Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/1JAqziJqgfu-wqTNY8vfDJX27hY.roa
File:                     1JAqziJqgfu-wqTNY8vfDJX27hY.roa (raw, json)
Hash identifier:          6cIY1QxBSFOE7xp/8yFIsO+jPq2xNscwcDdvyM45c6w=
Subject key identifier:   D4:90:2A:CE:22:6A:81:FB:BE:C2:A4:CD:63:CB:DF:0C:95:F6:EE:16
Certificate issuer:       /CN=c3042f5c4789c97c4f92ef2177e7b8938c8dd5c4
Certificate serial:       018E517A7B95E59CDA5FA67B7C091558F5B4
Authority key identifier: C3:04:2F:5C:47:89:C9:7C:4F:92:EF:21:77:E7:B8:93:8C:8D:D5:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wwQvXEeJyXxPku8hd-e4k4yN1cQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/1JAqziJqgfu-wqTNY8vfDJX27hY.roa
Signing time:             Mon 18 Mar 2024 12:12:45 +0000
ROA not before:           Mon 18 Mar 2024 12:12:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        89.145.172.0/22 maxlen: 24
                          185.177.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/wwQvXEeJyXxPku8hd-e4k4yN1cQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/wwQvXEeJyXxPku8hd-e4k4yN1cQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wwQvXEeJyXxPku8hd-e4k4yN1cQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:7a:7b:95:e5:9c:da:5f:a6:7b:7c:09:15:58:f5:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3042f5c4789c97c4f92ef2177e7b8938c8dd5c4
        Validity
            Not Before: Mar 18 12:12:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4902ace226a81fbbec2a4cd63cbdf0c95f6ee16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:fa:e5:79:77:4a:49:d6:59:e7:1e:52:9a:ad:
                    60:e6:97:1a:cf:a3:5a:5c:b0:2a:c7:7d:6b:19:04:
                    c6:4f:64:db:7c:0c:21:bb:df:e7:9d:9a:da:78:aa:
                    ae:9b:c9:7f:97:7e:09:b1:14:01:cd:e0:83:90:61:
                    39:78:a8:c5:e3:64:df:b3:f6:ef:e0:ee:43:c2:c1:
                    f8:86:58:15:be:12:a9:7b:2d:bc:50:81:df:01:35:
                    9f:43:18:cf:a5:0c:af:85:62:06:05:f6:c9:77:1e:
                    a5:63:cb:fc:1f:ac:c0:ff:d4:bb:47:22:62:af:2c:
                    fd:39:5d:fc:ef:f8:66:e2:14:e4:50:41:6c:83:54:
                    56:51:0b:18:03:c5:ec:50:2c:c7:8f:fd:41:39:81:
                    a1:33:5e:21:cd:c7:34:9f:9b:94:63:64:5b:35:27:
                    73:9c:f0:67:26:43:dc:dc:2b:8c:d2:bd:ea:af:5f:
                    ba:4c:47:c4:11:54:80:5a:5f:5a:64:bd:48:3f:04:
                    b1:6e:d6:f6:cb:50:bf:1c:e9:f2:be:19:88:77:48:
                    50:2a:66:f5:e8:c7:03:4f:e1:af:41:61:bb:f4:87:
                    63:c3:c6:5e:65:75:f2:ae:cf:28:3d:cd:24:98:0e:
                    bc:4d:eb:fc:e8:4a:85:9a:f5:27:da:9a:30:90:92:
                    30:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:90:2A:CE:22:6A:81:FB:BE:C2:A4:CD:63:CB:DF:0C:95:F6:EE:16
            X509v3 Authority Key Identifier:
