Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/p2l4nusixPHxqfU79RKUI7ZqOx8.roa
File:                     p2l4nusixPHxqfU79RKUI7ZqOx8.roa (raw, json)
Hash identifier:          GvDeoV8VDfDPc4Ir3otqfuvPTQozzJvD/6cIgiNIbfc=
Subject key identifier:   A7:69:78:9E:EB:22:C4:F1:F1:A9:F5:3B:F5:12:94:23:B6:6A:3B:1F
Certificate issuer:       /CN=4e4c1389a849ef5dccb8303703b898c91e63d14f
Certificate serial:       018CC9BC0A1B0EE87782354125C613ADCF15
Authority key identifier: 4E:4C:13:89:A8:49:EF:5D:CC:B8:30:37:03:B8:98:C9:1E:63:D1:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TkwTiahJ713MuDA3A7iYyR5j0U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/p2l4nusixPHxqfU79RKUI7ZqOx8.roa
Signing time:             Tue 02 Jan 2024 10:33:12 +0000
ROA not before:           Tue 02 Jan 2024 10:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48367
IP address blocks:        152.89.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/TkwTiahJ713MuDA3A7iYyR5j0U8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/TkwTiahJ713MuDA3A7iYyR5j0U8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TkwTiahJ713MuDA3A7iYyR5j0U8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:0a:1b:0e:e8:77:82:35:41:25:c6:13:ad:cf:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e4c1389a849ef5dccb8303703b898c91e63d14f
        Validity
            Not Before: Jan  2 10:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a769789eeb22c4f1f1a9f53bf5129423b66a3b1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:26:4f:c2:e8:a5:77:7f:33:29:9e:87:7e:86:
                    90:0b:15:b2:09:9a:e0:89:54:11:62:f4:2a:e0:a2:
                    84:b6:4b:07:d2:91:02:0f:ec:be:1a:66:5f:ae:c4:
                    80:90:07:b3:5f:08:9c:12:82:e6:47:b3:4f:f5:25:
                    e8:72:0b:4a:01:80:0c:27:5b:1a:73:b2:9b:26:31:
                    3d:ea:d0:91:03:26:9e:d7:86:4a:e3:be:ab:2b:c3:
                    e2:a8:b0:c5:e1:3e:82:d9:30:08:ab:9b:cd:74:2f:
                    52:8f:08:96:9a:e8:17:5e:b0:d1:8e:b5:b1:4b:3f:
                    46:03:2b:c7:f1:d6:ef:cc:de:57:d8:c5:aa:7c:91:
                    d5:5e:2b:23:b7:ca:e3:ba:66:1e:ae:67:0b:9f:2f:
                    ba:3c:3c:19:f3:fd:55:a7:ca:f5:e4:16:f1:9e:4a:
                    49:87:aa:02:e3:9e:48:89:7e:ce:f9:13:e1:3f:16:
                    5a:1f:9f:fe:ef:a0:1c:49:b2:9a:c2:ce:63:ef:fc:
                    0a:8e:cd:49:d0:30:85:da:8d:9e:b8:bd:85:5f:a7:
                    47:28:13:7e:04:ba:c3:43:b1:14:58:47:d6:d3:fc:
                    97:0e:94:ff:72:6a:97:89:ee:3c:48:46:19:98:a1:
                    d3:6f:18:cc:19:46:8b:52:da:bf:df:73:e7:74:5f:
                    73:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:69:78:9E:EB:22:C4:F1:F1:A9:F5:3B:F5:12:94:23:B6:6A:3B:1F
            X509v3 Authority Key Identifier:
                keyid:4E:4C:13:89:A8:49:EF:5D:CC:B8:30:37:03:B8:98:C9:1E:63:D1:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TkwTiahJ713MuDA3A7iYyR5j0U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/p2l4nusixPHxqfU79RKUI7ZqOx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/TkwTiahJ713MuDA3A7iYyR5j0U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ba:5b:98:a0:37:b7:63:03:d8:73:b0:b0:5a:44:5b:d1:fc:02:
         f8:ab:38:48:f8:fe:1e:72:48:5c:4c:19:38:dc:d2:1b:19:db:
         a0:17:0c:1b:48:a4:e5:39:c9:d5:67:bf:eb:7e:b0:0c:57:96:
         bd:12:8c:8a:55:14:25:ca:0d:a4:02:2a:94:af:ce:ae:5a:7b:
         db:70:5e:be:c4:bd:52:8d:fb:d7:5b:32:bc:5b:f5:6b:5b:08:
         67:9d:0a:b5:54:35:0f:00:74:53:00:26:a9:b5:bc:20:50:e7:
         ea:d1:02:8a:13:7d:8f:eb:fe:83:5a:dd:a5:05:2f:f2:2d:42:
         0a:78:7b:8c:33:42:ba:28:cd:f0:37:ec:c8:ae:b5:68:38:2c:
         a3:57:63:70:51:f1:7a:9c:50:21:74:8b:46:82:c6:23:17:03:
         7b:c1:2f:5e:c8:40:b7:a2:24:dd:3d:62:8c:7e:1a:28:c6:14:
         67:2c:34:4d:53:2c:31:71:20:e6:73:1b:c2:c8:2d:c0:91:dc:
         a8:46:13:e7:7d:07:2a:3d:a9:ca:b7:fe:30:18:c1:15:68:8d:
         e9:ee:21:a6:64:9b:4b:d6:87:fe:3f:5d:65:be:f4:32:64:90:
         79:d5:0b:8e:1b:9a:01:f1:71:f9:c5:cc:fb:e0:eb:e8:39:75:
         72:6c:17:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAobDuh3gjVBJcYTrc8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNGMxMzg5YTg0OWVmNWRjY2I4MzAzNzAzYjg5OGM5MWU2
M2QxNGYwHhcNMjQwMTAyMTAzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzY5Nzg5ZWViMjJjNGYxZjFhOWY1M2JmNTEyOTQyM2I2NmEzYjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yZPwuild38zKZ6HfoaQCxWyCZrg
iVQRYvQq4KKEtksH0pECD+y+GmZfrsSAkAezXwicEoLmR7NP9SXocgtKAYAMJ1sa
c7KbJjE96tCRAyae14ZK476rK8PiqLDF4T6C2TAIq5vNdC9SjwiWmugXXrDRjrWx
Sz9GAyvH8dbvzN5X2MWqfJHVXisjt8rjumYermcLny+6PDwZ8/1Vp8r15BbxnkpJ
h6oC455IiX7O+RPhPxZaH5/+76AcSbKaws5j7/wKjs1J0DCF2o2euL2FX6dHKBN+
BLrDQ7EUWEfW0/yXDpT/cmqXie48SEYZmKHTbxjMGUaLUtq/33PndF9zcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdpeJ7rIsTx8an1O/USlCO2ajsfMB8GA1UdIwQY
MBaAFE5ME4moSe9dzLgwNwO4mMkeY9FPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGt3VGlhaEo3MTNNdURBM0E3aVl5UjVqMFU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zOTY1YjAtZmVlOS00OWJmLWE1NGQt
YThkODM4NDM4ZDhhLzEvcDJsNG51c2l4UEh4cWZVNzlSS1VJN1pxT3g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zOTY1YjAtZmVlOS00OWJmLWE1NGQtYThkODM4NDM4ZDhh
LzEvVGt3VGlhaEo3MTNNdURBM0E3aVl5UjVqMFU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmFncMA0G
CSqGSIb3DQEBCwUAA4IBAQC6W5igN7djA9hzsLBaRFvR/AL4qzhI+P4eckhcTBk4
3NIbGdugFwwbSKTlOcnVZ7/rfrAMV5a9EoyKVRQlyg2kAiqUr86uWnvbcF6+xL1S
jfvXWzK8W/VrWwhnnQq1VDUPAHRTACaptbwgUOfq0QKKE32P6/6DWt2lBS/yLUIK
eHuMM0K6KM3wN+zIrrVoOCyjV2NwUfF6nFAhdItGgsYjFwN7wS9eyEC3oiTdPWKM
fhooxhRnLDRNUywxcSDmcxvCyC3AkdyoRhPnfQcqPanKt/4wGMEVaI3p7iGmZJtL
1of+P11lvvQyZJB51QuOG5oB8XH5xcz74OvoOXVybBep
-----END CERTIFICATE-----