Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/PM42qC0EDTaqX3FUKOQbqVP8YcM.roa
File:                     PM42qC0EDTaqX3FUKOQbqVP8YcM.roa (raw, json)
Hash identifier:          AkIf8P8kG7MqedOx+cafOY9qp7yG9S1IwM55IAnYYFI=
Subject key identifier:   3C:CE:36:A8:2D:04:0D:36:AA:5F:71:54:28:E4:1B:A9:53:FC:61:C3
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7954A7976F862FD45FE5A0508F6C666
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/PM42qC0EDTaqX3FUKOQbqVP8YcM.roa
Signing time:             Tue 02 Jan 2024 00:31:39 +0000
ROA not before:           Tue 02 Jan 2024 00:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41807
IP address blocks:        89.45.166.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4a:79:76:f8:62:fd:45:fe:5a:05:08:f6:c6:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cce36a82d040d36aa5f715428e41ba953fc61c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8c:d9:63:80:48:76:26:cd:7d:49:35:2c:04:
                    68:a7:48:88:89:08:d7:92:91:ef:82:0e:14:b0:f0:
                    54:c4:62:18:39:c4:98:12:4b:cd:7d:6b:8d:6f:df:
                    1f:e0:f4:de:58:c0:b9:77:0f:66:1c:68:4e:2c:93:
                    35:21:c4:60:f9:a1:e0:0b:69:c3:b7:ce:a6:ac:0e:
                    82:12:04:04:ee:55:fb:d1:1e:86:30:56:eb:3a:06:
                    62:d9:29:1d:b0:ce:d1:1a:d5:6d:02:a2:80:9e:34:
                    60:39:a6:9d:9c:6f:c9:be:83:42:d8:4c:34:82:4c:
                    7c:36:08:e7:ba:73:27:d3:60:ee:9f:6a:a3:a7:d4:
                    ec:03:df:a1:f1:38:b1:a8:59:fa:19:36:44:e5:f0:
                    0d:a8:ae:f1:22:27:ef:12:cb:87:13:61:50:12:9d:
                    41:68:ea:16:13:25:0c:47:ef:fa:16:3e:60:fe:e9:
                    02:23:51:19:15:b3:3d:17:91:26:e1:2c:0c:e1:6b:
                    da:08:98:0c:84:97:a5:fe:4a:d5:03:a5:68:39:f4:
                    fc:51:52:28:23:d6:16:50:7d:ea:b7:09:09:72:84:
                    20:fe:5b:99:f2:0a:a9:1a:0e:ea:53:90:5e:00:ed:
                    3d:6c:fb:02:e0:ea:82:9e:37:6e:f6:57:d6:b8:41:
                    f8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:CE:36:A8:2D:04:0D:36:AA:5F:71:54:28:E4:1B:A9:53:FC:61:C3
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/PM42qC0EDTaqX3FUKOQbqVP8YcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:16:85:d2:cb:c5:4f:54:dc:77:2f:a8:74:f3:d4:bc:a9:e5:
         19:f9:d1:01:3d:97:d7:f4:33:54:2d:1f:c5:c1:a6:88:ad:e7:
         c6:21:79:fb:29:85:19:09:1b:58:e7:c9:f9:60:39:22:11:7a:
         73:67:c8:44:57:76:ac:cf:13:90:9d:c2:19:11:ed:79:e8:91:
         a1:a7:11:97:14:55:0d:a4:1e:b9:f8:bd:3f:38:bd:72:a6:9d:
         79:00:b6:aa:d5:4c:52:ce:db:39:06:6e:26:b3:02:cf:99:ae:
         41:f5:6e:54:66:43:f1:5b:d6:8c:e0:5c:af:96:72:8b:b9:45:
         d8:e2:53:1a:81:ea:67:e3:f9:82:43:78:07:37:7c:97:fa:05:
         92:25:f3:8c:6b:b0:a3:15:c3:32:40:ed:de:6d:d0:d6:d8:61:
         e0:51:1a:9c:7d:84:8a:ef:3c:7c:ac:03:18:52:0a:d5:4c:01:
         89:a1:60:8d:a1:d3:86:01:7d:cf:10:15:a2:81:1b:de:2b:e1:
         8d:b7:ad:ef:4a:0c:5f:4c:2d:7b:67:9e:07:a0:01:f5:70:f2:
         38:92:f0:00:a9:11:7e:18:8e:33:b9:0b:9b:c1:4c:c9:eb:e1:
         96:eb:65:ce:84:e8:52:9a:74:5c:ab:a9:74:5b:ad:2f:4e:71:
         39:3a:4d:b0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUp5dvhi/UX+WgUI9sZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2NlMzZhODJkMDQwZDM2YWE1ZjcxNTQyOGU0MWJhOTUzZmM2MWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYzZY4BIdibNfUk1LARop0iIiQjX
kpHvgg4UsPBUxGIYOcSYEkvNfWuNb98f4PTeWMC5dw9mHGhOLJM1IcRg+aHgC2nD
t86mrA6CEgQE7lX70R6GMFbrOgZi2SkdsM7RGtVtAqKAnjRgOaadnG/JvoNC2Ew0
gkx8NgjnunMn02Dun2qjp9TsA9+h8TixqFn6GTZE5fANqK7xIifvEsuHE2FQEp1B
aOoWEyUMR+/6Fj5g/ukCI1EZFbM9F5Em4SwM4WvaCJgMhJel/krVA6VoOfT8UVIo
I9YWUH3qtwkJcoQg/luZ8gqpGg7qU5BeAO09bPsC4OqCnjdu9lfWuEH4LQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDzONqgtBA02ql9xVCjkG6lT/GHDMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1BNNDJxQzBFRFRhcVgzRlVLT1FicVZQOFljTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFZLaYw
DQYJKoZIhvcNAQELBQADggEBADcWhdLLxU9U3HcvqHTz1Lyp5Rn50QE9l9f0M1Qt
H8XBpoit58YhefsphRkJG1jnyflgOSIRenNnyERXdqzPE5CdwhkR7XnokaGnEZcU
VQ2kHrn4vT84vXKmnXkAtqrVTFLO2zkGbiazAs+ZrkH1blRmQ/Fb1ozgXK+Wcou5
RdjiUxqB6mfj+YJDeAc3fJf6BZIl84xrsKMVwzJA7d5t0NbYYeBRGpx9hIrvPHys
AxhSCtVMAYmhYI2h04YBfc8QFaKBG94r4Y23re9KDF9MLXtnngegAfVw8jiS8ACp
EX4YjjO5C5vBTMnr4ZbrZc6E6FKadFyrqXRbrS9OcTk6TbA=
-----END CERTIFICATE-----