                keyid:C3:04:2F:5C:47:89:C9:7C:4F:92:EF:21:77:E7:B8:93:8C:8D:D5:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wwQvXEeJyXxPku8hd-e4k4yN1cQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/1JAqziJqgfu-wqTNY8vfDJX27hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/wwQvXEeJyXxPku8hd-e4k4yN1cQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.145.172.0/22
                  185.177.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:df:39:11:4a:18:14:40:bb:6c:67:74:6b:44:b7:33:82:91:
         dd:0e:9a:71:9d:75:ca:e3:58:b9:e2:55:df:2a:19:68:79:5d:
         3a:40:c5:1e:94:c4:cd:9a:32:66:6d:67:a1:cc:23:78:e1:fe:
         ce:46:c9:bd:fb:a9:a8:56:e7:11:08:4c:77:7f:f1:61:42:86:
         d9:da:60:a4:13:22:68:5d:6e:f0:d0:3e:9a:1f:77:ed:15:72:
         59:46:34:15:fb:1d:f9:62:db:46:1e:56:b3:fb:0a:54:4e:9f:
         56:03:87:90:e4:6f:02:ad:39:47:e6:1e:a2:66:59:b3:50:da:
         bb:0d:80:77:a9:a4:76:3d:15:29:6c:62:ed:37:9a:65:0a:81:
         6e:39:da:5c:9e:54:81:2b:4e:f4:0b:20:7c:fe:e0:6b:00:eb:
         29:e6:0b:d3:c6:88:2e:ce:62:1a:2a:37:45:17:d4:24:a5:c2:
         03:6b:82:3d:18:9a:7b:97:a5:42:fd:62:94:1e:7a:64:f0:a2:
         b6:e4:d1:b9:59:b3:d2:3e:82:cd:70:34:86:9a:29:1c:1f:e1:
         e1:13:a9:c0:80:60:69:86:86:65:cd:46:f0:67:2e:61:fe:e2:
         a2:35:a6:b2:2f:5d:5a:9b:2d:33:db:76:d3:ae:51:3b:58:53:
         b9:15:5a:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5RenuV5ZzaX6Z7fAkVWPW0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzMDQyZjVjNDc4OWM5N2M0ZjkyZWYyMTc3ZTdiODkzOGM4
ZGQ1YzQwHhcNMjQwMzE4MTIxMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDkwMmFjZTIyNmE4MWZiYmVjMmE0Y2Q2M2NiZGYwYzk1ZjZlZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvrleXdKSdZZ5x5Smq1g5pcaz6Na
XLAqx31rGQTGT2TbfAwhu9/nnZraeKqum8l/l34JsRQBzeCDkGE5eKjF42Tfs/bv
4O5DwsH4hlgVvhKpey28UIHfATWfQxjPpQyvhWIGBfbJdx6lY8v8H6zA/9S7RyJi
ryz9OV387/hm4hTkUEFsg1RWUQsYA8XsUCzHj/1BOYGhM14hzcc0n5uUY2RbNSdz
nPBnJkPc3CuM0r3qr1+6TEfEEVSAWl9aZL1IPwSxbtb2y1C/HOnyvhmId0hQKmb1
6McDT+GvQWG79Idjw8ZeZXXyrs8oPc0kmA68Tev86EqFmvUn2powkJIw+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNSQKs4iaoH7vsKkzWPL3wyV9u4WMB8GA1UdIwQY
MBaAFMMEL1xHicl8T5LvIXfnuJOMjdXEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3dRdlhFZUp5WHhQa3U4aGQtZTRrNHlOMWNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy85ZTFkNWItZGU2MS00ZDlhLTg0YmQt
MDI3OTJmOWNmMDdiLzEvMUpBcXppSnFnZnUtd3FUTlk4dmZESlgyN2hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy85ZTFkNWItZGU2MS00ZDlhLTg0YmQtMDI3OTJmOWNmMDdi
LzEvd3dRdlhFZUp5WHhQa3U4aGQtZTRrNHlOMWNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWZGsAwQC
ubFAMA0GCSqGSIb3DQEBCwUAA4IBAQAo3zkRShgUQLtsZ3RrRLczgpHdDppxnXXK
41i54lXfKhloeV06QMUelMTNmjJmbWehzCN44f7ORsm9+6moVucRCEx3f/FhQobZ
2mCkEyJoXW7w0D6aH3ftFXJZRjQV+x35YttGHlaz+wpUTp9WA4eQ5G8CrTlH5h6i
ZlmzUNq7DYB3qaR2PRUpbGLtN5plCoFuOdpcnlSBK070CyB8/uBrAOsp5gvTxogu
zmIaKjdFF9QkpcIDa4I9GJp7l6VC/WKUHnpk8KK25NG5WbPSPoLNcDSGmikcH+Hh
E6nAgGBphoZlzUbwZy5h/uKiNaayL11amy0z23bTrlE7WFO5FVpr
-----END CERTIFICATE-----