Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/k_HFj_5-D273v5Ot40GshumNfw4.roa
File:                     k_HFj_5-D273v5Ot40GshumNfw4.roa (raw, json)
Hash identifier:          cnxCuV1TBrY13zun9iLHuD9Rpo8oeb0PfMFrdA6KoQI=
Subject key identifier:   93:F1:C5:8F:FE:7E:0F:6E:F7:BF:93:AD:E3:41:AC:86:E9:8D:7F:0E
Certificate issuer:       /CN=978f41e290285473c2a1e2be7f66f63452ed4644
Certificate serial:       018CC34951CC12F13DE7D19ED69C79FBE6C9
Authority key identifier: 97:8F:41:E2:90:28:54:73:C2:A1:E2:BE:7F:66:F6:34:52:ED:46:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l49B4pAoVHPCoeK-f2b2NFLtRkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/k_HFj_5-D273v5Ot40GshumNfw4.roa
Signing time:             Mon 01 Jan 2024 04:30:11 +0000
ROA not before:           Mon 01 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39452
IP address blocks:        89.150.0.0/23 maxlen: 23
                          89.150.0.0/24 maxlen: 24
                          89.150.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/l49B4pAoVHPCoeK-f2b2NFLtRkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/l49B4pAoVHPCoeK-f2b2NFLtRkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l49B4pAoVHPCoeK-f2b2NFLtRkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:51:cc:12:f1:3d:e7:d1:9e:d6:9c:79:fb:e6:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=978f41e290285473c2a1e2be7f66f63452ed4644
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93f1c58ffe7e0f6ef7bf93ade341ac86e98d7f0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e7:4e:11:a0:00:97:4c:f9:34:38:47:c3:8d:
                    15:c5:90:d5:c0:61:56:bd:8b:bc:73:70:5d:ae:7a:
                    51:87:30:d6:7b:0a:e8:18:f8:4f:00:80:66:45:76:
                    9d:50:e2:16:69:01:73:5a:6b:b8:56:61:c3:82:95:
                    58:91:af:40:34:bc:22:eb:a0:2d:fb:b0:c8:21:61:
                    5f:eb:94:32:03:e4:fb:58:77:02:72:0f:7f:3f:c5:
                    13:74:de:29:1d:86:57:b3:82:f7:0e:ee:93:17:7f:
                    54:2c:9d:ca:c1:3d:53:f4:6f:06:cd:f3:33:29:63:
                    5a:e2:bd:89:1a:18:8c:9f:dc:ac:da:03:d0:c3:39:
                    e3:67:b7:bd:c1:0f:94:ce:dc:5a:6a:c1:28:17:99:
                    ed:b4:55:60:db:7b:f9:de:e3:9c:78:85:ce:22:b2:
                    91:bc:fd:8e:bd:0e:d2:05:6b:1d:98:c3:b9:d5:6c:
                    18:f8:90:41:2a:a7:0f:23:d3:79:5c:2b:f1:01:4a:
                    47:5b:98:37:ff:c2:7f:6f:79:70:e8:8f:18:1b:99:
                    23:23:50:0e:f1:45:07:12:7f:9c:7e:3e:d1:37:d3:
                    53:3c:6f:e4:12:37:c7:1f:b9:03:cd:60:ef:d2:f5:
                    78:6b:05:28:d9:ac:e3:ac:f1:5d:c8:67:66:fc:13:
                    de:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:F1:C5:8F:FE:7E:0F:6E:F7:BF:93:AD:E3:41:AC:86:E9:8D:7F:0E
            X509v3 Authority Key Identifier:
