Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/B9LFh0WkD_05GdJWu0jUbDuGB_I.roa
File:                     B9LFh0WkD_05GdJWu0jUbDuGB_I.roa (raw, json)
Hash identifier:          fLqnS9R2WDyYO1iCrEkAkF1cfjweRo/6Rypz16f4VE0=
Subject key identifier:   07:D2:C5:87:45:A4:0F:FD:39:19:D2:56:BB:48:D4:6C:3B:86:07:F2
Certificate issuer:       /CN=5a232ae38a9233ab7fc1b429a5029220afa7b288
Certificate serial:       0190EE90CA4C54E2F768CED5EBBEF90C2877
Authority key identifier: 5A:23:2A:E3:8A:92:33:AB:7F:C1:B4:29:A5:02:92:20:AF:A7:B2:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WiMq44qSM6t_wbQppQKSIK-nsog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/B9LFh0WkD_05GdJWu0jUbDuGB_I.roa
Signing time:             Fri 26 Jul 2024 10:23:04 +0000
ROA not before:           Fri 26 Jul 2024 10:23:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200525
IP address blocks:        80.89.240.0/20 maxlen: 20
                          87.56.64.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/WiMq44qSM6t_wbQppQKSIK-nsog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/WiMq44qSM6t_wbQppQKSIK-nsog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WiMq44qSM6t_wbQppQKSIK-nsog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ee:90:ca:4c:54:e2:f7:68:ce:d5:eb:be:f9:0c:28:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a232ae38a9233ab7fc1b429a5029220afa7b288
        Validity
            Not Before: Jul 26 10:23:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07d2c58745a40ffd3919d256bb48d46c3b8607f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:4e:06:00:a1:6f:88:5c:4c:7d:02:c8:32:84:
                    03:5b:30:c9:0b:36:69:9a:91:34:77:1f:66:87:67:
                    36:2e:af:47:0f:ce:d4:e4:4d:72:72:4c:a1:6f:d2:
                    b2:4b:ae:7c:24:cf:3e:0e:a7:08:db:8f:ae:01:ce:
                    5a:d2:19:c4:e1:37:fa:31:f2:16:7e:fe:3c:f0:ba:
                    1f:d9:ab:ef:df:ee:25:8f:25:7c:ee:e0:2c:6b:8e:
                    7f:ef:7b:58:ab:19:d3:83:7e:82:62:ca:dd:60:0d:
                    2f:9b:e8:e1:2d:39:80:35:ed:27:ab:9e:f8:d6:97:
                    70:8f:97:0a:fd:0e:7a:9e:36:41:86:87:e7:bb:22:
                    16:32:b7:2b:90:cd:50:5b:00:a9:d3:14:29:aa:d1:
                    e8:26:89:74:40:51:ce:53:48:80:68:f5:5e:9e:33:
                    47:02:11:5a:dc:6f:c1:8f:43:0a:e9:9f:75:e8:22:
                    35:4d:e9:95:96:b7:bd:6f:c4:26:24:53:1d:1c:1e:
                    5f:02:b0:47:e8:68:d1:bb:cc:70:7d:ea:ee:54:1a:
                    81:3b:be:f3:58:05:67:8c:95:22:ba:46:1e:8f:39:
                    13:01:88:96:b9:97:2b:42:64:9f:81:ed:b9:88:82:
                    2c:76:a5:9f:25:52:bc:43:3a:6a:d9:96:65:84:4d:
                    91:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D2:C5:87:45:A4:0F:FD:39:19:D2:56:BB:48:D4:6C:3B:86:07:F2
            X509v3 Authority Key Identifier:
                keyid:5A:23:2A:E3:8A:92:33:AB:7F:C1:B4:29:A5:02:92:20:AF:A7:B2:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WiMq44qSM6t_wbQppQKSIK-nsog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/B9LFh0WkD_05GdJWu0jUbDuGB_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/WiMq44qSM6t_wbQppQKSIK-nsog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.89.240.0/20
                  87.56.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5b:dc:73:3d:8a:ac:2e:b1:dd:53:66:a8:df:c7:d2:d6:6c:79:
         ad:ae:5e:c5:5e:60:ec:36:46:77:ea:28:d6:9d:0a:86:56:e4:
         c0:a5:5d:06:6a:ae:8d:9d:5a:4e:77:9a:cd:a7:e1:d7:63:bd:
         57:92:dd:00:30:31:cb:0e:08:e8:2d:71:6c:51:8e:81:7c:6c:
         01:e8:c3:9d:b3:ff:71:7e:19:f8:2e:a7:4a:81:31:92:78:7b:
         ef:12:88:06:4c:35:26:de:34:94:71:f2:d5:75:2f:67:fe:ea:
         19:69:c3:f4:70:f0:65:66:8f:9d:ac:62:98:45:23:82:59:62:
         24:29:d5:10:c0:00:b2:96:a8:bc:96:6e:f9:a0:50:a4:0a:46:
         50:86:2d:de:44:0e:77:5b:4d:6b:7f:7b:6d:c2:d5:93:38:ff:
         34:fa:b2:c3:1a:54:49:5b:71:03:6e:51:e7:e1:e3:fd:48:56:
         cc:6a:5c:fe:37:db:c1:61:1a:3b:c3:31:2f:71:ae:5f:4c:f7:
         2f:1f:3c:01:31:db:c2:0b:b7:87:04:e8:26:af:60:9c:2e:44:
         30:3a:92:bc:96:1b:08:41:b6:fe:a3:7f:af:28:5f:7a:d3:dd:
         68:85:06:51:2d:0e:59:9b:19:94:9b:b6:79:12:a6:9e:f2:2f:
         4e:d2:f1:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZDukMpMVOL3aM7V6775DCh3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMjMyYWUzOGE5MjMzYWI3ZmMxYjQyOWE1MDI5MjIwYWZh
N2IyODgwHhcNMjQwNzI2MTAyMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2QyYzU4NzQ1YTQwZmZkMzkxOWQyNTZiYjQ4ZDQ2YzNiODYwN2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1k4GAKFviFxMfQLIMoQDWzDJCzZp
mpE0dx9mh2c2Lq9HD87U5E1yckyhb9KyS658JM8+DqcI24+uAc5a0hnE4Tf6MfIW
fv488Lof2avv3+4ljyV87uAsa45/73tYqxnTg36CYsrdYA0vm+jhLTmANe0nq574
1pdwj5cK/Q56njZBhofnuyIWMrcrkM1QWwCp0xQpqtHoJol0QFHOU0iAaPVenjNH
AhFa3G/Bj0MK6Z916CI1TemVlre9b8QmJFMdHB5fArBH6GjRu8xwferuVBqBO77z
WAVnjJUiukYejzkTAYiWuZcrQmSfge25iIIsdqWfJVK8Qzpq2ZZlhE2RtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAfSxYdFpA/9ORnSVrtI1Gw7hgfyMB8GA1UdIwQY
MBaAFFojKuOKkjOrf8G0KaUCkiCvp7KIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2lNcTQ0cVNNNnRfd2JRcHBRS1NJSy1uc29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS82YWVmOWUtZmU0ZC00M2U3LWExY2It
MTBhNDg1YzBiMGYyLzEvQjlMRmgwV2tEXzA1R2RKV3UwalViRHVHQl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS82YWVmOWUtZmU0ZC00M2U3LWExY2ItMTBhNDg1YzBiMGYy
LzEvV2lNcTQ0cVNNNnRfd2JRcHBRS1NJSy1uc29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUFnwAwQG
VzhAMA0GCSqGSIb3DQEBCwUAA4IBAQBb3HM9iqwusd1TZqjfx9LWbHmtrl7FXmDs
NkZ36ijWnQqGVuTApV0Gaq6NnVpOd5rNp+HXY71Xkt0AMDHLDgjoLXFsUY6BfGwB
6MOds/9xfhn4LqdKgTGSeHvvEogGTDUm3jSUcfLVdS9n/uoZacP0cPBlZo+drGKY
RSOCWWIkKdUQwACylqi8lm75oFCkCkZQhi3eRA53W01rf3ttwtWTOP80+rLDGlRJ
W3EDblHn4eP9SFbMalz+N9vBYRo7wzEvca5fTPcvHzwBMdvCC7eHBOgmr2CcLkQw
OpK8lhsIQbb+o3+vKF96091ohQZRLQ5ZmxmUm7Z5Eqae8i9O0vFj
-----END CERTIFICATE-----