Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/VjJ7_09mKoFTN1qMySaxipTLZD8.roa
File:                     VjJ7_09mKoFTN1qMySaxipTLZD8.roa (raw, json)
Hash identifier:          MVbGrN9Bo3+tICzMsiMmYaVKZtZGQIc5aWTT5EsEAZQ=
Subject key identifier:   56:32:7B:FF:4F:66:2A:81:53:37:5A:8C:C9:26:B1:8A:94:CB:64:3F
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018E9ED21E25D6593072BA4EE222B046C60C
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/VjJ7_09mKoFTN1qMySaxipTLZD8.roa
Signing time:             Tue 02 Apr 2024 12:39:14 +0000
ROA not before:           Tue 02 Apr 2024 12:39:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206005
IP address blocks:        89.40.35.0/24 maxlen: 24
                          185.243.140.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:d2:1e:25:d6:59:30:72:ba:4e:e2:22:b0:46:c6:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Apr  2 12:39:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56327bff4f662a8153375a8cc926b18a94cb643f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:33:17:60:16:48:18:bc:54:81:12:5a:46:90:
                    dc:18:40:d9:e1:4e:5a:96:af:65:42:4a:f0:8b:c5:
                    d0:a2:11:36:51:07:c5:a2:a0:15:df:e5:23:eb:13:
                    ef:bc:14:55:2e:11:04:00:e7:e4:5f:8f:0d:26:f7:
                    3d:e9:ac:ba:59:c0:19:ff:c0:5d:c8:5b:83:7d:71:
                    60:c5:24:69:54:71:88:e1:df:75:40:6f:44:3e:66:
                    4d:7f:9d:a8:c6:c8:03:80:c5:44:ab:03:22:90:7e:
                    a7:14:57:26:80:b5:61:fd:f0:e7:7a:b0:3f:83:4f:
                    9b:f5:f4:e2:23:7d:b1:c1:fc:32:45:15:77:df:b0:
                    0c:23:ae:4d:f5:6c:61:50:10:de:48:99:b9:19:b2:
                    e2:40:00:35:12:f6:20:78:bf:58:86:56:ec:e0:44:
                    fa:9a:a0:7f:00:dc:22:b4:31:67:60:7b:b4:d7:f6:
                    da:e8:b2:82:ce:60:8b:3e:d9:4e:52:6f:2f:4b:81:
                    ae:a9:2e:14:b9:3e:1d:11:79:b2:b7:3c:01:4e:a4:
                    68:ff:ea:e5:9e:20:a6:82:b5:10:67:3e:e3:05:25:
                    88:0b:90:3a:24:fc:00:9d:41:fe:e8:62:61:a3:82:
                    26:f6:96:10:0c:78:35:4f:1c:9a:80:3a:be:d3:96:
                    ef:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:32:7B:FF:4F:66:2A:81:53:37:5A:8C:C9:26:B1:8A:94:CB:64:3F
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/VjJ7_09mKoFTN1qMySaxipTLZD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.35.0/24
                  185.243.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:28:fa:86:8e:66:61:19:93:30:86:63:f2:17:c6:25:54:bb:
         49:4d:1b:43:84:6b:04:12:de:0b:6d:c4:e9:3b:e9:74:42:4d:
         ed:8d:5c:ab:89:13:c9:64:ed:93:f8:4a:48:bd:07:36:48:8f:
         86:bd:7e:d2:15:50:c9:6c:2a:f5:ce:82:1b:e9:ae:03:92:b1:
         c5:81:26:7d:4d:39:0d:19:cb:7b:60:87:f6:a9:71:8b:2f:a0:
         de:8a:bc:b7:b1:64:3e:55:5d:11:4c:bf:35:e2:f4:61:3e:44:
         86:fa:f1:5c:3f:7c:dd:da:a7:d6:28:56:d1:e5:fe:2c:5a:d0:
         9a:fb:be:f6:ae:7d:14:98:7d:65:ea:c9:21:85:2c:2e:63:ab:
         99:1c:b3:af:4a:ae:20:c1:94:ee:d2:79:aa:a8:aa:4c:4a:95:
         e6:94:bd:c0:c8:de:02:a0:74:ac:49:a8:11:02:e2:ec:6c:2d:
         f8:5b:92:ae:6a:9d:79:35:d6:a0:cc:55:1e:57:c5:e7:fa:d7:
         55:7d:af:0c:b3:b9:8e:06:15:1a:22:a8:73:0a:39:a0:12:5b:
         d2:25:e1:c8:89:0b:17:d7:8c:b2:24:ef:27:30:27:9e:af:b8:
         ce:d9:5b:a0:4e:cd:b8:a3:7f:71:a0:ec:c6:87:24:cb:4a:cc:
         b5:a2:02:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6e0h4l1lkwcrpO4iKwRsYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNDAyMTIzOTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjMyN2JmZjRmNjYyYTgxNTMzNzVhOGNjOTI2YjE4YTk0Y2I2NDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zMXYBZIGLxUgRJaRpDcGEDZ4U5a
lq9lQkrwi8XQohE2UQfFoqAV3+Uj6xPvvBRVLhEEAOfkX48NJvc96ay6WcAZ/8Bd
yFuDfXFgxSRpVHGI4d91QG9EPmZNf52oxsgDgMVEqwMikH6nFFcmgLVh/fDnerA/
g0+b9fTiI32xwfwyRRV337AMI65N9WxhUBDeSJm5GbLiQAA1EvYgeL9Yhlbs4ET6
mqB/ANwitDFnYHu01/ba6LKCzmCLPtlOUm8vS4GuqS4UuT4dEXmytzwBTqRo/+rl
niCmgrUQZz7jBSWIC5A6JPwAnUH+6GJho4Im9pYQDHg1TxyagDq+05bvJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFYye/9PZiqBUzdajMkmsYqUy2Q/MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvVmpKN18wOW1Lb0ZUTjFxTXlTYXhpcFRMWkQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSgjAwQC
ufOMMA0GCSqGSIb3DQEBCwUAA4IBAQBaKPqGjmZhGZMwhmPyF8YlVLtJTRtDhGsE
Et4LbcTpO+l0Qk3tjVyriRPJZO2T+EpIvQc2SI+GvX7SFVDJbCr1zoIb6a4DkrHF
gSZ9TTkNGct7YIf2qXGLL6Deiry3sWQ+VV0RTL814vRhPkSG+vFcP3zd2qfWKFbR
5f4sWtCa+772rn0UmH1l6skhhSwuY6uZHLOvSq4gwZTu0nmqqKpMSpXmlL3AyN4C
oHSsSagRAuLsbC34W5Kuap15NdagzFUeV8Xn+tdVfa8Ms7mOBhUaIqhzCjmgElvS
JeHIiQsX14yyJO8nMCeer7jO2VugTs24o39xoOzGhyTLSsy1ogL2
-----END CERTIFICATE-----