Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-aYox1LoLpPgk6pZ7C_9jRdUoNw.roa
File:                     1-aYox1LoLpPgk6pZ7C_9jRdUoNw.roa (raw, json)
Hash identifier:          zPIHcymf3mA2b//iBPXUZC9XKNXK79IfemR/g8acGbI=
Subject key identifier:   F9:A6:28:C7:52:E8:2E:93:E0:93:AA:59:EC:2F:FD:8D:17:54:A0:DC
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01917EFEA2E5EEC2645194CCC09AB007BC7A
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-aYox1LoLpPgk6pZ7C_9jRdUoNw.roa
Signing time:             Fri 23 Aug 2024 11:28:22 +0000
ROA not before:           Fri 23 Aug 2024 11:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48314
IP address blocks:        89.34.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7e:fe:a2:e5:ee:c2:64:51:94:cc:c0:9a:b0:07:bc:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Aug 23 11:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9a628c752e82e93e093aa59ec2ffd8d1754a0dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d1:b6:ad:8f:84:16:dd:08:22:88:a0:56:28:
                    7f:ce:87:0f:28:45:33:31:4a:cd:78:86:01:8f:f8:
                    c5:c3:4e:00:db:fa:5e:d4:99:da:7f:95:75:d9:5d:
                    2f:f3:d9:72:69:92:1f:cc:66:18:25:52:7c:1e:05:
                    b9:b1:53:86:a6:77:fc:10:c1:5f:aa:c2:fa:02:c7:
                    94:13:07:fd:30:65:3f:60:b7:3f:15:c2:24:ad:34:
                    75:88:1e:08:ff:16:4c:76:74:ce:a9:b4:fd:c5:bc:
                    f0:98:c6:dc:5c:15:f4:80:11:26:e4:31:66:57:12:
                    ba:88:cf:90:5b:db:2e:77:be:fc:3e:e1:c2:71:6a:
                    6d:01:fa:ac:5e:19:6f:2e:4a:98:ce:ab:03:32:86:
                    69:96:9d:7e:99:fa:92:f1:a2:6e:5b:89:93:3e:ae:
                    16:b4:a8:da:7e:af:52:07:bc:17:9a:ec:ac:1e:93:
                    b8:fe:42:f7:9c:35:84:e6:df:04:04:b2:66:0c:0f:
                    a9:fb:68:86:32:ed:bd:db:d5:dd:b0:7d:c1:bc:28:
                    88:1c:e2:0e:d4:c2:51:43:c8:08:12:b6:11:2f:33:
                    e1:c5:bd:23:15:ea:da:98:06:2b:a3:ac:17:f0:68:
                    a4:84:6e:51:c0:32:e8:03:63:55:75:88:e7:65:dc:
                    b7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:A6:28:C7:52:E8:2E:93:E0:93:AA:59:EC:2F:FD:8D:17:54:A0:DC
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-aYox1LoLpPgk6pZ7C_9jRdUoNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:47:8e:ef:ff:fe:ed:6d:f9:30:2a:af:aa:6c:5d:25:13:04:
         6d:a7:d2:10:2f:19:6f:bf:f6:35:15:01:fd:6d:ce:36:d9:1b:
         75:23:43:12:06:cc:47:3d:1b:b0:f2:18:51:f7:75:aa:46:20:
         16:9f:f8:0d:81:f5:cc:dd:dc:28:d5:cb:db:13:13:aa:fb:87:
         33:42:a9:fc:74:25:f1:5c:50:c4:df:80:d2:ab:f5:9b:d6:a4:
         9e:28:11:3a:9e:b8:b9:e9:86:6f:30:f3:0e:d0:0a:76:48:12:
         03:15:2c:11:b1:97:11:40:56:23:d9:4e:0c:93:90:e3:5b:78:
         0f:de:8c:f8:a9:67:ab:be:d8:82:09:75:6a:37:b5:5f:c2:45:
         b4:6e:20:1a:51:4c:66:94:6e:62:47:42:11:35:1c:7f:0d:91:
         3f:41:33:9c:3d:f9:aa:aa:96:94:6b:f9:d6:fe:9d:31:b0:ad:
         c2:0f:a3:1d:c7:95:94:9d:60:b9:56:cc:61:ad:6b:eb:49:38:
         90:32:ee:b8:7f:bb:f7:51:d1:50:b5:a4:4b:3e:28:54:09:98:
         e2:4f:a6:39:93:88:47:6a:60:2d:f0:68:52:e0:6a:8b:54:e2:
         3c:a2:fa:54:b3:99:ed:34:f1:0e:b8:57:0f:d4:81:18:8f:fe:
         86:25:34:b1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZF+/qLl7sJkUZTMwJqwB7x6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwODIzMTEyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWE2MjhjNzUyZTgyZTkzZTA5M2FhNTllYzJmZmQ4ZDE3NTRhMGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdG2rY+EFt0IIoigVih/zocPKEUz
MUrNeIYBj/jFw04A2/pe1Jnaf5V12V0v89lyaZIfzGYYJVJ8HgW5sVOGpnf8EMFf
qsL6AseUEwf9MGU/YLc/FcIkrTR1iB4I/xZMdnTOqbT9xbzwmMbcXBX0gBEm5DFm
VxK6iM+QW9sud778PuHCcWptAfqsXhlvLkqYzqsDMoZplp1+mfqS8aJuW4mTPq4W
tKjafq9SB7wXmuysHpO4/kL3nDWE5t8EBLJmDA+p+2iGMu2929XdsH3BvCiIHOIO
1MJRQ8gIErYRLzPhxb0jFeramAYro6wX8GikhG5RwDLoA2NVdYjnZdy3owIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmmKMdS6C6T4JOqWewv/Y0XVKDcMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvMS1hWW94MUxvTHBQZ2s2cFo3Q185alJkVW9Ody5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjYvNGIxOGZiLWQzZWQtNGIyNy05YmQwLWU1ODM5ZjQzZTU4
My8xL2ZhWFRMVnNKeVR3YlhqX0ZvcW9nMTBiOF90RS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFkiyjAN
BgkqhkiG9w0BAQsFAAOCAQEAj0eO7//+7W35MCqvqmxdJRMEbafSEC8Zb7/2NRUB
/W3ONtkbdSNDEgbMRz0bsPIYUfd1qkYgFp/4DYH1zN3cKNXL2xMTqvuHM0Kp/HQl
8VxQxN+A0qv1m9aknigROp64uemGbzDzDtAKdkgSAxUsEbGXEUBWI9lODJOQ41t4
D96M+Klnq77Yggl1aje1X8JFtG4gGlFMZpRuYkdCETUcfw2RP0EznD35qqqWlGv5
1v6dMbCtwg+jHceVlJ1guVbMYa1r60k4kDLuuH+791HRULWkSz4oVAmY4k+mOZOI
R2pgLfBoUuBqi1TiPKL6VLOZ7TTxDrhXD9SBGI/+hiU0sQ==
-----END CERTIFICATE-----