Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_4g_HMPlFKzmcyoigR6IVHbMqEU.roa
File:                     _4g_HMPlFKzmcyoigR6IVHbMqEU.roa (raw, json)
Hash identifier:          PisOS/vIaWpn2BscGkSdNslhM684JYnqltaBRhRyHEI=
Subject key identifier:   FF:88:3F:1C:C3:E5:14:AC:E6:73:2A:22:81:1E:88:54:76:CC:A8:45
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7955D015165700CA14FD4903CB5DA52
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_4g_HMPlFKzmcyoigR6IVHbMqEU.roa
Signing time:             Tue 02 Jan 2024 00:31:43 +0000
ROA not before:           Tue 02 Jan 2024 00:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59892
IP address blocks:        89.39.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5d:01:51:65:70:0c:a1:4f:d4:90:3c:b5:da:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff883f1cc3e514ace6732a22811e885476cca845
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:66:c2:71:ca:4b:91:56:a4:90:0a:be:c4:3e:
                    13:61:32:44:a7:fd:53:e6:6e:b6:9f:de:98:18:ac:
                    ac:98:ad:86:69:cb:7c:0c:06:6c:6b:03:0e:20:e3:
                    a7:7e:de:b7:f6:19:54:44:01:e5:11:4c:25:db:9b:
                    74:03:fe:eb:9a:88:37:5c:3f:ea:20:a8:dd:e8:eb:
                    14:75:1e:97:7f:41:b8:4a:17:83:b3:ba:05:81:64:
                    2a:3a:39:cf:fe:4c:73:5b:13:98:77:36:40:50:9e:
                    f1:33:77:b4:af:9f:19:e2:f7:59:bb:e0:5a:0f:28:
                    ea:85:30:29:c4:3c:a5:15:07:34:21:75:34:0d:89:
                    fb:98:12:0a:2b:1c:8d:b0:1a:7f:48:03:e0:fe:40:
                    57:f1:d9:d2:f5:55:fa:cc:ad:97:0d:5a:98:3f:3f:
                    c6:9b:69:e4:f5:ec:df:ae:46:51:43:91:b1:ad:61:
                    61:45:ab:47:9c:ff:0b:73:f5:cb:d2:a8:2d:5e:a4:
                    cf:d0:ef:d2:60:85:98:b5:e6:ab:b2:49:b7:37:00:
                    8b:aa:1f:7d:f1:ed:4b:d9:ea:42:b7:d6:e4:af:40:
                    35:d1:5b:f0:86:18:f4:7c:5d:42:f4:e6:d5:2e:af:
                    8b:65:29:dd:09:c9:79:d8:11:3d:2c:58:de:b7:ae:
                    6a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:88:3F:1C:C3:E5:14:AC:E6:73:2A:22:81:1E:88:54:76:CC:A8:45
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/_4g_HMPlFKzmcyoigR6IVHbMqEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:47:32:f4:bf:f1:fe:6b:ad:f4:c3:be:e8:d0:00:c7:69:c2:
         48:94:fd:85:35:12:44:03:ed:03:be:74:50:0b:a0:25:78:04:
         ad:09:d8:06:ca:fd:9c:bc:3a:b3:82:84:88:98:99:f3:6c:8a:
         25:53:e6:fe:05:97:45:c2:a8:a6:d8:da:8e:f6:8b:10:a8:4c:
         63:f2:1c:2f:85:41:9d:45:3f:41:aa:af:04:d1:e3:ca:7c:9a:
         6c:35:6a:80:e8:7f:22:d7:53:85:40:95:12:ce:e8:c1:bd:5c:
         c3:58:38:8c:f9:96:eb:a0:64:e3:84:50:5a:77:89:9d:8b:67:
         c4:15:8c:ef:25:a3:4d:38:d3:b2:27:fa:e0:a2:70:6e:39:06:
         5e:5d:1f:d5:04:34:48:d8:16:56:2d:51:50:08:7c:65:83:63:
         bf:2c:e7:18:8f:07:71:49:c5:27:ff:52:e9:6c:f3:bf:62:bb:
         95:a6:45:05:70:12:af:63:c0:07:f1:3b:9c:53:8f:7e:f0:a6:
         d0:25:36:90:52:ea:76:65:6b:36:38:19:ec:13:b3:61:a4:91:
         83:44:87:36:65:a3:0d:3e:d4:fb:2a:06:22:90:88:db:ef:67:
         ad:04:80:cd:61:5e:af:0c:a7:4d:0a:d3:a2:21:fc:46:a6:40:
         43:a7:03:0f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlV0BUWVwDKFP1JA8tdpSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjg4M2YxY2MzZTUxNGFjZTY3MzJhMjI4MTFlODg1NDc2Y2NhODQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGbCccpLkVakkAq+xD4TYTJEp/1T
5m62n96YGKysmK2Gact8DAZsawMOIOOnft639hlURAHlEUwl25t0A/7rmog3XD/q
IKjd6OsUdR6Xf0G4SheDs7oFgWQqOjnP/kxzWxOYdzZAUJ7xM3e0r58Z4vdZu+Ba
DyjqhTApxDylFQc0IXU0DYn7mBIKKxyNsBp/SAPg/kBX8dnS9VX6zK2XDVqYPz/G
m2nk9ezfrkZRQ5GxrWFhRatHnP8Lc/XL0qgtXqTP0O/SYIWYtearskm3NwCLqh99
8e1L2epCt9bkr0A10Vvwhhj0fF1C9ObVLq+LZSndCcl52BE9LFjet65qKQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFP+IPxzD5RSs5nMqIoEeiFR2zKhFMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL180Z19ITVBsRkt6bWN5b2lnUjZJVkhiTXFFVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZJ74w
DQYJKoZIhvcNAQELBQADggEBAHpHMvS/8f5rrfTDvujQAMdpwkiU/YU1EkQD7QO+
dFALoCV4BK0J2AbK/Zy8OrOChIiYmfNsiiVT5v4Fl0XCqKbY2o72ixCoTGPyHC+F
QZ1FP0GqrwTR48p8mmw1aoDofyLXU4VAlRLO6MG9XMNYOIz5luugZOOEUFp3iZ2L
Z8QVjO8lo00407In+uCicG45Bl5dH9UENEjYFlYtUVAIfGWDY78s5xiPB3FJxSf/
Uuls879iu5WmRQVwEq9jwAfxO5xTj37wptAlNpBS6nZlazY4GewTs2GkkYNEhzZl
ow0+1PsqBiKQiNvvZ60EgM1hXq8Mp00K06Ih/EamQEOnAw8=
-----END CERTIFICATE-----