Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/iTF4W_4_PuAZRrqfESmrDhqB5n0.roa
File:                     iTF4W_4_PuAZRrqfESmrDhqB5n0.roa (raw, json)
Hash identifier:          dgFKg/KzvKAndFmxJCB+KnKUYU1Up9+IkOzGeW7LiHo=
Subject key identifier:   89:31:78:5B:FE:3F:3E:E0:19:46:BA:9F:11:29:AB:0E:1A:81:E6:7D
Certificate issuer:       /CN=07a32999c47eb31d5fbf16ecc3872eaefd43bad7
Certificate serial:       01924C9A88182C81B8F0551CBC7A34679834
Authority key identifier: 07:A3:29:99:C4:7E:B3:1D:5F:BF:16:EC:C3:87:2E:AE:FD:43:BA:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/iTF4W_4_PuAZRrqfESmrDhqB5n0.roa
Signing time:             Wed 02 Oct 2024 09:40:48 +0000
ROA not before:           Wed 02 Oct 2024 09:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34914
IP address blocks:        89.222.0.0/18 maxlen: 24
                          89.222.2.0/23 maxlen: 23
                          89.222.32.0/23 maxlen: 23
                          89.222.34.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4c:9a:88:18:2c:81:b8:f0:55:1c:bc:7a:34:67:98:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07a32999c47eb31d5fbf16ecc3872eaefd43bad7
        Validity
            Not Before: Oct  2 09:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8931785bfe3f3ee01946ba9f1129ab0e1a81e67d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:3f:0b:73:cd:e9:7c:3e:19:75:ad:91:62:f7:
                    98:85:98:c4:fb:b6:13:fa:a1:ef:03:17:6a:47:07:
                    06:0a:4a:0e:d3:ac:a4:85:4d:23:23:90:eb:2c:d6:
                    8f:81:b3:3a:40:ff:49:f6:0b:e4:3e:f3:b4:3f:b1:
                    10:c3:ea:60:bc:43:d3:30:fb:bb:be:be:2f:50:9f:
                    92:7b:e7:3f:52:8c:52:7f:a7:47:e6:32:9d:26:02:
                    81:57:1e:fa:c0:8d:21:9a:50:48:3f:3e:73:c7:4c:
                    a1:e0:9f:08:bd:a1:0e:e5:d9:12:a1:9c:23:ea:f0:
                    2b:a4:67:d9:b8:d5:49:31:2e:cc:71:7c:cd:a7:24:
                    b7:7a:d7:3b:71:f6:39:27:eb:3a:c8:9c:57:61:60:
                    bc:09:d1:df:40:a7:76:66:2c:0e:1b:72:49:86:a0:
                    ec:af:08:eb:5a:92:46:01:69:ab:4b:58:34:3f:9d:
                    f9:3e:ba:79:e2:a2:ec:7f:55:86:eb:50:a9:f1:1e:
                    d6:5e:21:22:7b:66:8d:49:cc:c1:2d:31:fc:0d:f8:
                    d7:fc:2f:58:33:8e:f0:9c:f3:42:a6:33:9f:40:13:
                    ad:01:c8:22:12:a8:97:29:bf:c2:7b:22:44:c8:97:
                    fd:7b:21:8e:c2:97:a5:0d:97:d5:07:b3:26:7b:4b:
                    95:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:31:78:5B:FE:3F:3E:E0:19:46:BA:9F:11:29:AB:0E:1A:81:E6:7D
            X509v3 Authority Key Identifier:
                keyid:07:A3:29:99:C4:7E:B3:1D:5F:BF:16:EC:C3:87:2E:AE:FD:43:BA:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/iTF4W_4_PuAZRrqfESmrDhqB5n0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.222.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6e:ce:ad:38:7d:4a:4d:e6:31:e2:e1:f2:a0:1e:f5:ce:2a:57:
         86:bd:a1:b7:57:45:f3:41:b5:20:10:6f:ee:e2:66:d4:3e:94:
         20:88:16:69:ea:3c:79:80:9f:40:bc:92:72:60:70:65:12:53:
         31:a1:90:d9:ae:af:ec:61:66:ab:b3:31:0b:ec:2b:6f:d9:19:
         b4:d9:a9:04:d8:f4:e5:7b:ee:90:d6:1e:50:b1:b5:c3:79:03:
         2b:0b:74:cf:ef:eb:99:64:5d:93:be:a3:7f:d8:ba:64:c9:b9:
         d2:5f:ed:1f:84:24:6d:b2:53:b4:c6:42:a8:0b:ab:3d:1a:8a:
         17:0e:5b:cf:62:1f:a3:48:42:fd:0f:9d:2a:65:62:6b:9e:2d:
         47:43:fe:af:d9:f1:90:59:5b:fd:94:1a:62:a4:0d:58:f1:4c:
         4b:35:92:c1:eb:1d:34:d5:f0:89:f7:7c:d1:58:2d:63:b1:07:
         45:b5:71:eb:27:21:1a:cd:8f:eb:9f:19:15:bd:ec:6d:54:0a:
         0d:23:0b:2c:a3:a1:85:06:9a:79:ed:2e:55:2a:67:18:15:68:
         05:fc:ed:45:e1:48:9d:05:46:b3:09:77:b7:99:c5:9c:dd:b7:
         96:fd:ab:4c:da:d2:3c:27:6f:57:a7:07:fd:7a:f7:0b:75:a6:
         31:d9:d1:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJMmogYLIG48FUcvHo0Z5g0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YTMyOTk5YzQ3ZWIzMWQ1ZmJmMTZlY2MzODcyZWFlZmQ0
M2JhZDcwHhcNMjQxMDAyMDk0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTMxNzg1YmZlM2YzZWUwMTk0NmJhOWYxMTI5YWIwZTFhODFlNjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvz8Lc83pfD4Zda2RYveYhZjE+7YT
+qHvAxdqRwcGCkoO06ykhU0jI5DrLNaPgbM6QP9J9gvkPvO0P7EQw+pgvEPTMPu7
vr4vUJ+Se+c/UoxSf6dH5jKdJgKBVx76wI0hmlBIPz5zx0yh4J8IvaEO5dkSoZwj
6vArpGfZuNVJMS7McXzNpyS3etc7cfY5J+s6yJxXYWC8CdHfQKd2ZiwOG3JJhqDs
rwjrWpJGAWmrS1g0P535Prp54qLsf1WG61Cp8R7WXiEie2aNSczBLTH8DfjX/C9Y
M47wnPNCpjOfQBOtAcgiEqiXKb/CeyJEyJf9eyGOwpelDZfVB7Mme0uVWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkxeFv+Pz7gGUa6nxEpqw4ageZ9MB8GA1UdIwQY
MBaAFAejKZnEfrMdX78W7MOHLq79Q7rXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZNcG1jUi1zeDFmdnhic3c0Y3VydjFEdXRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83MzgxNzktY2Y2Ny00MTk5LWI1MzIt
MmZiMjk1OGFiOGJiLzEvaVRGNFdfNF9QdUFaUnJxZkVTbXJEaHFCNW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83MzgxNzktY2Y2Ny00MTk5LWI1MzItMmZiMjk1OGFiOGJi
LzEvQjZNcG1jUi1zeDFmdnhic3c0Y3VydjFEdXRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGWd4AMA0G
CSqGSIb3DQEBCwUAA4IBAQBuzq04fUpN5jHi4fKgHvXOKleGvaG3V0XzQbUgEG/u
4mbUPpQgiBZp6jx5gJ9AvJJyYHBlElMxoZDZrq/sYWarszEL7Ctv2Rm02akE2PTl
e+6Q1h5QsbXDeQMrC3TP7+uZZF2TvqN/2LpkybnSX+0fhCRtslO0xkKoC6s9GooX
DlvPYh+jSEL9D50qZWJrni1HQ/6v2fGQWVv9lBpipA1Y8UxLNZLB6x001fCJ93zR
WC1jsQdFtXHrJyEazY/rnxkVvextVAoNIwsso6GFBpp57S5VKmcYFWgF/O1F4Uid
BUazCXe3mcWc3beW/atM2tI8J29Xpwf9evcLdaYx2dG6
-----END CERTIFICATE-----