Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/97oH64MTF49SAG0zHxOj8jmnn-s.roa
File:                     97oH64MTF49SAG0zHxOj8jmnn-s.roa (raw, json)
Hash identifier:          heLG31HoWxzX+CnqFpo366PEf7+czzQJOXp9BpcJuDA=
Subject key identifier:   F7:BA:07:EB:83:13:17:8F:52:00:6D:33:1F:13:A3:F2:39:A7:9F:EB
Certificate issuer:       /CN=97310ada6a1bbd7aa68e140223bf9c625a33be41
Certificate serial:       018CC56ED42754522E7B40091E071D51A631
Authority key identifier: 97:31:0A:DA:6A:1B:BD:7A:A6:8E:14:02:23:BF:9C:62:5A:33:BE:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lzEK2mobvXqmjhQCI7-cYlozvkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/97oH64MTF49SAG0zHxOj8jmnn-s.roa
Signing time:             Mon 01 Jan 2024 14:30:23 +0000
ROA not before:           Mon 01 Jan 2024 14:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21105
IP address blocks:        80.89.9.0/24 maxlen: 24
                          80.89.10.0/24 maxlen: 24
                          80.89.11.0/24 maxlen: 24
                          80.89.8.0/22 maxlen: 22
                          80.89.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/lzEK2mobvXqmjhQCI7-cYlozvkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/lzEK2mobvXqmjhQCI7-cYlozvkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lzEK2mobvXqmjhQCI7-cYlozvkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d4:27:54:52:2e:7b:40:09:1e:07:1d:51:a6:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97310ada6a1bbd7aa68e140223bf9c625a33be41
        Validity
            Not Before: Jan  1 14:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7ba07eb8313178f52006d331f13a3f239a79feb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:91:7f:20:07:6c:3a:a4:b0:30:9e:3c:7e:c8:
                    bc:0a:42:3e:c5:9e:39:e1:f5:dd:7d:35:7f:47:04:
                    58:7d:23:8a:ae:7b:97:2b:b8:5a:8b:26:e1:5b:15:
                    81:94:76:ff:8b:61:f6:25:8b:1c:05:8e:f4:9d:11:
                    8a:c3:7b:1d:be:12:a0:26:4f:01:20:59:63:71:a7:
                    64:b5:af:2b:c4:5e:81:98:df:98:23:ec:f4:1e:de:
                    f0:86:68:ec:86:24:1d:59:1f:df:27:6b:b1:83:86:
                    94:80:0d:e0:4e:a4:32:6f:51:47:3e:55:90:3f:a1:
                    31:35:77:42:a6:57:6a:76:64:7c:64:1b:4e:e1:34:
                    26:08:b6:15:18:a6:5a:01:82:28:01:a7:46:a5:43:
                    20:2b:c9:6d:61:37:e0:f5:c6:ec:6c:e7:cd:c5:fc:
                    11:f7:db:16:34:08:4c:d3:a0:bc:76:9e:fd:19:3b:
                    1f:da:05:e0:d7:f3:75:ba:d2:3f:14:b0:63:d5:f4:
                    e6:3f:8e:c1:30:f8:c0:99:b5:66:0b:c9:d0:de:b1:
                    2c:c0:fa:f0:1f:a7:e4:b3:e0:30:67:77:93:2d:0e:
                    16:cd:59:ee:d2:3b:49:e7:c0:16:dd:1a:ff:80:53:
                    9d:77:d0:d6:b9:de:b6:f0:6e:ac:37:7c:0f:33:5e:
                    7b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:BA:07:EB:83:13:17:8F:52:00:6D:33:1F:13:A3:F2:39:A7:9F:EB
            X509v3 Authority Key Identifier:
