Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/tPy85pT4b5ELszzb5Ukl719hWVc.roa
File:                     tPy85pT4b5ELszzb5Ukl719hWVc.roa (raw, json)
Hash identifier:          5ERiG4dgGsNlY9huevA3k4YOi/B4NqI3zSTPGwpJ+rM=
Subject key identifier:   B4:FC:BC:E6:94:F8:6F:91:0B:B3:3C:DB:E5:49:25:EF:5F:61:59:57
Certificate issuer:       /CN=b80633fe79a6296109fdbf6475d4c2a65e2d4f1c
Certificate serial:       018CC2DB313C4A9B927C873ADBFAD93B479B
Authority key identifier: B8:06:33:FE:79:A6:29:61:09:FD:BF:64:75:D4:C2:A6:5E:2D:4F:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAYz_nmmKWEJ_b9kddTCpl4tTxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/tPy85pT4b5ELszzb5Ukl719hWVc.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199599
IP address blocks:        89.20.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/uAYz_nmmKWEJ_b9kddTCpl4tTxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/uAYz_nmmKWEJ_b9kddTCpl4tTxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAYz_nmmKWEJ_b9kddTCpl4tTxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:31:3c:4a:9b:92:7c:87:3a:db:fa:d9:3b:47:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b80633fe79a6296109fdbf6475d4c2a65e2d4f1c
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4fcbce694f86f910bb33cdbe54925ef5f615957
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a5:25:15:39:7b:e6:e3:2d:0d:08:98:1c:1f:
                    53:06:ea:3f:65:bd:48:03:fc:59:bb:b4:50:37:96:
                    e8:b8:1c:1d:48:fb:4a:61:0d:f2:d7:aa:0f:05:01:
                    08:57:76:1e:97:09:a9:09:61:af:aa:3c:46:2f:b0:
                    a5:49:81:e3:1e:d4:27:5e:63:74:7a:79:8d:de:4f:
                    f5:98:f1:42:92:34:dc:ef:a0:ac:08:28:4f:db:7a:
                    fd:a5:48:c0:e3:24:5a:ee:b8:da:46:86:a5:7c:ca:
                    88:4e:41:3a:7f:33:eb:04:30:82:c2:18:c4:3b:39:
                    b4:b4:8b:32:87:dc:12:95:b4:26:c1:7b:47:7a:d5:
                    81:63:f0:de:59:8f:8d:2c:e2:0e:55:e0:66:99:24:
                    80:b3:13:a1:c2:c8:78:01:80:48:0a:a5:8c:6c:a0:
                    2e:26:98:b2:46:10:21:f5:74:39:be:02:78:40:89:
                    e7:2d:f4:7e:d2:41:56:25:4c:69:69:c0:fa:8d:03:
                    7e:16:24:fb:96:bc:06:78:68:5f:71:fe:6c:5f:61:
                    3b:ca:03:7b:80:d3:5d:a4:b8:23:04:88:ea:6f:f5:
                    29:6a:cc:bc:1c:aa:56:52:d3:04:bc:68:79:cd:a7:
                    64:3d:e3:ab:b6:af:05:0a:f7:92:ff:c9:93:cf:da:
                    86:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:FC:BC:E6:94:F8:6F:91:0B:B3:3C:DB:E5:49:25:EF:5F:61:59:57
            X509v3 Authority Key Identifier:
