Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/SO7V2orpVD7rsWvKnx0FrzF2diY.roa
File:                     SO7V2orpVD7rsWvKnx0FrzF2diY.roa (raw, json)
Hash identifier:          5KZmOcIurNw3gJf1LrQDoU+EIGhABJaQPPU01h0IJrE=
Subject key identifier:   48:EE:D5:DA:8A:E9:54:3E:EB:B1:6B:CA:9F:1D:05:AF:31:76:76:26
Certificate issuer:       /CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
Certificate serial:       018CC2DB3822BB689C0B4081AC25F484A1AB
Authority key identifier: B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/SO7V2orpVD7rsWvKnx0FrzF2diY.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40964
IP address blocks:        89.107.134.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:38:22:bb:68:9c:0b:40:81:ac:25:f4:84:a1:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48eed5da8ae9543eebb16bca9f1d05af31767626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:63:43:98:01:cb:a0:6e:d3:59:11:f8:5c:3a:
                    07:1e:cc:ae:cd:8f:5c:94:06:08:26:7f:95:3e:47:
                    ac:37:b9:0f:ea:ec:f9:30:00:86:c9:44:cc:c2:cc:
                    d2:72:12:ec:fe:75:9f:ae:52:78:e2:bb:8a:b2:4e:
                    e2:17:fb:b0:ac:33:24:38:fb:5d:15:d6:d2:ea:64:
                    1f:ee:04:0d:2a:f7:c4:4b:d2:6f:41:cb:40:4d:89:
                    13:24:48:77:e2:30:83:0c:42:cb:2a:02:73:dd:54:
                    2e:0f:d6:ac:9c:93:30:a5:d0:30:40:67:09:2d:85:
                    06:25:e2:3d:ea:fa:83:f1:54:90:07:02:75:0e:a4:
                    a5:21:a2:fd:3d:6f:19:d5:b9:08:78:87:8d:cd:70:
                    9b:d5:6f:3a:d8:23:a9:2c:c5:80:62:dc:66:e8:84:
                    a4:22:bf:7f:64:1e:8e:1d:cd:5c:de:db:69:f5:20:
                    57:6d:a4:1b:2c:25:12:52:91:13:0c:a2:69:f5:10:
                    e0:fc:0c:02:2e:f3:c2:37:1e:54:1f:d1:75:f6:31:
                    07:f7:e2:18:d9:a5:8c:67:c1:ca:a6:1d:8e:86:2e:
                    21:c5:ee:7c:ea:c9:2e:f9:9f:aa:53:66:3e:67:77:
                    2a:56:c1:cc:b5:84:d9:4c:d4:fc:0e:4f:fb:12:48:
                    42:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:EE:D5:DA:8A:E9:54:3E:EB:B1:6B:CA:9F:1D:05:AF:31:76:76:26
            X509v3 Authority Key Identifier:
                keyid:B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/SO7V2orpVD7rsWvKnx0FrzF2diY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:1e:57:af:6e:0a:28:a7:1e:16:79:04:77:68:6c:8b:86:4c:
         4a:9f:50:3c:80:09:fe:6b:8f:d9:d9:39:82:ec:3d:29:9d:15:
         dd:36:57:e3:02:1b:c5:21:d5:7d:c3:79:32:ea:48:d2:19:51:
         64:3e:8c:ff:bb:66:63:4c:db:c0:31:3e:07:12:8d:d3:93:09:
         17:31:4d:2b:ec:21:42:3c:1b:cc:47:1b:8d:bf:df:25:74:77:
         92:23:b5:ef:6f:9f:74:98:7e:52:de:c2:04:26:06:e1:29:44:
         c1:a4:df:92:45:2e:49:53:50:16:51:6a:cb:0d:ce:e6:12:32:
         04:66:91:cf:94:f7:25:b1:f5:0e:09:9f:53:50:03:61:23:78:
         a0:40:8b:88:aa:59:06:1a:27:b8:df:9a:6e:65:f7:e8:71:f9:
         70:77:e0:24:d5:a7:27:39:fc:da:0e:66:a7:8b:30:b6:a3:b9:
         74:02:d7:de:01:ee:21:71:a0:6e:47:be:ff:66:f0:e8:5b:81:
         04:b6:a9:a9:a2:a4:42:28:fc:8c:38:27:4d:50:fc:51:d6:c2:
         46:aa:5f:50:ac:8c:94:e4:0e:b0:93:bb:1d:e9:1e:ca:80:ba:
         8d:ce:ce:02:96:34:6f:fd:e8:e9:2b:0c:a8:99:70:78:15:ef:
         67:c4:26:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zgiu2icC0CBrCX0hKGrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZGQzNWNjZmY2YzJiODZhMWZhZDhmMTAzYmMyMDA3MGQw
OWU1MGQwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGVlZDVkYThhZTk1NDNlZWJiMTZiY2E5ZjFkMDVhZjMxNzY3NjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2NDmAHLoG7TWRH4XDoHHsyuzY9c
lAYIJn+VPkesN7kP6uz5MACGyUTMwszSchLs/nWfrlJ44ruKsk7iF/uwrDMkOPtd
FdbS6mQf7gQNKvfES9JvQctATYkTJEh34jCDDELLKgJz3VQuD9asnJMwpdAwQGcJ
LYUGJeI96vqD8VSQBwJ1DqSlIaL9PW8Z1bkIeIeNzXCb1W862COpLMWAYtxm6ISk
Ir9/ZB6OHc1c3ttp9SBXbaQbLCUSUpETDKJp9RDg/AwCLvPCNx5UH9F19jEH9+IY
2aWMZ8HKph2Ohi4hxe586sku+Z+qU2Y+Z3cqVsHMtYTZTNT8Dk/7EkhCUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEju1dqK6VQ+67Fryp8dBa8xdnYmMB8GA1UdIwQY
MBaAFLPdNcz/bCuGofrY8QO8IAcNCeUNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczkwMXpQOXNLNGFoLXRqeEE3d2dCdzBKNVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80NGQ0YTMtN2E4NC00NDk5LThiNzEt
MmIxMDUwNTFiYTU5LzEvU083VjJvcnBWRDdyc1d2S254MEZyekYyZGlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80NGQ0YTMtN2E4NC00NDk5LThiNzEtMmIxMDUwNTFiYTU5
LzEvczkwMXpQOXNLNGFoLXRqeEE3d2dCdzBKNVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWWuGMA0G
CSqGSIb3DQEBCwUAA4IBAQB1Hlevbgoopx4WeQR3aGyLhkxKn1A8gAn+a4/Z2TmC
7D0pnRXdNlfjAhvFIdV9w3ky6kjSGVFkPoz/u2ZjTNvAMT4HEo3TkwkXMU0r7CFC
PBvMRxuNv98ldHeSI7Xvb590mH5S3sIEJgbhKUTBpN+SRS5JU1AWUWrLDc7mEjIE
ZpHPlPclsfUOCZ9TUANhI3igQIuIqlkGGie435puZffocflwd+Ak1acnOfzaDman
izC2o7l0AtfeAe4hcaBuR77/ZvDoW4EEtqmpoqRCKPyMOCdNUPxR1sJGql9QrIyU
5A6wk7sd6R7KgLqNzs4CljRv/ejpKwyomXB4Fe9nxCY9
-----END CERTIFICATE-----