Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/BO3srXoIzi8iOsrcv56_NCDYAIQ.roa
File:                     BO3srXoIzi8iOsrcv56_NCDYAIQ.roa (raw, json)
Hash identifier:          ISWSvLF9YcSr/GiWsM1SQ9vnRiLC2Q8DjETRCAy5RRk=
Subject key identifier:   04:ED:EC:AD:7A:08:CE:2F:22:3A:CA:DC:BF:9E:BF:34:20:D8:00:84
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       018CC6B81396BAC3DB01F4F3FD78C8C81EB4
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/BO3srXoIzi8iOsrcv56_NCDYAIQ.roa
Signing time:             Mon 01 Jan 2024 20:30:01 +0000
ROA not before:           Mon 01 Jan 2024 20:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34508
IP address blocks:        89.175.44.0/23 maxlen: 23
                          89.175.58.0/23 maxlen: 23
                          89.175.88.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:13:96:ba:c3:db:01:f4:f3:fd:78:c8:c8:1e:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jan  1 20:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04edecad7a08ce2f223acadcbf9ebf3420d80084
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:b2:a4:66:6a:1f:8d:31:e0:47:fb:0c:59:35:
                    55:08:c3:62:a3:29:30:66:4c:8d:f3:82:98:c7:53:
                    a5:6b:35:20:29:44:ee:21:15:43:77:e1:4f:61:5d:
                    4d:87:c9:a0:4b:d5:d9:ce:5f:88:00:32:57:d8:a6:
                    26:91:88:4a:4f:1a:c2:f6:b9:cf:b2:18:b4:82:57:
                    ca:84:08:34:fe:17:70:49:ed:67:41:1e:b2:30:bd:
                    0b:cd:96:0d:3a:e6:76:5c:a7:70:f8:10:e1:94:a2:
                    da:93:f0:8c:25:41:98:0b:4d:22:90:dd:07:fd:ea:
                    38:e0:aa:1e:d5:c7:33:e6:db:8d:de:e0:07:c8:9b:
                    d0:a0:5f:97:8b:1b:c1:b4:61:03:c7:7c:77:18:01:
                    84:86:88:6b:1a:3d:b6:7d:92:08:22:5f:15:3c:cf:
                    dc:dd:af:25:8a:20:b4:06:f4:0b:5d:9e:0c:8a:07:
                    51:8c:92:e9:c2:65:bd:bf:74:97:6e:63:d4:04:b7:
                    37:ee:89:a4:4a:03:b9:82:11:37:30:f2:27:fd:ad:
                    c7:54:39:a1:f5:28:44:3d:93:ad:eb:58:e6:aa:c5:
                    de:8e:bb:87:19:1a:3e:87:31:35:03:12:31:8f:1d:
                    fe:11:1d:66:c1:66:92:32:47:b9:a3:a8:ad:ab:19:
                    86:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:ED:EC:AD:7A:08:CE:2F:22:3A:CA:DC:BF:9E:BF:34:20:D8:00:84
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/BO3srXoIzi8iOsrcv56_NCDYAIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.175.44.0/23
                  89.175.58.0/23
                  89.175.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:05:2e:8a:39:b9:a5:71:c7:57:8a:6b:a9:55:11:13:91:92:
         04:32:e7:cc:e1:4b:ac:09:96:fd:64:e2:01:c2:bd:86:26:a9:
         c3:41:ac:73:a0:04:1b:f2:aa:bc:fd:23:71:60:8b:69:43:21:
         8e:58:b4:c8:a6:97:21:7b:03:96:1d:4a:2e:bf:d5:28:1a:8e:
         de:ee:e5:a9:af:ee:0c:a2:c0:58:71:a1:e8:6f:1e:67:40:f3:
         05:df:c8:44:97:f4:ae:72:c4:e0:29:57:dd:5c:70:e6:27:35:
         4e:e8:fe:1a:f5:b3:22:61:f1:66:99:eb:1a:c2:66:5d:aa:77:
         1e:26:4f:03:44:fb:fb:e2:ad:c0:eb:91:f5:94:d3:3b:d4:3d:
         2f:f9:5e:ca:c2:ca:6d:cd:c2:cb:07:8a:dc:22:81:ad:b8:9a:
         02:cc:1b:23:64:78:94:06:3b:0b:f8:8b:04:1e:60:90:17:87:
         6e:26:9f:13:6c:3c:27:e3:bb:d2:97:e3:61:82:dc:4b:dc:db:
         1a:b3:58:f1:c0:cd:bb:c1:22:a6:c9:f9:67:7a:ec:ab:9b:f7:
         b2:80:35:83:2d:cd:38:17:95:93:38:6b:2c:48:78:ca:6f:dd:
         4f:ae:22:09:66:49:84:31:90:20:4b:de:2d:46:35:8f:09:92:
         5b:16:d8:b9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuBOWusPbAfTz/XjIyB60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjQwMTAxMjAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGVkZWNhZDdhMDhjZTJmMjIzYWNhZGNiZjllYmYzNDIwZDgwMDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8rKkZmofjTHgR/sMWTVVCMNioykw
ZkyN84KYx1OlazUgKUTuIRVDd+FPYV1Nh8mgS9XZzl+IADJX2KYmkYhKTxrC9rnP
shi0glfKhAg0/hdwSe1nQR6yML0LzZYNOuZ2XKdw+BDhlKLak/CMJUGYC00ikN0H
/eo44Koe1ccz5tuN3uAHyJvQoF+XixvBtGEDx3x3GAGEhohrGj22fZIIIl8VPM/c
3a8liiC0BvQLXZ4MigdRjJLpwmW9v3SXbmPUBLc37omkSgO5ghE3MPIn/a3HVDmh
9ShEPZOt61jmqsXejruHGRo+hzE1AxIxjx3+ER1mwWaSMke5o6itqxmGfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFATt7K16CM4vIjrK3L+evzQg2ACEMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvQk8zc3JYb0l6aThpT3NyY3Y1Nl9OQ0RZQUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBWa8sAwQB
Wa86AwQBWa9YMA0GCSqGSIb3DQEBCwUAA4IBAQBVBS6KObmlccdXimupVRETkZIE
MufM4UusCZb9ZOIBwr2GJqnDQaxzoAQb8qq8/SNxYItpQyGOWLTIppchewOWHUou
v9UoGo7e7uWpr+4MosBYcaHobx5nQPMF38hEl/SucsTgKVfdXHDmJzVO6P4a9bMi
YfFmmesawmZdqnceJk8DRPv74q3A65H1lNM71D0v+V7KwsptzcLLB4rcIoGtuJoC
zBsjZHiUBjsL+IsEHmCQF4duJp8TbDwn47vSl+NhgtxL3Nsas1jxwM27wSKmyfln
euyrm/eygDWDLc04F5WTOGssSHjKb91PriIJZkmEMZAgS94tRjWPCZJbFti5
-----END CERTIFICATE-----