Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jUrOGXk2sJwyiLkp4FMh_uYQkRc.roa
File:                     jUrOGXk2sJwyiLkp4FMh_uYQkRc.roa (raw, json)
Hash identifier:          rfj/5auj4gUTnGPCbMvUHG92CNE9fiKT82o7XP7u/aA=
Subject key identifier:   8D:4A:CE:19:79:36:B0:9C:32:88:B9:29:E0:53:21:FE:E6:10:91:17
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7954516FE42AF2B9B6785AD06778FF4
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jUrOGXk2sJwyiLkp4FMh_uYQkRc.roa
Signing time:             Tue 02 Jan 2024 00:31:37 +0000
ROA not before:           Tue 02 Jan 2024 00:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33925
IP address blocks:        188.240.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:45:16:fe:42:af:2b:9b:67:85:ad:06:77:8f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d4ace197936b09c3288b929e05321fee6109117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:90:e4:1f:d3:8b:b2:83:2d:90:97:05:b7:04:
                    9c:38:1d:a7:a5:92:83:e5:55:1f:d8:ac:39:90:d2:
                    ce:21:58:7d:84:d1:d2:be:8d:b1:4c:e5:1a:dc:70:
                    58:fc:8e:f5:2e:ad:9d:f2:44:b3:88:a4:83:f0:69:
                    fe:b5:b4:ad:0f:cd:2f:13:d2:54:7f:3b:ef:6a:2e:
                    d6:59:bb:00:8b:81:8e:29:c9:36:31:a5:d3:ab:01:
                    3e:82:8b:c4:bd:9e:05:12:cb:16:6c:c5:38:b7:90:
                    6a:9d:26:74:46:78:3c:7c:ea:7c:01:e0:00:70:44:
                    b4:27:b0:98:e8:5c:4d:16:7b:f3:87:b5:8e:ae:87:
                    ed:13:75:f1:cd:fa:d3:ce:26:bd:62:d4:b5:f6:61:
                    d5:3e:b0:43:21:9a:88:f5:b1:f1:7c:da:af:83:e2:
                    a2:cc:27:39:ba:07:13:20:96:af:03:a0:94:c5:69:
                    61:3f:45:7c:f1:b4:87:71:1f:04:a1:12:a9:0c:5d:
                    29:82:30:98:1d:ed:e1:02:bd:f2:c1:c1:c7:7c:6b:
                    07:55:3f:5d:8b:d9:de:9e:5f:92:0d:18:17:cc:4f:
                    92:64:83:30:35:a5:0c:cc:71:29:be:ff:a3:5f:46:
                    cc:b9:61:b9:56:21:4a:59:85:6b:82:03:a6:30:bd:
                    ab:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:4A:CE:19:79:36:B0:9C:32:88:B9:29:E0:53:21:FE:E6:10:91:17
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/jUrOGXk2sJwyiLkp4FMh_uYQkRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.240.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:44:0a:2b:c7:cf:31:8d:0a:9a:0a:cf:a6:88:ca:4d:ab:09:
         f4:e8:61:b1:9c:43:48:9f:b1:a3:7a:34:b3:62:85:e4:88:c7:
         fc:4e:07:6c:8e:57:3b:53:a3:65:60:92:a7:31:2b:fe:eb:8f:
         92:20:01:4d:58:88:13:63:7b:ca:10:18:2e:29:e5:9d:03:55:
         77:b5:96:56:39:bc:30:6a:bb:6e:a2:af:d6:be:3e:ac:58:cf:
         e6:e4:3d:72:cb:cf:97:33:a2:b1:cf:b3:b6:59:65:71:07:5c:
         24:bd:64:69:db:4c:a1:fd:19:c6:53:d0:dd:8c:63:f5:ec:65:
         37:07:59:c3:fd:46:f4:ba:ec:3a:18:03:cd:20:9e:d8:8e:30:
         00:f7:ea:81:18:d0:05:4b:19:61:46:82:13:91:0d:c0:50:ec:
         40:9c:a4:c7:33:9b:a6:b1:e5:b1:11:85:cd:f9:42:6f:33:45:
         63:64:d2:77:e1:db:04:a2:f4:4b:f5:15:d6:f7:df:61:d2:f1:
         e4:f6:cc:5a:f8:fe:0c:35:04:2c:80:53:8c:1b:27:ef:ba:d4:
         50:a2:3c:f1:01:6f:ca:73:97:41:85:f3:90:e8:9b:3c:ca:88:
         68:cd:72:13:63:33:d8:7e:2d:38:c5:72:d2:48:39:a6:d6:29:
         a7:c0:f3:49
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUUW/kKvK5tnha0Gd4/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDRhY2UxOTc5MzZiMDljMzI4OGI5MjllMDUzMjFmZWU2MTA5MTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JDkH9OLsoMtkJcFtwScOB2npZKD
5VUf2Kw5kNLOIVh9hNHSvo2xTOUa3HBY/I71Lq2d8kSziKSD8Gn+tbStD80vE9JU
fzvvai7WWbsAi4GOKck2MaXTqwE+govEvZ4FEssWbMU4t5BqnSZ0Rng8fOp8AeAA
cES0J7CY6FxNFnvzh7WOroftE3XxzfrTzia9YtS19mHVPrBDIZqI9bHxfNqvg+Ki
zCc5ugcTIJavA6CUxWlhP0V88bSHcR8EoRKpDF0pgjCYHe3hAr3ywcHHfGsHVT9d
i9nenl+SDRgXzE+SZIMwNaUMzHEpvv+jX0bMuWG5ViFKWYVrggOmML2rtwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFI1Kzhl5NrCcMoi5KeBTIf7mEJEXMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2pVck9HWGsyc0p3eWlMa3A0Rk1oX3VZUWtSYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC88Fkw
DQYJKoZIhvcNAQELBQADggEBAL1ECivHzzGNCpoKz6aIyk2rCfToYbGcQ0ifsaN6
NLNiheSIx/xOB2yOVztTo2VgkqcxK/7rj5IgAU1YiBNje8oQGC4p5Z0DVXe1llY5
vDBqu26ir9a+PqxYz+bkPXLLz5czorHPs7ZZZXEHXCS9ZGnbTKH9GcZT0N2MY/Xs
ZTcHWcP9RvS67DoYA80gntiOMAD36oEY0AVLGWFGghORDcBQ7ECcpMczm6ax5bER
hc35Qm8zRWNk0nfh2wSi9Ev1Fdb332HS8eT2zFr4/gw1BCyAU4wbJ++61FCiPPEB
b8pzl0GF85DomzzKiGjNchNjM9h+LTjFctJIOabWKafA80k=
-----END CERTIFICATE-----