Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Q-QEhVsXCVOEzV3cBimKShetGdk.roa
File:                     Q-QEhVsXCVOEzV3cBimKShetGdk.roa (raw, json)
Hash identifier:          WR3UNS2bXtT3SHnHGl+lXLbGqEQNMSfKwvCNcUl3gPI=
Subject key identifier:   43:E4:04:85:5B:17:09:53:84:CD:5D:DC:06:29:8A:4A:17:AD:19:D9
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79561034E4F97E63A5BA0901AAD9DE5
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Q-QEhVsXCVOEzV3cBimKShetGdk.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61050
IP address blocks:        89.44.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:61:03:4e:4f:97:e6:3a:5b:a0:90:1a:ad:9d:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43e404855b17095384cd5ddc06298a4a17ad19d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:22:26:0f:b6:81:08:34:69:9d:ed:56:4f:f2:
                    ef:dc:ba:0f:f6:48:c2:f7:1c:e6:b9:e4:5a:15:f8:
                    f8:75:87:eb:4c:22:0f:6a:78:94:fa:29:bd:b1:2a:
                    04:43:76:62:f4:4d:33:13:1a:87:c5:08:15:27:d0:
                    90:62:0b:51:21:ea:c8:b2:93:95:9a:c3:d7:0c:f4:
                    b1:ed:c4:4d:6a:5c:36:63:01:2c:4b:7e:e7:3b:b3:
                    0d:95:a2:c4:2c:ad:15:9c:dc:05:34:72:4a:3a:47:
                    b5:b7:20:86:4a:b6:b2:62:cd:0e:f0:3e:ef:7e:68:
                    a5:b3:37:85:53:dc:16:07:19:28:1c:73:c3:97:8a:
                    05:a6:44:f8:2b:c4:80:2f:fd:95:d5:b3:c0:14:b5:
                    6a:5e:c2:53:c0:d6:ab:a5:87:95:82:51:41:10:24:
                    2a:59:5f:f4:7a:5b:db:33:f3:ef:08:fd:13:15:e9:
                    1e:6f:55:8b:a7:0e:ef:bd:35:46:35:7d:07:40:0f:
                    78:4c:ff:bc:8c:ed:12:a5:76:88:28:9c:13:9d:4a:
                    5a:51:16:5e:68:59:e6:40:d1:bf:fd:e2:9d:21:1a:
                    96:c5:72:55:d8:43:a5:af:96:dc:be:e9:a0:23:0b:
                    2e:52:95:32:32:49:7b:39:5d:40:75:29:0f:82:96:
                    e8:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E4:04:85:5B:17:09:53:84:CD:5D:DC:06:29:8A:4A:17:AD:19:D9
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Q-QEhVsXCVOEzV3cBimKShetGdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:52:40:f5:a8:21:3b:8f:8f:37:a3:e2:2b:0f:b7:c4:03:bc:
         2b:bb:77:6d:e5:31:ee:95:f3:cf:41:f3:3b:22:2e:dc:57:37:
         9c:3e:3b:28:e2:ac:22:59:b7:5d:31:ac:b6:bc:fe:69:d2:47:
         09:b2:d8:b1:6f:2f:8b:f6:6d:f9:c9:fc:7a:f1:4a:c6:e5:96:
         b8:65:77:5f:3b:a1:bb:be:b3:fc:00:99:3f:39:4b:c9:19:b3:
         20:e5:33:7d:98:81:17:bf:1e:20:c4:0a:d3:e9:79:02:95:32:
         67:fd:10:9e:34:b0:62:c8:85:10:5f:ef:c4:b2:1a:c4:79:03:
         e2:d7:78:a8:4d:32:c5:45:49:30:34:56:8b:83:0b:4a:c0:28:
         16:e1:21:ba:60:54:8c:49:14:3d:91:ee:3a:11:1e:1d:0a:42:
         e9:80:61:c4:52:63:4a:04:15:85:0d:46:01:59:8c:48:8a:14:
         66:d1:a8:78:22:38:55:8c:74:df:ad:7e:9e:50:63:92:61:c8:
         53:82:36:7b:fb:6a:29:9e:f2:e7:9b:b9:72:1a:a6:44:ac:b5:
         9a:5c:e5:67:a9:d3:3d:e7:dc:1b:c3:c0:c0:d8:fc:c4:29:17:
         8c:d6:61:cd:81:f8:b8:ad:5c:6a:e6:f4:6d:7d:21:87:d7:68:
         dc:18:46:bf
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlWEDTk+X5jpboJAarZ3lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2U0MDQ4NTViMTcwOTUzODRjZDVkZGMwNjI5OGE0YTE3YWQxOWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSImD7aBCDRpne1WT/Lv3LoP9kjC
9xzmueRaFfj4dYfrTCIPaniU+im9sSoEQ3Zi9E0zExqHxQgVJ9CQYgtRIerIspOV
msPXDPSx7cRNalw2YwEsS37nO7MNlaLELK0VnNwFNHJKOke1tyCGSrayYs0O8D7v
fmilszeFU9wWBxkoHHPDl4oFpkT4K8SAL/2V1bPAFLVqXsJTwNarpYeVglFBECQq
WV/0elvbM/PvCP0TFekeb1WLpw7vvTVGNX0HQA94TP+8jO0SpXaIKJwTnUpaURZe
aFnmQNG//eKdIRqWxXJV2EOlr5bcvumgIwsuUpUyMkl7OV1AdSkPgpbowwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEPkBIVbFwlThM1d3AYpikoXrRnZMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1EtUUVoVnNYQ1ZPRXpWM2NCaW1LU2hldEdkay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZLHow
DQYJKoZIhvcNAQELBQADggEBALlSQPWoITuPjzej4isPt8QDvCu7d23lMe6V889B
8zsiLtxXN5w+OyjirCJZt10xrLa8/mnSRwmy2LFvL4v2bfnJ/HrxSsbllrhld187
obu+s/wAmT85S8kZsyDlM32YgRe/HiDECtPpeQKVMmf9EJ40sGLIhRBf78SyGsR5
A+LXeKhNMsVFSTA0VouDC0rAKBbhIbpgVIxJFD2R7joRHh0KQumAYcRSY0oEFYUN
RgFZjEiKFGbRqHgiOFWMdN+tfp5QY5JhyFOCNnv7aime8uebuXIapkSstZpc5Wep
0z3n3BvDwMDY/MQpF4zWYc2B+LitXGrm9G19IYfXaNwYRr8=
-----END CERTIFICATE-----