Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/iGLxRsu32lM53Rg3l29j48GyRxw.roa
File:                     iGLxRsu32lM53Rg3l29j48GyRxw.roa (raw, json)
Hash identifier:          mZVjk2wGTYW5EOLeB6dfIwHx5Tkai9iNA9sWg4KyozU=
Subject key identifier:   88:62:F1:46:CB:B7:DA:53:39:DD:18:37:97:6F:63:E3:C1:B2:47:1C
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       018CC9BCAB2A5BEA075D086FE14E05E5269C
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/iGLxRsu32lM53Rg3l29j48GyRxw.roa
Signing time:             Tue 02 Jan 2024 10:33:54 +0000
ROA not before:           Tue 02 Jan 2024 10:33:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2010906
IP address blocks:        89.116.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ab:2a:5b:ea:07:5d:08:6f:e1:4e:05:e5:26:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Jan  2 10:33:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8862f146cbb7da5339dd1837976f63e3c1b2471c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d3:c5:b6:38:d3:84:30:2f:19:34:de:d9:1d:
                    88:87:9f:22:c6:20:3b:a6:9b:8d:16:7b:a2:19:7f:
                    f9:bb:8b:de:3e:91:c4:2b:56:05:96:67:ac:08:6d:
                    04:80:52:96:9b:93:06:7b:09:34:09:9d:62:a0:aa:
                    45:24:20:9a:54:fc:b6:11:19:04:ab:00:0e:ac:47:
                    81:27:a3:64:3b:2d:ef:34:ea:87:77:c5:c9:50:3d:
                    05:8b:96:7b:a9:b4:82:49:dd:d4:62:da:cb:5e:3d:
                    cd:e3:36:47:fa:8f:54:38:d8:a4:62:45:d4:75:f1:
                    fb:03:cf:1a:cf:73:fd:02:9c:13:7a:06:86:41:fd:
                    33:8a:bb:ec:aa:fa:3d:87:a5:23:d9:ed:66:cf:1a:
                    32:c6:07:c0:8b:17:12:49:1f:50:6c:73:19:6f:a8:
                    b3:0a:b8:7f:49:0e:cf:ed:a6:c3:09:16:9d:5c:e9:
                    f3:d1:2a:c8:f6:17:93:53:2d:f1:40:b4:4d:19:69:
                    cc:42:6f:e7:bb:e1:8d:35:2e:3c:bd:87:5c:ba:86:
                    08:70:0a:35:a6:c5:15:d1:81:68:8a:f3:b4:c5:e8:
                    e4:58:d6:0d:cb:ac:df:dc:97:fe:cc:c9:f0:64:e5:
                    e6:99:00:2e:e3:20:f7:5a:11:43:8a:51:5f:c4:25:
                    d7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:62:F1:46:CB:B7:DA:53:39:DD:18:37:97:6F:63:E3:C1:B2:47:1C
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/iGLxRsu32lM53Rg3l29j48GyRxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.116.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:72:a2:64:b8:ac:90:93:3c:ae:88:dc:c8:a0:91:79:39:f7:
         85:72:87:35:5c:13:ca:ab:64:92:c3:4b:4d:db:20:3b:69:07:
         1a:ad:43:50:26:02:9c:b3:12:44:cb:43:b7:61:7d:47:6f:a4:
         42:92:7b:ef:6d:ef:6b:75:76:44:53:59:04:05:08:ec:9c:a7:
         c5:34:de:28:9b:17:72:c6:6d:18:88:23:bf:48:17:84:1d:c0:
         f8:c1:cb:72:1c:96:a1:f1:b0:6e:88:09:1c:50:6c:78:ab:0c:
         10:b6:75:65:d4:51:7e:d7:b2:63:91:d3:80:95:9f:1b:ff:5e:
         08:6f:d4:8f:6a:b4:9c:67:7e:78:ab:6c:d5:eb:94:1a:53:0d:
         37:49:06:61:8c:6a:02:f1:dc:a5:9b:32:fc:a5:15:8f:32:52:
         f9:74:e4:60:e1:ca:ea:83:ca:19:93:38:f1:fb:66:ce:a5:19:
         21:fe:29:3e:ca:4d:d6:1b:43:f1:54:ac:c0:9b:d8:7d:fa:be:
         4f:23:79:ae:74:5c:25:80:af:2e:9e:42:fa:13:5e:0c:0e:01:
         0f:1b:d5:0a:9f:cb:06:69:44:4a:24:3f:5a:96:3d:7b:8f:fe:
         18:40:d8:51:db:a3:1b:0e:d2:06:7f:07:92:5b:44:ee:01:37:
         08:17:c3:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKsqW+oHXQhv4U4F5SacMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjQwMTAyMTAzMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODYyZjE0NmNiYjdkYTUzMzlkZDE4Mzc5NzZmNjNlM2MxYjI0NzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNPFtjjThDAvGTTe2R2Ih58ixiA7
ppuNFnuiGX/5u4vePpHEK1YFlmesCG0EgFKWm5MGewk0CZ1ioKpFJCCaVPy2ERkE
qwAOrEeBJ6NkOy3vNOqHd8XJUD0Fi5Z7qbSCSd3UYtrLXj3N4zZH+o9UONikYkXU
dfH7A88az3P9ApwTegaGQf0zirvsqvo9h6Uj2e1mzxoyxgfAixcSSR9QbHMZb6iz
Crh/SQ7P7abDCRadXOnz0SrI9heTUy3xQLRNGWnMQm/nu+GNNS48vYdcuoYIcAo1
psUV0YFoivO0xejkWNYNy6zf3Jf+zMnwZOXmmQAu4yD3WhFDilFfxCXXWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhi8UbLt9pTOd0YN5dvY+PBskccMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvaUdMeFJzdTMybE01M1JnM2wyOWo0OEd5Unh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWXRhMA0G
CSqGSIb3DQEBCwUAA4IBAQB8cqJkuKyQkzyuiNzIoJF5OfeFcoc1XBPKq2SSw0tN
2yA7aQcarUNQJgKcsxJEy0O3YX1Hb6RCknvvbe9rdXZEU1kEBQjsnKfFNN4omxdy
xm0YiCO/SBeEHcD4wctyHJah8bBuiAkcUGx4qwwQtnVl1FF+17JjkdOAlZ8b/14I
b9SParScZ354q2zV65QaUw03SQZhjGoC8dylmzL8pRWPMlL5dORg4crqg8oZkzjx
+2bOpRkh/ik+yk3WG0PxVKzAm9h9+r5PI3mudFwlgK8unkL6E14MDgEPG9UKn8sG
aURKJD9alj17j/4YQNhR26MbDtIGfweSW0TuATcIF8Oj
-----END CERTIFICATE-----