Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Hs9NYw83g_AASqC-mfnPTv3p0fo.roa
File:                     Hs9NYw83g_AASqC-mfnPTv3p0fo.roa (raw, json)
Hash identifier:          jZ1maCE+LMH9x/EPdI/N+ZrNP6/RbAz4vMJWd/FKEMg=
Subject key identifier:   1E:CF:4D:63:0F:37:83:F0:00:4A:A0:BE:99:F9:CF:4E:FD:E9:D1:FA
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018D62D05375BA62298575D2FA0A21169128
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Hs9NYw83g_AASqC-mfnPTv3p0fo.roa
Signing time:             Thu 01 Feb 2024 03:57:16 +0000
ROA not before:           Thu 01 Feb 2024 03:57:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210993
IP address blocks:        89.37.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:62:d0:53:75:ba:62:29:85:75:d2:fa:0a:21:16:91:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Feb  1 03:57:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ecf4d630f3783f0004aa0be99f9cf4efde9d1fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:7f:a1:da:e7:4d:69:bd:64:4f:0b:55:21:a4:
                    d2:6a:01:83:3d:bd:6c:c4:32:df:b5:b8:df:de:5c:
                    2d:03:66:5a:93:f8:66:d6:f6:3e:af:b5:44:a9:8b:
                    b8:9f:ed:43:bd:21:13:ce:03:dc:6f:fe:2d:f1:6d:
                    d1:0f:79:3f:58:33:aa:53:84:8d:c3:f3:d3:43:f5:
                    2c:a2:80:c6:46:d8:b3:fb:78:24:40:b8:92:f6:3f:
                    ad:aa:4a:84:fe:ad:81:4f:90:1e:b6:77:0f:c6:e1:
                    c4:fa:c9:e6:04:a2:a5:05:f3:0f:1b:2c:8f:78:a4:
                    3e:80:d3:c3:44:f1:e0:ee:bf:f4:c6:df:2d:16:0a:
                    18:c6:0c:bb:3a:09:75:3b:e3:35:99:6f:ea:19:ff:
                    cd:65:3a:64:b4:83:93:53:85:6b:66:c6:6f:5f:99:
                    71:89:01:15:33:00:6a:e4:77:36:5a:72:e1:62:2c:
                    7c:2d:63:8d:05:eb:f8:6d:55:5c:a6:39:e9:15:d3:
                    f7:90:97:bf:3d:77:dd:a8:29:5c:70:25:68:cb:04:
                    b5:5b:21:4c:3c:d4:f4:bf:4c:98:e2:79:8a:d1:94:
                    66:6d:b2:db:74:71:bc:81:e2:3d:2e:d5:31:31:9e:
                    3d:16:ce:36:64:2c:69:f5:73:99:fb:80:6a:39:e8:
                    b2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:CF:4D:63:0F:37:83:F0:00:4A:A0:BE:99:F9:CF:4E:FD:E9:D1:FA
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Hs9NYw83g_AASqC-mfnPTv3p0fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:c2:0d:2d:29:76:c2:0c:d9:12:13:c6:1f:a9:c3:cd:29:d3:
         40:65:d3:98:1a:bf:33:ba:a1:4a:2b:4a:10:88:21:38:68:1c:
         44:44:19:01:50:37:26:51:51:61:b8:15:91:60:2a:6d:ca:48:
         4f:78:6f:c2:ad:7e:ba:64:5a:fa:4f:02:80:6b:ab:3c:34:83:
         7c:4d:cf:f6:8f:66:05:45:73:b0:d2:18:41:92:78:7d:0f:3f:
         83:c5:43:91:1c:03:bb:95:35:8e:be:58:87:db:bd:c7:01:3f:
         29:43:14:74:f6:3f:85:dd:78:c7:f0:23:e7:76:18:1a:9c:2e:
         b0:47:28:fe:b6:39:ac:d1:06:3f:9a:4a:92:db:f4:5c:29:77:
         6e:e4:1e:27:52:1d:ba:4c:cb:bc:d6:17:af:9f:f7:70:2f:c7:
         d4:31:22:97:be:49:2c:3e:8f:e0:d9:b3:b6:1d:c3:70:59:c6:
         15:bc:95:3c:0b:0b:6b:12:f2:88:57:3c:db:02:53:07:81:37:
         2a:40:59:61:72:1f:42:8b:5e:d3:ee:5c:0e:46:bb:44:a2:49:
         f4:d5:e4:dd:99:07:78:54:0a:56:a0:31:d0:71:8e:27:70:60:
         22:d5:98:f7:31:56:02:07:cd:93:7f:a3:3f:cf:e5:1d:bb:b7:
         df:d4:86:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1i0FN1umIphXXS+gohFpEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMjAxMDM1NzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWNmNGQ2MzBmMzc4M2YwMDA0YWEwYmU5OWY5Y2Y0ZWZkZTlkMWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhn+h2udNab1kTwtVIaTSagGDPb1s
xDLftbjf3lwtA2Zak/hm1vY+r7VEqYu4n+1DvSETzgPcb/4t8W3RD3k/WDOqU4SN
w/PTQ/UsooDGRtiz+3gkQLiS9j+tqkqE/q2BT5AetncPxuHE+snmBKKlBfMPGyyP
eKQ+gNPDRPHg7r/0xt8tFgoYxgy7Ogl1O+M1mW/qGf/NZTpktIOTU4VrZsZvX5lx
iQEVMwBq5Hc2WnLhYix8LWONBev4bVVcpjnpFdP3kJe/PXfdqClccCVoywS1WyFM
PNT0v0yY4nmK0ZRmbbLbdHG8geI9LtUxMZ49Fs42ZCxp9XOZ+4BqOeiynwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7PTWMPN4PwAEqgvpn5z0796dH6MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvSHM5Tll3ODNnX0FBU3FDLW1mblBUdjNwMGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSXBMA0G
CSqGSIb3DQEBCwUAA4IBAQA+wg0tKXbCDNkSE8YfqcPNKdNAZdOYGr8zuqFKK0oQ
iCE4aBxERBkBUDcmUVFhuBWRYCptykhPeG/CrX66ZFr6TwKAa6s8NIN8Tc/2j2YF
RXOw0hhBknh9Dz+DxUORHAO7lTWOvliH273HAT8pQxR09j+F3XjH8CPndhganC6w
Ryj+tjms0QY/mkqS2/RcKXdu5B4nUh26TMu81hevn/dwL8fUMSKXvkksPo/g2bO2
HcNwWcYVvJU8CwtrEvKIVzzbAlMHgTcqQFlhch9Ci17T7lwORrtEokn01eTdmQd4
VApWoDHQcY4ncGAi1Zj3MVYCB82Tf6M/z+Udu7ff1IZh
-----END CERTIFICATE-----