8drxFEBXPxQawidvJRuY0Z
NlX0ez6Gwbc22GTCe3kwlMzwHdP+5Hyf9u4H/BQlpuvlbXA947+9jHpASvSb1cJ3
oNzhmDGidEPWWGPcD9iP+iM0hDivPoryvByuGYr2kRTy1lt7xxcZZna2y/z9GUKx
xtdJPBOpTulCRDoQ4jhdJvNVh1NLTAaV1iv+dzrfTfa+IusNXmY4jq+XbyHsjG6y
3OpYxK5onfEu0uDnzvmiEJjOacXwLvVecN0/O6GfJpQ/
-----END CERTIFICATE-----