Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/i2JMYzggdukvKDs9xl7yRgSVdYA.roa
File:                     i2JMYzggdukvKDs9xl7yRgSVdYA.roa (raw, json)
Hash identifier:          YQgCNa4l+m9fnge0Azvw0ser3vTkCkhNc/uUB7fI4ZM=
Subject key identifier:   8B:62:4C:63:38:20:76:E9:2F:28:3B:3D:C6:5E:F2:46:04:95:75:80
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7955821342D650D8B777FB2EAD03792
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/i2JMYzggdukvKDs9xl7yRgSVdYA.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56570
IP address blocks:        89.36.79.0/24 maxlen: 24
                          93.114.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:58:21:34:2d:65:0d:8b:77:7f:b2:ea:d0:37:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b624c63382076e92f283b3dc65ef24604957580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1b:49:9a:16:1a:38:9d:d7:e7:ba:38:ee:33:
                    b6:1b:f7:63:34:e3:00:ae:e6:6c:25:c7:40:80:40:
                    3b:ac:73:3e:d5:a0:4f:b0:68:72:85:c8:63:dc:4d:
                    ee:a0:54:3f:11:a4:bf:1e:c4:92:5a:8e:ff:eb:eb:
                    bf:bb:73:5f:2d:04:a2:bd:3a:eb:df:77:d1:e6:9e:
                    dd:0b:c3:e8:ed:f2:ef:c1:f2:c1:27:d0:6c:8e:ee:
                    ca:82:61:59:1f:48:69:2a:74:bf:17:03:d6:db:e3:
                    01:9f:30:e7:7d:09:92:5e:5e:2b:00:33:7d:c1:aa:
                    1f:0c:80:a8:c0:2e:e5:30:1f:8f:53:1d:30:f9:33:
                    d7:4f:9c:84:8c:b6:63:a6:38:31:9f:74:a4:c0:c9:
                    8a:4e:7e:9f:75:f1:16:6b:49:c9:74:b8:b2:04:29:
                    fc:e8:8a:b8:36:bf:ab:0b:9e:11:31:44:5a:ad:c0:
                    1d:df:bb:e6:ed:94:6f:0d:35:5e:c9:a6:e3:1a:bd:
                    9c:d7:f5:7a:bc:38:89:b6:29:cc:01:b7:5c:90:8d:
                    ad:7b:19:da:6e:93:d6:bc:0a:36:70:47:8c:b0:91:
                    78:e3:10:9c:31:a4:28:d2:4e:f7:b0:50:12:bf:b9:
                    c1:3b:97:ef:50:29:71:ee:5d:a8:0c:23:ef:e9:c8:
                    b8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:62:4C:63:38:20:76:E9:2F:28:3B:3D:C6:5E:F2:46:04:95:75:80
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/i2JMYzggdukvKDs9xl7yRgSVdYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.79.0/24
                  93.114.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:87:98:ae:eb:8e:46:f3:62:f4:83:ba:96:91:3a:4e:08:2b:
         bf:c1:b4:d7:0e:ba:74:94:2e:c1:ea:1e:aa:ef:d3:21:75:73:
         63:da:4c:40:72:4a:ed:42:36:ec:2f:ec:b3:d5:bd:b8:4c:e5:
         60:fd:a9:6e:22:68:51:8c:b7:7a:d6:f7:5d:18:c3:f8:8f:9f:
         4c:f3:63:3e:41:eb:30:ee:a5:17:92:ac:c2:44:81:95:33:37:
         77:7c:e8:45:93:fe:c8:d9:fa:6b:e1:99:b5:ec:11:93:e2:61:
         7a:46:5b:e1:18:a3:1b:b0:98:2f:41:63:85:b3:e8:58:95:0b:
         f7:12:e0:26:d2:83:74:ea:ca:08:43:63:c4:1d:a5:20:73:39:
         2f:1b:f6:03:fe:6a:63:2b:f4:ec:13:b7:95:af:2a:b9:1d:9f:
         90:c4:0a:3f:2e:b6:1d:cc:3c:1e:4b:2a:d3:4c:23:b8:90:64:
         04:64:14:23:ab:53:3b:a8:d6:f1:e3:ab:5e:3b:db:83:f8:f8:
         04:c2:92:97:17:e8:d6:a7:ba:9d:68:d6:7e:8f:3d:59:18:7c:
         57:d7:d2:c3:ec:1e:a3:c2:e5:77:33:27:73:ae:1e:16:03:ae:
         66:f5:ed:84:13:5c:0a:cf:16:a1:98:1b:3d:cf:04:39:72:f6:
         ef:e7:f7:58
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlVghNC1lDYt3f7Lq0DeSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjYyNGM2MzM4MjA3NmU5MmYyODNiM2RjNjVlZjI0NjA0OTU3NTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBtJmhYaOJ3X57o47jO2G/djNOMA
ruZsJcdAgEA7rHM+1aBPsGhyhchj3E3uoFQ/EaS/HsSSWo7/6+u/u3NfLQSivTrr
33fR5p7dC8Po7fLvwfLBJ9Bsju7KgmFZH0hpKnS/FwPW2+MBnzDnfQmSXl4rADN9
waofDICowC7lMB+PUx0w+TPXT5yEjLZjpjgxn3SkwMmKTn6fdfEWa0nJdLiyBCn8
6Iq4Nr+rC54RMURarcAd37vm7ZRvDTVeyabjGr2c1/V6vDiJtinMAbdckI2texna
bpPWvAo2cEeMsJF44xCcMaQo0k73sFASv7nBO5fvUClx7l2oDCPv6ci4vQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFItiTGM4IHbpLyg7PcZe8kYElXWAMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2kySk1ZemdnZHVrdktEczl4bDd5UmdTVmRZQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABZJE8D
BABdckIwDQYJKoZIhvcNAQELBQADggEBAGKHmK7rjkbzYvSDupaROk4IK7/BtNcO
unSULsHqHqrv0yF1c2PaTEBySu1CNuwv7LPVvbhM5WD9qW4iaFGMt3rW910Yw/iP
n0zzYz5B6zDupReSrMJEgZUzN3d86EWT/sjZ+mvhmbXsEZPiYXpGW+EYoxuwmC9B
Y4Wz6FiVC/cS4CbSg3TqyghDY8QdpSBzOS8b9gP+amMr9OwTt5WvKrkdn5DECj8u
th3MPB5LKtNMI7iQZARkFCOrUzuo1vHjq14724P4+ATCkpcX6Nanup1o1n6PPVkY
fFfX0sPsHqPC5XczJ3OuHhYDrmb17YQTXArPFqGYGz3PBDly9u/n91g=
-----END CERTIFICATE-----