Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/K4SkbYkmllNrkhDiDa8a3IMqxWk.roa
File:                     K4SkbYkmllNrkhDiDa8a3IMqxWk.roa (raw, json)
Hash identifier:          I0lX6BcYtXe0on1OQJJuZifxLQRpWeb8HUbpaRstGtU=
Subject key identifier:   2B:84:A4:6D:89:26:96:53:6B:92:10:E2:0D:AF:1A:DC:83:2A:C5:69
Certificate issuer:       /CN=5cb90fd62bcc0fe929dae53036fc55e511c54b45
Certificate serial:       018CC49333296BE09C106F8C8B3BA1E0A178
Authority key identifier: 5C:B9:0F:D6:2B:CC:0F:E9:29:DA:E5:30:36:FC:55:E5:11:C5:4B:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XLkP1ivMD-kp2uUwNvxV5RHFS0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/K4SkbYkmllNrkhDiDa8a3IMqxWk.roa
Signing time:             Mon 01 Jan 2024 10:30:30 +0000
ROA not before:           Mon 01 Jan 2024 10:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59590
IP address blocks:        188.241.208.0/24 maxlen: 24
                          89.44.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XLkP1ivMD-kp2uUwNvxV5RHFS0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XLkP1ivMD-kp2uUwNvxV5RHFS0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XLkP1ivMD-kp2uUwNvxV5RHFS0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:33:29:6b:e0:9c:10:6f:8c:8b:3b:a1:e0:a1:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cb90fd62bcc0fe929dae53036fc55e511c54b45
        Validity
            Not Before: Jan  1 10:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b84a46d892696536b9210e20daf1adc832ac569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a5:70:6a:af:3f:b6:c2:a6:0b:6a:3a:af:19:
                    9c:6d:eb:1f:72:44:de:c9:1c:8c:e8:34:95:88:ee:
                    6f:bb:07:8f:2e:04:b6:4c:28:93:70:e8:3e:65:13:
                    6f:ca:12:aa:85:43:d5:bf:dd:c7:08:b5:43:94:4a:
                    fb:a7:af:6b:e9:ef:52:cd:e9:37:4f:4d:56:d9:23:
                    aa:52:31:75:75:d7:cd:ba:9e:e6:6a:82:73:d5:b7:
                    ce:bc:b9:0c:35:6a:1a:a1:54:d6:a9:b8:4e:6f:1b:
                    ad:97:3c:79:18:0d:62:4d:d0:d0:41:44:3c:ad:82:
                    8e:71:d6:7d:46:13:ab:44:40:19:5a:91:e0:6c:81:
                    fb:89:de:63:02:c4:31:5d:23:67:1d:23:b9:2a:10:
                    2e:fa:07:b0:ed:f0:5a:6c:05:ee:43:dd:53:25:5f:
                    bc:cf:10:2f:f1:85:2b:a4:4f:61:f3:e8:d6:4e:72:
                    ed:37:86:18:6e:02:b4:bb:dc:bb:80:7e:33:28:7b:
                    08:ce:31:07:a5:14:a6:10:28:d2:9e:80:00:ff:4c:
                    fb:d7:c0:4a:8c:25:e5:03:af:b6:74:69:b5:b4:28:
                    9b:fc:93:39:b5:5a:be:86:3b:22:ae:94:49:c1:49:
                    65:e2:d9:78:87:14:6d:91:29:52:fb:a0:10:23:f9:
                    d0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:84:A4:6D:89:26:96:53:6B:92:10:E2:0D:AF:1A:DC:83:2A:C5:69
            X509v3 Authority Key Identifier:
                keyid:5C:B9:0F:D6:2B:CC:0F:E9:29:DA:E5:30:36:FC:55:E5:11:C5:4B:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XLkP1ivMD-kp2uUwNvxV5RHFS0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/K4SkbYkmllNrkhDiDa8a3IMqxWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XLkP1ivMD-kp2uUwNvxV5RHFS0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.204.0/24
                  188.241.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:eb:b0:69:aa:52:f1:9f:59:5b:15:64:6c:fd:cf:13:33:0d:
         b0:88:a5:a1:69:cb:19:c6:28:ba:7d:bd:98:6a:60:2b:10:96:
         1b:33:3f:f4:cc:8a:3e:c8:7e:10:dc:ff:e7:93:b3:03:40:02:
         0e:cf:90:4d:7f:d9:4e:2a:1d:12:7c:5b:43:2c:f1:46:69:29:
         c0:43:31:73:96:d7:82:2e:c2:5f:15:97:32:46:b2:5a:69:76:
         bb:93:47:01:99:4e:ff:d8:1d:15:d9:f7:fe:3f:4f:ac:4e:7f:
         e7:08:d2:81:e4:59:da:f4:fb:81:0f:f6:69:f8:98:93:95:0a:
         72:45:91:75:8c:ac:62:d3:3d:cd:64:b4:d1:d4:aa:70:b3:1b:
         31:2f:7f:a1:d1:5a:9d:dd:f6:83:9c:27:32:b5:0d:20:0c:09:
         2e:3e:6a:11:71:11:70:1f:45:0b:ec:11:ef:f7:c3:ec:f3:cb:
         02:97:57:07:d2:11:be:fd:bf:81:6d:82:ab:07:4c:39:93:44:
         6a:bd:82:4b:08:b4:d5:27:be:0b:08:ea:2d:dd:bd:89:5c:86:
         53:fc:5f:10:bc:16:08:33:ea:77:77:84:01:76:82:36:b2:77:
         e4:e3:aa:59:04:c5:af:a8:82:f6:56:33:9f:6e:a1:5f:89:8e:
         48:64:28:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkzMpa+CcEG+Mizuh4KF4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjYjkwZmQ2MmJjYzBmZTkyOWRhZTUzMDM2ZmM1NWU1MTFj
NTRiNDUwHhcNMjQwMTAxMTAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjg0YTQ2ZDg5MjY5NjUzNmI5MjEwZTIwZGFmMWFkYzgzMmFjNTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaVwaq8/tsKmC2o6rxmcbesfckTe
yRyM6DSViO5vuwePLgS2TCiTcOg+ZRNvyhKqhUPVv93HCLVDlEr7p69r6e9Szek3
T01W2SOqUjF1ddfNup7maoJz1bfOvLkMNWoaoVTWqbhObxutlzx5GA1iTdDQQUQ8
rYKOcdZ9RhOrREAZWpHgbIH7id5jAsQxXSNnHSO5KhAu+gew7fBabAXuQ91TJV+8
zxAv8YUrpE9h8+jWTnLtN4YYbgK0u9y7gH4zKHsIzjEHpRSmECjSnoAA/0z718BK
jCXlA6+2dGm1tCib/JM5tVq+hjsirpRJwUll4tl4hxRtkSlS+6AQI/nQlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCuEpG2JJpZTa5IQ4g2vGtyDKsVpMB8GA1UdIwQY
MBaAFFy5D9YrzA/pKdrlMDb8VeURxUtFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWExrUDFpdk1ELWtwMnVVd052eFY1UkhGUzBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zZGFjNzMtZDdjNy00MGJiLWFiNTUt
OTUxMzVkYWY1MTQ3LzEvSzRTa2JZa21sbE5ya2hEaURhOGEzSU1xeFdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zZGFjNzMtZDdjNy00MGJiLWFiNTUtOTUxMzVkYWY1MTQ3
LzEvWExrUDFpdk1ELWtwMnVVd052eFY1UkhGUzBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSzMAwQA
vPHQMA0GCSqGSIb3DQEBCwUAA4IBAQBu67BpqlLxn1lbFWRs/c8TMw2wiKWhacsZ
xii6fb2YamArEJYbMz/0zIo+yH4Q3P/nk7MDQAIOz5BNf9lOKh0SfFtDLPFGaSnA
QzFzlteCLsJfFZcyRrJaaXa7k0cBmU7/2B0V2ff+P0+sTn/nCNKB5Fna9PuBD/Zp
+JiTlQpyRZF1jKxi0z3NZLTR1KpwsxsxL3+h0Vqd3faDnCcytQ0gDAkuPmoRcRFw
H0UL7BHv98Ps88sCl1cH0hG+/b+BbYKrB0w5k0RqvYJLCLTVJ74LCOot3b2JXIZT
/F8QvBYIM+p3d4QBdoI2snfk46pZBMWvqIL2VjOfbqFfiY5IZChB
-----END CERTIFICATE-----