Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/04b91a-e349-40cd-b901-1f13f55d0059/1/TmWiphEZuKOwz8c3F_QlQwnhCuY.roa
File:                     TmWiphEZuKOwz8c3F_QlQwnhCuY.roa (raw, json)
Hash identifier:          ZimKqd9Nd3hH5gJcc/ozgSVbx2t6yDfPdY/1NPNWscE=
Subject key identifier:   4E:65:A2:A6:11:19:B8:A3:B0:CF:C7:37:17:F4:25:43:09:E1:0A:E6
Certificate issuer:       /CN=8335444c581161c588ae84be01965bc8e83780b8
Certificate serial:       018CC79339EC0D927570EBB268C50B1AD340
Authority key identifier: 83:35:44:4C:58:11:61:C5:88:AE:84:BE:01:96:5B:C8:E8:37:80:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzVETFgRYcWIroS-AZZbyOg3gLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/04b91a-e349-40cd-b901-1f13f55d0059/1/TmWiphEZuKOwz8c3F_QlQwnhCuY.roa
Signing time:             Tue 02 Jan 2024 00:29:23 +0000
ROA not before:           Tue 02 Jan 2024 00:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6908
IP address blocks:        185.8.89.0/24 maxlen: 24
                          185.8.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/04b91a-e349-40cd-b901-1f13f55d0059/1/gzVETFgRYcWIroS-AZZbyOg3gLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/04b91a-e349-40cd-b901-1f13f55d0059/1/gzVETFgRYcWIroS-AZZbyOg3gLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzVETFgRYcWIroS-AZZbyOg3gLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:39:ec:0d:92:75:70:eb:b2:68:c5:0b:1a:d3:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8335444c581161c588ae84be01965bc8e83780b8
        Validity
            Not Before: Jan  2 00:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e65a2a61119b8a3b0cfc73717f4254309e10ae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:45:78:13:a4:0d:b6:b2:0b:37:59:98:f2:01:
                    9a:f6:73:b3:db:de:78:60:4e:52:ed:be:9c:ff:8c:
                    5c:cf:a4:41:42:ac:bb:4a:c9:6c:6c:55:0c:49:28:
                    03:6e:58:24:25:dc:b0:fb:b5:78:e8:de:1b:91:65:
                    d0:7b:e3:4b:53:56:2d:08:ad:8b:2d:d6:6a:97:e4:
                    da:b9:f5:e9:e7:18:7d:a7:19:e9:3a:b7:4a:41:d3:
                    b8:b2:bc:dd:d0:ae:cb:de:e9:6b:a2:24:8a:bf:90:
                    00:ac:55:7d:03:73:91:ef:a6:00:2f:87:82:89:99:
                    3a:b4:3f:17:ad:c3:80:2c:25:e0:6e:e6:88:12:e3:
                    41:44:30:74:5a:cd:11:0c:b4:dc:cc:38:52:a4:79:
                    4a:03:74:cc:38:39:58:d2:b5:42:a1:b8:66:ac:89:
                    bb:71:59:ef:54:6b:d9:d9:e5:20:46:3a:3e:84:07:
                    4e:53:42:85:64:8d:d9:db:11:4b:ec:50:db:6e:7b:
                    fd:fb:20:c0:33:88:d5:48:b5:f6:46:89:ad:5e:cc:
                    05:9c:82:29:18:1d:02:6b:d9:19:27:3f:cd:28:96:
                    6e:bf:9c:13:b1:8c:5f:53:a7:91:4e:1e:0d:6f:c6:
                    4d:0f:f7:25:a2:ed:58:46:03:0f:3c:c0:d9:50:ac:
                    0b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:65:A2:A6:11:19:B8:A3:B0:CF:C7:37:17:F4:25:43:09:E1:0A:E6
            X509v3 Authority Key Identifier:
                keyid:83:35:44:4C:58:11:61:C5:88:AE:84:BE:01:96:5B:C8:E8:37:80:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzVETFgRYcWIroS-AZZbyOg3gLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/04b91a-e349-40cd-b901-1f13f55d0059/1/TmWiphEZuKOwz8c3F_QlQwnhCuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/04b91a-e349-40cd-b901-1f13f55d0059/1/gzVETFgRYcWIroS-AZZbyOg3gLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.89.0/24
                  185.8.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:35:99:2c:f5:bf:0c:10:7a:c8:ca:a1:db:c4:47:43:12:3b:
         c8:da:d5:c6:ed:b7:a6:b3:f1:f0:1f:62:b9:23:d7:72:9d:1f:
         a0:34:a5:6b:1b:23:15:78:2d:3c:1f:99:6f:d2:c1:fd:aa:c9:
         c2:98:9b:27:90:0a:da:16:af:8a:96:75:63:52:88:5d:25:9a:
         b4:c7:e1:b1:30:27:fb:de:08:1e:d0:92:f5:c8:8a:c0:23:f6:
         97:c5:1c:3a:b2:58:5d:3c:20:5c:12:bf:73:88:61:52:f7:6f:
         96:88:9f:ff:cc:42:06:fa:4e:fe:76:f8:f2:7f:08:0c:d0:9a:
         36:77:80:27:86:35:a9:cd:a7:c9:38:df:b8:2a:12:f3:97:48:
         4d:18:6e:03:f9:d9:f8:26:35:99:a6:9e:e8:60:57:30:f7:70:
         7a:d5:6c:2e:5d:50:a1:e3:e0:ef:61:b3:82:d8:80:8a:b6:b6:
         03:dd:27:b2:bf:8b:5f:82:84:46:6f:9d:ac:cf:a4:8d:9b:9c:
         5a:5b:60:e5:0f:59:0a:1e:2b:7d:26:9e:a8:e2:ce:ae:74:c1:
         51:52:77:24:79:a9:2b:bb:0c:43:28:f6:85:aa:3e:15:ea:04:
         3c:14:36:ef:c6:d0:a4:71:0f:19:6f:0e:f1:d6:48:2b:e3:d3:
         b1:fd:22:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHkznsDZJ1cOuyaMULGtNAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzU0NDRjNTgxMTYxYzU4OGFlODRiZTAxOTY1YmM4ZTgz
NzgwYjgwHhcNMjQwMTAyMDAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTY1YTJhNjExMTliOGEzYjBjZmM3MzcxN2Y0MjU0MzA5ZTEwYWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0V4E6QNtrILN1mY8gGa9nOz2954
YE5S7b6c/4xcz6RBQqy7SslsbFUMSSgDblgkJdyw+7V46N4bkWXQe+NLU1YtCK2L
LdZql+TaufXp5xh9pxnpOrdKQdO4srzd0K7L3ulroiSKv5AArFV9A3OR76YAL4eC
iZk6tD8XrcOALCXgbuaIEuNBRDB0Ws0RDLTczDhSpHlKA3TMODlY0rVCobhmrIm7
cVnvVGvZ2eUgRjo+hAdOU0KFZI3Z2xFL7FDbbnv9+yDAM4jVSLX2RomtXswFnIIp
GB0Ca9kZJz/NKJZuv5wTsYxfU6eRTh4Nb8ZND/clou1YRgMPPMDZUKwLSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE5loqYRGbijsM/HNxf0JUMJ4QrmMB8GA1UdIwQY
MBaAFIM1RExYEWHFiK6EvgGWW8joN4C4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pWRVRGZ1JZY1dJcm9TLUFaWmJ5T2czZ0xnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wNGI5MWEtZTM0OS00MGNkLWI5MDEt
MWYxM2Y1NWQwMDU5LzEvVG1XaXBoRVp1S093ejhjM0ZfUWxRd25oQ3VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wNGI5MWEtZTM0OS00MGNkLWI5MDEtMWYxM2Y1NWQwMDU5
LzEvZ3pWRVRGZ1JZY1dJcm9TLUFaWmJ5T2czZ0xnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuQhZAwQA
uQhbMA0GCSqGSIb3DQEBCwUAA4IBAQBmNZks9b8MEHrIyqHbxEdDEjvI2tXG7bem
s/HwH2K5I9dynR+gNKVrGyMVeC08H5lv0sH9qsnCmJsnkAraFq+KlnVjUohdJZq0
x+GxMCf73gge0JL1yIrAI/aXxRw6slhdPCBcEr9ziGFS92+WiJ//zEIG+k7+dvjy
fwgM0Jo2d4AnhjWpzafJON+4KhLzl0hNGG4D+dn4JjWZpp7oYFcw93B61WwuXVCh
4+DvYbOC2ICKtrYD3Seyv4tfgoRGb52sz6SNm5xaW2DlD1kKHit9Jp6o4s6udMFR
UnckeakruwxDKPaFqj4V6gQ8FDbvxtCkcQ8Zbw7x1kgr49Ox/SK+
-----END CERTIFICATE-----