Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/_s-M9TOp3S_oED0xP3RIqMGlUOE.roa
File:                     _s-M9TOp3S_oED0xP3RIqMGlUOE.roa (raw, json)
Hash identifier:          zWilhM6A6Iq17OBHD8bcevMdmKEpLBA6+KiRWh1Fol8=
Subject key identifier:   FE:CF:8C:F5:33:A9:DD:2F:E8:10:3D:31:3F:74:48:A8:C1:A5:50:E1
Certificate issuer:       /CN=dc899c28664ee8194a64048e46c60c6e5f190c53
Certificate serial:       01930BAC9B087866150DF40C08864BF2720A
Authority key identifier: DC:89:9C:28:66:4E:E8:19:4A:64:04:8E:46:C6:0C:6E:5F:19:0C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ImcKGZO6BlKZASORsYMbl8ZDFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/_s-M9TOp3S_oED0xP3RIqMGlUOE.roa
Signing time:             Fri 08 Nov 2024 12:08:01 +0000
ROA not before:           Fri 08 Nov 2024 12:08:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8680
IP address blocks:        185.70.158.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/3ImcKGZO6BlKZASORsYMbl8ZDFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/3ImcKGZO6BlKZASORsYMbl8ZDFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ImcKGZO6BlKZASORsYMbl8ZDFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0b:ac:9b:08:78:66:15:0d:f4:0c:08:86:4b:f2:72:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc899c28664ee8194a64048e46c60c6e5f190c53
        Validity
            Not Before: Nov  8 12:08:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fecf8cf533a9dd2fe8103d313f7448a8c1a550e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b2:43:aa:d8:00:1b:37:7d:3e:d1:bf:d9:4f:
                    14:82:5c:cc:92:8d:f7:96:e0:53:80:12:99:b4:51:
                    67:b3:49:6b:13:df:52:1c:36:6d:42:58:42:ca:1e:
                    1c:3b:d0:de:ab:6a:8a:bb:87:c4:53:fe:75:b6:89:
                    ff:3a:65:08:18:dd:ac:91:45:03:62:62:fa:84:73:
                    23:91:84:4d:4c:f2:24:ff:bc:a3:8f:88:a1:fe:ef:
                    ee:ec:7b:bc:cd:c2:53:eb:8a:9a:f5:89:aa:ac:07:
                    de:e7:b8:97:95:32:3f:f9:b3:d1:de:03:f1:94:fc:
                    fa:a8:15:c0:35:15:37:4d:51:79:74:b4:96:00:e5:
                    e2:a7:7b:49:15:e8:9c:3f:5c:b3:46:94:31:d9:7a:
                    ad:83:49:95:cc:66:6b:a6:08:7c:cd:0a:ba:01:0f:
                    0a:aa:1c:02:25:ab:17:43:71:e7:56:2d:4b:42:83:
                    03:7a:f2:7b:12:6d:22:9b:6f:3b:fa:00:70:58:88:
                    b3:5e:ab:62:12:8f:18:4b:8f:34:2d:75:8d:3e:3f:
                    5f:3d:7e:f5:98:d8:4f:b1:00:71:40:68:67:56:1e:
                    cf:de:2c:2c:86:a1:af:07:63:08:78:2e:53:6a:90:
                    34:a0:a3:b0:05:a9:77:b5:2d:77:24:4e:7e:42:dd:
                    ed:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:CF:8C:F5:33:A9:DD:2F:E8:10:3D:31:3F:74:48:A8:C1:A5:50:E1
            X509v3 Authority Key Identifier:
