Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/4fc787-e681-4e16-b1ec-a1c5d7eb4bd7/1/8jyhVpRkiAg4mcTdDFSiJ3G69Dc.roa
File:                     8jyhVpRkiAg4mcTdDFSiJ3G69Dc.roa (raw, json)
Hash identifier:          OTA8k0Suas98ivPMXdnmHRFTE89fXq8MxkyZe7Nt5Ys=
Subject key identifier:   F2:3C:A1:56:94:64:88:08:38:99:C4:DD:0C:54:A2:27:71:BA:F4:37
Certificate issuer:       /CN=f7e679e58e4b8bf63e95002b54be471d634b9506
Certificate serial:       018D5484663222A6B82C5848EBE6866B47A7
Authority key identifier: F7:E6:79:E5:8E:4B:8B:F6:3E:95:00:2B:54:BE:47:1D:63:4B:95:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9-Z55Y5Li_Y-lQArVL5HHWNLlQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/4fc787-e681-4e16-b1ec-a1c5d7eb4bd7/1/8jyhVpRkiAg4mcTdDFSiJ3G69Dc.roa
Signing time:             Mon 29 Jan 2024 09:19:39 +0000
ROA not before:           Mon 29 Jan 2024 09:19:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        152.89.68.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/4fc787-e681-4e16-b1ec-a1c5d7eb4bd7/1/9-Z55Y5Li_Y-lQArVL5HHWNLlQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/4fc787-e681-4e16-b1ec-a1c5d7eb4bd7/1/9-Z55Y5Li_Y-lQArVL5HHWNLlQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9-Z55Y5Li_Y-lQArVL5HHWNLlQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:54:84:66:32:22:a6:b8:2c:58:48:eb:e6:86:6b:47:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7e679e58e4b8bf63e95002b54be471d634b9506
        Validity
            Not Before: Jan 29 09:19:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f23ca156946488083899c4dd0c54a22771baf437
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:28:91:f9:44:f8:43:6d:2d:5e:7f:42:5e:42:
                    af:eb:4a:c5:8e:4d:88:78:d2:e5:67:d2:b0:62:af:
                    12:91:72:2d:8e:86:ba:bb:43:04:a5:46:f4:cd:90:
                    59:08:a7:8e:b3:91:38:20:0e:eb:e7:77:ec:64:a1:
                    a6:d3:c4:c7:79:a8:55:34:db:55:06:86:77:0e:63:
                    88:63:a6:46:42:0a:fd:97:76:a0:d0:81:2e:35:fe:
                    71:64:79:5a:93:6e:cc:27:5d:72:e3:55:0c:69:1e:
                    f9:9a:34:76:3d:4d:1e:c9:c4:5d:0c:0c:24:97:d9:
                    02:66:95:4f:12:c2:7d:31:65:34:67:c5:0c:c8:2e:
                    32:89:e8:d8:e5:78:98:d7:98:ca:d8:0d:0f:e4:88:
                    c4:ce:36:00:4f:54:56:a4:7c:89:56:c4:e9:5c:54:
                    13:00:11:b9:c6:c0:fb:a0:91:ac:0f:8b:d2:5d:2d:
                    d7:0b:b3:8d:20:45:b9:bf:7b:94:d4:f9:3b:5d:5b:
                    aa:0b:89:ae:36:79:6c:a6:8a:61:36:dc:31:3b:b7:
                    20:5c:99:96:ea:60:d5:0c:b8:5f:16:1a:14:38:af:
                    a4:ae:5f:2f:d8:bb:a5:49:c0:73:10:e2:96:9b:0f:
                    8e:ac:cb:0c:7e:c3:a9:47:90:89:b5:66:f7:b2:55:
                    04:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:3C:A1:56:94:64:88:08:38:99:C4:DD:0C:54:A2:27:71:BA:F4:37
            X509v3 Authority Key Identifier:
                keyid:F7:E6:79:E5:8E:4B:8B:F6:3E:95:00:2B:54:BE:47:1D:63:4B:95:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9-Z55Y5Li_Y-lQArVL5HHWNLlQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/4fc787-e681-4e16-b1ec-a1c5d7eb4bd7/1/8jyhVpRkiAg4mcTdDFSiJ3G69Dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/4fc787-e681-4e16-b1ec-a1c5d7eb4bd7/1/9-Z55Y5Li_Y-lQArVL5HHWNLlQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:a5:ae:10:8c:9a:60:6d:22:7e:b5:25:81:ad:6e:4b:3b:76:
         6b:63:78:21:f4:30:b3:05:7f:98:d4:34:2e:8b:2c:38:5b:9f:
         21:75:99:df:9c:20:6b:e1:1b:72:c3:22:d2:97:10:db:cd:19:
         ee:fe:70:77:d3:72:95:d2:3b:3f:4b:14:6c:f7:81:25:93:9b:
         11:97:a9:53:31:5a:f0:91:fa:e6:6c:2c:7c:ef:fd:aa:9f:6f:
         12:cf:68:91:f4:f1:f4:75:2a:67:e9:23:88:a0:e1:2c:21:2c:
         d1:8d:ac:60:82:c8:04:aa:a9:24:71:d7:0a:a2:ff:a1:f8:25:
         51:89:ec:37:53:1d:9f:c8:e8:5a:8c:c1:05:ff:2a:31:c7:95:
         e8:24:e6:48:54:13:54:09:f8:29:13:44:4c:e7:52:e9:1e:3e:
         4c:9c:33:f3:aa:90:c9:01:14:2d:e9:64:d0:76:e0:44:83:34:
         f2:ee:00:a8:7d:6e:30:35:8a:46:d5:8c:03:89:bf:06:7a:5f:
         a2:bb:b4:e2:44:34:1e:d5:df:7c:99:3f:4d:3b:e0:23:f4:cf:
         d8:d7:f5:4a:cb:66:83:14:de:d6:f6:b7:e7:ec:e5:c3:72:23:
         5e:0c:48:20:c3:55:62:e7:03:3c:ac:a7:5b:88:f4:ff:dc:31:
         ff:45:50:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1UhGYyIqa4LFhI6+aGa0enMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ZTY3OWU1OGU0YjhiZjYzZTk1MDAyYjU0YmU0NzFkNjM0
Yjk1MDYwHhcNMjQwMTI5MDkxOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjNjYTE1Njk0NjQ4ODA4Mzg5OWM0ZGQwYzU0YTIyNzcxYmFmNDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyiR+UT4Q20tXn9CXkKv60rFjk2I
eNLlZ9KwYq8SkXItjoa6u0MEpUb0zZBZCKeOs5E4IA7r53fsZKGm08THeahVNNtV
BoZ3DmOIY6ZGQgr9l3ag0IEuNf5xZHlak27MJ11y41UMaR75mjR2PU0eycRdDAwk
l9kCZpVPEsJ9MWU0Z8UMyC4yiejY5XiY15jK2A0P5IjEzjYAT1RWpHyJVsTpXFQT
ABG5xsD7oJGsD4vSXS3XC7ONIEW5v3uU1Pk7XVuqC4muNnlspophNtwxO7cgXJmW
6mDVDLhfFhoUOK+krl8v2LulScBzEOKWmw+OrMsMfsOpR5CJtWb3slUEpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPI8oVaUZIgIOJnE3QxUoidxuvQ3MB8GA1UdIwQY
MBaAFPfmeeWOS4v2PpUAK1S+Rx1jS5UGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOS1aNTVZNUxpX1ktbFFBclZMNUhIV05MbFFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC80ZmM3ODctZTY4MS00ZTE2LWIxZWMt
YTFjNWQ3ZWI0YmQ3LzEvOGp5aFZwUmtpQWc0bWNUZERGU2lKM0c2OURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC80ZmM3ODctZTY4MS00ZTE2LWIxZWMtYTFjNWQ3ZWI0YmQ3
LzEvOS1aNTVZNUxpX1ktbFFBclZMNUhIV05MbFFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmFlEMA0G
CSqGSIb3DQEBCwUAA4IBAQAwpa4QjJpgbSJ+tSWBrW5LO3ZrY3gh9DCzBX+Y1DQu
iyw4W58hdZnfnCBr4RtywyLSlxDbzRnu/nB303KV0js/SxRs94Elk5sRl6lTMVrw
kfrmbCx87/2qn28Sz2iR9PH0dSpn6SOIoOEsISzRjaxggsgEqqkkcdcKov+h+CVR
iew3Ux2fyOhajMEF/yoxx5XoJOZIVBNUCfgpE0RM51LpHj5MnDPzqpDJARQt6WTQ
duBEgzTy7gCofW4wNYpG1YwDib8Gel+iu7TiRDQe1d98mT9NO+Aj9M/Y1/VKy2aD
FN7W9rfn7OXDciNeDEggw1Vi5wM8rKdbiPT/3DH/RVD6
-----END CERTIFICATE-----