Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/dZcsT0svbgY13rE8CMb1oZv0svQ.roa
File:                     dZcsT0svbgY13rE8CMb1oZv0svQ.roa (raw, json)
Hash identifier:          uPtLlF5qhNYJja2cvH7zbB+p2UjoK8FHZZofbQuM4QA=
Subject key identifier:   75:97:2C:4F:4B:2F:6E:06:35:DE:B1:3C:08:C6:F5:A1:9B:F4:B2:F4
Certificate issuer:       /CN=59c3cc99899373c85974f01c9cd7aa057ab97fab
Certificate serial:       018CCA2B42FE2B95D3A6F36D9ADF2D85F121
Authority key identifier: 59:C3:CC:99:89:93:73:C8:59:74:F0:1C:9C:D7:AA:05:7A:B9:7F:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WcPMmYmTc8hZdPAcnNeqBXq5f6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/dZcsT0svbgY13rE8CMb1oZv0svQ.roa
Signing time:             Tue 02 Jan 2024 12:34:41 +0000
ROA not before:           Tue 02 Jan 2024 12:34:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57844
IP address blocks:        89.207.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/WcPMmYmTc8hZdPAcnNeqBXq5f6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/WcPMmYmTc8hZdPAcnNeqBXq5f6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WcPMmYmTc8hZdPAcnNeqBXq5f6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:42:fe:2b:95:d3:a6:f3:6d:9a:df:2d:85:f1:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59c3cc99899373c85974f01c9cd7aa057ab97fab
        Validity
            Not Before: Jan  2 12:34:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75972c4f4b2f6e0635deb13c08c6f5a19bf4b2f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f5:1e:62:ae:f9:a4:42:c5:f2:2e:9d:a2:6a:
                    87:d5:60:1d:c7:21:29:13:a3:26:76:02:55:e9:3c:
                    76:63:10:a5:8d:7a:23:51:a3:23:a1:80:90:6d:31:
                    fa:78:f1:af:7e:0b:3a:7d:e7:05:74:52:e4:57:c2:
                    f7:14:4b:41:e9:6c:05:ee:77:b6:a6:a7:d7:95:cd:
                    0e:ec:30:d7:13:00:a3:fa:44:db:c6:8a:3a:09:d0:
                    23:39:51:eb:a3:3a:e5:d4:27:37:a5:1f:02:cb:8d:
                    f8:d0:b6:b5:8c:39:e8:18:d3:82:dd:5a:3a:2c:f1:
                    63:26:74:8e:7d:93:82:12:e0:44:ad:c4:57:e5:77:
                    69:28:ab:92:11:c3:48:b5:e8:1c:3d:9e:41:07:9d:
                    e7:dd:c6:bf:4b:93:e7:46:f4:c6:f8:24:c2:f9:fa:
                    24:79:67:a3:fe:29:86:90:dd:14:1d:e7:38:68:4d:
                    b0:d6:2c:0f:f8:d6:6f:67:5b:3c:4d:be:8a:ea:79:
                    98:92:d3:d6:18:09:13:f0:c2:5a:e9:f6:87:fe:d0:
                    04:7c:b7:59:0f:71:31:c4:f2:6d:2f:d7:01:59:3a:
                    d6:00:20:17:74:fc:74:c9:77:4d:07:fa:d1:f4:1a:
                    d9:8c:00:ab:26:63:e5:05:e8:55:f2:52:da:78:ef:
                    3f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:97:2C:4F:4B:2F:6E:06:35:DE:B1:3C:08:C6:F5:A1:9B:F4:B2:F4
            X509v3 Authority Key Identifier:
                keyid:59:C3:CC:99:89:93:73:C8:59:74:F0:1C:9C:D7:AA:05:7A:B9:7F:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WcPMmYmTc8hZdPAcnNeqBXq5f6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/dZcsT0svbgY13rE8CMb1oZv0svQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/WcPMmYmTc8hZdPAcnNeqBXq5f6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:36:54:f9:e5:d5:86:a9:c6:3b:f7:e3:87:bb:ce:51:f8:45:
         cb:8e:04:80:b1:9e:f3:6f:1d:83:69:df:d5:69:5e:ea:9b:9b:
         b3:51:83:8b:20:4c:1c:a8:7c:d8:35:9a:8a:fc:87:8b:e9:09:
         9d:c4:64:55:0e:ff:59:91:d4:9f:97:ea:f0:d6:d7:dd:fd:3f:
         14:9e:2a:ac:ac:79:99:09:93:a7:f3:39:01:d0:49:72:17:0b:
         b4:c2:b4:82:a1:d1:52:e0:c2:6b:44:c4:dd:24:4b:ae:59:a8:
         34:43:69:3e:d7:7d:37:ec:0e:cb:34:f3:a4:6b:be:7b:44:46:
         67:91:2a:69:0a:dd:f5:98:cd:96:a7:7c:22:52:ca:d5:14:41:
         f8:2c:74:ae:bd:ef:0f:ab:24:23:ec:83:a0:8e:74:09:4f:60:
         32:f7:ae:71:df:c1:b0:a1:a3:2d:fb:51:91:ee:cf:5f:84:61:
         4c:48:5f:dd:de:fd:13:48:e7:e4:ab:39:3f:22:79:20:c8:0c:
         47:f6:e8:89:95:a9:03:f7:22:15:5f:eb:09:5f:37:c3:2d:93:
         b5:c0:75:67:ec:bc:16:ff:67:ff:98:57:3b:70:35:59:b5:7d:
         d1:3d:80:e1:8d:d1:4a:42:48:aa:ef:d2:a8:0f:95:ee:5b:f4:
         8a:b7:f0:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK0L+K5XTpvNtmt8thfEhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YzNjYzk5ODk5MzczYzg1OTc0ZjAxYzljZDdhYTA1N2Fi
OTdmYWIwHhcNMjQwMTAyMTIzNDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTk3MmM0ZjRiMmY2ZTA2MzVkZWIxM2MwOGM2ZjVhMTliZjRiMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfUeYq75pELF8i6domqH1WAdxyEp
E6MmdgJV6Tx2YxCljXojUaMjoYCQbTH6ePGvfgs6fecFdFLkV8L3FEtB6WwF7ne2
pqfXlc0O7DDXEwCj+kTbxoo6CdAjOVHrozrl1Cc3pR8Cy4340La1jDnoGNOC3Vo6
LPFjJnSOfZOCEuBErcRX5XdpKKuSEcNItegcPZ5BB53n3ca/S5PnRvTG+CTC+fok
eWej/imGkN0UHec4aE2w1iwP+NZvZ1s8Tb6K6nmYktPWGAkT8MJa6faH/tAEfLdZ
D3ExxPJtL9cBWTrWACAXdPx0yXdNB/rR9BrZjACrJmPlBehV8lLaeO8/2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWXLE9LL24GNd6xPAjG9aGb9LL0MB8GA1UdIwQY
MBaAFFnDzJmJk3PIWXTwHJzXqgV6uX+rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2NQTW1ZbVRjOGhaZFBBY25OZXFCWHE1ZjZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny85NWYwNTEtNWUxZC00ZDM2LWE1OTMt
MWE1ZWI1MDg4NWFlLzEvZFpjc1Qwc3ZiZ1kxM3JFOENNYjFvWnYwc3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny85NWYwNTEtNWUxZC00ZDM2LWE1OTMtMWE1ZWI1MDg4NWFl
LzEvV2NQTW1ZbVRjOGhaZFBBY25OZXFCWHE1ZjZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWc8oMA0G
CSqGSIb3DQEBCwUAA4IBAQAQNlT55dWGqcY79+OHu85R+EXLjgSAsZ7zbx2Dad/V
aV7qm5uzUYOLIEwcqHzYNZqK/IeL6QmdxGRVDv9ZkdSfl+rw1tfd/T8UniqsrHmZ
CZOn8zkB0ElyFwu0wrSCodFS4MJrRMTdJEuuWag0Q2k+13037A7LNPOka757REZn
kSppCt31mM2Wp3wiUsrVFEH4LHSuve8PqyQj7IOgjnQJT2Ay965x38GwoaMt+1GR
7s9fhGFMSF/d3v0TSOfkqzk/InkgyAxH9uiJlakD9yIVX+sJXzfDLZO1wHVn7LwW
/2f/mFc7cDVZtX3RPYDhjdFKQkiq79KoD5XuW/SKt/AI
-----END CERTIFICATE-----