Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/USeQ8HFxZR17dy-kLzswUQPIRo4.roa
File:                     USeQ8HFxZR17dy-kLzswUQPIRo4.roa (raw, json)
Hash identifier:          kj80ns0nRwYqgHq9Rj26SNhXJHlUTaYGAq4vMBQYlC8=
Subject key identifier:   51:27:90:F0:71:71:65:1D:7B:77:2F:A4:2F:3B:30:51:03:C8:46:8E
Certificate issuer:       /CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
Certificate serial:       018CC2DB3E44CCA5477959EFD9D84412D037
Authority key identifier: 59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/USeQ8HFxZR17dy-kLzswUQPIRo4.roa
Signing time:             Mon 01 Jan 2024 02:29:57 +0000
ROA not before:           Mon 01 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207582
IP address blocks:        89.107.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 06:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3e:44:cc:a5:47:79:59:ef:d9:d8:44:12:d0:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
        Validity
            Not Before: Jan  1 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=512790f07171651d7b772fa42f3b305103c8468e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b2:34:80:3f:0c:2a:8d:a2:a2:4e:77:9b:a8:
                    d8:bd:f7:35:7e:23:b9:46:33:a5:ee:30:18:8b:89:
                    ac:a5:82:37:20:59:f0:61:84:c3:46:4f:03:18:24:
                    67:b7:bd:1a:29:f1:64:53:45:fa:95:1f:d1:2d:d7:
                    97:57:95:1d:7d:14:63:f9:ba:83:94:b3:2f:1e:46:
                    11:fd:22:38:67:03:9c:1a:f3:5c:8e:3a:2c:89:65:
                    16:9d:7c:aa:11:36:e5:59:cd:54:b3:e4:a3:f0:4d:
                    8e:94:87:84:0e:2e:dd:77:66:a6:d9:bc:03:b6:e9:
                    49:b0:e6:24:cc:e7:be:e7:d6:47:47:18:62:e3:22:
                    d4:59:d9:23:7d:18:b5:17:99:c7:d6:c7:b4:3a:e8:
                    7d:b7:19:e1:12:22:91:fa:91:27:e1:25:ec:1f:c9:
                    f0:d1:96:5a:35:c3:e9:ed:50:fd:55:4d:37:1a:93:
                    85:32:ea:d2:f5:c5:47:32:b7:e3:ba:0e:fd:f3:1e:
                    2a:30:ed:8b:b5:13:7c:75:0e:bb:3a:d3:a9:21:5b:
                    d5:2e:4c:9f:a8:4a:f7:df:86:8e:f7:56:6a:21:5a:
                    df:a7:d7:29:50:66:ca:03:a9:49:b7:84:ba:bc:6b:
                    85:49:e8:2b:10:fa:67:08:18:e6:e1:aa:d5:32:d5:
                    99:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:27:90:F0:71:71:65:1D:7B:77:2F:A4:2F:3B:30:51:03:C8:46:8E
            X509v3 Authority Key Identifier:
                keyid:59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/USeQ8HFxZR17dy-kLzswUQPIRo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:a0:6f:46:b7:8a:07:b3:7d:19:27:4e:0d:17:db:40:e3:dd:
         91:d2:05:e5:48:7a:8d:df:42:ce:1e:29:f9:9b:6f:51:90:56:
         34:39:9b:ae:89:b2:5c:b5:af:c3:26:a7:13:c7:64:bc:ea:51:
         1a:37:61:da:76:07:fe:9c:8c:a6:7a:3a:96:d9:c1:73:87:7b:
         3d:c5:f7:a5:5c:73:47:9d:13:ae:35:d5:f6:51:9c:b1:b9:a8:
         ac:5e:13:4a:9f:ab:dc:af:37:bf:87:9c:af:5a:61:5d:1b:2d:
         4b:32:ad:52:50:65:33:8b:1b:1b:a7:27:1b:be:db:d0:6d:af:
         63:13:99:b9:d4:84:c0:68:86:0b:c8:39:99:ab:b4:14:06:54:
         fe:a5:ed:78:d4:4e:97:99:12:b1:cf:5e:9b:f3:25:2d:19:5e:
         bc:2d:9d:29:46:49:2b:9a:58:c8:b8:ec:42:90:f0:02:9d:1c:
         77:4f:93:54:a5:f5:5d:77:50:e0:0c:8c:d3:81:b3:2e:30:6c:
         b3:0a:a2:a6:e6:3f:65:4d:ae:80:36:ce:6a:ff:1d:dc:75:fe:
         83:2e:d4:bc:a6:e8:83:5a:cb:7d:68:51:af:ae:e6:36:aa:b1:
         1a:6d:af:19:12:d7:1a:30:eb:76:37:f8:38:40:b0:9b:c4:22:
         6f:8a:53:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2z5EzKVHeVnv2dhEEtA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MmU3YzFmMjM5NGMzZTNhYWE4Y2NiNjQ3ZmQ4MzY3MWQ2
MDk4YjcwHhcNMjQwMTAxMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTI3OTBmMDcxNzE2NTFkN2I3NzJmYTQyZjNiMzA1MTAzYzg0NjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7I0gD8MKo2iok53m6jYvfc1fiO5
RjOl7jAYi4mspYI3IFnwYYTDRk8DGCRnt70aKfFkU0X6lR/RLdeXV5UdfRRj+bqD
lLMvHkYR/SI4ZwOcGvNcjjosiWUWnXyqETblWc1Us+Sj8E2OlIeEDi7dd2am2bwD
tulJsOYkzOe+59ZHRxhi4yLUWdkjfRi1F5nH1se0Ouh9txnhEiKR+pEn4SXsH8nw
0ZZaNcPp7VD9VU03GpOFMurS9cVHMrfjug798x4qMO2LtRN8dQ67OtOpIVvVLkyf
qEr334aO91ZqIVrfp9cpUGbKA6lJt4S6vGuFSegrEPpnCBjm4arVMtWZ7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEnkPBxcWUde3cvpC87MFEDyEaOMB8GA1UdIwQY
MBaAFFkufB8jlMPjqqjMtkf9g2cdYJi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAt
NDQzYmU2M2ZjMTIzLzEvVVNlUThIRnhaUjE3ZHkta0x6c3dVUVBJUm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAtNDQzYmU2M2ZjMTIz
LzEvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWvhMA0G
CSqGSIb3DQEBCwUAA4IBAQBAoG9Gt4oHs30ZJ04NF9tA492R0gXlSHqN30LOHin5
m29RkFY0OZuuibJcta/DJqcTx2S86lEaN2Hadgf+nIymejqW2cFzh3s9xfelXHNH
nROuNdX2UZyxuaisXhNKn6vcrze/h5yvWmFdGy1LMq1SUGUzixsbpycbvtvQba9j
E5m51ITAaIYLyDmZq7QUBlT+pe141E6XmRKxz16b8yUtGV68LZ0pRkkrmljIuOxC
kPACnRx3T5NUpfVdd1DgDIzTgbMuMGyzCqKm5j9lTa6ANs5q/x3cdf6DLtS8puiD
Wst9aFGvruY2qrEaba8ZEtcaMOt2N/g4QLCbxCJvilOG
-----END CERTIFICATE-----