Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/53a721-1f91-488a-b5a3-59c9c3fb9947/1/9lGpwcRF-5EWGMrp7ZvSBa3-wu4.roa
File:                     9lGpwcRF-5EWGMrp7ZvSBa3-wu4.roa (raw, json)
Hash identifier:          hjw/1FiEoW7qHOujBzPyRjjST88PM9T/ugNurCueUKQ=
Subject key identifier:   F6:51:A9:C1:C4:45:FB:91:16:18:CA:E9:ED:9B:D2:05:AD:FE:C2:EE
Certificate issuer:       /CN=84056e22dd123c834c0a4aa74516d5fb3cc77dd1
Certificate serial:       018FA5875BB44D061F8110D55FC807798611
Authority key identifier: 84:05:6E:22:DD:12:3C:83:4C:0A:4A:A7:45:16:D5:FB:3C:C7:7D:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hAVuIt0SPINMCkqnRRbV-zzHfdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/53a721-1f91-488a-b5a3-59c9c3fb9947/1/9lGpwcRF-5EWGMrp7ZvSBa3-wu4.roa
Signing time:             Thu 23 May 2024 12:57:42 +0000
ROA not before:           Thu 23 May 2024 12:57:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39808
IP address blocks:        89.107.88.0/21 maxlen: 21
                          185.123.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/53a721-1f91-488a-b5a3-59c9c3fb9947/1/hAVuIt0SPINMCkqnRRbV-zzHfdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/53a721-1f91-488a-b5a3-59c9c3fb9947/1/hAVuIt0SPINMCkqnRRbV-zzHfdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hAVuIt0SPINMCkqnRRbV-zzHfdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a5:87:5b:b4:4d:06:1f:81:10:d5:5f:c8:07:79:86:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84056e22dd123c834c0a4aa74516d5fb3cc77dd1
        Validity
            Not Before: May 23 12:57:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f651a9c1c445fb911618cae9ed9bd205adfec2ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b1:4e:33:59:26:a7:bd:16:d3:8c:8c:24:f3:
                    67:25:7e:78:f9:0b:af:43:f7:a9:69:29:85:62:54:
                    96:8b:2a:dd:cf:35:a7:4b:e4:4b:e9:6d:cc:fb:fc:
                    a1:90:5e:83:7a:5e:e3:fc:5c:8d:d4:a7:ce:34:97:
                    e1:b7:e5:23:40:3b:87:6f:ad:d1:ff:33:77:bc:6e:
                    2f:b6:22:9c:b8:98:36:46:c6:57:ae:6b:18:b8:6e:
                    ad:57:58:b7:1c:2d:2f:80:8f:87:9b:24:68:52:e9:
                    58:b9:97:a3:b1:d4:15:4e:3c:65:7e:11:48:97:7f:
                    9d:3f:e8:43:c6:68:57:aa:c7:b8:7e:7d:d2:e7:d3:
                    5b:42:f3:d0:0b:f5:90:f5:b6:f7:db:b4:0b:7a:a8:
                    7a:a9:7b:dd:fa:cc:fa:dc:1e:da:1b:cf:b6:d2:0c:
                    c6:ed:1c:be:9c:0b:c7:9f:2b:00:33:f6:9a:be:34:
                    d7:99:c4:11:96:35:d4:82:07:1f:e8:d8:22:7e:3c:
                    57:1e:ba:fd:72:39:3c:36:ab:77:20:4f:61:6c:27:
                    f2:8b:f1:02:af:98:bc:29:9c:54:27:1a:42:fe:a9:
                    ba:98:39:0b:b8:2c:1f:d2:b0:6f:94:87:38:24:f6:
                    d4:7c:4f:c4:47:3c:15:ba:8f:c8:68:56:53:d2:33:
                    f4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:51:A9:C1:C4:45:FB:91:16:18:CA:E9:ED:9B:D2:05:AD:FE:C2:EE
            X509v3 Authority Key Identifier:
                keyid:84:05:6E:22:DD:12:3C:83:4C:0A:4A:A7:45:16:D5:FB:3C:C7:7D:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hAVuIt0SPINMCkqnRRbV-zzHfdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/53a721-1f91-488a-b5a3-59c9c3fb9947/1/9lGpwcRF-5EWGMrp7ZvSBa3-wu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/53a721-1f91-488a-b5a3-59c9c3fb9947/1/hAVuIt0SPINMCkqnRRbV-zzHfdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.88.0/21
                  185.123.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:fc:67:29:34:54:84:c9:d9:8f:38:e2:f8:da:84:85:22:86:
         d0:3a:fd:b6:8f:75:c0:df:04:a6:7b:43:91:93:b2:b8:05:0d:
         1e:ea:ff:d6:5b:73:3f:05:59:ab:12:33:e7:67:e2:f1:6f:9a:
         31:71:72:c0:9e:be:e9:87:85:76:17:34:10:24:ad:39:f3:5b:
         64:50:0c:77:c9:19:c3:be:37:99:fe:0b:91:8a:1f:00:1d:ce:
         fb:8b:db:e2:c3:19:74:43:ef:04:d4:b8:44:fb:42:f0:d0:07:
         df:7f:ed:f0:f1:b2:71:41:ce:5c:5c:8e:0e:26:97:f1:4d:14:
         da:0d:47:df:d1:bc:98:33:dd:64:ab:59:2f:ce:82:54:33:9a:
         e4:4a:0d:19:36:13:ee:61:a6:48:03:eb:ac:7e:8e:55:ea:b9:
         e1:18:f2:b2:f7:a5:53:01:5e:15:b5:6f:d9:9b:7f:73:3d:6c:
         b4:8e:12:51:53:68:0f:69:66:9a:82:9e:d4:3a:10:39:2f:ba:
         60:06:d4:12:4b:3c:81:e3:33:bd:46:1a:a9:52:08:4e:4e:b1:
         64:a8:ec:26:14:e4:fd:01:56:59:4b:f6:3c:25:15:87:56:58:
         a2:b4:e0:de:86:d7:64:eb:fa:85:52:43:c4:01:44:c5:26:e4:
         d7:d6:b8:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+lh1u0TQYfgRDVX8gHeYYRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MDU2ZTIyZGQxMjNjODM0YzBhNGFhNzQ1MTZkNWZiM2Nj
NzdkZDEwHhcNMjQwNTIzMTI1NzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjUxYTljMWM0NDVmYjkxMTYxOGNhZTllZDliZDIwNWFkZmVjMmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17FOM1kmp70W04yMJPNnJX54+Quv
Q/epaSmFYlSWiyrdzzWnS+RL6W3M+/yhkF6Del7j/FyN1KfONJfht+UjQDuHb63R
/zN3vG4vtiKcuJg2RsZXrmsYuG6tV1i3HC0vgI+HmyRoUulYuZejsdQVTjxlfhFI
l3+dP+hDxmhXqse4fn3S59NbQvPQC/WQ9bb327QLeqh6qXvd+sz63B7aG8+20gzG
7Ry+nAvHnysAM/aavjTXmcQRljXUggcf6NgifjxXHrr9cjk8Nqt3IE9hbCfyi/EC
r5i8KZxUJxpC/qm6mDkLuCwf0rBvlIc4JPbUfE/ERzwVuo/IaFZT0jP0KQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPZRqcHERfuRFhjK6e2b0gWt/sLuMB8GA1UdIwQY
MBaAFIQFbiLdEjyDTApKp0UW1fs8x33RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEFWdUl0MFNQSU5NQ2txblJSYlYtenpIZmRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81M2E3MjEtMWY5MS00ODhhLWI1YTMt
NTljOWMzZmI5OTQ3LzEvOWxHcHdjUkYtNUVXR01ycDdadlNCYTMtd3U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81M2E3MjEtMWY5MS00ODhhLWI1YTMtNTljOWMzZmI5OTQ3
LzEvaEFWdUl0MFNQSU5NQ2txblJSYlYtenpIZmRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDWWtYAwQC
uXvUMA0GCSqGSIb3DQEBCwUAA4IBAQAB/GcpNFSEydmPOOL42oSFIobQOv22j3XA
3wSme0ORk7K4BQ0e6v/WW3M/BVmrEjPnZ+Lxb5oxcXLAnr7ph4V2FzQQJK0581tk
UAx3yRnDvjeZ/guRih8AHc77i9viwxl0Q+8E1LhE+0Lw0Afff+3w8bJxQc5cXI4O
JpfxTRTaDUff0byYM91kq1kvzoJUM5rkSg0ZNhPuYaZIA+usfo5V6rnhGPKy96VT
AV4VtW/Zm39zPWy0jhJRU2gPaWaagp7UOhA5L7pgBtQSSzyB4zO9RhqpUghOTrFk
qOwmFOT9AVZZS/Y8JRWHVliitODehtdk6/qFUkPEAUTFJuTX1rg7
-----END CERTIFICATE-----