Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/NIRrtM3MtJ5VFxbCWpZF8ZkRWx0.roa
File:                     NIRrtM3MtJ5VFxbCWpZF8ZkRWx0.roa (raw, json)
Hash identifier:          JWIrnMIRI3TeHH/5WU86b9y6rcSj52Fh2KKoAIEs6SU=
Subject key identifier:   34:84:6B:B4:CD:CC:B4:9E:55:17:16:C2:5A:96:45:F1:99:11:5B:1D
Certificate issuer:       /CN=5cb90fd62bcc0fe929dae53036fc55e511c54b45
Certificate serial:       018CC49332CAAD8B64C5D3E915B4D54BF351
Authority key identifier: 5C:B9:0F:D6:2B:CC:0F:E9:29:DA:E5:30:36:FC:55:E5:11:C5:4B:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XLkP1ivMD-kp2uUwNvxV5RHFS0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/NIRrtM3MtJ5VFxbCWpZF8ZkRWx0.roa
Signing time:             Mon 01 Jan 2024 10:30:30 +0000
ROA not before:           Mon 01 Jan 2024 10:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50884
IP address blocks:        89.36.37.0/24 maxlen: 24
                          89.36.72.0/24 maxlen: 24
                          89.35.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XLkP1ivMD-kp2uUwNvxV5RHFS0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XLkP1ivMD-kp2uUwNvxV5RHFS0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XLkP1ivMD-kp2uUwNvxV5RHFS0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:32:ca:ad:8b:64:c5:d3:e9:15:b4:d5:4b:f3:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cb90fd62bcc0fe929dae53036fc55e511c54b45
        Validity
            Not Before: Jan  1 10:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34846bb4cdccb49e551716c25a9645f199115b1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8d:81:88:66:43:df:9f:77:db:0d:07:10:bd:
                    ce:28:14:25:57:32:b0:18:9c:1f:76:a0:6d:6f:41:
                    6c:a9:0e:9c:5f:9b:45:ae:8f:80:5b:f4:8a:c4:ad:
                    d8:19:a3:f7:25:25:d3:0d:db:ad:b5:62:ce:a8:bd:
                    62:1b:0b:25:0a:75:9b:b7:b6:90:65:d8:ce:d9:b4:
                    c6:4c:1a:f2:87:fd:02:de:4f:d2:ec:af:cc:e0:4d:
                    43:f7:ea:cf:4a:0f:10:e9:8b:f4:c8:4b:f9:03:fa:
                    89:60:bc:02:94:75:12:78:23:bf:1d:52:f2:8a:56:
                    45:74:ac:66:51:09:ec:36:99:45:07:f0:e0:8c:6a:
                    a9:fc:ac:18:19:b7:da:46:dd:1f:4d:ff:0f:46:57:
                    65:b3:3b:a1:e7:3e:85:18:2d:c7:6b:6c:58:44:65:
                    2b:77:45:2d:e2:36:ca:e6:f8:9a:1f:78:4d:45:80:
                    82:a4:98:05:1c:b4:1a:d3:8d:d8:23:c1:79:65:20:
                    1f:3e:c4:26:44:29:00:d0:43:c3:99:1a:16:b9:df:
                    84:85:a0:1a:42:f0:86:12:42:66:99:c1:2f:93:dd:
                    d4:5c:7e:a0:73:ed:2b:a8:40:66:26:da:ec:85:54:
                    43:b9:22:4f:69:51:5a:61:62:5a:05:fd:c1:47:59:
                    cc:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:84:6B:B4:CD:CC:B4:9E:55:17:16:C2:5A:96:45:F1:99:11:5B:1D
            X509v3 Authority Key Identifier:
