Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/JbuY4dQyCthIuyah31HgOSY_3z0.roa
File:                     JbuY4dQyCthIuyah31HgOSY_3z0.roa (raw, json)
Hash identifier:          MeX6gf8ICBq2AkvK274Ef+JayPCIx3fciKDpF3IQ/G0=
Subject key identifier:   25:BB:98:E1:D4:32:0A:D8:48:BB:26:A1:DF:51:E0:39:26:3F:DF:3D
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       018D4685F37184FE3381778565DF9986F9C2
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/JbuY4dQyCthIuyah31HgOSY_3z0.roa
Signing time:             Fri 26 Jan 2024 16:06:40 +0000
ROA not before:           Fri 26 Jan 2024 16:06:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        89.117.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:46:85:f3:71:84:fe:33:81:77:85:65:df:99:86:f9:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Jan 26 16:06:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25bb98e1d4320ad848bb26a1df51e039263fdf3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:86:35:fd:a8:06:5f:34:64:38:cc:8b:47:56:
                    57:0e:b9:26:f6:1a:bb:b5:01:68:30:3a:e9:18:71:
                    1e:2e:d0:1f:c4:1c:df:90:53:74:64:50:10:38:91:
                    e7:87:d4:74:4d:f4:4a:7a:71:50:fd:e8:c5:72:81:
                    fa:58:3f:8c:30:7c:ca:0f:55:53:04:7c:f3:95:e0:
                    9e:be:8d:80:91:71:9d:0c:60:9f:8d:bb:0f:eb:8b:
                    41:f7:67:e4:52:5b:17:55:e9:a6:23:84:ab:32:c3:
                    90:81:f0:28:ec:4b:f2:43:48:5e:64:73:e8:15:78:
                    22:d6:1e:46:32:50:cb:ed:01:06:02:b7:97:12:dc:
                    81:8f:3c:6c:e4:cc:34:9e:6a:52:7a:04:51:14:d9:
                    05:50:ef:6c:af:0f:1d:2f:72:6a:bd:55:e0:30:6a:
                    52:c4:0b:4d:27:fc:87:e4:12:ea:03:59:73:50:49:
                    f9:e8:f1:55:f3:47:01:0b:01:57:f0:7b:ae:db:d5:
                    60:0a:1f:40:b1:92:4f:eb:2f:ca:a6:8e:6c:65:33:
                    40:5c:9d:bb:1a:65:4e:07:d9:52:00:71:cf:7f:f9:
                    fa:0a:87:e1:6a:ab:f3:07:7b:62:e9:29:36:82:9f:
                    e8:5c:2f:72:47:fa:83:e8:a4:b8:3b:90:0e:0b:8d:
                    ff:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:BB:98:E1:D4:32:0A:D8:48:BB:26:A1:DF:51:E0:39:26:3F:DF:3D
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/JbuY4dQyCthIuyah31HgOSY_3z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.117.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:7b:ca:56:1c:ab:19:3f:50:7f:ba:77:31:1a:29:c2:ba:a3:
         fa:05:77:59:bb:bf:ed:e9:5e:e2:e8:21:39:93:69:06:27:47:
         07:72:42:cf:3f:9c:4b:42:9d:af:25:87:1f:a1:70:74:b7:1b:
         4e:c0:67:5b:39:85:c6:29:e5:4b:46:9b:48:01:55:9c:38:7b:
         5c:8b:e3:66:b0:53:39:6f:e0:29:66:01:fc:75:a6:c9:e1:d2:
         42:f2:f9:1d:12:50:c8:04:df:f8:2f:d0:21:e3:3c:fa:21:5b:
         b1:d5:b6:e7:19:9c:7e:db:0d:82:29:a6:32:91:ce:2e:c1:b3:
         25:bc:df:c9:34:c8:36:b0:d8:74:1d:ac:15:a4:84:67:66:81:
         30:94:da:54:78:29:6d:f1:4b:62:11:76:cc:ff:a9:80:87:2d:
         84:b1:4c:bb:88:f1:cd:ba:39:51:76:2d:61:6f:a4:a6:d3:6f:
         bd:92:42:ab:fb:bd:4f:2a:94:e5:a5:e5:2b:6f:8c:8a:70:87:
         58:a2:20:2e:85:05:5a:a7:8a:25:26:33:e7:8a:cc:a7:24:f5:
         72:a4:63:22:3e:24:52:05:d1:d6:03:18:b9:3d:d9:8a:97:e0:
         4b:c7:76:68:cf:81:a2:b0:17:24:8c:23:51:f4:72:00:75:46:
         9b:19:fe:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1GhfNxhP4zgXeFZd+ZhvnCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjQwMTI2MTYwNjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWJiOThlMWQ0MzIwYWQ4NDhiYjI2YTFkZjUxZTAzOTI2M2ZkZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14Y1/agGXzRkOMyLR1ZXDrkm9hq7
tQFoMDrpGHEeLtAfxBzfkFN0ZFAQOJHnh9R0TfRKenFQ/ejFcoH6WD+MMHzKD1VT
BHzzleCevo2AkXGdDGCfjbsP64tB92fkUlsXVemmI4SrMsOQgfAo7EvyQ0heZHPo
FXgi1h5GMlDL7QEGAreXEtyBjzxs5Mw0nmpSegRRFNkFUO9srw8dL3JqvVXgMGpS
xAtNJ/yH5BLqA1lzUEn56PFV80cBCwFX8Huu29VgCh9AsZJP6y/Kpo5sZTNAXJ27
GmVOB9lSAHHPf/n6CofhaqvzB3ti6Sk2gp/oXC9yR/qD6KS4O5AOC43/lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCW7mOHUMgrYSLsmod9R4DkmP989MB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvSmJ1WTRkUXlDdGhJdXlhaDMxSGdPU1lfM3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWXX8MA0G
CSqGSIb3DQEBCwUAA4IBAQBve8pWHKsZP1B/uncxGinCuqP6BXdZu7/t6V7i6CE5
k2kGJ0cHckLPP5xLQp2vJYcfoXB0txtOwGdbOYXGKeVLRptIAVWcOHtci+NmsFM5
b+ApZgH8dabJ4dJC8vkdElDIBN/4L9Ah4zz6IVux1bbnGZx+2w2CKaYykc4uwbMl
vN/JNMg2sNh0HawVpIRnZoEwlNpUeClt8UtiEXbM/6mAhy2EsUy7iPHNujlRdi1h
b6Sm02+9kkKr+71PKpTlpeUrb4yKcIdYoiAuhQVap4olJjPnisynJPVypGMiPiRS
BdHWAxi5PdmKl+BLx3Zoz4GisBckjCNR9HIAdUabGf6E
-----END CERTIFICATE-----