                keyid:97:31:0A:DA:6A:1B:BD:7A:A6:8E:14:02:23:BF:9C:62:5A:33:BE:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lzEK2mobvXqmjhQCI7-cYlozvkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/97oH64MTF49SAG0zHxOj8jmnn-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/lzEK2mobvXqmjhQCI7-cYlozvkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.89.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:e4:dd:de:4d:40:b9:66:07:f8:dd:b1:df:d0:df:d8:48:53:
         70:8e:8a:e6:1d:45:90:a5:44:f6:c6:62:c0:d6:c2:85:1d:44:
         75:e4:39:54:0f:b2:a2:36:2d:bc:8b:6b:2b:dd:a8:af:7c:84:
         fb:5e:c1:5e:7e:11:95:87:5c:d9:18:85:5d:81:49:2e:45:57:
         b0:c6:71:12:82:30:ff:ce:32:cb:33:97:d8:a0:34:87:84:49:
         5e:ad:26:b7:f0:92:34:d2:2e:b8:2a:7c:15:f3:72:48:7c:1d:
         26:d8:7a:f2:81:5b:eb:c4:27:f7:63:13:03:f3:2a:49:36:26:
         71:31:db:0b:c2:26:93:6f:85:33:aa:a2:a1:9c:84:ff:3f:21:
         47:cd:5a:22:67:1e:55:27:31:db:ce:84:31:93:c4:c6:c3:c7:
         8f:56:3b:0b:11:99:55:7c:24:b2:88:f7:cc:5d:70:e6:0b:11:
         30:6d:33:53:71:14:25:e4:40:50:f0:f2:9f:4c:2d:d8:0b:75:
         d9:ca:02:7f:48:70:6a:1c:ae:02:a2:97:a9:9f:72:c4:a9:92:
         53:d1:3e:80:40:6d:cc:05:43:92:c8:ea:10:60:99:32:0c:3e:
         8f:70:bc:e4:17:23:bc:1c:f3:b8:d8:03:d1:47:35:63:73:60:
         88:d1:31:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtQnVFIue0AJHgcdUaYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MzEwYWRhNmExYmJkN2FhNjhlMTQwMjIzYmY5YzYyNWEz
M2JlNDEwHhcNMjQwMTAxMTQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2JhMDdlYjgzMTMxNzhmNTIwMDZkMzMxZjEzYTNmMjM5YTc5ZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJF/IAdsOqSwMJ48fsi8CkI+xZ45
4fXdfTV/RwRYfSOKrnuXK7haiybhWxWBlHb/i2H2JYscBY70nRGKw3sdvhKgJk8B
IFljcadkta8rxF6BmN+YI+z0Ht7whmjshiQdWR/fJ2uxg4aUgA3gTqQyb1FHPlWQ
P6ExNXdCpldqdmR8ZBtO4TQmCLYVGKZaAYIoAadGpUMgK8ltYTfg9cbsbOfNxfwR
99sWNAhM06C8dp79GTsf2gXg1/N1utI/FLBj1fTmP47BMPjAmbVmC8nQ3rEswPrw
H6fks+AwZ3eTLQ4WzVnu0jtJ58AW3Rr/gFOdd9DWud628G6sN3wPM157DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPe6B+uDExePUgBtMx8To/I5p5/rMB8GA1UdIwQY
MBaAFJcxCtpqG716po4UAiO/nGJaM75BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHpFSzJtb2J2WHFtamhRQ0k3LWNZbG96dmtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81YjM2Y2UtZDhkZC00NTYxLThlYmYt
NTNlOWVmNjA3M2M1LzEvOTdvSDY0TVRGNDlTQUcwekh4T2o4am1ubi1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81YjM2Y2UtZDhkZC00NTYxLThlYmYtNTNlOWVmNjA3M2M1
LzEvbHpFSzJtb2J2WHFtamhRQ0k3LWNZbG96dmtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUFkIMA0G
CSqGSIb3DQEBCwUAA4IBAQAj5N3eTUC5Zgf43bHf0N/YSFNwjormHUWQpUT2xmLA
1sKFHUR15DlUD7KiNi28i2sr3aivfIT7XsFefhGVh1zZGIVdgUkuRVewxnESgjD/
zjLLM5fYoDSHhElerSa38JI00i64KnwV83JIfB0m2HrygVvrxCf3YxMD8ypJNiZx
MdsLwiaTb4UzqqKhnIT/PyFHzVoiZx5VJzHbzoQxk8TGw8ePVjsLEZlVfCSyiPfM
XXDmCxEwbTNTcRQl5EBQ8PKfTC3YC3XZygJ/SHBqHK4Copepn3LEqZJT0T6AQG3M
BUOSyOoQYJkyDD6PcLzkFyO8HPO42APRRzVjc2CI0TEX
-----END CERTIFICATE-----