Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/46d903-afda-421b-8a61-07ee242e136d/1/5Y-SzdhrnuzcRAfrWiwpTWFeOvc.roa
File:                     5Y-SzdhrnuzcRAfrWiwpTWFeOvc.roa (raw, json)
Hash identifier:          CiArcwn4aTIrCx/UGNqgtLuPzareDEfaIzEMv4XKSpk=
Subject key identifier:   E5:8F:92:CD:D8:6B:9E:EC:DC:44:07:EB:5A:2C:29:4D:61:5E:3A:F7
Certificate issuer:       /CN=965135dd42519fdda3dd3fdaa9db3357815fad75
Certificate serial:       018CC8019BD8638149E953103B747F363C33
Authority key identifier: 96:51:35:DD:42:51:9F:DD:A3:DD:3F:DA:A9:DB:33:57:81:5F:AD:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/llE13UJRn92j3T_aqdszV4FfrXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/46d903-afda-421b-8a61-07ee242e136d/1/5Y-SzdhrnuzcRAfrWiwpTWFeOvc.roa
Signing time:             Tue 02 Jan 2024 02:29:57 +0000
ROA not before:           Tue 02 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212549
IP address blocks:        185.203.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/46d903-afda-421b-8a61-07ee242e136d/1/llE13UJRn92j3T_aqdszV4FfrXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/46d903-afda-421b-8a61-07ee242e136d/1/llE13UJRn92j3T_aqdszV4FfrXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/llE13UJRn92j3T_aqdszV4FfrXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:9b:d8:63:81:49:e9:53:10:3b:74:7f:36:3c:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=965135dd42519fdda3dd3fdaa9db3357815fad75
        Validity
            Not Before: Jan  2 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e58f92cdd86b9eecdc4407eb5a2c294d615e3af7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:89:b4:f0:cf:77:c0:7b:9b:f0:48:e4:6f:3e:
                    76:ae:14:12:7c:79:fb:66:36:f1:13:1c:63:c0:a7:
                    d4:fd:b2:0b:0f:27:38:2a:41:ef:02:2d:5d:85:cb:
                    ca:d1:b2:ec:ba:91:89:59:40:66:ed:38:ea:12:aa:
                    84:25:34:34:27:c8:e5:60:0a:dd:a6:51:d6:ca:79:
                    56:c3:b3:77:fe:10:39:fa:55:c4:6d:a2:36:30:06:
                    49:45:82:60:ec:a2:5a:19:ff:03:00:b1:58:1b:00:
                    e2:58:df:09:67:07:8a:f9:87:d1:f9:4d:5a:80:a9:
                    cd:a2:50:e9:f6:33:14:cf:8b:91:54:ad:f2:ec:aa:
                    fc:cf:0a:90:56:79:a2:46:91:15:eb:5d:38:6c:68:
                    9f:ab:3b:42:3b:9c:94:33:10:a8:d1:4d:a7:6b:30:
                    0e:38:fb:bf:a3:40:15:f0:df:e3:73:ed:e2:eb:14:
                    7c:4c:c5:84:b2:e1:fd:80:e4:76:bd:7f:76:7e:46:
                    25:30:67:e8:44:09:64:9d:e9:81:be:db:e1:47:10:
                    18:99:7d:58:7b:ec:1c:7b:3e:ce:af:ba:56:06:39:
                    36:7a:1a:70:93:af:59:bb:8d:a4:f2:27:91:77:65:
                    1f:33:e5:9e:b9:94:d0:38:d8:d1:bd:45:59:93:f2:
                    8f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:8F:92:CD:D8:6B:9E:EC:DC:44:07:EB:5A:2C:29:4D:61:5E:3A:F7
            X509v3 Authority Key Identifier:
