Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/1-_zG5M3C9a4wRTvrhgSKcxm-SHg.roa
File:                     1-_zG5M3C9a4wRTvrhgSKcxm-SHg.roa (raw, json)
Hash identifier:          KvXqT2o5OSdvGzkFHtNGs/H4/bFJNlb12hv9/b46lM8=
Subject key identifier:   FB:FC:C6:E4:CD:C2:F5:AE:30:45:3B:EB:86:04:8A:73:19:BE:48:78
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94DFC1444562FA893E88CCEA5561319
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/1-_zG5M3C9a4wRTvrhgSKcxm-SHg.roa
Signing time:             Tue 02 Jan 2024 08:33:00 +0000
ROA not before:           Tue 02 Jan 2024 08:33:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        89.43.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:fc:14:44:56:2f:a8:93:e8:8c:ce:a5:56:13:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbfcc6e4cdc2f5ae30453beb86048a7319be4878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:fa:57:58:e7:ff:6b:53:79:40:a9:ff:47:62:
                    42:33:7f:4d:b7:4e:4b:9b:82:93:a0:6f:33:ac:b3:
                    59:60:6c:f5:73:6e:96:37:7a:26:14:75:48:37:90:
                    11:13:5f:b0:a3:32:92:4a:18:4c:e6:f6:31:b7:74:
                    ff:a0:29:51:09:98:93:4c:61:28:17:92:9a:c5:42:
                    00:ca:84:53:da:49:e9:99:dc:da:10:96:3b:47:80:
                    5b:ec:b8:19:7b:85:7d:b2:de:93:05:76:88:c8:65:
                    7c:d6:b7:04:5f:a0:79:71:27:4a:f0:0d:19:5b:ba:
                    f1:2b:34:4b:20:22:ff:98:62:a4:d2:82:fe:34:8b:
                    ef:c2:ab:86:74:57:96:a5:39:6d:26:ca:8d:01:3f:
                    05:40:b6:fa:bd:03:18:9b:08:b3:c8:02:1d:23:44:
                    2a:68:be:82:5a:e4:4b:6e:25:e5:cc:ea:ca:af:74:
                    a2:b0:82:24:3b:01:27:62:ea:e1:d1:10:63:44:a7:
                    4b:e9:73:61:c4:ed:57:4c:24:52:2f:91:69:f6:78:
                    17:a6:b0:11:a3:6f:a4:ae:e1:cf:f8:a2:ff:59:ec:
                    7c:e6:fe:c5:58:68:b1:d4:1f:06:05:78:ff:40:ce:
                    bb:af:d2:6b:c8:9d:fc:3a:13:2f:b6:09:00:26:1c:
                    f5:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:FC:C6:E4:CD:C2:F5:AE:30:45:3B:EB:86:04:8A:73:19:BE:48:78
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/1-_zG5M3C9a4wRTvrhgSKcxm-SHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:ab:e5:0b:99:0b:6e:bf:a0:66:49:c6:bc:f8:08:dd:2b:6b:
         70:86:6f:4d:bf:9f:3b:42:af:02:76:e5:4d:7b:1f:be:de:40:
         79:9f:87:28:47:c6:a4:39:92:19:cf:6d:b9:d6:bc:0b:42:59:
         c4:64:5c:2c:81:b9:7d:a9:c5:ee:bc:0e:26:08:af:67:c9:48:
         58:ad:64:00:3b:17:23:cd:c0:92:42:63:b1:3a:8b:43:93:61:
         55:93:06:f7:f0:c2:fd:c3:40:b1:5d:3e:94:b9:83:08:b8:eb:
         1d:8a:53:1b:52:d3:7d:fe:90:fe:87:ec:a0:d6:4a:0f:a6:2f:
         94:c6:86:4c:4b:35:72:ed:a8:8f:d8:35:7e:f3:df:4c:54:bd:
         76:93:ae:c5:f2:7a:d8:e3:dd:92:40:03:5a:b4:a2:e5:0e:ff:
         8e:a4:23:0a:2d:7b:b4:92:5e:52:b5:56:9d:f0:bf:d1:d4:4d:
         84:5f:4b:4e:af:48:4e:a5:22:cc:bb:3f:63:04:91:38:ea:31:
         a8:f5:52:6a:b4:b0:61:1f:d4:9d:ac:f4:31:1e:4e:70:dc:1c:
         8e:41:d5:b0:8c:ec:95:32:66:5e:6d:38:3d:78:d4:95:2d:04:
         ca:4f:cf:54:e9:57:cb:3c:2f:5a:c4:6a:1e:5d:82:0b:88:80:
         b1:65:25:e1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTfwURFYvqJPojM6lVhMZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmZjYzZlNGNkYzJmNWFlMzA0NTNiZWI4NjA0OGE3MzE5YmU0ODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvpXWOf/a1N5QKn/R2JCM39Nt05L
m4KToG8zrLNZYGz1c26WN3omFHVIN5ARE1+wozKSShhM5vYxt3T/oClRCZiTTGEo
F5KaxUIAyoRT2knpmdzaEJY7R4Bb7LgZe4V9st6TBXaIyGV81rcEX6B5cSdK8A0Z
W7rxKzRLICL/mGKk0oL+NIvvwquGdFeWpTltJsqNAT8FQLb6vQMYmwizyAIdI0Qq
aL6CWuRLbiXlzOrKr3SisIIkOwEnYurh0RBjRKdL6XNhxO1XTCRSL5Fp9ngXprAR
o2+kruHP+KL/Wex85v7FWGix1B8GBXj/QM67r9JryJ38OhMvtgkAJhz1VQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPv8xuTNwvWuMEU764YEinMZvkh4MB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvMS1fekc1TTNDOWE0d1JUdnJoZ1NLY3htLVNIZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzAvYjI2YWE4LWFjZTctNGZhNi05ZThlLTVkNDhiNjVjZTU3
My8xL19saVZMVGs1TmZEVHZPZ1VfWkY0MEVhVHJyay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFkrLzAN
BgkqhkiG9w0BAQsFAAOCAQEAGqvlC5kLbr+gZknGvPgI3StrcIZvTb+fO0KvAnbl
TXsfvt5AeZ+HKEfGpDmSGc9tuda8C0JZxGRcLIG5fanF7rwOJgivZ8lIWK1kADsX
I83AkkJjsTqLQ5NhVZMG9/DC/cNAsV0+lLmDCLjrHYpTG1LTff6Q/ofsoNZKD6Yv
lMaGTEs1cu2oj9g1fvPfTFS9dpOuxfJ62OPdkkADWrSi5Q7/jqQjCi17tJJeUrVW
nfC/0dRNhF9LTq9ITqUizLs/YwSROOoxqPVSarSwYR/Unaz0MR5OcNwcjkHVsIzs
lTJmXm04PXjUlS0Eyk/PVOlXyzwvWsRqHl2CC4iAsWUl4Q==
-----END CERTIFICATE-----