Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/1Q6UzQHCUZ_J0SkjqoCBPtzIs30.roa
File:                     1Q6UzQHCUZ_J0SkjqoCBPtzIs30.roa (raw, json)
Hash identifier:          KmrMXf2csLi7utQgZjmZWycbNpe0IGGk0QfpfyfFXJA=
Subject key identifier:   D5:0E:94:CD:01:C2:51:9F:C9:D1:29:23:AA:80:81:3E:DC:C8:B3:7D
Certificate issuer:       /CN=510b419f0c17b4c8be217f64388d268d14dc261e
Certificate serial:       018CC9BC3E8EF071963A6866842AB9EF5280
Authority key identifier: 51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/1Q6UzQHCUZ_J0SkjqoCBPtzIs30.roa
Signing time:             Tue 02 Jan 2024 10:33:26 +0000
ROA not before:           Tue 02 Jan 2024 10:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133499
IP address blocks:        89.184.192.0/20 maxlen: 32
                          89.184.208.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3e:8e:f0:71:96:3a:68:66:84:2a:b9:ef:52:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=510b419f0c17b4c8be217f64388d268d14dc261e
        Validity
            Not Before: Jan  2 10:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d50e94cd01c2519fc9d12923aa80813edcc8b37d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d9:c9:02:cf:41:3f:94:2a:b4:40:a6:f1:d8:
                    18:4b:25:df:00:2d:a5:97:5c:00:56:94:a2:23:55:
                    a6:7c:21:27:2e:28:02:a9:33:a1:b2:17:3d:00:bd:
                    94:84:a0:60:dc:7e:94:1f:67:83:67:d7:92:ec:4b:
                    d7:85:25:0b:c2:a8:18:14:a7:ed:00:8e:5d:ae:0b:
                    9c:cb:56:e8:6d:9f:b2:1a:c6:be:4e:db:7b:c1:99:
                    5a:46:ee:6d:f2:5d:86:7e:b3:00:0d:1f:21:33:49:
                    48:4c:1d:bd:13:92:f1:6d:ee:ab:e3:16:75:9d:28:
                    e5:31:f7:6a:ae:1e:aa:78:e8:2e:a8:f9:47:0c:5c:
                    43:2a:e5:d7:7c:1c:c9:ba:c0:3c:5d:f8:82:ee:dd:
                    31:53:4b:d2:66:54:8e:ed:ed:47:09:9b:f5:c3:aa:
                    c6:c9:d7:79:e5:8f:01:76:0a:de:de:67:36:e0:93:
                    fc:68:02:41:6f:33:88:59:a0:b8:b9:3a:15:cf:0e:
                    5b:1e:6b:f2:d5:f5:e9:68:ab:f3:e0:93:27:5e:7b:
                    f3:9f:f3:45:9d:e6:49:86:6e:b9:62:12:09:9c:27:
                    9a:c9:d0:fc:41:2a:ab:6e:ec:b9:c7:13:b2:7e:a5:
                    da:25:bc:74:b3:38:87:36:b5:0a:83:4f:77:22:ec:
                    72:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:0E:94:CD:01:C2:51:9F:C9:D1:29:23:AA:80:81:3E:DC:C8:B3:7D
            X509v3 Authority Key Identifier:
                keyid:51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/1Q6UzQHCUZ_J0SkjqoCBPtzIs30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.184.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         91:fa:3c:6b:4a:9b:dd:ac:5a:de:17:38:f3:12:49:15:da:df:
         17:62:a7:4b:b5:22:27:46:48:10:ea:fb:b6:d5:4c:e0:a5:ee:
         16:81:f8:2c:85:a1:ce:c0:68:99:41:db:47:4a:25:c7:60:5e:
         c7:23:61:e4:d6:c3:08:d8:b5:7b:be:b1:8c:04:c9:d8:5a:93:
         0a:26:c9:16:b1:8b:05:e0:ea:2f:ee:4d:76:e0:16:3e:bf:6c:
         90:b9:9a:53:79:d8:b2:e9:6b:f1:d7:21:72:39:57:3a:71:43:
         ce:91:c3:e6:85:ac:e0:7e:6e:cb:13:da:f2:ff:24:c1:f2:d5:
         8b:26:49:3a:9f:63:78:5d:8b:59:5d:80:54:4a:4c:e3:37:e1:
         df:ec:2a:23:a1:ff:c2:8d:53:c6:d3:5d:6b:75:b2:50:3c:7c:
         4c:fd:6a:8b:f0:23:02:1e:48:10:c9:0d:cc:29:de:82:cd:5e:
         41:7b:79:ec:d6:a6:50:b3:0c:f7:69:5b:bf:c3:4e:b0:9e:06:
         92:13:02:d4:85:c6:fd:31:bf:49:c8:88:9f:89:07:5b:15:9f:
         b6:6e:f7:d2:87:39:0b:51:76:99:27:d5:9b:75:01:f4:82:a2:
         89:9c:d6:d1:13:64:18:76:55:d6:0d:94:7e:8b:b2:24:7f:41:
         4d:e9:29:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvD6O8HGWOmhmhCq571KAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMGI0MTlmMGMxN2I0YzhiZTIxN2Y2NDM4OGQyNjhkMTRk
YzI2MWUwHhcNMjQwMTAyMTAzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTBlOTRjZDAxYzI1MTlmYzlkMTI5MjNhYTgwODEzZWRjYzhiMzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNnJAs9BP5QqtECm8dgYSyXfAC2l
l1wAVpSiI1WmfCEnLigCqTOhshc9AL2UhKBg3H6UH2eDZ9eS7EvXhSULwqgYFKft
AI5drgucy1bobZ+yGsa+Ttt7wZlaRu5t8l2GfrMADR8hM0lITB29E5Lxbe6r4xZ1
nSjlMfdqrh6qeOguqPlHDFxDKuXXfBzJusA8XfiC7t0xU0vSZlSO7e1HCZv1w6rG
ydd55Y8Bdgre3mc24JP8aAJBbzOIWaC4uToVzw5bHmvy1fXpaKvz4JMnXnvzn/NF
neZJhm65YhIJnCeaydD8QSqrbuy5xxOyfqXaJbx0sziHNrUKg093IuxyowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUOlM0BwlGfydEpI6qAgT7cyLN9MB8GA1UdIwQY
MBaAFFELQZ8MF7TIviF/ZDiNJo0U3CYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYt
MTRhMDk5OTNkNjcxLzEvMVE2VXpRSENVWl9KMFNranFvQ0JQdHpJczMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYtMTRhMDk5OTNkNjcx
LzEvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFWbjAMA0G
CSqGSIb3DQEBCwUAA4IBAQCR+jxrSpvdrFreFzjzEkkV2t8XYqdLtSInRkgQ6vu2
1Uzgpe4WgfgshaHOwGiZQdtHSiXHYF7HI2Hk1sMI2LV7vrGMBMnYWpMKJskWsYsF
4Oov7k124BY+v2yQuZpTediy6Wvx1yFyOVc6cUPOkcPmhazgfm7LE9ry/yTB8tWL
Jkk6n2N4XYtZXYBUSkzjN+Hf7Cojof/CjVPG011rdbJQPHxM/WqL8CMCHkgQyQ3M
Kd6CzV5Be3ns1qZQswz3aVu/w06wngaSEwLUhcb9Mb9JyIifiQdbFZ+2bvfShzkL
UXaZJ9WbdQH0gqKJnNbRE2QYdlXWDZR+i7Ikf0FN6Sm1
-----END CERTIFICATE-----