                keyid:DC:89:9C:28:66:4E:E8:19:4A:64:04:8E:46:C6:0C:6E:5F:19:0C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ImcKGZO6BlKZASORsYMbl8ZDFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/_s-M9TOp3S_oED0xP3RIqMGlUOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/3ImcKGZO6BlKZASORsYMbl8ZDFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:fc:aa:9f:59:7b:6e:4e:a3:9e:2e:50:23:12:ce:90:3b:a5:
         81:4f:75:00:2f:d2:e5:b7:f3:9d:8d:e8:27:23:1d:cf:14:69:
         f7:dd:4e:4d:a4:ac:00:8c:2c:64:fc:c6:90:04:69:ee:37:98:
         b1:51:8d:15:43:bf:b2:75:17:f2:9c:98:7a:34:7d:3e:fc:40:
         6b:e4:3f:cc:08:63:7a:80:63:91:d3:c2:05:df:53:44:5d:cc:
         1a:99:11:c1:e6:fb:4d:65:46:67:37:ac:63:58:da:9c:a1:ce:
         bc:50:63:e7:8f:fa:dd:97:79:d4:48:27:42:e5:46:ef:6d:02:
         33:1a:7a:69:0c:6d:9b:76:65:87:9e:39:4d:4e:5a:d1:3c:d7:
         2d:16:87:e5:e1:67:ae:29:75:0d:35:5b:c0:bd:c9:20:af:9f:
         20:28:d3:72:fb:ee:83:f1:88:dc:1a:c5:6f:79:35:b5:fa:4e:
         df:06:f0:7c:9b:21:9c:3f:e8:92:fb:41:77:44:1a:5e:b5:54:
         9b:80:ab:9f:4c:21:51:33:b5:73:96:83:c4:c0:7a:42:1c:8c:
         49:58:55:ca:16:91:b4:c9:30:db:f7:db:6a:ae:db:05:f5:20:
         45:d7:0c:a6:e8:e1:70:b3:f1:01:74:8d:24:91:1c:a2:75:ea:
         1f:12:fb:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMLrJsIeGYVDfQMCIZL8nIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODk5YzI4NjY0ZWU4MTk0YTY0MDQ4ZTQ2YzYwYzZlNWYx
OTBjNTMwHhcNMjQxMTA4MTIwODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWNmOGNmNTMzYTlkZDJmZTgxMDNkMzEzZjc0NDhhOGMxYTU1MGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7JDqtgAGzd9PtG/2U8UglzMko33
luBTgBKZtFFns0lrE99SHDZtQlhCyh4cO9Deq2qKu4fEU/51ton/OmUIGN2skUUD
YmL6hHMjkYRNTPIk/7yjj4ih/u/u7Hu8zcJT64qa9YmqrAfe57iXlTI/+bPR3gPx
lPz6qBXANRU3TVF5dLSWAOXip3tJFeicP1yzRpQx2Xqtg0mVzGZrpgh8zQq6AQ8K
qhwCJasXQ3HnVi1LQoMDevJ7Em0im287+gBwWIizXqtiEo8YS480LXWNPj9fPX71
mNhPsQBxQGhnVh7P3iwshqGvB2MIeC5TapA0oKOwBal3tS13JE5+Qt3tDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7PjPUzqd0v6BA9MT90SKjBpVDhMB8GA1UdIwQY
MBaAFNyJnChmTugZSmQEjkbGDG5fGQxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0ltY0tHWk82QmxLWkFTT1JzWU1ibDhaREZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny81NmQ2YTgtMDc1Mi00Y2JkLTg4NDUt
NTJmZTEwNTEzMTI5LzEvX3MtTTlUT3AzU19vRUQweFAzUklxTUdsVU9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny81NmQ2YTgtMDc1Mi00Y2JkLTg4NDUtNTJmZTEwNTEzMTI5
LzEvM0ltY0tHWk82QmxLWkFTT1JzWU1ibDhaREZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUaeMA0G
CSqGSIb3DQEBCwUAA4IBAQBk/KqfWXtuTqOeLlAjEs6QO6WBT3UAL9Llt/Odjegn
Ix3PFGn33U5NpKwAjCxk/MaQBGnuN5ixUY0VQ7+ydRfynJh6NH0+/EBr5D/MCGN6
gGOR08IF31NEXcwamRHB5vtNZUZnN6xjWNqcoc68UGPnj/rdl3nUSCdC5UbvbQIz
GnppDG2bdmWHnjlNTlrRPNctFofl4WeuKXUNNVvAvckgr58gKNNy++6D8YjcGsVv
eTW1+k7fBvB8myGcP+iS+0F3RBpetVSbgKufTCFRM7VzloPEwHpCHIxJWFXKFpG0
yTDb99tqrtsF9SBF1wym6OFws/EBdI0kkRyideofEvsT
-----END CERTIFICATE-----