                keyid:97:8F:41:E2:90:28:54:73:C2:A1:E2:BE:7F:66:F6:34:52:ED:46:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l49B4pAoVHPCoeK-f2b2NFLtRkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/k_HFj_5-D273v5Ot40GshumNfw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/l49B4pAoVHPCoeK-f2b2NFLtRkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.150.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:60:84:8f:05:34:3b:24:04:e4:f2:b1:f1:3d:a6:6c:b9:ff:
         e0:47:cc:a6:ec:5a:f7:43:f0:be:b4:79:3e:f2:1f:17:0f:08:
         07:d1:18:ea:a6:f6:30:14:64:12:c7:99:1a:c0:ff:b9:67:c4:
         8e:80:e9:0e:09:85:4a:3c:2f:11:f3:18:8e:f1:ef:47:cd:cb:
         be:42:19:b8:76:8c:bc:bf:4b:ea:82:34:61:2e:ac:8d:9a:ba:
         cb:f6:c0:0a:c6:6d:b8:fc:63:13:a9:bd:e0:90:c3:85:84:69:
         99:8e:6c:c1:81:ad:81:d6:2d:0a:0e:c4:76:71:d9:45:98:34:
         d0:d8:51:26:1b:05:f4:17:2c:83:ba:95:a4:72:53:92:fb:d6:
         1b:d3:71:a9:f5:9c:00:f4:58:ba:c0:2b:1f:63:ce:84:f3:19:
         be:03:91:9a:9f:30:d1:cd:d5:df:79:12:6e:41:53:ef:67:56:
         ff:b2:1b:33:9b:9d:14:ea:e1:86:0e:d4:7f:6a:96:8e:a2:f8:
         26:d6:23:32:5a:a7:19:e6:bc:9e:b4:5c:da:4f:c7:ba:27:2a:
         0c:21:75:ec:8f:04:78:28:13:a1:76:32:7d:72:2a:96:6b:a8:
         53:a1:0b:3a:2e:68:ce:4a:9d:78:5d:0c:fe:20:53:c8:36:bf:
         5b:6c:8b:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVHMEvE959Ge1px5++bJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OGY0MWUyOTAyODU0NzNjMmExZTJiZTdmNjZmNjM0NTJl
ZDQ2NDQwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2YxYzU4ZmZlN2UwZjZlZjdiZjkzYWRlMzQxYWM4NmU5OGQ3ZjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+dOEaAAl0z5NDhHw40VxZDVwGFW
vYu8c3BdrnpRhzDWewroGPhPAIBmRXadUOIWaQFzWmu4VmHDgpVYka9ANLwi66At
+7DIIWFf65QyA+T7WHcCcg9/P8UTdN4pHYZXs4L3Du6TF39ULJ3KwT1T9G8GzfMz
KWNa4r2JGhiMn9ys2gPQwznjZ7e9wQ+UztxaasEoF5nttFVg23v53uOceIXOIrKR
vP2OvQ7SBWsdmMO51WwY+JBBKqcPI9N5XCvxAUpHW5g3/8J/b3lw6I8YG5kjI1AO
8UUHEn+cfj7RN9NTPG/kEjfHH7kDzWDv0vV4awUo2azjrPFdyGdm/BPexQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPxxY/+fg9u97+TreNBrIbpjX8OMB8GA1UdIwQY
MBaAFJePQeKQKFRzwqHivn9m9jRS7UZEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDQ5QjRwQW9WSFBDb2VLLWYyYjJORkx0UmtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9mMTQ4MGYtNzZlOS00YzhlLWFjMzIt
MzU3N2IxZWZkYzc4LzEva19IRmpfNS1EMjczdjVPdDQwR3NodW1OZnc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9mMTQ4MGYtNzZlOS00YzhlLWFjMzItMzU3N2IxZWZkYzc4
LzEvbDQ5QjRwQW9WSFBDb2VLLWYyYjJORkx0UmtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWZYAMA0G
CSqGSIb3DQEBCwUAA4IBAQAOYISPBTQ7JATk8rHxPaZsuf/gR8ym7Fr3Q/C+tHk+
8h8XDwgH0RjqpvYwFGQSx5kawP+5Z8SOgOkOCYVKPC8R8xiO8e9Hzcu+Qhm4doy8
v0vqgjRhLqyNmrrL9sAKxm24/GMTqb3gkMOFhGmZjmzBga2B1i0KDsR2cdlFmDTQ
2FEmGwX0FyyDupWkclOS+9Yb03Gp9ZwA9Fi6wCsfY86E8xm+A5GanzDRzdXfeRJu
QVPvZ1b/shszm50U6uGGDtR/apaOovgm1iMyWqcZ5ryetFzaT8e6JyoMIXXsjwR4
KBOhdjJ9ciqWa6hToQs6LmjOSp14XQz+IFPINr9bbItD
-----END CERTIFICATE-----