Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/60udgfD3XMr6dXzFeIrj8980z5g.roa
File:                     60udgfD3XMr6dXzFeIrj8980z5g.roa (raw, json)
Hash identifier:          EKJoJoJG0zBvBSpT5j6IHlom5X58nIdRcVuw+Bu1IuE=
Subject key identifier:   EB:4B:9D:81:F0:F7:5C:CA:FA:75:7C:C5:78:8A:E3:F3:DF:34:CF:98
Certificate issuer:       /CN=89e4bf59877a3b2ef14f5f120a6750dc14939c6b
Certificate serial:       019294DDB9CD2057240949FFE5040DAFDC90
Authority key identifier: 89:E4:BF:59:87:7A:3B:2E:F1:4F:5F:12:0A:67:50:DC:14:93:9C:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/60udgfD3XMr6dXzFeIrj8980z5g.roa
Signing time:             Wed 16 Oct 2024 10:26:51 +0000
ROA not before:           Wed 16 Oct 2024 10:26:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59956
IP address blocks:        91.221.190.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:94:dd:b9:cd:20:57:24:09:49:ff:e5:04:0d:af:dc:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89e4bf59877a3b2ef14f5f120a6750dc14939c6b
        Validity
            Not Before: Oct 16 10:26:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb4b9d81f0f75ccafa757cc5788ae3f3df34cf98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:45:12:51:09:28:05:af:e2:b7:52:e5:07:e1:
                    86:54:e2:41:12:a5:bf:7a:fa:f9:58:5f:f4:91:8e:
                    ec:09:d1:eb:58:57:69:9c:17:83:73:1c:f7:60:d3:
                    b4:45:47:70:5f:a8:76:bb:49:70:a4:0f:48:65:ca:
                    7f:2d:4c:68:1a:ef:e1:ca:17:ae:af:17:75:da:ed:
                    61:de:95:09:53:33:70:63:44:4a:3b:61:1b:72:b7:
                    4c:e9:ef:a8:ca:5c:41:68:92:59:e1:f8:8f:d3:e3:
                    a4:12:e5:d4:6f:59:cd:75:ce:91:ae:bc:6b:d5:70:
                    c1:e4:d7:14:aa:d8:70:94:9b:28:92:5c:08:41:6a:
                    b9:cb:a1:9f:f0:46:5b:78:8a:32:49:bf:fe:a6:a9:
                    3d:7b:18:f3:9f:a6:77:7b:83:c4:a8:15:a9:95:68:
                    b6:4e:37:fa:c3:f0:8d:c1:ed:35:26:8c:6a:d6:1b:
                    5c:9f:4d:3a:d8:d6:9e:4a:b3:c6:7b:81:e9:b3:1c:
                    b8:67:5a:da:f5:da:1a:d4:cf:4d:47:01:12:a5:04:
                    b1:bd:24:f7:0f:d7:30:78:9e:f8:f9:54:57:c8:d5:
                    42:bb:30:53:cc:3f:dc:f0:32:85:bd:0b:21:65:89:
                    bc:d2:01:e2:44:32:19:40:f2:2a:b3:3b:1f:5e:65:
                    45:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:4B:9D:81:F0:F7:5C:CA:FA:75:7C:C5:78:8A:E3:F3:DF:34:CF:98
            X509v3 Authority Key Identifier:
                keyid:89:E4:BF:59:87:7A:3B:2E:F1:4F:5F:12:0A:67:50:DC:14:93:9C:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/60udgfD3XMr6dXzFeIrj8980z5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:8c:9d:03:2a:72:dc:f0:20:a3:33:b4:bd:30:26:18:5b:2a:
         b3:c1:b9:b0:c8:ce:08:60:ab:3f:60:98:68:2b:7e:47:21:ef:
         ce:5e:6c:bd:e4:90:03:97:40:c9:25:97:84:31:8e:3e:58:c1:
         b9:81:a9:a4:33:21:dc:97:4e:6c:b6:8a:bd:13:6a:a5:6a:31:
         d1:3e:a5:fa:08:b5:6a:02:e9:94:aa:c7:59:d3:5c:95:53:cb:
         3f:eb:54:36:48:5e:0b:9c:d6:7a:90:53:6b:09:48:d7:56:d8:
         5f:08:c8:08:d9:00:96:b0:fd:81:88:67:b7:91:61:65:43:ed:
         31:ef:b3:2b:8a:61:37:d1:6c:fc:2b:f8:33:7b:fc:b3:76:a0:
         2c:5a:0c:d4:81:08:5a:0b:c6:cb:9d:28:fd:22:bd:94:e8:91:
         ef:db:90:9f:12:d5:90:6b:23:94:d5:94:81:44:09:f4:3f:05:
         13:c8:83:0b:bb:71:1d:e1:5a:fd:ff:27:54:14:13:00:2d:3f:
         a8:03:5a:92:c8:fc:4d:4d:03:60:c6:72:31:b3:d8:02:99:6e:
         38:cf:7c:a5:67:16:86:03:6f:4d:d1:57:a6:30:34:82:ca:8d:
         2d:11:88:94:fa:67:33:96:ea:65:ed:55:b3:8c:36:8e:12:78:
         4d:59:b0:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKU3bnNIFckCUn/5QQNr9yQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZTRiZjU5ODc3YTNiMmVmMTRmNWYxMjBhNjc1MGRjMTQ5
MzljNmIwHhcNMjQxMDE2MTAyNjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjRiOWQ4MWYwZjc1Y2NhZmE3NTdjYzU3ODhhZTNmM2RmMzRjZjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUUSUQkoBa/it1LlB+GGVOJBEqW/
evr5WF/0kY7sCdHrWFdpnBeDcxz3YNO0RUdwX6h2u0lwpA9IZcp/LUxoGu/hyheu
rxd12u1h3pUJUzNwY0RKO2EbcrdM6e+oylxBaJJZ4fiP0+OkEuXUb1nNdc6Rrrxr
1XDB5NcUqthwlJsoklwIQWq5y6Gf8EZbeIoySb/+pqk9exjzn6Z3e4PEqBWplWi2
Tjf6w/CNwe01Joxq1htcn0062NaeSrPGe4Hpsxy4Z1ra9doa1M9NRwESpQSxvST3
D9cweJ74+VRXyNVCuzBTzD/c8DKFvQshZYm80gHiRDIZQPIqszsfXmVFBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtLnYHw91zK+nV8xXiK4/PfNM+YMB8GA1UdIwQY
MBaAFInkv1mHejsu8U9fEgpnUNwUk5xrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWVTX1dZZDZPeTd4VDE4U0NtZFEzQlNUbkdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8wNzViYzEtMmI1NS00MGIxLTk5MGUt
MjNiYjQyMDNlYjU3LzEvNjB1ZGdmRDNYTXI2ZFh6RmVJcmo4OTgwejVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8wNzViYzEtMmI1NS00MGIxLTk5MGUtMjNiYjQyMDNlYjU3
LzEvaWVTX1dZZDZPeTd4VDE4U0NtZFEzQlNUbkdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW92+MA0G
CSqGSIb3DQEBCwUAA4IBAQA2jJ0DKnLc8CCjM7S9MCYYWyqzwbmwyM4IYKs/YJho
K35HIe/OXmy95JADl0DJJZeEMY4+WMG5gamkMyHcl05stoq9E2qlajHRPqX6CLVq
AumUqsdZ01yVU8s/61Q2SF4LnNZ6kFNrCUjXVthfCMgI2QCWsP2BiGe3kWFlQ+0x
77MrimE30Wz8K/gze/yzdqAsWgzUgQhaC8bLnSj9Ir2U6JHv25CfEtWQayOU1ZSB
RAn0PwUTyIMLu3Ed4Vr9/ydUFBMALT+oA1qSyPxNTQNgxnIxs9gCmW44z3ylZxaG
A29N0VemMDSCyo0tEYiU+mczlupl7VWzjDaOEnhNWbBs
-----END CERTIFICATE-----