Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0Ydf7l1EFULnv-kTi-JTOr04Z20.roa
File:                     0Ydf7l1EFULnv-kTi-JTOr04Z20.roa (raw, json)
Hash identifier:          jKLMMb2eDBGdr5prgLuLZL77qwVf/dhapRzpNry7cCM=
Subject key identifier:   D1:87:5F:EE:5D:44:15:42:E7:BF:E9:13:8B:E2:53:3A:BD:38:67:6D
Certificate issuer:       /CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Certificate serial:       018CC94DEB3FCFF5FA8C5BFE8CF24437136F
Authority key identifier: D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0Ydf7l1EFULnv-kTi-JTOr04Z20.roa
Signing time:             Tue 02 Jan 2024 08:32:56 +0000
ROA not before:           Tue 02 Jan 2024 08:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62386
IP address blocks:        89.25.35.0/24 maxlen: 24
                          94.155.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 01:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:eb:3f:cf:f5:fa:8c:5b:fe:8c:f2:44:37:13:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
        Validity
            Not Before: Jan  2 08:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1875fee5d441542e7bfe9138be2533abd38676d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:55:e6:78:0b:fe:e0:40:7a:b7:97:f8:51:78:
                    71:07:e8:f8:93:85:65:b2:95:de:d9:dd:e9:e4:18:
                    b5:a9:8c:a4:ca:ec:aa:28:e3:7d:9a:f8:3d:19:80:
                    f1:c9:13:0e:21:01:e7:f8:c6:8c:33:19:e2:9d:d9:
                    ec:cf:79:2a:71:e9:54:d9:22:e2:ad:f3:74:7f:6c:
                    f8:ed:97:d9:e0:52:19:55:bb:fd:9f:0a:5b:ad:d6:
                    95:d0:46:da:32:0c:db:7f:b2:f4:7f:e5:19:41:94:
                    23:da:7a:23:d0:5c:56:b6:61:c7:de:d0:87:97:2f:
                    6c:77:9d:86:b3:aa:3e:c2:72:dc:22:44:b5:54:92:
                    de:bf:67:66:4a:ae:2b:cb:a9:31:2e:0d:bf:20:cd:
                    f8:4a:c3:74:92:38:7b:f7:a9:cc:23:23:1e:20:32:
                    da:8b:0d:e0:db:77:85:72:fa:d4:92:20:af:be:9b:
                    e3:3b:73:0e:f8:ad:8e:d2:8c:7b:16:39:b6:dc:53:
                    0b:28:f6:f3:fb:a2:9d:31:df:54:96:cb:5c:75:7f:
                    1d:f6:a3:ef:7e:55:fc:b5:e0:7c:70:d8:40:93:02:
                    24:41:77:e0:f6:ab:02:04:b5:5f:c1:cd:20:01:fe:
                    e6:ea:98:eb:63:1b:2e:3a:77:cc:76:ab:48:d3:47:
                    51:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:87:5F:EE:5D:44:15:42:E7:BF:E9:13:8B:E2:53:3A:BD:38:67:6D
            X509v3 Authority Key Identifier:
                keyid:D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0Ydf7l1EFULnv-kTi-JTOr04Z20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.25.35.0/24
                  94.155.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:e3:ed:ee:bf:89:29:fe:75:c4:a3:67:f8:c8:99:42:f9:74:
         5e:fd:d9:79:da:a0:ba:32:34:07:bb:81:61:35:b9:1d:ca:f9:
         9a:50:fe:5a:63:5c:eb:f6:33:e4:c3:23:d2:46:ca:fa:19:54:
         ea:9e:e5:5b:35:4c:2b:a3:94:ae:21:3c:24:9e:00:91:7b:12:
         b8:24:77:dc:48:79:c7:b7:c5:24:9a:2a:53:69:75:de:2e:f1:
         20:7a:8e:a0:be:30:c9:02:04:00:aa:51:d2:02:1b:67:0c:ba:
         7e:ae:a3:99:6d:53:c5:de:e1:42:c5:92:d3:de:43:0d:f0:eb:
         06:55:1c:57:05:bf:16:12:2b:ec:58:45:d7:c3:62:fe:fb:a5:
         ca:95:f5:ca:8f:c3:62:66:b7:9d:c4:2f:65:4e:41:5d:6d:cf:
         d0:51:1e:9f:bc:bb:5e:a6:d8:9c:99:d4:f4:89:42:df:88:e7:
         f6:35:12:c8:cb:63:cf:3b:1c:8a:d5:14:94:29:88:8e:a6:69:
         f3:43:19:7a:fa:50:a8:4b:84:fa:30:65:69:c5:c9:54:15:42:
         db:44:d1:0f:8c:dd:af:ea:f5:61:e9:2a:6a:fa:60:78:70:ff:
         85:9e:8b:25:7e:58:a2:79:b7:51:3a:b0:c2:07:ba:a3:9c:f2:
         44:f4:67:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTes/z/X6jFv+jPJENxNvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2Q3NTczYWFjYWU4MjFjODdkNmQzNjQzMWNmZTRiMjgw
MWFiNDEwHhcNMjQwMTAyMDgzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTg3NWZlZTVkNDQxNTQyZTdiZmU5MTM4YmUyNTMzYWJkMzg2NzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVXmeAv+4EB6t5f4UXhxB+j4k4Vl
spXe2d3p5Bi1qYykyuyqKON9mvg9GYDxyRMOIQHn+MaMMxnindnsz3kqcelU2SLi
rfN0f2z47ZfZ4FIZVbv9nwpbrdaV0EbaMgzbf7L0f+UZQZQj2noj0FxWtmHH3tCH
ly9sd52Gs6o+wnLcIkS1VJLev2dmSq4ry6kxLg2/IM34SsN0kjh796nMIyMeIDLa
iw3g23eFcvrUkiCvvpvjO3MO+K2O0ox7Fjm23FMLKPbz+6KdMd9UlstcdX8d9qPv
flX8teB8cNhAkwIkQXfg9qsCBLVfwc0gAf7m6pjrYxsuOnfMdqtI00dRFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNGHX+5dRBVC57/pE4viUzq9OGdtMB8GA1UdIwQY
MBaAFNB9dXOqyughyH1tNkMc/ksoAatBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjIt
Y2Y5ZGM1YmFhYTc5LzEvMFlkZjdsMUVGVUxudi1rVGktSlRPcjA0WjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjItY2Y5ZGM1YmFhYTc5
LzEvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRkjAwQA
XpuvMA0GCSqGSIb3DQEBCwUAA4IBAQC44+3uv4kp/nXEo2f4yJlC+XRe/dl52qC6
MjQHu4FhNbkdyvmaUP5aY1zr9jPkwyPSRsr6GVTqnuVbNUwro5SuITwkngCRexK4
JHfcSHnHt8UkmipTaXXeLvEgeo6gvjDJAgQAqlHSAhtnDLp+rqOZbVPF3uFCxZLT
3kMN8OsGVRxXBb8WEivsWEXXw2L++6XKlfXKj8NiZredxC9lTkFdbc/QUR6fvLte
pticmdT0iULfiOf2NRLIy2PPOxyK1RSUKYiOpmnzQxl6+lCoS4T6MGVpxclUFULb
RNEPjN2v6vVh6Spq+mB4cP+FnoslfliiebdROrDCB7qjnPJE9Gfg
-----END CERTIFICATE-----