Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/JwisEij_9tx3K0ShtHS7qULcuHA.roa
File:                     JwisEij_9tx3K0ShtHS7qULcuHA.roa (raw, json)
Hash identifier:          SmR9WN7nwTeW0U5Hj2t92dLKfAxZzX7t8+6FghgK0dg=
Subject key identifier:   27:08:AC:12:28:FF:F6:DC:77:2B:44:A1:B4:74:BB:A9:42:DC:B8:70
Certificate issuer:       /CN=b53005619688efbaffd06e108a43bdf20643e0d6
Certificate serial:       018CF2A7EE24F6374FBE5D186C7A3EFD5D21
Authority key identifier: B5:30:05:61:96:88:EF:BA:FF:D0:6E:10:8A:43:BD:F2:06:43:E0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tTAFYZaI77r_0G4QikO98gZD4NY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/JwisEij_9tx3K0ShtHS7qULcuHA.roa
Signing time:             Wed 10 Jan 2024 09:15:40 +0000
ROA not before:           Wed 10 Jan 2024 09:15:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        89.186.51.0/24 maxlen: 24
                          89.186.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/tTAFYZaI77r_0G4QikO98gZD4NY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/tTAFYZaI77r_0G4QikO98gZD4NY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tTAFYZaI77r_0G4QikO98gZD4NY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f2:a7:ee:24:f6:37:4f:be:5d:18:6c:7a:3e:fd:5d:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b53005619688efbaffd06e108a43bdf20643e0d6
        Validity
            Not Before: Jan 10 09:15:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2708ac1228fff6dc772b44a1b474bba942dcb870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:57:6c:f0:95:13:4a:f8:b1:70:c7:f3:77:3e:
                    f0:52:1b:1f:86:9e:8f:f0:cf:c6:bc:a9:ba:99:29:
                    52:78:e3:8e:55:09:36:67:f9:b1:5a:b0:b5:9f:8c:
                    54:a5:75:a6:2c:49:bf:f9:0b:5d:cd:8d:b1:67:a2:
                    f4:69:8a:56:b1:5b:e8:98:29:ec:83:f5:7b:3b:6d:
                    9c:53:d9:ed:a3:8b:52:8d:3d:ae:76:75:53:2d:60:
                    f2:61:82:55:32:66:20:62:98:a9:f1:93:91:ed:0a:
                    4a:16:c2:36:3a:ab:a7:33:76:33:69:39:9b:04:c6:
                    95:43:98:e5:c2:4a:8b:3a:00:ed:b1:50:8e:b4:dc:
                    97:69:80:d8:04:47:7c:5d:49:1e:06:bc:6a:d3:7f:
                    6a:be:4b:c4:16:1d:b3:48:15:78:ac:91:bb:79:01:
                    c1:3e:22:ff:57:3a:b6:bf:20:5d:7c:91:e6:9d:6d:
                    b6:05:43:0d:04:fa:c6:91:47:b8:44:f1:b0:bb:4f:
                    fd:a5:82:a6:90:92:38:4f:6c:83:0f:58:9c:3b:84:
                    ce:1a:e5:6f:55:a9:f3:3b:83:19:4f:84:97:fd:1c:
                    16:bb:28:55:69:5a:eb:32:c1:ae:49:85:3e:93:f3:
                    b2:71:6a:3b:44:51:0e:d6:0a:d6:c5:88:95:5b:63:
                    21:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:08:AC:12:28:FF:F6:DC:77:2B:44:A1:B4:74:BB:A9:42:DC:B8:70
            X509v3 Authority Key Identifier:
