Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/nJ3lWni2w_2VnPkrjzhMMENnXrM.roa
File:                     nJ3lWni2w_2VnPkrjzhMMENnXrM.roa (raw, json)
Hash identifier:          ZxTWcMYV2iSFJU/GhTDNHuLFuI25yV/8CihaT5fruf0=
Subject key identifier:   9C:9D:E5:5A:78:B6:C3:FD:95:9C:F9:2B:8F:38:4C:30:43:67:5E:B3
Certificate issuer:       /CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
Certificate serial:       01905F0CE3856D35DC148203B9AC7688BE1E
Authority key identifier: DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/nJ3lWni2w_2VnPkrjzhMMENnXrM.roa
Signing time:             Fri 28 Jun 2024 13:33:18 +0000
ROA not before:           Fri 28 Jun 2024 13:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43009
IP address blocks:        89.164.98.0/24 maxlen: 24
                          2001:1af0:9020::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5f:0c:e3:85:6d:35:dc:14:82:03:b9:ac:76:88:be:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
        Validity
            Not Before: Jun 28 13:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c9de55a78b6c3fd959cf92b8f384c3043675eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:70:4e:18:21:92:02:59:63:6a:38:05:f8:97:
                    40:af:70:5e:24:27:33:2e:e0:f4:41:f2:56:9d:11:
                    da:62:b2:b1:34:c9:77:59:02:76:c6:7a:4f:0c:d4:
                    b8:69:da:67:0e:ce:98:65:22:79:03:36:2b:a8:8a:
                    ed:ff:73:e5:0a:c9:16:f0:be:eb:e7:22:e8:a7:2b:
                    95:85:1b:11:76:e6:3c:a4:bb:72:c4:77:e0:55:84:
                    1f:f3:4a:ef:8d:d1:01:d1:b8:42:aa:03:a7:92:bc:
                    1c:42:a5:1a:d5:69:25:f2:40:bb:96:4e:4d:2a:1e:
                    a6:bc:db:61:25:73:27:23:ad:db:3a:1c:d2:f6:37:
                    67:34:6e:89:4d:d4:fa:fe:09:3f:68:fd:f2:51:cb:
                    e3:4d:f1:d9:a9:b0:86:5e:81:c0:fd:f0:f9:93:ce:
                    2f:1d:1c:89:4f:00:02:a2:d4:97:19:58:e5:e1:30:
                    97:6c:e5:30:b5:e8:70:a5:74:91:e5:dc:c8:9d:f3:
                    9f:85:70:4e:80:34:fb:82:32:e6:45:27:32:14:4b:
                    14:fb:40:fc:6f:6d:8d:8a:09:e9:3c:31:46:cf:61:
                    58:3c:93:87:56:37:37:7b:7e:18:05:5a:2e:ae:84:
                    aa:61:a1:ae:02:37:ee:7f:90:12:fa:39:8d:f9:58:
                    5b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:9D:E5:5A:78:B6:C3:FD:95:9C:F9:2B:8F:38:4C:30:43:67:5E:B3
            X509v3 Authority Key Identifier:
                keyid:DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/nJ3lWni2w_2VnPkrjzhMMENnXrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.164.98.0/24
                IPv6:
                  2001:1af0:9020::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:e1:99:01:de:56:b1:0e:0e:ac:4a:a4:38:07:aa:8f:31:24:
         f1:5e:6e:58:35:b4:b1:99:df:78:35:7f:53:58:f4:23:25:3e:
         62:b5:ce:f4:a7:ba:a5:04:9a:41:67:e5:92:93:81:2c:97:6d:
         6b:b9:97:e4:56:73:f9:b0:57:af:9b:59:ec:4d:bf:40:3a:7d:
         88:b4:b2:fd:ab:39:48:81:5c:b2:91:7f:01:3c:de:fe:94:98:
         7c:2b:97:cb:d2:aa:dd:b5:51:bf:57:b8:c1:eb:7a:92:f9:81:
         b4:97:76:30:d6:01:89:cb:bd:d5:f3:a3:08:42:7e:32:c4:26:
         37:70:ee:9b:b1:19:ab:34:7f:a8:bb:39:a5:f9:79:97:f6:ef:
         bf:72:f9:d8:36:f7:c2:43:05:b0:6e:3b:cd:95:fa:ff:70:15:
         a1:3d:49:49:d1:79:c5:32:bd:0d:af:dd:a0:dc:88:7e:e4:6c:
         94:d6:92:9a:9b:81:0c:34:29:c6:7c:13:1f:af:f4:48:64:2c:
         0e:db:2c:a8:2d:6c:c3:d8:cf:bf:de:b8:aa:98:22:15:c1:07:
         53:15:39:de:0e:2a:9e:fb:11:0f:3d:8e:61:4f:d6:78:e8:d5:
         66:79:c6:21:e5:a6:33:fb:1a:7c:d2:9d:43:54:46:5b:00:cd:
         90:a8:de:ea
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZBfDOOFbTXcFIIDuax2iL4eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNWM1MzJmM2NkNWUxMWUxOWZlYjE5NjU1ZDRmMTk5MjZm
MDIwMjAwHhcNMjQwNjI4MTMzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzlkZTU1YTc4YjZjM2ZkOTU5Y2Y5MmI4ZjM4NGMzMDQzNjc1ZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHBOGCGSAlljajgF+JdAr3BeJCcz
LuD0QfJWnRHaYrKxNMl3WQJ2xnpPDNS4adpnDs6YZSJ5AzYrqIrt/3PlCskW8L7r
5yLopyuVhRsRduY8pLtyxHfgVYQf80rvjdEB0bhCqgOnkrwcQqUa1Wkl8kC7lk5N
Kh6mvNthJXMnI63bOhzS9jdnNG6JTdT6/gk/aP3yUcvjTfHZqbCGXoHA/fD5k84v
HRyJTwACotSXGVjl4TCXbOUwtehwpXSR5dzInfOfhXBOgDT7gjLmRScyFEsU+0D8
b22NignpPDFGz2FYPJOHVjc3e34YBVouroSqYaGuAjfuf5AS+jmN+Vhb4QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJyd5Vp4tsP9lZz5K484TDBDZ16zMB8GA1UdIwQY
MBaAFNxcUy881eEeGf6xllXU8Zkm8CAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEt
NGI2YzFjZjlmZTRmLzEvbkozbFduaTJ3XzJWblBrcmp6aE1NRU5uWHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEtNGI2YzFjZjlmZTRm
LzEvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAWaRiMA8E
AgACMAkDBwAgARrwkCAwDQYJKoZIhvcNAQELBQADggEBACrhmQHeVrEODqxKpDgH
qo8xJPFeblg1tLGZ33g1f1NY9CMlPmK1zvSnuqUEmkFn5ZKTgSyXbWu5l+RWc/mw
V6+bWexNv0A6fYi0sv2rOUiBXLKRfwE83v6UmHwrl8vSqt21Ub9XuMHrepL5gbSX
djDWAYnLvdXzowhCfjLEJjdw7puxGas0f6i7OaX5eZf2779y+dg298JDBbBuO82V
+v9wFaE9SUnRecUyvQ2v3aDciH7kbJTWkpqbgQw0KcZ8Ex+v9EhkLA7bLKgtbMPY
z7/euKqYIhXBB1MVOd4OKp77EQ89jmFP1njo1WZ5xiHlpjP7GnzSnUNURlsAzZCo
3uo=
-----END CERTIFICATE-----