Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/aaCqyAkKVzdkDcETi5ljxwy-6YI.roa
File:                     aaCqyAkKVzdkDcETi5ljxwy-6YI.roa (raw, json)
Hash identifier:          tUy2HvJCsB49+PL6arlFvb1oqct3O9Q99Fj1bIFAejo=
Subject key identifier:   69:A0:AA:C8:09:0A:57:37:64:0D:C1:13:8B:99:63:C7:0C:BE:E9:82
Certificate issuer:       /CN=f82554a856a422b061ae64c577630f91d408cd4a
Certificate serial:       018CC94D47398A3DD5B46FA21BFFC78B6395
Authority key identifier: F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/aaCqyAkKVzdkDcETi5ljxwy-6YI.roa
Signing time:             Tue 02 Jan 2024 08:32:13 +0000
ROA not before:           Tue 02 Jan 2024 08:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206059
IP address blocks:        89.234.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:47:39:8a:3d:d5:b4:6f:a2:1b:ff:c7:8b:63:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f82554a856a422b061ae64c577630f91d408cd4a
        Validity
            Not Before: Jan  2 08:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69a0aac8090a5737640dc1138b9963c70cbee982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:60:3d:06:83:b1:65:57:00:9a:7b:93:32:76:
                    3c:fd:86:c3:f2:84:4f:d9:f7:5f:56:f0:38:e7:51:
                    d1:f8:3d:7e:cd:2d:f7:11:b3:82:f5:b0:99:03:a2:
                    ae:ed:da:da:86:62:94:87:d4:17:0b:2e:2a:bc:7d:
                    29:62:3e:14:69:45:4b:b2:c6:65:43:19:c2:d7:d8:
                    4c:22:cd:c7:39:1e:62:ea:d8:14:47:1f:ca:64:66:
                    20:6a:f3:23:4c:a6:e3:19:78:dc:5a:27:1c:6b:54:
                    d5:97:01:3d:37:e2:d3:33:ea:78:30:75:8f:a8:fd:
                    87:14:40:53:33:b6:dd:79:24:59:34:54:82:08:df:
                    0d:d0:b3:4d:73:60:9d:f0:9d:8e:7d:9d:25:d2:52:
                    f1:9f:46:11:d7:a2:7b:9e:11:69:4a:2f:b2:6b:88:
                    6f:7b:63:2c:e5:c7:82:74:c6:e6:da:f1:ef:ed:18:
                    04:f8:92:d9:e5:34:7b:00:79:cd:cf:04:d2:e4:2e:
                    a3:47:cc:d0:a5:32:cd:30:d8:67:f1:60:3b:49:36:
                    7a:8d:21:b8:09:17:e0:99:5e:c1:22:6f:db:24:44:
                    4a:0b:95:07:9a:53:07:76:cd:ec:fe:14:65:bc:3f:
                    dd:9d:e7:4b:ad:61:77:d0:45:31:3a:f2:bb:6a:4c:
                    7d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:A0:AA:C8:09:0A:57:37:64:0D:C1:13:8B:99:63:C7:0C:BE:E9:82
            X509v3 Authority Key Identifier:
                keyid:F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/aaCqyAkKVzdkDcETi5ljxwy-6YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.234.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:85:d8:a9:9b:d7:78:fc:b4:ae:7e:14:44:38:c4:5c:73:84:
         76:fa:8a:0c:ea:4a:5f:a1:98:dd:de:3b:0f:e7:77:39:64:d7:
         bf:60:f4:a8:f2:75:d4:04:70:ec:26:43:b0:84:01:27:1b:ad:
         85:9b:fd:51:c6:96:5c:35:a9:f1:34:25:1d:27:62:04:e3:02:
         f7:d9:2d:52:40:46:c3:1b:5c:e9:54:f4:7d:96:82:09:bc:dd:
         be:aa:99:af:2a:58:89:e3:9a:c7:cc:8c:8d:6d:65:42:d6:e4:
         6d:74:35:1d:87:37:49:96:e3:97:b0:3c:03:0c:6c:bb:80:ee:
         b5:43:f1:01:70:82:09:b3:0f:c1:5a:0b:24:28:7c:d9:a3:74:
         74:6c:44:03:65:81:ed:30:67:c5:43:ae:4b:e8:3f:9a:e8:52:
         6e:af:30:67:fc:1c:4b:58:13:62:0c:51:0f:fc:bc:1e:d5:f9:
         17:58:b0:57:62:86:89:2b:01:da:90:1f:4f:78:78:b7:e6:60:
         ae:38:5e:09:bf:a0:9d:62:3c:ba:24:e3:fb:1a:a5:5b:1a:c2:
         ee:55:a0:de:f0:07:b9:cb:30:d7:05:a4:3c:20:42:27:cc:08:
         07:17:6e:b4:f6:b5:b8:fb:e5:c9:4c:a2:ee:74:89:8c:72:fb:
         d0:8e:73:89
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTUc5ij3VtG+iG//Hi2OVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MjU1NGE4NTZhNDIyYjA2MWFlNjRjNTc3NjMwZjkxZDQw
OGNkNGEwHhcNMjQwMTAyMDgzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWEwYWFjODA5MGE1NzM3NjQwZGMxMTM4Yjk5NjNjNzBjYmVlOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2A9BoOxZVcAmnuTMnY8/YbD8oRP
2fdfVvA451HR+D1+zS33EbOC9bCZA6Ku7drahmKUh9QXCy4qvH0pYj4UaUVLssZl
QxnC19hMIs3HOR5i6tgURx/KZGYgavMjTKbjGXjcWicca1TVlwE9N+LTM+p4MHWP
qP2HFEBTM7bdeSRZNFSCCN8N0LNNc2Cd8J2OfZ0l0lLxn0YR16J7nhFpSi+ya4hv
e2Ms5ceCdMbm2vHv7RgE+JLZ5TR7AHnNzwTS5C6jR8zQpTLNMNhn8WA7STZ6jSG4
CRfgmV7BIm/bJERKC5UHmlMHds3s/hRlvD/dnedLrWF30EUxOvK7akx9nwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGmgqsgJClc3ZA3BE4uZY8cMvumCMB8GA1UdIwQY
MBaAFPglVKhWpCKwYa5kxXdjD5HUCM1KMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1DVlVxRmFrSXJCaHJtVEZkMk1Qa2RRSXpVby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNm
LTk2NWQ2ZDYwM2JmYS8xL2FhQ3F5QWtLVnpka0RjRVRpNWxqeHd5LTZZSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNmLTk2NWQ2ZDYwM2Jm
YS8xLzEtQ1ZVcUZha0lyQmhybVRGZDJNUGtkUUl6VW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZ6rww
DQYJKoZIhvcNAQELBQADggEBAMeF2Kmb13j8tK5+FEQ4xFxzhHb6igzqSl+hmN3e
Ow/ndzlk179g9KjyddQEcOwmQ7CEAScbrYWb/VHGllw1qfE0JR0nYgTjAvfZLVJA
RsMbXOlU9H2Wggm83b6qma8qWInjmsfMjI1tZULW5G10NR2HN0mW45ewPAMMbLuA
7rVD8QFwggmzD8FaCyQofNmjdHRsRANlge0wZ8VDrkvoP5roUm6vMGf8HEtYE2IM
UQ/8vB7V+RdYsFdihokrAdqQH094eLfmYK44Xgm/oJ1iPLok4/sapVsawu5VoN7w
B7nLMNcFpDwgQifMCAcXbrT2tbj75clMou50iYxy+9COc4k=
-----END CERTIFICATE-----