                keyid:B8:06:33:FE:79:A6:29:61:09:FD:BF:64:75:D4:C2:A6:5E:2D:4F:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAYz_nmmKWEJ_b9kddTCpl4tTxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/tPy85pT4b5ELszzb5Ukl719hWVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/uAYz_nmmKWEJ_b9kddTCpl4tTxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.20.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:f3:d0:df:1c:45:8b:1e:33:cb:bc:91:60:09:04:7b:b3:88:
         9d:12:99:a7:86:b1:a5:fa:89:d3:17:e7:6b:1c:ba:41:cf:04:
         6f:1f:fc:ce:03:5a:77:99:a1:c2:14:4f:0c:ca:0c:8d:71:fe:
         74:4f:88:76:24:aa:5d:2c:c2:61:1a:9c:a7:be:1c:4a:ed:df:
         d6:97:1f:6a:60:b1:45:f4:61:23:68:ba:fa:99:10:b7:5d:ef:
         28:ad:57:36:0a:b0:13:47:26:78:53:be:8e:a8:fa:ad:1b:1a:
         09:5e:c8:10:c2:29:50:85:c5:88:68:4e:dc:6d:22:a0:0f:e3:
         9e:16:3b:5c:13:ac:75:0a:d4:85:1f:51:97:71:8f:fb:a7:d5:
         90:af:c7:27:c9:88:d0:13:5c:5c:a5:46:95:10:cf:9b:ac:28:
         99:ab:8e:a9:07:82:d4:78:d7:54:66:6b:70:1d:28:7e:2e:90:
         d6:ca:0c:79:ec:ed:9e:31:eb:4b:75:14:8f:1f:46:eb:0f:a7:
         68:16:26:fd:5b:34:dc:d8:47:be:79:49:66:2f:b1:84:a0:67:
         d3:fc:5a:b1:de:2e:84:a8:1f:53:d1:cb:6e:c7:05:7b:37:d1:
         bc:8e:e9:d3:e8:a0:c6:84:3c:df:aa:b7:7a:39:22:9b:31:bc:
         d1:e2:a4:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zE8SpuSfIc62/rZO0ebMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDYzM2ZlNzlhNjI5NjEwOWZkYmY2NDc1ZDRjMmE2NWUy
ZDRmMWMwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGZjYmNlNjk0Zjg2ZjkxMGJiMzNjZGJlNTQ5MjVlZjVmNjE1OTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6UlFTl75uMtDQiYHB9TBuo/Zb1I
A/xZu7RQN5bouBwdSPtKYQ3y16oPBQEIV3YelwmpCWGvqjxGL7ClSYHjHtQnXmN0
enmN3k/1mPFCkjTc76CsCChP23r9pUjA4yRa7rjaRoalfMqITkE6fzPrBDCCwhjE
Ozm0tIsyh9wSlbQmwXtHetWBY/DeWY+NLOIOVeBmmSSAsxOhwsh4AYBICqWMbKAu
JpiyRhAh9XQ5vgJ4QInnLfR+0kFWJUxpacD6jQN+FiT7lrwGeGhfcf5sX2E7ygN7
gNNdpLgjBIjqb/Upasy8HKpWUtMEvGh5zadkPeOrtq8FCveS/8mTz9qGNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLT8vOaU+G+RC7M82+VJJe9fYVlXMB8GA1UdIwQY
MBaAFLgGM/55pilhCf2/ZHXUwqZeLU8cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFZel9ubW1LV0VKX2I5a2RkVENwbDR0VHh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kMTZmNTktNzc1NC00NmE3LWFhNTkt
MmEwNmVkMTA0NTUzLzEvdFB5ODVwVDRiNUVMc3p6YjVVa2w3MTloV1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kMTZmNTktNzc1NC00NmE3LWFhNTktMmEwNmVkMTA0NTUz
LzEvdUFZel9ubW1LV0VKX2I5a2RkVENwbDR0VHh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRQ8MA0G
CSqGSIb3DQEBCwUAA4IBAQCA89DfHEWLHjPLvJFgCQR7s4idEpmnhrGl+onTF+dr
HLpBzwRvH/zOA1p3maHCFE8MygyNcf50T4h2JKpdLMJhGpynvhxK7d/Wlx9qYLFF
9GEjaLr6mRC3Xe8orVc2CrATRyZ4U76OqPqtGxoJXsgQwilQhcWIaE7cbSKgD+Oe
FjtcE6x1CtSFH1GXcY/7p9WQr8cnyYjQE1xcpUaVEM+brCiZq46pB4LUeNdUZmtw
HSh+LpDWygx57O2eMetLdRSPH0brD6doFib9WzTc2Ee+eUlmL7GEoGfT/Fqx3i6E
qB9T0ctuxwV7N9G8junT6KDGhDzfqrd6OSKbMbzR4qQw
-----END CERTIFICATE-----