Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/sh3nf_nGdks8JWQh7FW8iC7EIUQ.roa
File:                     sh3nf_nGdks8JWQh7FW8iC7EIUQ.roa (raw, json)
Hash identifier:          ehrLBrdlvej8R+tlB7+lo35JcEhfDbs29RZM2Lb8vI4=
Subject key identifier:   B2:1D:E7:7F:F9:C6:76:4B:3C:25:64:21:EC:55:BC:88:2E:C4:21:44
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94E01A150007EAB594F514E9F276689
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/sh3nf_nGdks8JWQh7FW8iC7EIUQ.roa
Signing time:             Tue 02 Jan 2024 08:33:01 +0000
ROA not before:           Tue 02 Jan 2024 08:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39669
IP address blocks:        89.44.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:01:a1:50:00:7e:ab:59:4f:51:4e:9f:27:66:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b21de77ff9c6764b3c256421ec55bc882ec42144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:02:22:31:69:53:34:3b:f0:b5:14:f3:07:e1:
                    da:be:52:17:c9:06:2f:c4:50:c8:2a:c9:b7:6f:e8:
                    88:a3:8b:a6:40:06:8a:21:4b:64:13:b7:36:92:d1:
                    32:c1:18:7f:b3:9f:a3:ab:2f:80:01:81:b9:d0:62:
                    36:57:8a:05:27:5f:78:5e:f7:ac:cd:19:2b:f7:8c:
                    ab:16:39:c7:66:56:9e:36:18:de:f6:df:9c:6c:ef:
                    6b:1d:d8:09:70:33:ac:92:60:49:2c:8f:3d:cc:94:
                    a3:57:b7:1f:17:5a:2e:01:0a:d9:dd:10:19:c7:74:
                    57:85:a8:fc:c1:ee:1b:3e:23:c9:ae:ff:83:13:74:
                    82:fc:98:2f:9c:0c:15:38:31:55:7d:71:ee:03:2d:
                    de:57:c6:ee:aa:98:bc:58:34:05:42:0f:c4:ef:e0:
                    0b:e9:f5:37:47:b5:b4:2f:60:69:78:ad:74:5a:2c:
                    5b:af:1d:83:9e:a3:d9:72:63:f9:3c:21:7e:38:3f:
                    ce:72:ec:51:d9:07:bf:82:cd:c4:34:b2:71:e2:c7:
                    8f:e5:d0:92:cf:2b:95:e4:bc:9c:af:28:2f:ae:de:
                    4d:06:c4:af:4f:7c:df:28:61:75:24:e6:62:54:44:
                    63:e8:45:24:29:ae:e1:f5:c6:b6:0a:65:c6:51:c2:
                    9b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:1D:E7:7F:F9:C6:76:4B:3C:25:64:21:EC:55:BC:88:2E:C4:21:44
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/sh3nf_nGdks8JWQh7FW8iC7EIUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:b2:fb:a6:b0:70:1d:7e:2c:98:68:b2:0f:91:f2:c2:9b:7d:
         f2:fd:0b:5d:a8:13:d8:3b:c0:62:e7:d4:38:aa:0b:d3:f3:7a:
         cb:8d:3c:a7:40:ca:ad:69:d0:62:61:47:85:17:c7:e6:e9:94:
         e6:f0:93:5c:7d:c1:bb:30:26:c0:43:87:7c:c2:3d:66:6f:f3:
         bc:15:40:ba:a4:6e:77:58:4a:3a:38:9d:c6:68:4e:c4:4b:a1:
         5f:2d:50:d7:a6:ec:67:3c:be:18:19:63:36:11:e0:53:11:a4:
         39:f2:32:da:53:a1:1f:6a:e2:17:d7:7c:66:9e:22:d7:a9:fd:
         cf:a1:11:17:4d:3d:2e:da:c2:87:ec:49:a1:eb:15:fb:11:b9:
         52:32:ea:11:0e:d3:e9:e3:ef:09:84:20:8b:72:73:b1:26:83:
         fc:50:d5:c0:ed:b2:19:e1:46:46:7d:d9:29:85:0c:50:84:06:
         35:08:1c:94:31:d9:db:f2:79:02:26:7d:55:15:47:51:0a:c9:
         98:47:85:fa:16:af:40:8c:44:92:41:6f:76:0b:35:69:c3:8f:
         64:0d:8e:df:74:33:84:57:67:77:50:ef:7e:58:34:47:5c:18:
         ab:75:0d:5a:21:9a:a2:09:9f:d6:49:56:e5:54:0d:87:65:37:
         d8:1a:6d:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgGhUAB+q1lPUU6fJ2aJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjFkZTc3ZmY5YzY3NjRiM2MyNTY0MjFlYzU1YmM4ODJlYzQyMTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIiMWlTNDvwtRTzB+HavlIXyQYv
xFDIKsm3b+iIo4umQAaKIUtkE7c2ktEywRh/s5+jqy+AAYG50GI2V4oFJ194Xves
zRkr94yrFjnHZlaeNhje9t+cbO9rHdgJcDOskmBJLI89zJSjV7cfF1ouAQrZ3RAZ
x3RXhaj8we4bPiPJrv+DE3SC/JgvnAwVODFVfXHuAy3eV8buqpi8WDQFQg/E7+AL
6fU3R7W0L2BpeK10Wixbrx2DnqPZcmP5PCF+OD/OcuxR2Qe/gs3ENLJx4seP5dCS
zyuV5Lycrygvrt5NBsSvT3zfKGF1JOZiVERj6EUkKa7h9ca2CmXGUcKbPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLId53/5xnZLPCVkIexVvIguxCFEMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvc2gzbmZfbkdka3M4SldRaDdGVzhpQzdFSVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSzgMA0G
CSqGSIb3DQEBCwUAA4IBAQBFsvumsHAdfiyYaLIPkfLCm33y/QtdqBPYO8Bi59Q4
qgvT83rLjTynQMqtadBiYUeFF8fm6ZTm8JNcfcG7MCbAQ4d8wj1mb/O8FUC6pG53
WEo6OJ3GaE7ES6FfLVDXpuxnPL4YGWM2EeBTEaQ58jLaU6EfauIX13xmniLXqf3P
oREXTT0u2sKH7Emh6xX7EblSMuoRDtPp4+8JhCCLcnOxJoP8UNXA7bIZ4UZGfdkp
hQxQhAY1CByUMdnb8nkCJn1VFUdRCsmYR4X6Fq9AjESSQW92CzVpw49kDY7fdDOE
V2d3UO9+WDRHXBirdQ1aIZqiCZ/WSVblVA2HZTfYGm1d
-----END CERTIFICATE-----