                keyid:5C:B9:0F:D6:2B:CC:0F:E9:29:DA:E5:30:36:FC:55:E5:11:C5:4B:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XLkP1ivMD-kp2uUwNvxV5RHFS0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/NIRrtM3MtJ5VFxbCWpZF8ZkRWx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XLkP1ivMD-kp2uUwNvxV5RHFS0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.27.0/24
                  89.36.37.0/24
                  89.36.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:c4:ac:f9:e9:31:fd:32:04:7e:d0:7b:b4:1b:88:16:29:96:
         7a:33:19:f5:85:1d:49:96:c9:61:ea:f5:15:5d:fd:bb:24:cf:
         14:46:a5:fb:f7:6f:6f:47:83:43:37:bf:f1:1c:b2:78:69:9e:
         1c:37:a3:15:9d:c6:af:47:d9:10:48:4f:e8:b8:28:e3:e1:5e:
         dd:0d:3d:50:6e:f2:ce:63:56:1e:22:f9:cb:35:0a:c3:0a:41:
         69:0d:03:cb:55:5c:f0:54:33:2a:2a:5f:b8:21:c3:3f:7c:ce:
         a4:09:9f:63:57:ea:35:95:89:99:af:38:53:fc:df:c3:a3:73:
         22:1e:42:81:58:c9:25:4b:c5:7b:ac:85:d6:e3:c8:d1:b6:53:
         e2:20:03:7c:d7:18:69:ba:0d:b0:f4:9e:68:0a:fe:49:c2:cf:
         c9:17:30:39:0c:a7:5a:12:db:53:2a:80:85:0b:11:34:dd:86:
         8a:c9:6c:09:6c:7f:9f:f9:b9:30:98:41:86:d1:f5:b6:07:63:
         3d:38:33:8b:82:1f:db:e4:35:24:4f:ab:fc:2f:61:13:2a:91:
         b5:12:9d:2e:65:e2:1f:4a:e2:f3:0b:ac:76:ed:f0:db:73:a3:
         a8:bf:2e:33:42:fe:45:23:8b:14:09:c7:8b:14:bb:6e:89:ab:
         78:e7:96:2b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEkzLKrYtkxdPpFbTVS/NRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjYjkwZmQ2MmJjYzBmZTkyOWRhZTUzMDM2ZmM1NWU1MTFj
NTRiNDUwHhcNMjQwMTAxMTAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDg0NmJiNGNkY2NiNDllNTUxNzE2YzI1YTk2NDVmMTk5MTE1YjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2I2BiGZD35932w0HEL3OKBQlVzKw
GJwfdqBtb0FsqQ6cX5tFro+AW/SKxK3YGaP3JSXTDduttWLOqL1iGwslCnWbt7aQ
ZdjO2bTGTBryh/0C3k/S7K/M4E1D9+rPSg8Q6Yv0yEv5A/qJYLwClHUSeCO/HVLy
ilZFdKxmUQnsNplFB/DgjGqp/KwYGbfaRt0fTf8PRldlszuh5z6FGC3Ha2xYRGUr
d0Ut4jbK5viaH3hNRYCCpJgFHLQa043YI8F5ZSAfPsQmRCkA0EPDmRoWud+EhaAa
QvCGEkJmmcEvk93UXH6gc+0rqEBmJtrshVRDuSJPaVFaYWJaBf3BR1nMdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDSEa7TNzLSeVRcWwlqWRfGZEVsdMB8GA1UdIwQY
MBaAFFy5D9YrzA/pKdrlMDb8VeURxUtFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWExrUDFpdk1ELWtwMnVVd052eFY1UkhGUzBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zZGFjNzMtZDdjNy00MGJiLWFiNTUt
OTUxMzVkYWY1MTQ3LzEvTklScnRNM010SjVWRnhiQ1dwWkY4WmtSV3gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zZGFjNzMtZDdjNy00MGJiLWFiNTUtOTUxMzVkYWY1MTQ3
LzEvWExrUDFpdk1ELWtwMnVVd052eFY1UkhGUzBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSMbAwQA
WSQlAwQAWSRIMA0GCSqGSIb3DQEBCwUAA4IBAQB5xKz56TH9MgR+0Hu0G4gWKZZ6
Mxn1hR1Jlslh6vUVXf27JM8URqX7929vR4NDN7/xHLJ4aZ4cN6MVncavR9kQSE/o
uCjj4V7dDT1QbvLOY1YeIvnLNQrDCkFpDQPLVVzwVDMqKl+4IcM/fM6kCZ9jV+o1
lYmZrzhT/N/Do3MiHkKBWMklS8V7rIXW48jRtlPiIAN81xhpug2w9J5oCv5Jws/J
FzA5DKdaEttTKoCFCxE03YaKyWwJbH+f+bkwmEGG0fW2B2M9ODOLgh/b5DUkT6v8
L2ETKpG1Ep0uZeIfSuLzC6x27fDbc6Oovy4zQv5FI4sUCceLFLtuiat455Yr
-----END CERTIFICATE-----