Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/bSKT2MCA_M7qJHOiW4ucyAHsHFM.roa
File:                     bSKT2MCA_M7qJHOiW4ucyAHsHFM.roa (raw, json)
Hash identifier:          q/ouXvQxioEERidFIndLeBbWbz5eUw/WW1LmTk1RXDk=
Subject key identifier:   6D:22:93:D8:C0:80:FC:CE:EA:24:73:A2:5B:8B:9C:C8:01:EC:1C:53
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94E02A08608B4F25735A4BA2F4DA12D
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/bSKT2MCA_M7qJHOiW4ucyAHsHFM.roa
Signing time:             Tue 02 Jan 2024 08:33:01 +0000
ROA not before:           Tue 02 Jan 2024 08:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41151
IP address blocks:        89.43.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 06:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:02:a0:86:08:b4:f2:57:35:a4:ba:2f:4d:a1:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d2293d8c080fcceea2473a25b8b9cc801ec1c53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:95:07:5a:86:11:7d:d7:8e:c7:d9:a0:e4:3c:
                    cf:8b:89:e5:23:cf:e8:81:9b:c9:4b:4f:07:a6:40:
                    41:c7:2b:bb:89:bc:39:35:ff:dd:89:9a:49:37:c0:
                    9a:dc:e3:34:b2:bc:18:87:e6:16:71:c3:9a:9c:8b:
                    37:d1:80:13:ec:44:78:02:b7:ee:4b:84:1d:c8:37:
                    2d:ca:91:29:cd:78:6e:02:15:36:71:b6:a8:17:17:
                    d0:27:1c:f4:72:7a:9b:3d:77:88:78:6d:cb:09:0a:
                    d2:be:cd:12:87:07:0d:ae:cb:b1:bc:a5:3c:d6:a8:
                    1b:e7:3e:eb:4b:5b:ea:fb:ef:cd:13:55:74:7c:73:
                    c5:b7:33:62:87:69:60:5e:d6:fd:e3:69:e1:d6:81:
                    f3:c7:ba:4a:24:cf:f4:f9:b6:ad:d2:0f:bb:46:b8:
                    14:95:c5:61:95:33:bb:c5:46:42:12:39:46:97:97:
                    75:e8:1d:fc:79:ab:f2:bc:bd:10:22:0f:eb:06:81:
                    e0:dc:55:10:5c:a0:c2:b2:c8:35:e3:c0:a9:16:28:
                    e0:c6:ea:07:d0:84:fb:b0:ba:24:c7:28:0f:94:c1:
                    fc:76:00:f1:d7:86:ee:68:54:b9:d9:0b:dd:18:d7:
                    7b:89:9f:d3:31:71:e5:5a:40:71:3a:52:4c:36:3e:
                    73:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:22:93:D8:C0:80:FC:CE:EA:24:73:A2:5B:8B:9C:C8:01:EC:1C:53
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/bSKT2MCA_M7qJHOiW4ucyAHsHFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:71:8a:7c:b7:d5:5a:0a:2f:8c:c9:75:00:17:8f:2b:8e:00:
         ba:ad:bc:be:14:e3:7b:f3:84:30:32:70:47:25:21:74:8e:5c:
         72:9a:a9:af:a3:7e:2a:ba:b2:f1:e6:bb:e4:ca:23:2f:23:3b:
         00:44:b6:ab:a2:7b:46:00:d7:54:d6:13:49:de:4e:ed:9b:a5:
         8f:36:ca:e9:85:07:de:26:dc:9e:34:49:cb:c6:dc:96:23:e5:
         7c:3f:6f:ff:7a:1c:20:b8:da:50:66:cc:18:b7:f7:41:ad:a5:
         f6:4f:7b:ed:e1:73:23:cf:76:55:23:a7:c2:24:89:1b:fe:ac:
         71:c7:94:7e:7e:23:ad:df:f7:83:36:7f:d4:7c:04:02:d6:b4:
         70:76:f3:64:b3:4b:e6:1f:d7:c3:dd:ab:d8:99:b7:6a:d4:3a:
         ec:a4:9b:c4:eb:4a:b1:60:95:54:63:00:0f:cf:ff:38:fa:ee:
         2c:5a:c0:65:9c:a3:aa:70:cf:b9:15:06:55:d2:75:e0:eb:a9:
         fd:e2:61:37:fe:29:42:2a:2f:ea:af:f2:3a:01:51:82:ae:e2:
         74:b0:36:f8:77:41:20:88:b1:08:6c:b5:43:82:76:bf:5f:3d:
         8a:e2:17:8b:8f:ed:a9:d3:3d:b2:3f:53:79:32:7b:92:ab:c8:
         2b:80:80:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgKghgi08lc1pLovTaEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDIyOTNkOGMwODBmY2NlZWEyNDczYTI1YjhiOWNjODAxZWMxYzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpUHWoYRfdeOx9mg5DzPi4nlI8/o
gZvJS08HpkBBxyu7ibw5Nf/diZpJN8Ca3OM0srwYh+YWccOanIs30YAT7ER4Arfu
S4QdyDctypEpzXhuAhU2cbaoFxfQJxz0cnqbPXeIeG3LCQrSvs0ShwcNrsuxvKU8
1qgb5z7rS1vq++/NE1V0fHPFtzNih2lgXtb942nh1oHzx7pKJM/0+bat0g+7RrgU
lcVhlTO7xUZCEjlGl5d16B38eavyvL0QIg/rBoHg3FUQXKDCssg148CpFijgxuoH
0IT7sLokxygPlMH8dgDx14buaFS52QvdGNd7iZ/TMXHlWkBxOlJMNj5zXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0ik9jAgPzO6iRzoluLnMgB7BxTMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvYlNLVDJNQ0FfTTdxSkhPaVc0dWN5QUhzSEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWSsQMA0G
CSqGSIb3DQEBCwUAA4IBAQBZcYp8t9VaCi+MyXUAF48rjgC6rby+FON784QwMnBH
JSF0jlxymqmvo34qurLx5rvkyiMvIzsARLarontGANdU1hNJ3k7tm6WPNsrphQfe
JtyeNEnLxtyWI+V8P2//ehwguNpQZswYt/dBraX2T3vt4XMjz3ZVI6fCJIkb/qxx
x5R+fiOt3/eDNn/UfAQC1rRwdvNks0vmH9fD3avYmbdq1DrspJvE60qxYJVUYwAP
z/84+u4sWsBlnKOqcM+5FQZV0nXg66n94mE3/ilCKi/qr/I6AVGCruJ0sDb4d0Eg
iLEIbLVDgna/Xz2K4heLj+2p0z2yP1N5MnuSq8grgIAc
-----END CERTIFICATE-----