Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/ht0Qn-m83Xu5_8SjwAS2b9hpT_o.roa
File:                     ht0Qn-m83Xu5_8SjwAS2b9hpT_o.roa (raw, json)
Hash identifier:          Na77juaZi/Gm3nmeFNven7yKn6gGfxsPB/BM6TB0Y6I=
Subject key identifier:   86:DD:10:9F:E9:BC:DD:7B:B9:FF:C4:A3:C0:04:B6:6F:D8:69:4F:FA
Certificate issuer:       /CN=222c4585bd88fb27cadf29ee5bb95d6575fcef83
Certificate serial:       01932982FA4AF71307F8F279FE7FAEE64032
Authority key identifier: 22:2C:45:85:BD:88:FB:27:CA:DF:29:EE:5B:B9:5D:65:75:FC:EF:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IixFhb2I-yfK3ynuW7ldZXX874M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/ht0Qn-m83Xu5_8SjwAS2b9hpT_o.roa
Signing time:             Thu 14 Nov 2024 07:11:09 +0000
ROA not before:           Thu 14 Nov 2024 07:11:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        89.43.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/IixFhb2I-yfK3ynuW7ldZXX874M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/IixFhb2I-yfK3ynuW7ldZXX874M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IixFhb2I-yfK3ynuW7ldZXX874M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:82:fa:4a:f7:13:07:f8:f2:79:fe:7f:ae:e6:40:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=222c4585bd88fb27cadf29ee5bb95d6575fcef83
        Validity
            Not Before: Nov 14 07:11:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86dd109fe9bcdd7bb9ffc4a3c004b66fd8694ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:c6:27:6a:ac:b5:bf:cc:ba:bf:75:70:6b:88:
                    51:73:a1:b9:23:2e:9a:f3:a8:1f:cd:f9:6d:b2:b8:
                    29:c0:ff:49:e6:e7:1e:56:bd:5e:ba:67:0f:06:08:
                    80:0a:88:ce:33:77:80:a1:25:f6:3d:87:7b:80:b9:
                    a7:fd:92:e6:c0:20:c0:c3:a3:1d:96:fb:3b:ac:f6:
                    fd:a0:8e:2f:f1:2b:c0:1c:b2:d8:a8:dd:c4:96:8a:
                    cc:9a:89:30:bd:a7:50:dd:a2:c6:c0:24:d8:82:28:
                    2c:cb:ad:08:ed:ac:37:02:e5:45:6f:9b:13:76:23:
                    e6:0e:72:32:16:62:78:d2:24:f0:8d:4c:cd:fa:62:
                    b4:c4:96:68:4d:4b:8a:2a:f4:9b:07:eb:7a:21:47:
                    ed:21:0d:c8:50:d9:34:3d:3d:af:e9:b0:b6:c2:c8:
                    93:d1:d5:96:56:78:2a:e2:8f:27:1c:7d:91:4d:8b:
                    5d:e5:af:4f:35:a3:4b:50:9d:13:3a:ea:4f:0f:77:
                    e9:8e:41:b5:18:38:e9:ae:92:25:f6:60:4a:00:d5:
                    26:52:81:3e:48:fd:70:3b:76:80:59:47:f4:e5:ae:
                    60:ce:c3:0f:dd:3a:f2:6b:85:be:5c:e4:d0:f4:a8:
                    56:d6:9e:ed:22:3f:b9:6c:98:1d:53:d7:a1:8d:71:
                    99:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:DD:10:9F:E9:BC:DD:7B:B9:FF:C4:A3:C0:04:B6:6F:D8:69:4F:FA
            X509v3 Authority Key Identifier:
