Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/bC8iiFUQqEKwr9wp_qAeWA7cBI4.roa
File:                     bC8iiFUQqEKwr9wp_qAeWA7cBI4.roa (raw, json)
Hash identifier:          P2wniniN2KWgolt+mTDRtfdfdWbu9EdU3+5KQU/zOzI=
Subject key identifier:   6C:2F:22:88:55:10:A8:42:B0:AF:DC:29:FE:A0:1E:58:0E:DC:04:8E
Certificate issuer:       /CN=87be093097097c4457ff5aa3e5893c8c15432612
Certificate serial:       018CC8DF827E61FACF0E79DD58F8B7A7DD70
Authority key identifier: 87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/bC8iiFUQqEKwr9wp_qAeWA7cBI4.roa
Signing time:             Tue 02 Jan 2024 06:32:20 +0000
ROA not before:           Tue 02 Jan 2024 06:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210856
IP address blocks:        89.35.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:82:7e:61:fa:cf:0e:79:dd:58:f8:b7:a7:dd:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87be093097097c4457ff5aa3e5893c8c15432612
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c2f22885510a842b0afdc29fea01e580edc048e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:56:20:d6:79:d2:57:cc:17:08:1d:8d:a2:cc:
                    25:d9:5d:ae:2c:b4:94:a3:65:cc:fe:4c:9f:7c:79:
                    6f:de:06:2f:37:39:63:5b:15:ff:7b:04:e8:1f:89:
                    83:eb:45:60:81:cc:9e:33:65:26:02:8f:a5:7b:85:
                    6b:e8:05:6b:07:3b:cf:1c:6f:03:ce:95:33:c9:95:
                    23:ea:b7:ef:5e:2a:e2:f0:27:5e:06:b1:7b:53:a6:
                    1e:93:5f:c2:eb:ed:d5:69:08:57:ef:b5:ec:b1:9f:
                    00:42:f1:20:ae:8f:22:9f:07:2d:d2:38:a7:65:37:
                    3b:29:47:6f:19:6e:f4:af:23:01:53:27:af:87:bc:
                    4f:9d:80:a3:ff:10:0c:d1:5e:da:4e:ac:af:bd:4d:
                    5d:7f:eb:06:c5:1e:f2:9a:fb:0d:8e:42:db:2c:05:
                    5b:a1:55:b2:f5:0d:f6:7f:5c:fb:36:ea:95:ae:3e:
                    c1:79:25:6c:df:18:9b:2a:89:de:a3:2d:21:4f:38:
                    d4:2a:d7:a0:61:74:83:ce:a8:8b:b8:99:90:69:6b:
                    f8:2b:fa:7e:78:65:60:b8:87:be:8a:9b:0a:d9:d1:
                    88:92:ee:e2:1c:96:f8:3f:74:f0:0b:df:a0:93:41:
                    4e:a7:d4:d9:00:5d:98:43:bc:34:51:17:52:18:c7:
                    b5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:2F:22:88:55:10:A8:42:B0:AF:DC:29:FE:A0:1E:58:0E:DC:04:8E
            X509v3 Authority Key Identifier:
                keyid:87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/bC8iiFUQqEKwr9wp_qAeWA7cBI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:1e:6f:f8:8c:ee:9c:b7:6c:ff:6f:ec:ac:3b:ea:a8:ce:63:
         5e:96:37:d0:e2:ee:bd:50:fb:55:db:ee:67:4f:06:d3:2f:8d:
         cb:36:b2:0c:5d:e0:c1:73:41:f7:e0:a4:27:58:5f:10:e6:ba:
         fd:d8:96:99:f5:68:ef:64:31:36:ab:69:ec:52:5f:ff:7e:a4:
         48:5f:3e:b2:f7:da:8b:7c:27:61:6c:d5:dd:98:c8:31:0f:2e:
         6a:d5:9f:0b:d4:78:9b:2e:11:4e:ff:1e:09:69:6f:22:50:30:
         70:50:5e:68:00:73:79:15:4a:27:67:f7:e0:f9:1b:87:5a:9d:
         14:08:61:70:d1:f2:8e:30:01:ee:41:6a:e5:92:35:71:39:1c:
         87:9e:bf:c6:60:5f:a6:0d:f5:e5:fe:55:12:55:0e:37:f1:49:
         3a:ec:fb:7e:2b:8f:43:a2:05:b5:31:a1:6c:ea:d4:4e:7c:81:
         55:da:de:e6:bb:f5:52:f6:ec:f4:96:87:7a:f6:58:c4:6a:89:
         ca:15:e2:01:9d:2e:8d:89:dc:57:09:fa:57:b2:02:60:32:a4:
         97:a5:dc:8b:dc:83:cd:32:50:1f:74:24:53:68:94:5a:a6:12:
         07:ac:76:b1:db:60:e6:1a:2b:78:fa:3d:26:30:e7:a5:ed:8e:
         88:d7:fa:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34J+YfrPDnndWPi3p91wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YmUwOTMwOTcwOTdjNDQ1N2ZmNWFhM2U1ODkzYzhjMTU0
MzI2MTIwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzJmMjI4ODU1MTBhODQyYjBhZmRjMjlmZWEwMWU1ODBlZGMwNDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1Yg1nnSV8wXCB2Noswl2V2uLLSU
o2XM/kyffHlv3gYvNzljWxX/ewToH4mD60VggcyeM2UmAo+le4Vr6AVrBzvPHG8D
zpUzyZUj6rfvXiri8CdeBrF7U6Yek1/C6+3VaQhX77XssZ8AQvEgro8inwct0jin
ZTc7KUdvGW70ryMBUyevh7xPnYCj/xAM0V7aTqyvvU1df+sGxR7ymvsNjkLbLAVb
oVWy9Q32f1z7NuqVrj7BeSVs3xibKoneoy0hTzjUKtegYXSDzqiLuJmQaWv4K/p+
eGVguIe+ipsK2dGIku7iHJb4P3TwC9+gk0FOp9TZAF2YQ7w0URdSGMe1ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwvIohVEKhCsK/cKf6gHlgO3ASOMB8GA1UdIwQY
MBaAFIe+CTCXCXxEV/9ao+WJPIwVQyYSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMt
MmNkZTY1ZjMxMTJhLzEvYkM4aWlGVVFxRUt3cjl3cF9xQWVXQTdjQkk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMtMmNkZTY1ZjMxMTJh
LzEvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSMxMA0G
CSqGSIb3DQEBCwUAA4IBAQBRHm/4jO6ct2z/b+ysO+qozmNeljfQ4u69UPtV2+5n
TwbTL43LNrIMXeDBc0H34KQnWF8Q5rr92JaZ9WjvZDE2q2nsUl//fqRIXz6y99qL
fCdhbNXdmMgxDy5q1Z8L1HibLhFO/x4JaW8iUDBwUF5oAHN5FUonZ/fg+RuHWp0U
CGFw0fKOMAHuQWrlkjVxORyHnr/GYF+mDfXl/lUSVQ438Uk67Pt+K49DogW1MaFs
6tROfIFV2t7mu/VS9uz0lod69ljEaonKFeIBnS6NidxXCfpXsgJgMqSXpdyL3IPN
MlAfdCRTaJRaphIHrHax22DmGit4+j0mMOel7Y6I1/rz
-----END CERTIFICATE-----