Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/DZjCx5tlGtxdBugrTXCCMMcZt9o.roa
File:                     DZjCx5tlGtxdBugrTXCCMMcZt9o.roa (raw, json)
Hash identifier:          91jc66rHRo6GzinXguT2Zoki9gP8c4Zep29Hz3ZCHZ8=
Subject key identifier:   0D:98:C2:C7:9B:65:1A:DC:5D:06:E8:2B:4D:70:82:30:C7:19:B7:DA
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       018D2389D4346CCEB240D73D3C058E0FDBD3
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/DZjCx5tlGtxdBugrTXCCMMcZt9o.roa
Signing time:             Fri 19 Jan 2024 21:04:11 +0000
ROA not before:           Fri 19 Jan 2024 21:04:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199458
IP address blocks:        94.137.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:23:89:d4:34:6c:ce:b2:40:d7:3d:3c:05:8e:0f:db:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jan 19 21:04:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d98c2c79b651adc5d06e82b4d708230c719b7da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:31:3d:04:91:fa:5d:25:b4:98:53:73:dc:68:
                    c3:b1:44:6c:35:eb:1a:25:d3:52:ab:c1:65:c3:09:
                    23:c0:35:44:01:01:76:2b:4b:50:62:ba:df:b0:9a:
                    8a:67:34:d7:6c:84:83:3e:87:5c:52:c1:3e:e2:3a:
                    03:a5:d4:96:ce:f9:1b:ab:a4:78:5d:0a:bf:9b:91:
                    94:40:c7:aa:55:55:bc:5d:c0:c9:82:7e:e2:c3:f9:
                    49:66:a1:d1:c0:0d:d8:3f:65:da:5d:40:a7:37:73:
                    17:2e:45:b0:06:b0:59:08:83:37:43:d7:ce:e3:ba:
                    97:30:04:80:5f:8b:82:36:4c:5a:14:91:75:f2:ba:
                    ba:9c:b2:9d:09:f1:25:b5:46:d7:c9:a8:54:49:a8:
                    31:44:54:a1:89:d8:88:29:37:0b:e5:ef:06:89:98:
                    f6:ba:77:1e:eb:7f:99:e5:b1:84:e0:cf:b0:d0:43:
                    2c:09:5a:b3:a1:a5:a8:d1:16:61:d8:f8:4d:3e:50:
                    ec:eb:6e:18:b5:87:7b:4e:c6:e2:52:bd:92:6f:1d:
                    1f:63:ec:76:d3:c6:9d:bf:f4:83:87:d0:96:cf:98:
                    b0:2c:7d:84:f4:2d:79:77:38:b5:a5:ef:ef:de:5a:
                    72:ff:db:a7:69:73:68:cc:18:8f:5f:77:f9:3a:9a:
                    f7:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:98:C2:C7:9B:65:1A:DC:5D:06:E8:2B:4D:70:82:30:C7:19:B7:DA
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/DZjCx5tlGtxdBugrTXCCMMcZt9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.137.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:ef:c9:a6:af:b0:53:66:2f:72:78:2d:57:18:1e:b3:a3:dd:
         1c:c2:20:df:a1:29:51:70:d4:2e:36:41:1d:e1:27:21:55:a1:
         0f:c5:a4:08:ed:d9:83:03:3b:7b:08:f2:0d:66:b0:23:41:01:
         4e:e2:a4:06:fe:d0:73:e3:aa:01:75:b1:96:79:e0:ce:8b:c3:
         8a:b9:39:bd:77:6d:a8:67:0d:94:1b:c4:c6:e6:3e:cc:2b:d0:
         fa:27:58:39:8a:55:5e:b9:02:f7:26:a6:94:24:ab:26:77:ec:
         52:d8:78:93:f9:19:67:e0:a3:03:67:4e:fb:81:52:de:b8:cd:
         f3:00:51:b3:4a:b1:e5:e3:12:c8:db:aa:1c:02:0a:20:7c:27:
         20:18:b0:8a:ab:21:4a:f0:a8:a6:ba:cc:0b:cb:d8:24:f0:ae:
         34:7a:a3:4a:33:f7:5c:10:cf:73:64:33:f6:8e:9d:88:8b:fd:
         e7:8d:cc:f4:7d:51:20:ed:2b:fe:3b:63:d8:27:b6:fc:34:58:
         dd:d9:89:6f:50:65:69:03:1e:1d:b9:cb:ba:07:5a:eb:4e:28:
         fb:43:7a:8a:d1:95:4f:a8:90:76:af:e5:c8:9d:69:42:65:fd:
         6b:a2:c0:17:3d:0e:cd:67:0c:c4:04:25:55:ce:fe:70:8b:06:
         36:0e:0f:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0jidQ0bM6yQNc9PAWOD9vTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjQwMTE5MjEwNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDk4YzJjNzliNjUxYWRjNWQwNmU4MmI0ZDcwODIzMGM3MTliN2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozE9BJH6XSW0mFNz3GjDsURsNesa
JdNSq8FlwwkjwDVEAQF2K0tQYrrfsJqKZzTXbISDPodcUsE+4joDpdSWzvkbq6R4
XQq/m5GUQMeqVVW8XcDJgn7iw/lJZqHRwA3YP2XaXUCnN3MXLkWwBrBZCIM3Q9fO
47qXMASAX4uCNkxaFJF18rq6nLKdCfEltUbXyahUSagxRFShidiIKTcL5e8GiZj2
unce63+Z5bGE4M+w0EMsCVqzoaWo0RZh2PhNPlDs624YtYd7TsbiUr2Sbx0fY+x2
08adv/SDh9CWz5iwLH2E9C15dzi1pe/v3lpy/9unaXNozBiPX3f5Opr3RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2YwsebZRrcXQboK01wgjDHGbfaMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvRFpqQ3g1dGxHdHhkQnVnclRYQ0NNTWNadDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXolKMA0G
CSqGSIb3DQEBCwUAA4IBAQAf78mmr7BTZi9yeC1XGB6zo90cwiDfoSlRcNQuNkEd
4SchVaEPxaQI7dmDAzt7CPINZrAjQQFO4qQG/tBz46oBdbGWeeDOi8OKuTm9d22o
Zw2UG8TG5j7MK9D6J1g5ilVeuQL3JqaUJKsmd+xS2HiT+Rln4KMDZ077gVLeuM3z
AFGzSrHl4xLI26ocAgogfCcgGLCKqyFK8KimuswLy9gk8K40eqNKM/dcEM9zZDP2
jp2Ii/3njcz0fVEg7Sv+O2PYJ7b8NFjd2YlvUGVpAx4ducu6B1rrTij7Q3qK0ZVP
qJB2r+XInWlCZf1rosAXPQ7NZwzEBCVVzv5wiwY2Dg+3
-----END CERTIFICATE-----