Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Hc2JXlu_-tA5p-ImkeLPBP77u1I.roa
File:                     Hc2JXlu_-tA5p-ImkeLPBP77u1I.roa (raw, json)
Hash identifier:          iJnNcLG+UsucKeYTqIJJlXdmpkBm+dz2aj+5d15V320=
Subject key identifier:   1D:CD:89:5E:5B:BF:FA:D0:39:A7:E2:26:91:E2:CF:04:FE:FB:BB:52
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CEA43306777A6A44D88754A2C5A48BBE1
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Hc2JXlu_-tA5p-ImkeLPBP77u1I.roa
Signing time:             Mon 08 Jan 2024 18:08:40 +0000
ROA not before:           Mon 08 Jan 2024 18:08:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58022
IP address blocks:        89.40.22.0/23 maxlen: 23
                          89.40.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ea:43:30:67:77:a6:a4:4d:88:75:4a:2c:5a:48:bb:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  8 18:08:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dcd895e5bbffad039a7e22691e2cf04fefbbb52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:20:ec:1c:39:24:d2:80:58:cf:c9:88:06:9a:
                    ee:46:f6:41:4f:19:5a:87:67:e0:67:e1:3a:ba:e0:
                    21:b2:6a:dd:89:70:7f:5a:c5:52:9f:5b:89:25:26:
                    da:3f:ce:3e:31:3b:29:c3:61:07:8c:de:4a:97:52:
                    b8:20:41:b9:44:f6:b4:ee:46:14:ab:45:2b:d4:48:
                    5d:a0:4a:fe:53:76:d2:2c:60:4d:18:b7:31:85:da:
                    cd:65:49:fd:03:71:68:60:a6:77:84:bf:ed:a9:59:
                    d7:3e:8f:b3:52:df:89:5d:a9:96:80:e9:f6:dd:2e:
                    4c:09:ca:df:a6:74:a1:72:1d:15:9d:51:dd:6a:b6:
                    bf:1e:39:66:f0:32:1b:df:13:91:24:d5:35:91:27:
                    b5:4a:90:94:68:10:96:d1:28:4f:fe:cc:aa:2f:38:
                    d8:9a:a6:7a:f9:06:60:97:92:c9:7b:4a:c7:f6:07:
                    26:c7:13:b7:29:ce:55:fa:03:15:69:24:c8:ed:63:
                    5e:19:72:34:d8:21:46:e6:51:d5:2e:5c:a0:a0:64:
                    4d:51:37:5e:9c:c3:c8:e1:5e:1c:a8:ac:78:e4:22:
                    a6:21:d7:60:8e:8f:77:82:b4:6f:8e:b8:ce:7f:e6:
                    79:b9:7d:4b:38:ff:1d:cd:25:cf:a0:92:59:2e:6c:
                    22:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:CD:89:5E:5B:BF:FA:D0:39:A7:E2:26:91:E2:CF:04:FE:FB:BB:52
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Hc2JXlu_-tA5p-ImkeLPBP77u1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.22.0/23
                  89.40.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:6b:7f:5a:17:1c:5d:3b:1a:33:10:e6:83:9d:0d:de:ed:bf:
         44:4b:ae:3d:c4:88:24:bb:bb:dd:df:9d:aa:a8:40:c1:cf:d0:
         ed:f3:e0:bf:d3:2e:63:be:9a:fe:64:4b:01:08:f1:f6:82:be:
         ad:30:a9:58:cb:0c:e8:1c:ca:13:41:ca:0f:4f:1c:fe:d0:77:
         30:59:ae:13:55:93:19:fc:57:88:f8:4f:b4:04:75:ab:91:e8:
         38:75:be:16:df:89:f9:a2:fa:83:24:8a:01:8d:f8:8d:2d:97:
         09:e0:b7:f2:1a:24:3c:33:e2:f6:06:59:10:40:8c:4b:e3:81:
         32:38:f7:ec:c3:4f:eb:de:58:c0:89:3a:c1:e4:2a:df:e8:5b:
         56:5d:01:7c:a2:6d:86:b3:c2:46:c3:79:be:ad:84:9d:ac:71:
         b0:b6:48:0a:1b:96:92:b6:d4:8c:22:84:7a:01:6c:32:bb:cc:
         d1:08:e6:22:98:33:8c:90:f4:37:c7:cb:75:f5:38:3c:f4:4f:
         d4:03:f6:c5:e6:76:03:11:f6:96:76:ae:47:ef:b4:e5:8b:a5:
         85:f5:1e:00:10:6d:ad:cd:c2:44:2c:a1:76:3d:a8:92:ee:c3:
         57:88:25:f7:a7:e5:50:6a:cc:b1:56:ba:00:b8:d7:21:23:4d:
         42:4c:f9:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzqQzBnd6akTYh1SixaSLvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTA4MTgwODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGNkODk1ZTViYmZmYWQwMzlhN2UyMjY5MWUyY2YwNGZlZmJiYjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyDsHDkk0oBYz8mIBpruRvZBTxla
h2fgZ+E6uuAhsmrdiXB/WsVSn1uJJSbaP84+MTspw2EHjN5Kl1K4IEG5RPa07kYU
q0Ur1EhdoEr+U3bSLGBNGLcxhdrNZUn9A3FoYKZ3hL/tqVnXPo+zUt+JXamWgOn2
3S5MCcrfpnShch0VnVHdara/Hjlm8DIb3xORJNU1kSe1SpCUaBCW0ShP/syqLzjY
mqZ6+QZgl5LJe0rH9gcmxxO3Kc5V+gMVaSTI7WNeGXI02CFG5lHVLlygoGRNUTde
nMPI4V4cqKx45CKmIddgjo93grRvjrjOf+Z5uX1LOP8dzSXPoJJZLmwiIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB3NiV5bv/rQOafiJpHizwT++7tSMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvSGMySlhsdV8tdEE1cC1JbWtlTFBCUDc3dTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBWSgWAwQA
WSgZMA0GCSqGSIb3DQEBCwUAA4IBAQC4a39aFxxdOxozEOaDnQ3e7b9ES649xIgk
u7vd352qqEDBz9Dt8+C/0y5jvpr+ZEsBCPH2gr6tMKlYywzoHMoTQcoPTxz+0Hcw
Wa4TVZMZ/FeI+E+0BHWrkeg4db4W34n5ovqDJIoBjfiNLZcJ4LfyGiQ8M+L2BlkQ
QIxL44EyOPfsw0/r3ljAiTrB5Crf6FtWXQF8om2Gs8JGw3m+rYSdrHGwtkgKG5aS
ttSMIoR6AWwyu8zRCOYimDOMkPQ3x8t19Tg89E/UA/bF5nYDEfaWdq5H77Tli6WF
9R4AEG2tzcJELKF2PaiS7sNXiCX3p+VQasyxVroAuNchI01CTPmj
-----END CERTIFICATE-----