                keyid:22:2C:45:85:BD:88:FB:27:CA:DF:29:EE:5B:B9:5D:65:75:FC:EF:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IixFhb2I-yfK3ynuW7ldZXX874M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/ht0Qn-m83Xu5_8SjwAS2b9hpT_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/IixFhb2I-yfK3ynuW7ldZXX874M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:7f:98:63:f0:5b:6a:3f:a4:5c:80:66:95:28:c4:dd:65:cb:
         2a:7e:90:77:90:b3:9d:f4:e7:06:8e:7f:87:46:79:c6:e6:41:
         d0:34:87:27:74:d1:8b:ee:0c:7f:a9:1f:bc:cd:ec:d5:d5:b4:
         d0:d6:e5:f0:11:91:5c:62:3d:a8:bc:ce:49:75:06:13:50:32:
         61:f4:1c:25:fc:2e:ee:d4:96:04:55:d4:60:ce:83:c9:2e:50:
         a3:cd:fe:e5:47:cd:ce:d2:1e:62:1d:a2:fe:48:c7:ce:2f:46:
         3e:ac:0d:9d:3b:52:6e:00:93:7e:a9:3e:25:2c:cb:49:e9:ae:
         e3:ab:0e:92:9a:ee:3b:ff:39:d0:1b:ac:50:ee:45:ea:bc:10:
         d0:ca:b9:eb:7d:e1:b9:65:93:a4:29:6a:8e:aa:94:e8:47:31:
         5a:bd:e6:eb:94:4f:3e:ed:45:aa:d6:f1:94:b4:4e:a9:f8:14:
         02:5d:61:25:10:a9:f0:79:82:58:a7:1a:4e:5d:98:bb:ad:f6:
         74:a5:84:d2:e1:30:10:d3:75:be:a4:0f:28:b8:a7:20:11:89:
         8e:7b:63:b9:a6:b7:06:36:f0:df:2d:3c:6e:1c:22:94:af:31:
         b1:ae:2f:19:1d:94:c6:87:0c:70:bc:51:2f:9a:0c:0b:ce:9b:
         b5:6f:3b:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMpgvpK9xMH+PJ5/n+u5kAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMmM0NTg1YmQ4OGZiMjdjYWRmMjllZTViYjk1ZDY1NzVm
Y2VmODMwHhcNMjQxMTE0MDcxMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmRkMTA5ZmU5YmNkZDdiYjlmZmM0YTNjMDA0YjY2ZmQ4Njk0ZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cYnaqy1v8y6v3Vwa4hRc6G5Iy6a
86gfzfltsrgpwP9J5uceVr1eumcPBgiACojOM3eAoSX2PYd7gLmn/ZLmwCDAw6Md
lvs7rPb9oI4v8SvAHLLYqN3ElorMmokwvadQ3aLGwCTYgigsy60I7aw3AuVFb5sT
diPmDnIyFmJ40iTwjUzN+mK0xJZoTUuKKvSbB+t6IUftIQ3IUNk0PT2v6bC2wsiT
0dWWVngq4o8nHH2RTYtd5a9PNaNLUJ0TOupPD3fpjkG1GDjprpIl9mBKANUmUoE+
SP1wO3aAWUf05a5gzsMP3Trya4W+XOTQ9KhW1p7tIj+5bJgdU9ehjXGZNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbdEJ/pvN17uf/Eo8AEtm/YaU/6MB8GA1UdIwQY
MBaAFCIsRYW9iPsnyt8p7lu5XWV1/O+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWl4RmhiMkkteWZLM3ludVc3bGRaWFg4NzRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZWIzNjUtODAzYS00YzJmLWI3YWUt
YzY0N2E4YzFkZGZhLzEvaHQwUW4tbTgzWHU1XzhTandBUzJiOWhwVF9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZWIzNjUtODAzYS00YzJmLWI3YWUtYzY0N2E4YzFkZGZh
LzEvSWl4RmhiMkkteWZLM3ludVc3bGRaWFg4NzRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWStwMA0G
CSqGSIb3DQEBCwUAA4IBAQAFf5hj8FtqP6RcgGaVKMTdZcsqfpB3kLOd9OcGjn+H
RnnG5kHQNIcndNGL7gx/qR+8zezV1bTQ1uXwEZFcYj2ovM5JdQYTUDJh9Bwl/C7u
1JYEVdRgzoPJLlCjzf7lR83O0h5iHaL+SMfOL0Y+rA2dO1JuAJN+qT4lLMtJ6a7j
qw6Smu47/znQG6xQ7kXqvBDQyrnrfeG5ZZOkKWqOqpToRzFavebrlE8+7UWq1vGU
tE6p+BQCXWElEKnweYJYpxpOXZi7rfZ0pYTS4TAQ03W+pA8ouKcgEYmOe2O5prcG
NvDfLTxuHCKUrzGxri8ZHZTGhwxwvFEvmgwLzpu1bzvz
-----END CERTIFICATE-----