Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/xXfklvickCxuAVV6fUR8N-y4Jq8.roa
File:                     xXfklvickCxuAVV6fUR8N-y4Jq8.roa (raw, json)
Hash identifier:          5qvzJPiZs/TezWbJBJOz24E9D+ttUNyft/cpisvA6cc=
Subject key identifier:   C5:77:E4:96:F8:9C:90:2C:6E:01:55:7A:7D:44:7C:37:EC:B8:26:AF
Certificate issuer:       /CN=4e4c1389a849ef5dccb8303703b898c91e63d14f
Certificate serial:       018CC9BC09B44371513960EE65E36F675898
Authority key identifier: 4E:4C:13:89:A8:49:EF:5D:CC:B8:30:37:03:B8:98:C9:1E:63:D1:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TkwTiahJ713MuDA3A7iYyR5j0U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/xXfklvickCxuAVV6fUR8N-y4Jq8.roa
Signing time:             Tue 02 Jan 2024 10:33:12 +0000
ROA not before:           Tue 02 Jan 2024 10:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25447
IP address blocks:        152.89.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/TkwTiahJ713MuDA3A7iYyR5j0U8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/TkwTiahJ713MuDA3A7iYyR5j0U8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TkwTiahJ713MuDA3A7iYyR5j0U8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:09:b4:43:71:51:39:60:ee:65:e3:6f:67:58:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e4c1389a849ef5dccb8303703b898c91e63d14f
        Validity
            Not Before: Jan  2 10:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c577e496f89c902c6e01557a7d447c37ecb826af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:11:d5:61:1a:9b:87:26:6d:04:6d:d8:2d:27:
                    00:39:b3:4a:81:88:08:cb:e1:e9:aa:bb:6b:49:97:
                    fd:39:fd:65:7c:1e:2f:9a:f3:52:4a:ba:46:9e:ba:
                    b1:bc:0a:8f:b6:6b:8b:20:04:9a:0f:3b:6f:28:ad:
                    f6:6d:e0:13:68:c8:f6:a5:5c:7f:5c:dd:ce:8f:59:
                    fd:16:57:54:52:12:ba:cc:cf:e3:61:d8:4b:a9:42:
                    31:83:ef:e9:17:c3:20:00:09:a5:32:d1:f5:0c:64:
                    c6:4c:4b:f8:d2:29:b6:63:da:4d:90:4d:38:5e:5e:
                    47:59:4e:6b:76:2c:18:fe:6e:cb:b2:76:15:68:ba:
                    db:6f:48:3e:15:e3:cd:23:cd:69:30:4e:dd:82:56:
                    6c:05:fa:40:d3:92:b6:64:8b:46:6b:ad:37:0c:1f:
                    52:04:c8:6d:61:e3:20:f5:4c:dc:58:1d:c4:99:6c:
                    18:0d:7b:d2:9c:a0:a6:07:b8:f7:58:72:5c:75:84:
                    f0:72:03:83:c1:88:19:66:b3:84:2f:b8:e4:33:a6:
                    59:f8:9c:bc:3e:0f:f6:40:53:5a:90:f3:c6:40:4a:
                    a0:bd:2e:a8:ce:4c:04:08:66:55:fa:97:db:71:66:
                    e2:6a:04:3d:b6:f7:33:fa:3b:57:45:15:66:b2:08:
                    bc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:77:E4:96:F8:9C:90:2C:6E:01:55:7A:7D:44:7C:37:EC:B8:26:AF
            X509v3 Authority Key Identifier:
