Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/Mhq0b9CnppV0R88KOPXnMHPWfxs.roa
File:                     Mhq0b9CnppV0R88KOPXnMHPWfxs.roa (raw, json)
Hash identifier:          z85ZK1nFXD7UlIp3CULxjdb0VyRDH4NXruRVX5DfU9k=
Subject key identifier:   32:1A:B4:6F:D0:A7:A6:95:74:47:CF:0A:38:F5:E7:30:73:D6:7F:1B
Certificate issuer:       /CN=07a32999c47eb31d5fbf16ecc3872eaefd43bad7
Certificate serial:       01924C999D6835E7AE18A0A337B4CDFA2410
Authority key identifier: 07:A3:29:99:C4:7E:B3:1D:5F:BF:16:EC:C3:87:2E:AE:FD:43:BA:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/Mhq0b9CnppV0R88KOPXnMHPWfxs.roa
Signing time:             Wed 02 Oct 2024 09:39:48 +0000
ROA not before:           Wed 02 Oct 2024 09:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29033
IP address blocks:        89.222.0.0/18 maxlen: 24
                          89.222.34.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4c:99:9d:68:35:e7:ae:18:a0:a3:37:b4:cd:fa:24:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07a32999c47eb31d5fbf16ecc3872eaefd43bad7
        Validity
            Not Before: Oct  2 09:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=321ab46fd0a7a6957447cf0a38f5e73073d67f1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:51:f3:99:e4:8a:46:e8:27:e9:cb:e7:cc:08:
                    f4:e4:2c:0f:31:00:2d:8b:73:74:30:53:e9:36:1d:
                    e5:09:e2:38:25:59:51:e5:0a:ef:04:0f:47:28:83:
                    fd:92:ee:32:fb:4b:ac:28:e2:79:08:d7:c2:23:18:
                    0d:06:69:ae:4c:3b:2c:b4:bf:dc:79:22:c1:2e:23:
                    ba:43:43:bc:b9:fd:9a:d9:76:52:47:bf:8a:7a:25:
                    bc:cd:be:a8:2f:b9:68:26:62:ea:7d:ea:25:ac:b2:
                    c5:81:46:41:4f:f8:55:e5:48:a9:cb:7c:b2:1f:c7:
                    34:b9:4e:3e:f1:0c:4a:ba:e8:e4:a2:1a:54:5c:1d:
                    57:bd:61:61:7b:60:76:c3:88:38:4d:01:ec:0a:b5:
                    87:f1:93:8f:c7:1a:28:23:93:95:ef:f6:02:8a:2e:
                    78:a5:69:c1:de:7e:e5:f7:6a:66:6c:01:a9:4f:44:
                    2e:51:d6:db:1b:4b:db:71:ef:f8:b1:7b:50:e3:38:
                    6d:fb:38:73:0d:bb:af:c8:6f:97:88:bf:ef:46:31:
                    71:b3:64:b1:5e:12:79:04:c9:ab:93:ff:0f:1b:4c:
                    72:fa:81:b9:62:d1:84:0b:00:d4:48:04:4e:74:a3:
                    d8:ad:ed:c0:6d:b5:bb:f5:5f:79:0b:5a:bd:c5:6d:
                    59:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:1A:B4:6F:D0:A7:A6:95:74:47:CF:0A:38:F5:E7:30:73:D6:7F:1B
            X509v3 Authority Key Identifier:
                keyid:07:A3:29:99:C4:7E:B3:1D:5F:BF:16:EC:C3:87:2E:AE:FD:43:BA:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/Mhq0b9CnppV0R88KOPXnMHPWfxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.222.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         48:89:ac:45:2f:9f:41:c9:3e:db:8e:b5:95:39:f2:c4:0e:56:
         2a:d4:ff:17:0f:61:c0:73:77:4b:45:29:5f:fa:e8:05:d7:ba:
         2e:9c:1f:d9:c5:c5:36:dc:49:f7:cb:0b:7c:b6:47:36:9d:5c:
         7b:bf:ab:c2:5e:40:8f:34:8d:1a:90:23:ac:dc:ea:dd:76:9a:
         6c:e7:b4:54:5b:ad:8e:48:cc:89:c2:87:d8:08:0c:a4:30:c4:
         8d:54:d1:7f:b1:58:bf:ec:2e:fe:a0:70:9d:e7:d3:8d:8a:e9:
         85:fe:0d:72:d4:64:13:5c:65:8b:ec:7c:45:cb:f3:38:2e:2a:
         1b:be:4e:60:76:ec:0f:f9:cd:4d:86:c1:10:92:44:7c:34:6a:
         09:a6:4e:ae:ae:c2:1c:f7:66:f7:47:9c:f3:ca:2a:f8:84:22:
         19:52:f6:40:97:ba:d8:75:f5:2b:b3:ab:26:93:1a:87:c9:75:
         9d:95:e4:1a:3d:0b:e4:ce:c8:0b:21:fe:c2:ac:22:a8:31:e8:
         b2:f5:2d:e2:e3:a9:0d:1c:7d:3d:a3:99:6a:f6:4e:c9:7f:10:
         f0:e9:53:2f:73:c0:b6:6e:b3:f6:a1:35:16:ed:86:ca:a0:00:
         78:de:a3:a9:ee:9d:be:fa:79:19:f7:dd:83:fa:96:39:41:da:
         0b:d7:e2:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJMmZ1oNeeuGKCjN7TN+iQQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YTMyOTk5YzQ3ZWIzMWQ1ZmJmMTZlY2MzODcyZWFlZmQ0
M2JhZDcwHhcNMjQxMDAyMDkzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjFhYjQ2ZmQwYTdhNjk1NzQ0N2NmMGEzOGY1ZTczMDczZDY3ZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFHzmeSKRugn6cvnzAj05CwPMQAt
i3N0MFPpNh3lCeI4JVlR5QrvBA9HKIP9ku4y+0usKOJ5CNfCIxgNBmmuTDsstL/c
eSLBLiO6Q0O8uf2a2XZSR7+KeiW8zb6oL7loJmLqfeolrLLFgUZBT/hV5Uipy3yy
H8c0uU4+8QxKuujkohpUXB1XvWFhe2B2w4g4TQHsCrWH8ZOPxxooI5OV7/YCii54
pWnB3n7l92pmbAGpT0QuUdbbG0vbce/4sXtQ4zht+zhzDbuvyG+XiL/vRjFxs2Sx
XhJ5BMmrk/8PG0xy+oG5YtGECwDUSAROdKPYre3AbbW79V95C1q9xW1ZawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIatG/Qp6aVdEfPCjj15zBz1n8bMB8GA1UdIwQY
MBaAFAejKZnEfrMdX78W7MOHLq79Q7rXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZNcG1jUi1zeDFmdnhic3c0Y3VydjFEdXRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83MzgxNzktY2Y2Ny00MTk5LWI1MzIt
MmZiMjk1OGFiOGJiLzEvTWhxMGI5Q25wcFYwUjg4S09QWG5NSFBXZnhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83MzgxNzktY2Y2Ny00MTk5LWI1MzItMmZiMjk1OGFiOGJi
LzEvQjZNcG1jUi1zeDFmdnhic3c0Y3VydjFEdXRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGWd4AMA0G
CSqGSIb3DQEBCwUAA4IBAQBIiaxFL59ByT7bjrWVOfLEDlYq1P8XD2HAc3dLRSlf
+ugF17ounB/ZxcU23En3ywt8tkc2nVx7v6vCXkCPNI0akCOs3Orddpps57RUW62O
SMyJwofYCAykMMSNVNF/sVi/7C7+oHCd59ONiumF/g1y1GQTXGWL7HxFy/M4Liob
vk5gduwP+c1NhsEQkkR8NGoJpk6ursIc92b3R5zzyir4hCIZUvZAl7rYdfUrs6sm
kxqHyXWdleQaPQvkzsgLIf7CrCKoMeiy9S3i46kNHH09o5lq9k7JfxDw6VMvc8C2
brP2oTUW7YbKoAB43qOp7p2++nkZ992D+pY5QdoL1+KZ
-----END CERTIFICATE-----