Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/hXAZ34CkR8YM0uf9Hy7JRv5PKa8.roa
File:                     hXAZ34CkR8YM0uf9Hy7JRv5PKa8.roa (raw, json)
Hash identifier:          6SHst5vb2O80ptygFwmcw8Sd8IxFA2B+395m8i6cqCI=
Subject key identifier:   85:70:19:DF:80:A4:47:C6:0C:D2:E7:FD:1F:2E:C9:46:FE:4F:29:AF
Certificate issuer:       /CN=b53005619688efbaffd06e108a43bdf20643e0d6
Certificate serial:       018CF2A7ED84C46D81827156B629BA7CD9BA
Authority key identifier: B5:30:05:61:96:88:EF:BA:FF:D0:6E:10:8A:43:BD:F2:06:43:E0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tTAFYZaI77r_0G4QikO98gZD4NY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/hXAZ34CkR8YM0uf9Hy7JRv5PKa8.roa
Signing time:             Wed 10 Jan 2024 09:15:40 +0000
ROA not before:           Wed 10 Jan 2024 09:15:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        89.186.51.0/24 maxlen: 24
                          89.186.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/tTAFYZaI77r_0G4QikO98gZD4NY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/tTAFYZaI77r_0G4QikO98gZD4NY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tTAFYZaI77r_0G4QikO98gZD4NY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f2:a7:ed:84:c4:6d:81:82:71:56:b6:29:ba:7c:d9:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b53005619688efbaffd06e108a43bdf20643e0d6
        Validity
            Not Before: Jan 10 09:15:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=857019df80a447c60cd2e7fd1f2ec946fe4f29af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e0:ce:fe:63:0c:da:a6:bc:dc:3b:8d:e4:e9:
                    5e:8c:c6:f8:72:4f:a2:af:5d:44:f2:d4:02:14:5a:
                    76:af:dc:0a:bb:89:ba:39:6e:62:41:8c:16:ea:f2:
                    f9:46:77:b2:58:8a:6e:b1:b6:29:fd:5b:f9:23:da:
                    d5:9c:ca:08:3b:f0:f8:94:c1:5c:3f:4a:38:dd:f7:
                    bc:f1:67:75:fc:3e:69:40:08:52:2b:30:55:f0:75:
                    9b:50:a3:9d:3e:49:8a:3c:52:cc:13:03:89:ee:7e:
                    ec:3e:c9:ef:f9:4b:9b:dc:24:fb:ef:ba:ec:35:55:
                    e9:ab:c4:47:31:b9:cc:9c:95:e7:d2:d7:0e:06:0a:
                    6d:69:0b:4a:a9:4f:f6:35:6d:45:ab:0a:e8:58:f9:
                    6c:aa:54:79:b1:28:10:1c:46:47:ad:05:53:cb:2d:
                    bb:ad:af:d6:30:fc:3d:74:c9:13:92:4c:8c:26:0b:
                    0b:fa:68:50:95:a4:16:36:b6:ff:ec:e8:52:ae:90:
                    dd:53:8e:e4:c4:87:26:b8:9a:03:ef:13:ac:10:dc:
                    66:06:25:93:ea:bf:2a:87:3a:3c:8f:8d:f0:67:d7:
                    3e:a5:a7:18:e8:a5:fd:84:51:e0:c2:21:83:6b:84:
                    1b:5e:5e:e5:c0:bf:e7:ac:2f:a2:92:35:d8:c2:c2:
                    51:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:70:19:DF:80:A4:47:C6:0C:D2:E7:FD:1F:2E:C9:46:FE:4F:29:AF
            X509v3 Authority Key Identifier:
                keyid:B5:30:05:61:96:88:EF:BA:FF:D0:6E:10:8A:43:BD:F2:06:43:E0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tTAFYZaI77r_0G4QikO98gZD4NY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/hXAZ34CkR8YM0uf9Hy7JRv5PKa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/tTAFYZaI77r_0G4QikO98gZD4NY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.186.51.0-89.186.52.255

    Signature Algorithm: sha256WithRSAEncryption
         6c:41:60:5c:d8:54:92:c4:78:f7:e1:12:47:5d:69:a4:51:fa:
         8f:18:f8:a1:42:02:df:5e:ae:ab:1a:8a:3f:ab:55:99:92:cb:
         5b:f5:25:29:54:e6:81:43:dc:32:d2:89:37:77:c4:1f:9e:68:
         8e:7e:31:73:6d:18:b9:e2:2b:5c:7f:38:a3:5e:d7:7a:6d:ba:
         6a:6f:01:01:86:91:8d:9f:95:11:ba:88:46:ed:86:02:02:16:
         cc:3b:57:38:2d:b0:be:aa:01:6f:4d:b7:09:7e:50:d3:84:07:
         3d:ea:cc:64:c1:6a:6f:8c:80:4c:e4:73:f8:bb:a7:6f:2d:ca:
         f9:aa:48:72:56:42:fd:1c:29:06:61:ff:94:a2:b7:f6:1f:54:
         5e:ad:57:e6:56:a4:87:94:a7:e0:e3:b2:f2:35:48:49:3c:20:
         4c:9f:8f:2d:5d:46:29:ac:7e:3e:7e:76:0d:20:0f:b2:07:ff:
         6f:b5:27:ec:7b:46:48:2e:ff:f2:07:5f:65:02:75:76:63:ac:
         31:82:5f:10:50:58:54:ca:e9:9d:22:98:c9:e0:92:69:09:ae:
         04:ba:26:e6:60:a6:70:c5:43:8b:ee:60:d7:8c:27:6c:f6:f5:
         39:45:d6:c2:0a:ba:54:7b:d1:2f:7f:8e:16:91:6d:0f:1a:78:
         67:a2:6c:71
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzyp+2ExG2BgnFWtim6fNm6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MzAwNTYxOTY4OGVmYmFmZmQwNmUxMDhhNDNiZGYyMDY0
M2UwZDYwHhcNMjQwMTEwMDkxNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTcwMTlkZjgwYTQ0N2M2MGNkMmU3ZmQxZjJlYzk0NmZlNGYyOWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeDO/mMM2qa83DuN5OlejMb4ck+i
r11E8tQCFFp2r9wKu4m6OW5iQYwW6vL5RneyWIpusbYp/Vv5I9rVnMoIO/D4lMFc
P0o43fe88Wd1/D5pQAhSKzBV8HWbUKOdPkmKPFLMEwOJ7n7sPsnv+Uub3CT777rs
NVXpq8RHMbnMnJXn0tcOBgptaQtKqU/2NW1FqwroWPlsqlR5sSgQHEZHrQVTyy27
ra/WMPw9dMkTkkyMJgsL+mhQlaQWNrb/7OhSrpDdU47kxIcmuJoD7xOsENxmBiWT
6r8qhzo8j43wZ9c+pacY6KX9hFHgwiGDa4QbXl7lwL/nrC+ikjXYwsJRUQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIVwGd+ApEfGDNLn/R8uyUb+TymvMB8GA1UdIwQY
MBaAFLUwBWGWiO+6/9BuEIpDvfIGQ+DWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFRBRllaYUk3N3JfMEc0UWlrTzk4Z1pENE5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy85OTVmYmQtOTFmYi00M2JiLThmMjYt
Y2Q0YmQ0NDI3NWM1LzEvaFhBWjM0Q2tSOFlNMHVmOUh5N0pSdjVQS2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy85OTVmYmQtOTFmYi00M2JiLThmMjYtY2Q0YmQ0NDI3NWM1
LzEvdFRBRllaYUk3N3JfMEc0UWlrTzk4Z1pENE5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABZujMD
BABZujQwDQYJKoZIhvcNAQELBQADggEBAGxBYFzYVJLEePfhEkddaaRR+o8Y+KFC
At9erqsaij+rVZmSy1v1JSlU5oFD3DLSiTd3xB+eaI5+MXNtGLniK1x/OKNe13pt
umpvAQGGkY2flRG6iEbthgICFsw7VzgtsL6qAW9Ntwl+UNOEBz3qzGTBam+MgEzk
c/i7p28tyvmqSHJWQv0cKQZh/5Sit/YfVF6tV+ZWpIeUp+DjsvI1SEk8IEyfjy1d
Rimsfj5+dg0gD7IH/2+1J+x7Rkgu//IHX2UCdXZjrDGCXxBQWFTK6Z0imMngkmkJ
rgS6JuZgpnDFQ4vuYNeMJ2z29TlF1sIKulR70S9/jhaRbQ8aeGeibHE=
-----END CERTIFICATE-----