Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9hU5LlR_yUSlx9VGXlcrRLHAJiE.roa
File:                     9hU5LlR_yUSlx9VGXlcrRLHAJiE.roa (raw, json)
Hash identifier:          k+ZDJwqtBlD8hEMdoiriBNmtx9WdeAwev2Zw6riNZn0=
Subject key identifier:   F6:15:39:2E:54:7F:C9:44:A5:C7:D5:46:5E:57:2B:44:B1:C0:26:21
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC795571846FA9B0B71CBA83D6F71B397
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9hU5LlR_yUSlx9VGXlcrRLHAJiE.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51909
IP address blocks:        89.47.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 04:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:57:18:46:fa:9b:0b:71:cb:a8:3d:6f:71:b3:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f615392e547fc944a5c7d5465e572b44b1c02621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:b3:24:5b:5e:52:e5:ea:17:7b:1f:0d:52:c4:
                    a9:7b:e6:23:bc:a6:df:ae:c0:bf:38:6e:1c:63:ae:
                    66:4a:19:7f:cd:73:53:eb:91:d9:c6:e3:6c:ec:67:
                    06:81:35:2d:81:8d:2c:3a:a0:84:f1:91:8b:cb:dc:
                    49:a4:24:3d:a3:59:b3:ca:f1:bb:5d:37:1e:f7:30:
                    40:d3:f2:ce:9a:5c:7e:cd:ed:8e:89:10:0e:d5:9f:
                    46:ce:9f:2e:14:5e:1c:89:f0:3b:c0:78:94:1b:cb:
                    c7:13:4b:a6:56:a0:4a:05:b3:78:6c:ce:ca:b9:b7:
                    16:75:2a:51:7f:e2:92:98:c6:cc:f6:18:8a:23:54:
                    31:e0:88:16:91:ba:c5:e1:e8:41:8d:83:0d:79:62:
                    3f:2a:ba:84:9a:52:14:10:2b:35:e4:14:36:4c:45:
                    9c:07:d0:66:4c:53:aa:b0:a1:f2:ae:cd:d5:98:e7:
                    aa:db:8a:e0:15:fc:13:42:c0:ad:1b:3d:87:c4:97:
                    9c:2e:ac:15:0b:9b:95:d2:84:13:aa:dc:f3:63:87:
                    a7:67:99:e0:41:42:c1:f9:04:9b:f1:50:fd:89:b6:
                    ed:07:e3:54:cc:8a:10:4a:20:10:ae:eb:be:73:2c:
                    2d:23:b7:5c:38:2d:76:b6:d5:68:f7:9c:bd:31:8f:
                    2b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:15:39:2E:54:7F:C9:44:A5:C7:D5:46:5E:57:2B:44:B1:C0:26:21
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9hU5LlR_yUSlx9VGXlcrRLHAJiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c8:12:90:14:89:45:f0:74:d4:3d:78:58:b8:3e:87:37:f5:49:
         6f:d0:9d:f0:5b:0b:c5:54:a1:41:08:e6:34:32:a0:2e:96:05:
         61:38:ef:25:3d:be:7e:df:fa:97:40:cc:a0:62:85:95:b0:4c:
         ba:59:b5:67:bc:43:f2:24:8e:cf:42:4d:ab:17:d5:af:93:25:
         58:47:f0:23:18:a6:e3:b2:3e:29:76:df:3a:17:70:91:06:21:
         d8:ff:e5:80:93:2a:2f:4d:74:3f:a5:da:d3:4a:7f:99:68:2e:
         f1:ff:65:3b:5c:46:a4:94:b9:ed:56:75:c4:88:88:d8:7f:77:
         9a:d3:2c:13:6c:d9:4e:92:64:16:27:b7:3e:15:a9:a1:9a:d3:
         86:55:d7:a5:62:0b:8a:27:2e:48:53:83:03:2e:a5:71:a3:39:
         37:dd:74:5e:b3:a0:da:18:b4:90:8f:7d:4e:dd:99:a9:80:b3:
         c1:a6:62:8c:4c:f5:46:26:28:ff:c4:66:b5:cb:fc:8c:06:ac:
         06:0b:e2:de:b5:5d:d8:ec:df:f1:cc:eb:33:23:42:1f:5e:97:
         23:0f:f5:dd:29:82:87:ea:09:e0:fb:fa:cd:9f:94:9d:ff:89:
         c5:e3:24:31:cb:bf:b2:af:e4:0a:5d:f7:35:bf:00:3a:5e:bf:
         01:03:74:94
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVcYRvqbC3HLqD1vcbOXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjE1MzkyZTU0N2ZjOTQ0YTVjN2Q1NDY1ZTU3MmI0NGIxYzAyNjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8LMkW15S5eoXex8NUsSpe+YjvKbf
rsC/OG4cY65mShl/zXNT65HZxuNs7GcGgTUtgY0sOqCE8ZGLy9xJpCQ9o1mzyvG7
XTce9zBA0/LOmlx+ze2OiRAO1Z9Gzp8uFF4cifA7wHiUG8vHE0umVqBKBbN4bM7K
ubcWdSpRf+KSmMbM9hiKI1Qx4IgWkbrF4ehBjYMNeWI/KrqEmlIUECs15BQ2TEWc
B9BmTFOqsKHyrs3VmOeq24rgFfwTQsCtGz2HxJecLqwVC5uV0oQTqtzzY4enZ5ng
QULB+QSb8VD9ibbtB+NUzIoQSiAQruu+cywtI7dcOC12ttVo95y9MY8rXQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPYVOS5Uf8lEpcfVRl5XK0SxwCYhMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzloVTVMbFJfeVVTbHg5VkdYbGNyUkxIQUppRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJZL8Aw
DQYJKoZIhvcNAQELBQADggEBAMgSkBSJRfB01D14WLg+hzf1SW/QnfBbC8VUoUEI
5jQyoC6WBWE47yU9vn7f+pdAzKBihZWwTLpZtWe8Q/Ikjs9CTasX1a+TJVhH8CMY
puOyPil23zoXcJEGIdj/5YCTKi9NdD+l2tNKf5loLvH/ZTtcRqSUue1WdcSIiNh/
d5rTLBNs2U6SZBYntz4VqaGa04ZV16ViC4onLkhTgwMupXGjOTfddF6zoNoYtJCP
fU7dmamAs8GmYoxM9UYmKP/EZrXL/IwGrAYL4t61Xdjs3/HM6zMjQh9elyMP9d0p
gofqCeD7+s2flJ3/icXjJDHLv7Kv5Apd9zW/ADpevwEDdJQ=
-----END CERTIFICATE-----