Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/FHlZ21dJhHnXpZLFnWr-BqfX0Yg.roa
File:                     FHlZ21dJhHnXpZLFnWr-BqfX0Yg.roa (raw, json)
Hash identifier:          O2myHbw02xo4/2AN3ucbSxuBjpsKswd+BQ8oXTdUr5k=
Subject key identifier:   14:79:59:DB:57:49:84:79:D7:A5:92:C5:9D:6A:FE:06:A7:D7:D1:88
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DB663DF1025AAFF50643C3B124602
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/FHlZ21dJhHnXpZLFnWr-BqfX0Yg.roa
Signing time:             Tue 02 Jan 2024 08:32:42 +0000
ROA not before:           Tue 02 Jan 2024 08:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206430
IP address blocks:        89.45.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:b6:63:df:10:25:aa:ff:50:64:3c:3b:12:46:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=147959db57498479d7a592c59d6afe06a7d7d188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:82:49:22:ce:04:71:a8:98:7f:b2:b6:8f:3b:
                    1c:e6:85:e6:3f:ab:8b:78:c3:f6:59:49:45:f3:54:
                    a3:0c:01:29:25:48:2f:94:e8:35:38:a8:95:ec:0b:
                    fa:0d:73:aa:b5:1f:db:32:25:da:7d:4c:cc:97:97:
                    5d:a4:c0:3a:d6:46:3a:06:34:d3:11:ef:17:f6:cf:
                    ea:cf:a1:3e:10:42:5c:f4:76:6f:7b:12:09:58:ce:
                    34:c6:3c:89:60:38:45:b1:39:bf:f2:9a:5a:97:48:
                    c9:f6:77:26:a7:26:db:76:64:d4:66:54:2c:74:e8:
                    d9:30:c6:22:83:58:a2:c9:81:5c:ae:89:00:d7:64:
                    ce:e8:c4:55:0b:e0:a2:ca:84:c2:c7:65:4e:1f:9e:
                    3c:79:8a:d6:bc:77:ab:d9:a8:fa:b1:fe:22:99:b8:
                    25:eb:1d:8e:77:e9:c1:2a:ec:2d:95:65:b0:53:37:
                    bc:18:71:4e:cf:08:9a:bc:41:41:79:11:fc:98:08:
                    b4:ce:d0:71:db:13:80:3e:3d:76:fd:99:61:14:4f:
                    59:68:b1:5f:5f:7a:b7:38:10:63:34:a4:1f:4a:9e:
                    22:82:80:c2:cc:bf:94:af:a0:25:de:a5:80:f2:86:
                    90:41:28:55:6e:d8:71:c4:10:b6:f4:f4:5b:43:c6:
                    5c:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:79:59:DB:57:49:84:79:D7:A5:92:C5:9D:6A:FE:06:A7:D7:D1:88
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/FHlZ21dJhHnXpZLFnWr-BqfX0Yg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:3f:c0:3c:14:da:23:65:0c:c7:bd:5d:ea:11:00:f0:ee:d4:
         86:f0:f5:2a:f9:82:8b:ad:6a:24:80:e3:36:95:5e:6b:a7:80:
         de:fc:b3:8e:f3:eb:d3:4d:62:a2:38:ea:1f:68:f3:15:9b:a8:
         9f:f7:db:c8:b4:99:42:de:cd:2e:49:08:dc:ea:90:14:43:25:
         d0:3b:94:bf:ec:6e:a3:6f:10:9d:64:10:fd:80:33:bc:d6:74:
         99:dd:d8:e0:5b:ce:83:e7:fe:00:7c:30:fc:48:b4:71:e3:5e:
         5a:35:21:74:b5:9f:ae:4d:85:f1:ba:44:49:e8:7e:07:76:02:
         9f:8c:dd:4e:ec:d1:32:e9:ba:07:94:01:a6:9f:95:2c:2b:0b:
         90:0b:1e:ed:f5:44:83:8c:28:97:00:97:ad:10:29:dd:dd:3d:
         64:37:28:cd:ae:7b:b4:9b:c4:23:2b:3a:51:1e:b1:2d:2d:89:
         38:b1:67:4a:49:bc:c0:93:7e:10:03:14:e3:4d:74:cb:23:8b:
         ea:ad:ff:88:50:58:de:ba:81:1a:68:39:53:c1:96:2c:9c:3f:
         3c:a0:e0:23:16:34:42:62:86:0f:ee:03:1e:67:7e:ee:cc:c4:
         52:b4:24:2c:bc:2c:08:53:13:e1:3d:98:f2:ee:a3:c7:70:c4:
         1e:60:0c:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTbZj3xAlqv9QZDw7EkYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDc5NTlkYjU3NDk4NDc5ZDdhNTkyYzU5ZDZhZmUwNmE3ZDdkMTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIJJIs4EcaiYf7K2jzsc5oXmP6uL
eMP2WUlF81SjDAEpJUgvlOg1OKiV7Av6DXOqtR/bMiXafUzMl5ddpMA61kY6BjTT
Ee8X9s/qz6E+EEJc9HZvexIJWM40xjyJYDhFsTm/8ppal0jJ9ncmpybbdmTUZlQs
dOjZMMYig1iiyYFcrokA12TO6MRVC+CiyoTCx2VOH548eYrWvHer2aj6sf4imbgl
6x2Od+nBKuwtlWWwUze8GHFOzwiavEFBeRH8mAi0ztBx2xOAPj12/ZlhFE9ZaLFf
X3q3OBBjNKQfSp4igoDCzL+Ur6Al3qWA8oaQQShVbthxxBC29PRbQ8Zc4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBR5WdtXSYR516WSxZ1q/gan19GIMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvRkhsWjIxZEpoSG5YcFpMRm5Xci1CcWZYMFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS30MA0G
CSqGSIb3DQEBCwUAA4IBAQB6P8A8FNojZQzHvV3qEQDw7tSG8PUq+YKLrWokgOM2
lV5rp4De/LOO8+vTTWKiOOofaPMVm6if99vItJlC3s0uSQjc6pAUQyXQO5S/7G6j
bxCdZBD9gDO81nSZ3djgW86D5/4AfDD8SLRx415aNSF0tZ+uTYXxukRJ6H4HdgKf
jN1O7NEy6boHlAGmn5UsKwuQCx7t9USDjCiXAJetECnd3T1kNyjNrnu0m8QjKzpR
HrEtLYk4sWdKSbzAk34QAxTjTXTLI4vqrf+IUFjeuoEaaDlTwZYsnD88oOAjFjRC
YoYP7gMeZ37uzMRStCQsvCwIUxPhPZjy7qPHcMQeYAzr
-----END CERTIFICATE-----