Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/e51TBsoKyTObmlWopURdpzB1KT0.roa
File:                     e51TBsoKyTObmlWopURdpzB1KT0.roa (raw, json)
Hash identifier:          Ry7NKROp3/FvEmXza5rltRjsOT8HkGOUSJBInrBZ52Y=
Subject key identifier:   7B:9D:53:06:CA:0A:C9:33:9B:9A:55:A8:A5:44:5D:A7:30:75:29:3D
Certificate issuer:       /CN=97310ada6a1bbd7aa68e140223bf9c625a33be41
Certificate serial:       018CC56ED595C75B88C4612E80817110B9D6
Authority key identifier: 97:31:0A:DA:6A:1B:BD:7A:A6:8E:14:02:23:BF:9C:62:5A:33:BE:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lzEK2mobvXqmjhQCI7-cYlozvkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/e51TBsoKyTObmlWopURdpzB1KT0.roa
Signing time:             Mon 01 Jan 2024 14:30:24 +0000
ROA not before:           Mon 01 Jan 2024 14:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212713
IP address blocks:        80.89.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/lzEK2mobvXqmjhQCI7-cYlozvkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/lzEK2mobvXqmjhQCI7-cYlozvkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lzEK2mobvXqmjhQCI7-cYlozvkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d5:95:c7:5b:88:c4:61:2e:80:81:71:10:b9:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97310ada6a1bbd7aa68e140223bf9c625a33be41
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b9d5306ca0ac9339b9a55a8a5445da73075293d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:76:83:aa:56:fe:d9:dd:ac:56:45:66:90:03:
                    1e:e1:4b:53:9f:71:35:e9:d0:7a:6f:0f:1c:29:7f:
                    9c:fd:06:7b:b3:a8:4b:f1:64:81:7f:bc:60:1e:0b:
                    b9:40:b6:16:48:85:22:23:fb:e6:e1:84:06:8b:3b:
                    eb:f3:02:31:e0:9e:41:87:2a:8e:52:a6:1b:9b:9a:
                    a2:95:f4:32:c5:eb:b0:05:ed:39:2f:fc:c3:08:de:
                    63:bd:5a:7c:62:e6:e0:2a:45:64:cd:87:80:70:a1:
                    a0:aa:68:01:52:84:ba:7f:bc:8b:4f:16:df:58:17:
                    47:b4:47:ad:49:05:16:38:7e:0e:0b:49:55:d7:8b:
                    b4:ff:e4:db:40:96:93:33:3e:5a:6b:21:11:3a:e6:
                    b5:6c:92:06:2b:8b:53:99:54:d4:a2:4e:ce:ee:e9:
                    9e:a3:56:79:e0:83:cd:c3:53:3f:24:ea:c6:df:05:
                    7a:42:97:28:71:b2:99:7e:2f:08:8f:da:f8:69:ad:
                    d6:ce:bb:54:8d:8d:1a:f1:eb:88:54:a8:f1:55:4e:
                    5e:d1:08:60:d7:cf:5b:56:d9:e3:0d:73:27:ae:08:
                    af:e7:d9:6e:50:e9:a0:f3:8f:65:d6:19:62:82:a8:
                    85:c8:75:4e:ad:76:c5:eb:d3:0f:f5:34:93:01:d1:
                    51:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:9D:53:06:CA:0A:C9:33:9B:9A:55:A8:A5:44:5D:A7:30:75:29:3D
            X509v3 Authority Key Identifier:
                keyid:97:31:0A:DA:6A:1B:BD:7A:A6:8E:14:02:23:BF:9C:62:5A:33:BE:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lzEK2mobvXqmjhQCI7-cYlozvkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/e51TBsoKyTObmlWopURdpzB1KT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5b36ce-d8dd-4561-8ebf-53e9ef6073c5/1/lzEK2mobvXqmjhQCI7-cYlozvkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.89.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ba:50:ab:f5:7f:b9:f0:62:37:ec:b3:ec:b4:b7:65:b7:94:
         ed:92:b3:6c:48:8b:78:3d:9a:33:66:7f:16:a9:4f:bf:6b:be:
         5b:f7:23:2a:b1:af:ed:a4:eb:be:13:d3:e3:95:90:ef:e2:b0:
         3a:27:ea:8c:1c:af:fa:f1:a1:78:d9:f5:42:d2:3e:9b:f6:92:
         fe:3a:38:f7:3e:67:57:4e:c5:01:34:dc:c9:d3:0c:46:09:29:
         29:63:7f:e9:e9:ad:6a:6a:ef:e9:d1:49:13:7a:cb:cf:5c:8f:
         61:e7:1d:e3:db:86:3b:e2:bb:46:68:60:e9:d0:40:b1:9d:d0:
         22:e9:05:4d:24:14:1c:c6:8e:e8:48:38:78:a4:6e:68:6a:76:
         57:12:c9:c7:18:e2:66:ff:98:0f:a2:fc:4e:b0:9a:21:e7:3b:
         30:f6:16:e3:51:b2:f5:a9:8d:cf:74:7e:eb:2f:55:a2:2d:34:
         e5:49:d2:2d:85:28:15:a5:0e:dd:01:1b:d0:44:e7:db:d4:5a:
         31:79:73:48:64:07:f0:7d:33:ac:3d:6a:7a:68:4f:ea:f5:db:
         c4:9e:6e:56:73:f4:e4:13:1f:06:9b:b9:07:76:bd:7b:17:19:
         0e:70:75:25:ae:4d:31:8c:c7:90:97:74:fc:52:6d:86:14:d6:
         b7:df:96:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtWVx1uIxGEugIFxELnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MzEwYWRhNmExYmJkN2FhNjhlMTQwMjIzYmY5YzYyNWEz
M2JlNDEwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjlkNTMwNmNhMGFjOTMzOWI5YTU1YThhNTQ0NWRhNzMwNzUyOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnaDqlb+2d2sVkVmkAMe4UtTn3E1
6dB6bw8cKX+c/QZ7s6hL8WSBf7xgHgu5QLYWSIUiI/vm4YQGizvr8wIx4J5BhyqO
UqYbm5qilfQyxeuwBe05L/zDCN5jvVp8YubgKkVkzYeAcKGgqmgBUoS6f7yLTxbf
WBdHtEetSQUWOH4OC0lV14u0/+TbQJaTMz5aayEROua1bJIGK4tTmVTUok7O7ume
o1Z54IPNw1M/JOrG3wV6QpcocbKZfi8Ij9r4aa3WzrtUjY0a8euIVKjxVU5e0Qhg
189bVtnjDXMnrgiv59luUOmg849l1hligqiFyHVOrXbF69MP9TSTAdFRkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHudUwbKCskzm5pVqKVEXacwdSk9MB8GA1UdIwQY
MBaAFJcxCtpqG716po4UAiO/nGJaM75BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHpFSzJtb2J2WHFtamhRQ0k3LWNZbG96dmtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81YjM2Y2UtZDhkZC00NTYxLThlYmYt
NTNlOWVmNjA3M2M1LzEvZTUxVEJzb0t5VE9ibWxXb3BVUmRwekIxS1QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81YjM2Y2UtZDhkZC00NTYxLThlYmYtNTNlOWVmNjA3M2M1
LzEvbHpFSzJtb2J2WHFtamhRQ0k3LWNZbG96dmtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFkIMA0G
CSqGSIb3DQEBCwUAA4IBAQBrulCr9X+58GI37LPstLdlt5TtkrNsSIt4PZozZn8W
qU+/a75b9yMqsa/tpOu+E9PjlZDv4rA6J+qMHK/68aF42fVC0j6b9pL+Ojj3PmdX
TsUBNNzJ0wxGCSkpY3/p6a1qau/p0UkTesvPXI9h5x3j24Y74rtGaGDp0ECxndAi
6QVNJBQcxo7oSDh4pG5oanZXEsnHGOJm/5gPovxOsJoh5zsw9hbjUbL1qY3PdH7r
L1WiLTTlSdIthSgVpQ7dARvQROfb1FoxeXNIZAfwfTOsPWp6aE/q9dvEnm5Wc/Tk
Ex8Gm7kHdr17FxkOcHUlrk0xjMeQl3T8Um2GFNa335b/
-----END CERTIFICATE-----