Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/KW_uuBh8Slk5Uj4hXVbx-FnweTk.roa
File:                     KW_uuBh8Slk5Uj4hXVbx-FnweTk.roa (raw, json)
Hash identifier:          KeXFg0bWOl5PUNGN3WvLkZ/4dzj9h9eIhIAmW19lha4=
Subject key identifier:   29:6F:EE:B8:18:7C:4A:59:39:52:3E:21:5D:56:F1:F8:59:F0:79:39
Certificate issuer:       /CN=1ae9db29aa9308e1751b03d0d6999bb868805886
Certificate serial:       018CC56E5F7F06F1046F68D5575DC5E01EAE
Authority key identifier: 1A:E9:DB:29:AA:93:08:E1:75:1B:03:D0:D6:99:9B:B8:68:80:58:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GunbKaqTCOF1GwPQ1pmbuGiAWIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/KW_uuBh8Slk5Uj4hXVbx-FnweTk.roa
Signing time:             Mon 01 Jan 2024 14:29:54 +0000
ROA not before:           Mon 01 Jan 2024 14:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210091
IP address blocks:        89.19.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/GunbKaqTCOF1GwPQ1pmbuGiAWIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/GunbKaqTCOF1GwPQ1pmbuGiAWIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GunbKaqTCOF1GwPQ1pmbuGiAWIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:5f:7f:06:f1:04:6f:68:d5:57:5d:c5:e0:1e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ae9db29aa9308e1751b03d0d6999bb868805886
        Validity
            Not Before: Jan  1 14:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=296feeb8187c4a5939523e215d56f1f859f07939
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:64:16:83:11:3e:5d:87:c3:91:2a:b6:16:d0:
                    ee:3f:f2:69:fb:35:3c:23:db:17:81:08:a5:db:91:
                    4d:c1:78:29:7a:d3:1b:47:a5:fa:6d:67:70:e9:7a:
                    78:b4:43:e1:50:a3:89:05:d2:f9:cb:40:3e:8d:91:
                    8f:87:97:aa:c7:e5:19:0a:d9:3e:ec:52:53:ad:fe:
                    b3:da:c4:ae:6c:33:6d:79:88:e7:30:41:54:62:61:
                    69:55:3d:6e:57:74:f2:ad:32:90:9f:2e:67:2d:ec:
                    07:ff:88:f3:d0:28:05:54:83:22:fd:6b:9a:e0:01:
                    b6:a0:fb:dd:14:b7:f4:b4:f5:42:84:c8:ee:ff:2f:
                    62:01:6d:b7:9d:4e:3b:4c:54:08:0b:3a:99:82:c6:
                    05:2d:2d:2b:83:f1:a4:96:6c:fb:d9:df:2a:d0:73:
                    50:b6:6d:d8:87:2d:5c:57:37:4f:e5:c1:7b:33:53:
                    81:be:88:ac:5c:d0:02:94:a1:7c:1b:ee:94:ed:37:
                    31:28:f3:35:0e:de:a1:5d:bb:f1:bd:e5:37:9c:f9:
                    9d:96:7b:97:86:d2:b4:e7:37:20:a6:bf:f6:de:da:
                    b2:2b:c2:20:96:cc:14:57:8e:33:36:55:86:4a:b3:
                    94:30:7f:15:47:a1:4a:82:f8:7e:b1:03:4f:02:1e:
                    2a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6F:EE:B8:18:7C:4A:59:39:52:3E:21:5D:56:F1:F8:59:F0:79:39
            X509v3 Authority Key Identifier:
                keyid:1A:E9:DB:29:AA:93:08:E1:75:1B:03:D0:D6:99:9B:B8:68:80:58:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GunbKaqTCOF1GwPQ1pmbuGiAWIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/KW_uuBh8Slk5Uj4hXVbx-FnweTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/GunbKaqTCOF1GwPQ1pmbuGiAWIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c4:e3:de:32:f5:c3:98:40:9f:e2:71:c7:32:60:d5:bf:98:31:
         3f:01:e0:4b:3c:f9:e8:bb:43:1e:ed:b3:4f:b5:0b:c4:31:41:
         1f:42:16:2d:cd:46:5a:5b:50:74:ac:1b:80:73:2f:f3:03:27:
         7b:35:c2:96:5a:23:88:35:31:bc:f5:2b:2a:d8:ed:81:ad:c8:
         04:1c:54:46:4e:33:c3:8e:9c:0c:54:86:25:62:68:a1:6d:c7:
         86:c0:d3:00:80:fc:7d:ac:64:5e:a8:1d:57:5e:34:78:13:24:
         76:b9:c2:f2:35:5f:7f:31:81:9d:10:ee:44:4d:c1:fd:e0:7f:
         4c:0b:fe:6d:ef:ff:ba:42:9d:b4:1d:dc:76:6a:9b:61:46:3b:
         e0:83:9a:5e:f4:ac:76:c7:42:23:52:af:69:c8:7c:b7:e0:de:
         85:04:70:64:6a:f4:46:0b:38:8d:d3:c8:03:d8:2e:52:32:43:
         7d:33:13:35:47:77:58:74:ef:85:d9:8f:e8:8e:04:db:48:dc:
         5e:37:70:55:3c:84:04:41:a5:51:39:16:8e:08:c6:68:fa:ea:
         e8:72:63:74:d2:39:25:71:8a:1a:e3:c1:92:2e:1f:36:43:f1:
         f1:ee:7b:e8:f6:6a:25:6b:ab:e3:93:6e:14:2d:4b:7d:16:51:
         c8:8a:25:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbl9/BvEEb2jVV13F4B6uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZTlkYjI5YWE5MzA4ZTE3NTFiMDNkMGQ2OTk5YmI4Njg4
MDU4ODYwHhcNMjQwMTAxMTQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZmZWViODE4N2M0YTU5Mzk1MjNlMjE1ZDU2ZjFmODU5ZjA3OTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGQWgxE+XYfDkSq2FtDuP/Jp+zU8
I9sXgQil25FNwXgpetMbR6X6bWdw6Xp4tEPhUKOJBdL5y0A+jZGPh5eqx+UZCtk+
7FJTrf6z2sSubDNteYjnMEFUYmFpVT1uV3TyrTKQny5nLewH/4jz0CgFVIMi/Wua
4AG2oPvdFLf0tPVChMju/y9iAW23nU47TFQICzqZgsYFLS0rg/Gklmz72d8q0HNQ
tm3Yhy1cVzdP5cF7M1OBvoisXNAClKF8G+6U7TcxKPM1Dt6hXbvxveU3nPmdlnuX
htK05zcgpr/23tqyK8IglswUV44zNlWGSrOUMH8VR6FKgvh+sQNPAh4qywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClv7rgYfEpZOVI+IV1W8fhZ8Hk5MB8GA1UdIwQY
MBaAFBrp2ymqkwjhdRsD0NaZm7hogFiGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3VuYkthcVRDT0YxR3dQUTFwbWJ1R2lBV0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lYjc4MzUtZDM2NC00ZTI4LTlhODIt
ZWQ5MjMxZmJhZWQxLzEvS1dfdXVCaDhTbGs1VWo0aFhWYngtRm53ZVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lYjc4MzUtZDM2NC00ZTI4LTlhODItZWQ5MjMxZmJhZWQx
LzEvR3VuYkthcVRDT0YxR3dQUTFwbWJ1R2lBV0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRM8MA0G
CSqGSIb3DQEBCwUAA4IBAQDE494y9cOYQJ/icccyYNW/mDE/AeBLPPnou0Me7bNP
tQvEMUEfQhYtzUZaW1B0rBuAcy/zAyd7NcKWWiOINTG89Ssq2O2BrcgEHFRGTjPD
jpwMVIYlYmihbceGwNMAgPx9rGReqB1XXjR4EyR2ucLyNV9/MYGdEO5ETcH94H9M
C/5t7/+6Qp20Hdx2apthRjvgg5pe9Kx2x0IjUq9pyHy34N6FBHBkavRGCziN08gD
2C5SMkN9MxM1R3dYdO+F2Y/ojgTbSNxeN3BVPIQEQaVRORaOCMZo+urocmN00jkl
cYoa48GSLh82Q/Hx7nvo9mola6vjk24ULUt9FlHIiiVB
-----END CERTIFICATE-----