                keyid:96:51:35:DD:42:51:9F:DD:A3:DD:3F:DA:A9:DB:33:57:81:5F:AD:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/llE13UJRn92j3T_aqdszV4FfrXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/46d903-afda-421b-8a61-07ee242e136d/1/5Y-SzdhrnuzcRAfrWiwpTWFeOvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/46d903-afda-421b-8a61-07ee242e136d/1/llE13UJRn92j3T_aqdszV4FfrXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:e2:c2:74:1b:f5:ad:05:33:04:c3:e3:02:e6:aa:5c:40:9f:
         24:fb:25:03:a2:4d:76:99:24:e1:ff:a4:8f:5a:9e:bc:f0:2f:
         5d:ab:71:17:89:f4:66:18:a5:63:ed:27:15:fe:f5:c2:f1:33:
         91:cc:b8:d0:6b:f1:3f:cd:f4:44:21:72:c7:9e:fe:da:ca:ea:
         74:2a:cb:91:9c:8a:eb:57:a0:a7:6a:e0:5b:0a:f9:aa:70:4d:
         d3:45:dd:59:18:08:fb:eb:3a:ba:6e:f9:fc:90:04:3f:cf:04:
         46:69:53:f8:30:28:c0:3a:4b:cc:d6:9f:d4:b7:69:1b:b0:33:
         60:cf:a5:76:38:2c:fb:21:28:5c:54:d4:44:ae:0d:2a:7f:6f:
         2c:03:2e:dd:1b:91:eb:e0:ee:d4:9f:9b:88:9d:e1:6a:13:b6:
         d1:54:7b:74:b6:d8:39:ae:ff:d9:f7:fa:e3:86:06:18:e4:d0:
         6d:28:a2:48:8a:b5:9e:08:cd:a4:17:c3:67:af:71:8c:06:f0:
         91:d4:28:dd:83:f5:25:15:92:54:ce:75:98:0b:65:23:cd:b2:
         4b:73:46:92:50:39:80:0f:34:58:83:05:50:a5:9c:34:72:54:
         62:08:a2:f3:78:c0:03:00:a4:69:12:80:85:b3:5d:9b:6e:5f:
         c5:e6:2c:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAZvYY4FJ6VMQO3R/NjwzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NTEzNWRkNDI1MTlmZGRhM2RkM2ZkYWE5ZGIzMzU3ODE1
ZmFkNzUwHhcNMjQwMTAyMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNThmOTJjZGQ4NmI5ZWVjZGM0NDA3ZWI1YTJjMjk0ZDYxNWUzYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtom08M93wHub8Ejkbz52rhQSfHn7
ZjbxExxjwKfU/bILDyc4KkHvAi1dhcvK0bLsupGJWUBm7TjqEqqEJTQ0J8jlYArd
plHWynlWw7N3/hA5+lXEbaI2MAZJRYJg7KJaGf8DALFYGwDiWN8JZweK+YfR+U1a
gKnNolDp9jMUz4uRVK3y7Kr8zwqQVnmiRpEV6104bGifqztCO5yUMxCo0U2nazAO
OPu/o0AV8N/jc+3i6xR8TMWEsuH9gOR2vX92fkYlMGfoRAlknemBvtvhRxAYmX1Y
e+wcez7Or7pWBjk2ehpwk69Zu42k8ieRd2UfM+WeuZTQONjRvUVZk/KPWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWPks3Ya57s3EQH61osKU1hXjr3MB8GA1UdIwQY
MBaAFJZRNd1CUZ/do90/2qnbM1eBX611MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGxFMTNVSlJuOTJqM1RfYXFkc3pWNEZmclhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80NmQ5MDMtYWZkYS00MjFiLThhNjEt
MDdlZTI0MmUxMzZkLzEvNVktU3pkaHJudXpjUkFmcldpd3BUV0ZlT3ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80NmQ5MDMtYWZkYS00MjFiLThhNjEtMDdlZTI0MmUxMzZk
LzEvbGxFMTNVSlJuOTJqM1RfYXFkc3pWNEZmclhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuctZMA0G
CSqGSIb3DQEBCwUAA4IBAQCY4sJ0G/WtBTMEw+MC5qpcQJ8k+yUDok12mSTh/6SP
Wp688C9dq3EXifRmGKVj7ScV/vXC8TORzLjQa/E/zfREIXLHnv7ayup0KsuRnIrr
V6CnauBbCvmqcE3TRd1ZGAj76zq6bvn8kAQ/zwRGaVP4MCjAOkvM1p/Ut2kbsDNg
z6V2OCz7IShcVNRErg0qf28sAy7dG5Hr4O7Un5uIneFqE7bRVHt0ttg5rv/Z9/rj
hgYY5NBtKKJIirWeCM2kF8Nnr3GMBvCR1Cjdg/UlFZJUznWYC2UjzbJLc0aSUDmA
DzRYgwVQpZw0clRiCKLzeMADAKRpEoCFs12bbl/F5iw6
-----END CERTIFICATE-----