Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/JyZn0DPxu4myzqtpd0Rh8b1oC4M.roa
File:                     JyZn0DPxu4myzqtpd0Rh8b1oC4M.roa (raw, json)
Hash identifier:          ixF5hPUD/3cwTpRIOjm99aWg02fnLP7SaZaC2GoWhak=
Subject key identifier:   27:26:67:D0:33:F1:BB:89:B2:CE:AB:69:77:44:61:F1:BD:68:0B:83
Certificate issuer:       /CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
Certificate serial:       01904FF3CB914DE9453086A1E27FA9F4766F
Authority key identifier: E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/JyZn0DPxu4myzqtpd0Rh8b1oC4M.roa
Signing time:             Tue 25 Jun 2024 15:11:35 +0000
ROA not before:           Tue 25 Jun 2024 15:11:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202719
IP address blocks:        89.190.50.0/24 maxlen: 24
                          89.190.54.0/24 maxlen: 24
                          212.96.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:f3:cb:91:4d:e9:45:30:86:a1:e2:7f:a9:f4:76:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
        Validity
            Not Before: Jun 25 15:11:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=272667d033f1bb89b2ceab69774461f1bd680b83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:cc:39:e5:a2:e7:95:8a:d6:fc:3d:d1:e0:98:
                    e2:1a:b2:cd:3a:01:74:04:fa:0d:31:06:40:3f:2e:
                    7c:f8:06:96:ba:69:2e:47:00:36:26:12:19:12:53:
                    75:1f:9f:0a:2b:bf:9e:fc:2c:a8:21:f3:6d:36:c0:
                    fd:13:66:aa:19:83:e5:19:ae:16:ee:35:5a:00:4a:
                    a9:9e:e2:db:7e:f3:a5:fa:12:4c:2b:c4:09:86:cd:
                    e9:a5:4f:33:11:e8:69:cc:35:d3:1b:a6:93:c7:9e:
                    dd:ab:ce:f5:f6:fd:36:76:40:4e:76:9e:1c:95:7a:
                    5c:c7:e3:c2:f0:c2:9f:35:87:f7:73:37:c6:f7:cf:
                    74:2c:f5:99:67:51:48:43:c9:c6:11:dd:16:09:70:
                    97:9f:24:3a:12:20:cb:0b:b7:b8:2d:3c:f3:50:52:
                    9d:43:e8:14:9a:84:3c:59:84:85:5a:8e:51:49:98:
                    79:8b:95:c3:c9:01:8f:c6:d9:b4:33:3e:09:fe:b6:
                    e3:67:87:84:53:99:41:59:fa:46:8a:ba:4b:f8:36:
                    62:53:ab:dc:b6:82:af:ed:48:6c:0e:72:38:e5:81:
                    ca:5b:6e:45:b6:3b:21:43:b8:04:57:20:4c:4b:59:
                    eb:f8:ce:9b:08:51:21:96:56:eb:39:05:a0:4c:0d:
                    21:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:26:67:D0:33:F1:BB:89:B2:CE:AB:69:77:44:61:F1:BD:68:0B:83
            X509v3 Authority Key Identifier:
                keyid:E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/JyZn0DPxu4myzqtpd0Rh8b1oC4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.190.50.0/24
                  89.190.54.0/24
                  212.96.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:5f:a6:d8:9e:83:2c:4e:1b:20:89:35:49:72:32:bf:d1:48:
         ff:bb:85:d7:b4:96:a8:79:e8:99:7a:73:80:15:66:7f:51:d9:
         73:a7:aa:97:a7:9d:51:00:1c:71:f7:91:15:43:26:1e:fb:a8:
         17:a2:80:db:08:bb:20:a0:6d:35:fa:ef:04:28:d9:03:2a:c0:
         f4:d3:0a:b5:cb:e6:c0:f8:14:cd:e1:ec:c9:5d:c9:c2:76:20:
         0c:aa:d4:9f:b7:d9:3c:bd:f4:76:f9:c1:90:08:44:d2:d8:31:
         1e:03:51:fa:6d:19:05:9d:1c:0a:5f:89:9c:56:2f:24:14:d8:
         4e:24:65:c7:c1:3e:b7:38:7a:d4:8d:02:f1:9b:01:ed:e6:18:
         49:47:f3:eb:8d:b7:a0:62:29:71:40:9e:31:89:22:d7:be:bf:
         05:d1:e1:e6:33:fa:dd:9e:ea:2c:88:32:01:e2:4f:4a:10:4a:
         a5:b4:b9:42:ac:b6:07:90:d1:eb:aa:1d:72:6b:14:11:fc:00:
         38:ea:ae:14:e1:f8:5a:d8:87:5e:4c:2d:12:ad:3f:22:94:7d:
         9b:0b:b9:15:31:60:e0:1e:5c:7f:b2:7b:44:dc:e5:35:98:8c:
         7b:51:3a:f6:18:59:3f:94:1e:29:d8:19:79:d1:90:fe:88:91:
         12:d9:42:ad
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZBP88uRTelFMIah4n+p9HZvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZDZjNmU4YmNlZDQwYmQwMzJkMTc3MThjMWIxZTM5YWU4
NDFhZTgwHhcNMjQwNjI1MTUxMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzI2NjdkMDMzZjFiYjg5YjJjZWFiNjk3NzQ0NjFmMWJkNjgwYjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcw55aLnlYrW/D3R4JjiGrLNOgF0
BPoNMQZAPy58+AaWumkuRwA2JhIZElN1H58KK7+e/CyoIfNtNsD9E2aqGYPlGa4W
7jVaAEqpnuLbfvOl+hJMK8QJhs3ppU8zEehpzDXTG6aTx57dq8719v02dkBOdp4c
lXpcx+PC8MKfNYf3czfG9890LPWZZ1FIQ8nGEd0WCXCXnyQ6EiDLC7e4LTzzUFKd
Q+gUmoQ8WYSFWo5RSZh5i5XDyQGPxtm0Mz4J/rbjZ4eEU5lBWfpGirpL+DZiU6vc
toKv7UhsDnI45YHKW25FtjshQ7gEVyBMS1nr+M6bCFEhllbrOQWgTA0hBwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCcmZ9Az8buJss6raXdEYfG9aAuDMB8GA1UdIwQY
MBaAFOXWxui87UC9Ay0XcYwbHjmuhBroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQt
YmQyNDliNjI1Nzk3LzEvSnlabjBEUHh1NG15enF0cGQwUmg4YjFvQzRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQtYmQyNDliNjI1Nzk3
LzEvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWb4yAwQA
Wb42AwQA1GCnMA0GCSqGSIb3DQEBCwUAA4IBAQCmX6bYnoMsThsgiTVJcjK/0Uj/
u4XXtJaoeeiZenOAFWZ/Udlzp6qXp51RABxx95EVQyYe+6gXooDbCLsgoG01+u8E
KNkDKsD00wq1y+bA+BTN4ezJXcnCdiAMqtSft9k8vfR2+cGQCETS2DEeA1H6bRkF
nRwKX4mcVi8kFNhOJGXHwT63OHrUjQLxmwHt5hhJR/PrjbegYilxQJ4xiSLXvr8F
0eHmM/rdnuosiDIB4k9KEEqltLlCrLYHkNHrqh1yaxQR/AA46q4U4fha2IdeTC0S
rT8ilH2bC7kVMWDgHlx/sntE3OU1mIx7UTr2GFk/lB4p2Bl50ZD+iJES2UKt
-----END CERTIFICATE-----