                keyid:B5:30:05:61:96:88:EF:BA:FF:D0:6E:10:8A:43:BD:F2:06:43:E0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tTAFYZaI77r_0G4QikO98gZD4NY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/JwisEij_9tx3K0ShtHS7qULcuHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/tTAFYZaI77r_0G4QikO98gZD4NY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.186.51.0-89.186.52.255

    Signature Algorithm: sha256WithRSAEncryption
         3e:25:00:80:65:4c:f3:73:c1:95:ed:d2:a3:74:71:84:9c:a6:
         ce:a4:9e:70:21:f0:f8:26:48:2e:83:42:cb:1a:72:fd:26:73:
         03:10:84:cb:31:2d:ce:fd:42:0d:5d:73:07:6c:91:98:64:5e:
         c7:0c:9b:ce:bc:dd:69:2b:fb:ea:ed:89:30:75:78:06:43:04:
         69:57:20:d6:19:fb:06:97:0f:65:9a:a4:b5:4f:bc:64:c2:7a:
         4d:fa:87:67:13:6e:3f:db:84:ec:8b:25:14:9c:18:3f:01:e9:
         cc:80:56:d1:21:9f:78:e0:b0:d6:af:16:fe:79:8b:32:72:88:
         4f:41:8a:56:11:09:d6:32:50:09:e5:e9:e2:2f:96:85:d5:ff:
         70:f5:f5:09:3b:78:74:4a:c1:32:de:37:bb:e0:bc:fe:e9:7f:
         58:5d:de:ef:2c:68:a4:7b:7a:7c:57:bf:87:00:5a:94:86:98:
         d4:f4:a2:09:29:1e:6b:ba:94:06:f0:7d:35:54:71:53:34:75:
         c4:71:27:43:6c:11:af:79:eb:38:45:6c:ed:bb:fb:87:3b:b9:
         c7:64:61:da:b3:dc:66:4e:9e:8f:bc:b1:04:d6:69:eb:68:36:
         d8:87:c4:45:df:6b:2d:3b:26:03:80:74:0d:87:4b:23:80:a6:
         c1:91:40:90
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzyp+4k9jdPvl0YbHo+/V0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MzAwNTYxOTY4OGVmYmFmZmQwNmUxMDhhNDNiZGYyMDY0
M2UwZDYwHhcNMjQwMTEwMDkxNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzA4YWMxMjI4ZmZmNmRjNzcyYjQ0YTFiNDc0YmJhOTQyZGNiODcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1ds8JUTSvixcMfzdz7wUhsfhp6P
8M/GvKm6mSlSeOOOVQk2Z/mxWrC1n4xUpXWmLEm/+QtdzY2xZ6L0aYpWsVvomCns
g/V7O22cU9nto4tSjT2udnVTLWDyYYJVMmYgYpip8ZOR7QpKFsI2OqunM3YzaTmb
BMaVQ5jlwkqLOgDtsVCOtNyXaYDYBEd8XUkeBrxq039qvkvEFh2zSBV4rJG7eQHB
PiL/Vzq2vyBdfJHmnW22BUMNBPrGkUe4RPGwu0/9pYKmkJI4T2yDD1icO4TOGuVv
VanzO4MZT4SX/RwWuyhVaVrrMsGuSYU+k/OycWo7RFEO1grWxYiVW2MhIQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCcIrBIo//bcdytEobR0u6lC3LhwMB8GA1UdIwQY
MBaAFLUwBWGWiO+6/9BuEIpDvfIGQ+DWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFRBRllaYUk3N3JfMEc0UWlrTzk4Z1pENE5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy85OTVmYmQtOTFmYi00M2JiLThmMjYt
Y2Q0YmQ0NDI3NWM1LzEvSndpc0Vpal85dHgzSzBTaHRIUzdxVUxjdUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy85OTVmYmQtOTFmYi00M2JiLThmMjYtY2Q0YmQ0NDI3NWM1
LzEvdFRBRllaYUk3N3JfMEc0UWlrTzk4Z1pENE5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABZujMD
BABZujQwDQYJKoZIhvcNAQELBQADggEBAD4lAIBlTPNzwZXt0qN0cYScps6knnAh
8PgmSC6DQssacv0mcwMQhMsxLc79Qg1dcwdskZhkXscMm8683Wkr++rtiTB1eAZD
BGlXINYZ+waXD2WapLVPvGTCek36h2cTbj/bhOyLJRScGD8B6cyAVtEhn3jgsNav
Fv55izJyiE9BilYRCdYyUAnl6eIvloXV/3D19Qk7eHRKwTLeN7vgvP7pf1hd3u8s
aKR7enxXv4cAWpSGmNT0ogkpHmu6lAbwfTVUcVM0dcRxJ0NsEa956zhFbO27+4c7
ucdkYdqz3GZOno+8sQTWaetoNtiHxEXfay07JgOAdA2HSyOApsGRQJA=
-----END CERTIFICATE-----