                keyid:4E:4C:13:89:A8:49:EF:5D:CC:B8:30:37:03:B8:98:C9:1E:63:D1:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TkwTiahJ713MuDA3A7iYyR5j0U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/xXfklvickCxuAVV6fUR8N-y4Jq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3965b0-fee9-49bf-a54d-a8d838438d8a/1/TkwTiahJ713MuDA3A7iYyR5j0U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:d2:4a:77:de:ca:c8:29:ab:1f:3c:95:77:1c:fd:7c:bf:b3:
         af:7e:6e:fe:97:71:3d:3e:3d:84:c5:9a:59:a6:b5:dc:ca:dd:
         93:13:aa:cb:9c:c8:7f:48:23:6b:6b:bb:81:79:ec:97:3d:55:
         64:d8:9e:59:1b:fe:c9:dd:7c:77:6d:57:eb:cb:c1:7f:99:ef:
         05:0a:1b:1f:2f:d1:71:b5:0d:67:39:fd:26:50:fb:c1:9d:07:
         4c:20:4f:4a:ce:9e:b1:6c:e4:95:ea:ee:e7:fe:07:19:95:46:
         11:3e:02:09:60:28:60:83:ea:b7:78:7e:73:97:34:8e:9b:b9:
         0b:dc:b5:51:bc:04:5e:94:be:c5:1c:ab:ea:4c:05:f1:41:78:
         ff:a4:e6:e7:5d:ff:c6:9c:44:85:9b:56:59:b5:dc:2a:45:4e:
         1f:41:cc:25:71:55:35:ba:79:7a:9b:52:64:1b:1b:d3:be:c1:
         1c:e6:8e:9e:94:b4:2d:85:d1:87:8c:a1:99:83:fd:ac:9e:e3:
         5a:35:53:ce:16:3e:fb:92:c3:aa:0f:70:31:ef:c0:f5:99:d7:
         9d:8b:4c:d1:d6:15:f7:ba:99:5a:e1:dd:69:46:d4:1c:21:eb:
         c8:a6:d3:a3:b3:39:6b:0c:70:f8:53:10:96:2a:d1:f1:54:1d:
         98:ed:4b:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAm0Q3FROWDuZeNvZ1iYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNGMxMzg5YTg0OWVmNWRjY2I4MzAzNzAzYjg5OGM5MWU2
M2QxNGYwHhcNMjQwMTAyMTAzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTc3ZTQ5NmY4OWM5MDJjNmUwMTU1N2E3ZDQ0N2MzN2VjYjgyNmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBHVYRqbhyZtBG3YLScAObNKgYgI
y+HpqrtrSZf9Of1lfB4vmvNSSrpGnrqxvAqPtmuLIASaDztvKK32beATaMj2pVx/
XN3Oj1n9FldUUhK6zM/jYdhLqUIxg+/pF8MgAAmlMtH1DGTGTEv40im2Y9pNkE04
Xl5HWU5rdiwY/m7LsnYVaLrbb0g+FePNI81pME7dglZsBfpA05K2ZItGa603DB9S
BMhtYeMg9UzcWB3EmWwYDXvSnKCmB7j3WHJcdYTwcgODwYgZZrOEL7jkM6ZZ+Jy8
Pg/2QFNakPPGQEqgvS6ozkwECGZV+pfbcWbiagQ9tvcz+jtXRRVmsgi8bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMV35Jb4nJAsbgFVen1EfDfsuCavMB8GA1UdIwQY
MBaAFE5ME4moSe9dzLgwNwO4mMkeY9FPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGt3VGlhaEo3MTNNdURBM0E3aVl5UjVqMFU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zOTY1YjAtZmVlOS00OWJmLWE1NGQt
YThkODM4NDM4ZDhhLzEveFhma2x2aWNrQ3h1QVZWNmZVUjhOLXk0SnE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zOTY1YjAtZmVlOS00OWJmLWE1NGQtYThkODM4NDM4ZDhh
LzEvVGt3VGlhaEo3MTNNdURBM0E3aVl5UjVqMFU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmFncMA0G
CSqGSIb3DQEBCwUAA4IBAQCT0kp33srIKasfPJV3HP18v7Ovfm7+l3E9Pj2ExZpZ
prXcyt2TE6rLnMh/SCNra7uBeeyXPVVk2J5ZG/7J3Xx3bVfry8F/me8FChsfL9Fx
tQ1nOf0mUPvBnQdMIE9Kzp6xbOSV6u7n/gcZlUYRPgIJYChgg+q3eH5zlzSOm7kL
3LVRvARelL7FHKvqTAXxQXj/pObnXf/GnESFm1ZZtdwqRU4fQcwlcVU1unl6m1Jk
GxvTvsEc5o6elLQthdGHjKGZg/2snuNaNVPOFj77ksOqD3Ax78D1mdedi0zR1hX3
upla4d1pRtQcIevIptOjszlrDHD4UxCWKtHxVB2Y7Ut2
-----END CERTIFICATE-----