Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/SEHNkjCtMpxFILXxeXAmqw2kj5A.roa
File:                     SEHNkjCtMpxFILXxeXAmqw2kj5A.roa (raw, json)
Hash identifier:          Cb78a1RXl7g2fFlcSfjhFSng0dWAnjz7CkTbZoDVxLc=
Subject key identifier:   48:41:CD:92:30:AD:32:9C:45:20:B5:F1:79:70:26:AB:0D:A4:8F:90
Certificate issuer:       /CN=2f6a434c4b5d239c4e6e41b7e585c8d58f8995ab
Certificate serial:       018CC3B7072CE1807BC6AC22135AFD9309EC
Authority key identifier: 2F:6A:43:4C:4B:5D:23:9C:4E:6E:41:B7:E5:85:C8:D5:8F:89:95:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L2pDTEtdI5xObkG35YXI1Y-Jlas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/SEHNkjCtMpxFILXxeXAmqw2kj5A.roa
Signing time:             Mon 01 Jan 2024 06:30:01 +0000
ROA not before:           Mon 01 Jan 2024 06:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61250
IP address blocks:        89.43.15.0/24 maxlen: 24
                          89.43.14.0/23 maxlen: 23
                          89.43.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/L2pDTEtdI5xObkG35YXI1Y-Jlas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/L2pDTEtdI5xObkG35YXI1Y-Jlas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L2pDTEtdI5xObkG35YXI1Y-Jlas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:07:2c:e1:80:7b:c6:ac:22:13:5a:fd:93:09:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f6a434c4b5d239c4e6e41b7e585c8d58f8995ab
        Validity
            Not Before: Jan  1 06:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4841cd9230ad329c4520b5f1797026ab0da48f90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:39:5d:c7:b7:dc:a4:86:c9:51:7c:c9:03:3f:
                    3f:2f:54:a8:ad:d7:ff:df:7b:dc:bc:51:a3:65:63:
                    b5:d5:9c:89:1c:e3:d1:b0:2a:09:db:af:e9:0f:b5:
                    bc:a3:26:0a:34:c7:d8:2d:bd:9c:97:c1:24:32:9c:
                    11:44:93:c6:d2:06:78:61:fd:95:1c:f7:18:04:88:
                    99:03:2a:9b:90:57:c4:a4:11:45:16:5e:ad:40:4f:
                    15:19:d8:b9:ce:dc:21:3f:4a:c7:8a:70:b6:f0:be:
                    71:14:c7:20:b6:fe:4b:62:b8:bd:7b:32:bb:b8:6d:
                    cc:42:88:cb:20:c5:6d:fa:37:db:0b:61:25:88:c7:
                    c0:1d:90:1b:5d:9d:37:21:f0:7b:26:4f:6b:03:39:
                    d1:1a:b6:ea:d8:47:be:10:26:ed:f4:0a:3d:84:a7:
                    57:ae:f0:25:29:47:3d:46:1a:a9:42:73:d0:ca:3c:
                    38:5b:4e:e4:a7:37:39:30:b0:91:39:43:c1:38:26:
                    9f:93:73:11:c6:d7:af:82:ad:68:17:62:a0:50:29:
                    1d:17:31:b6:d3:a4:5b:54:9b:dc:e2:0d:3d:69:12:
                    df:b6:98:bb:54:01:2b:e6:03:6b:f5:4c:a9:af:c0:
                    07:39:00:16:65:5f:7f:e5:c6:b4:2e:19:f7:92:c1:
                    01:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:41:CD:92:30:AD:32:9C:45:20:B5:F1:79:70:26:AB:0D:A4:8F:90
            X509v3 Authority Key Identifier:
                keyid:2F:6A:43:4C:4B:5D:23:9C:4E:6E:41:B7:E5:85:C8:D5:8F:89:95:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L2pDTEtdI5xObkG35YXI1Y-Jlas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/SEHNkjCtMpxFILXxeXAmqw2kj5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/L2pDTEtdI5xObkG35YXI1Y-Jlas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:18:38:34:77:51:87:90:db:c3:d4:67:70:7d:48:8e:34:9a:
         9f:67:fb:df:10:4a:30:7d:3d:e1:93:19:13:d5:61:2f:4d:23:
         56:b3:17:e8:7a:e3:d7:48:cd:45:59:1e:10:8e:43:35:07:10:
         c4:75:df:0f:2d:40:9f:9f:c4:51:b2:2b:d5:44:d2:bf:f1:ae:
         9c:9e:75:d6:0e:8b:68:a7:4d:4d:7e:a2:f3:56:d2:4d:f8:5c:
         04:4b:a5:9e:98:72:93:bf:2f:5c:56:ae:54:57:0f:3c:6a:c7:
         2a:3f:9d:ef:e4:47:30:0b:42:b9:df:fe:1f:98:44:e9:ef:65:
         c9:01:c0:8e:69:62:46:b2:1d:34:d0:24:70:75:c4:44:53:50:
         d4:12:5b:e8:22:de:2f:2f:f0:0c:98:50:87:b5:77:ae:26:03:
         48:91:13:5d:11:88:52:22:e7:6f:9f:e1:12:ed:2e:3e:73:79:
         4d:23:c6:5a:8c:c9:25:3a:67:be:06:4b:36:3a:86:a8:96:32:
         68:d5:0c:c7:6b:d5:b4:d7:51:8d:a9:b1:c7:dd:44:cf:db:be:
         27:21:6f:99:a2:ae:a4:ee:4d:42:a0:87:8e:27:3e:7b:ac:d0:
         e5:ad:36:7a:b4:db:42:6f:74:ef:92:99:a9:d9:8c:4b:63:7b:
         25:84:12:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwcs4YB7xqwiE1r9kwnsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNmE0MzRjNGI1ZDIzOWM0ZTZlNDFiN2U1ODVjOGQ1OGY4
OTk1YWIwHhcNMjQwMTAxMDYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODQxY2Q5MjMwYWQzMjljNDUyMGI1ZjE3OTcwMjZhYjBkYTQ4ZjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzldx7fcpIbJUXzJAz8/L1Sordf/
33vcvFGjZWO11ZyJHOPRsCoJ26/pD7W8oyYKNMfYLb2cl8EkMpwRRJPG0gZ4Yf2V
HPcYBIiZAyqbkFfEpBFFFl6tQE8VGdi5ztwhP0rHinC28L5xFMcgtv5LYri9ezK7
uG3MQojLIMVt+jfbC2EliMfAHZAbXZ03IfB7Jk9rAznRGrbq2Ee+ECbt9Ao9hKdX
rvAlKUc9RhqpQnPQyjw4W07kpzc5MLCROUPBOCafk3MRxtevgq1oF2KgUCkdFzG2
06RbVJvc4g09aRLftpi7VAEr5gNr9Uypr8AHOQAWZV9/5ca0Lhn3ksEBbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhBzZIwrTKcRSC18XlwJqsNpI+QMB8GA1UdIwQY
MBaAFC9qQ0xLXSOcTm5Bt+WFyNWPiZWrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDJwRFRFdGRJNXhPYmtHMzVZWEkxWS1KbGFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85OGFiZTUtYmQwMS00NjRmLTk2YWIt
NDBiNmQ2N2ZjZDk0LzEvU0VITmtqQ3RNcHhGSUxYeGVYQW1xdzJrajVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85OGFiZTUtYmQwMS00NjRmLTk2YWItNDBiNmQ2N2ZjZDk0
LzEvTDJwRFRFdGRJNXhPYmtHMzVZWEkxWS1KbGFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSsOMA0G
CSqGSIb3DQEBCwUAA4IBAQBmGDg0d1GHkNvD1GdwfUiONJqfZ/vfEEowfT3hkxkT
1WEvTSNWsxfoeuPXSM1FWR4QjkM1BxDEdd8PLUCfn8RRsivVRNK/8a6cnnXWDoto
p01NfqLzVtJN+FwES6WemHKTvy9cVq5UVw88ascqP53v5EcwC0K53/4fmETp72XJ
AcCOaWJGsh000CRwdcREU1DUElvoIt4vL/AMmFCHtXeuJgNIkRNdEYhSIudvn+ES
7S4+c3lNI8ZajMklOme+Bks2OoaoljJo1QzHa9W011GNqbHH3UTP274nIW+Zoq6k
7k1CoIeOJz57rNDlrTZ6tNtCb3Tvkpmp2YxLY3slhBLq
-----END CERTIFICATE-----