Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/kTN5uCN1kBVIV9ML4QW_okwLWRY.roa
File:                     kTN5uCN1kBVIV9ML4QW_okwLWRY.roa (raw, json)
Hash identifier:          VU4ByTwJlQqqbN++NzQJIy+V8pIa/KVYoUbzEOum8W0=
Subject key identifier:   91:33:79:B8:23:75:90:15:48:57:D3:0B:E1:05:BF:A2:4C:0B:59:16
Certificate issuer:       /CN=89e21a2b8a25b971bdb741a0aae325992304194e
Certificate serial:       018CC6B7FEEA5D25C4979E03FE4D43111A48
Authority key identifier: 89:E2:1A:2B:8A:25:B9:71:BD:B7:41:A0:AA:E3:25:99:23:04:19:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ieIaK4oluXG9t0GgquMlmSMEGU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/kTN5uCN1kBVIV9ML4QW_okwLWRY.roa
Signing time:             Mon 01 Jan 2024 20:29:56 +0000
ROA not before:           Mon 01 Jan 2024 20:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397966
IP address blocks:        193.25.215.0/24 maxlen: 24
                          193.25.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/ieIaK4oluXG9t0GgquMlmSMEGU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/ieIaK4oluXG9t0GgquMlmSMEGU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ieIaK4oluXG9t0GgquMlmSMEGU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:fe:ea:5d:25:c4:97:9e:03:fe:4d:43:11:1a:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89e21a2b8a25b971bdb741a0aae325992304194e
        Validity
            Not Before: Jan  1 20:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=913379b8237590154857d30be105bfa24c0b5916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:7e:9b:34:08:e6:2a:88:01:f0:d9:33:5a:75:
                    7e:3e:7d:52:e5:39:bb:b6:50:89:0f:4e:67:3b:0a:
                    2a:ad:7a:ee:1d:68:ad:7d:fe:a5:10:07:e3:9d:2a:
                    e3:7e:b1:26:73:4b:ab:b9:ae:1a:45:7a:48:73:c8:
                    ce:5f:6b:ad:fb:b2:29:58:2e:03:58:f2:28:09:d1:
                    a0:19:27:c6:35:14:26:18:38:eb:81:9f:33:69:3a:
                    18:b6:7c:86:69:c3:fc:e0:da:37:e0:f7:2c:e2:f2:
                    ac:c2:7a:6d:d0:2e:57:71:4e:e3:db:ce:45:81:44:
                    49:d1:2f:e1:05:8c:1d:f2:c3:a7:c6:6c:0e:76:85:
                    49:4f:f7:28:6d:76:3b:70:7e:b9:21:57:a3:81:84:
                    42:ee:d3:ec:b9:5c:9b:c3:f9:0e:86:8a:b8:ca:d0:
                    c7:37:41:f1:0f:20:87:e2:b9:28:f6:74:8b:da:c3:
                    d1:1f:a8:33:6b:c1:ab:50:ae:20:f8:0f:07:5f:ff:
                    38:e9:5f:e5:81:79:f1:15:fe:00:be:f3:75:f2:97:
                    33:c8:a0:90:b8:b3:68:62:8a:74:7f:58:2f:ee:5f:
                    26:d3:f8:0f:ce:14:99:44:3a:ae:05:02:3c:bd:39:
                    eb:b8:a0:ec:1e:9f:d0:34:0f:48:bd:63:dc:9b:8d:
                    79:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:33:79:B8:23:75:90:15:48:57:D3:0B:E1:05:BF:A2:4C:0B:59:16
            X509v3 Authority Key Identifier:
                keyid:89:E2:1A:2B:8A:25:B9:71:BD:B7:41:A0:AA:E3:25:99:23:04:19:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ieIaK4oluXG9t0GgquMlmSMEGU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/kTN5uCN1kBVIV9ML4QW_okwLWRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/ieIaK4oluXG9t0GgquMlmSMEGU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:aa:da:94:25:19:db:54:0d:3c:61:37:0c:c3:4b:b8:1a:ee:
         37:cc:d8:af:46:2f:a2:d4:15:67:52:18:de:80:2f:ef:ac:2a:
         17:11:b3:b4:75:00:8e:bc:21:ad:4b:33:07:29:69:94:f0:57:
         2f:29:11:ff:b6:2d:3e:44:db:8a:7e:2b:2d:bc:0d:3e:90:0e:
         15:10:69:11:53:52:e4:f5:e5:b3:ff:42:6e:ad:11:52:13:85:
         49:58:ae:38:31:6c:2a:8a:97:bc:39:79:94:2c:ef:5a:cc:c8:
         9b:77:0c:a3:20:98:6e:b2:1c:de:52:2d:9b:46:25:52:d0:39:
         7a:46:c9:bd:ac:81:b3:9d:15:ab:44:26:79:86:a0:94:68:ae:
         90:c5:fc:23:8a:a2:6d:1b:21:83:ac:13:07:54:6a:05:52:c9:
         0a:c0:25:ce:a7:9b:b5:69:a0:86:da:36:04:62:6b:a5:b6:73:
         c2:0b:42:f1:3f:d7:2e:37:c9:0b:d7:3d:09:5b:73:8c:b2:1a:
         45:3e:97:51:06:aa:5b:30:97:71:18:97:b9:4c:6b:70:cb:32:
         5f:c9:7e:ec:2d:c3:7a:01:8f:bd:08:65:a9:84:4b:ba:3c:b4:
         1e:1a:20:34:4a:e8:7c:0c:61:41:fc:49:ba:c2:66:46:fe:12:
         a5:e2:91:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt/7qXSXEl54D/k1DERpIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZTIxYTJiOGEyNWI5NzFiZGI3NDFhMGFhZTMyNTk5MjMw
NDE5NGUwHhcNMjQwMTAxMjAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTMzNzliODIzNzU5MDE1NDg1N2QzMGJlMTA1YmZhMjRjMGI1OTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjn6bNAjmKogB8NkzWnV+Pn1S5Tm7
tlCJD05nOwoqrXruHWitff6lEAfjnSrjfrEmc0urua4aRXpIc8jOX2ut+7IpWC4D
WPIoCdGgGSfGNRQmGDjrgZ8zaToYtnyGacP84No34Pcs4vKswnpt0C5XcU7j285F
gURJ0S/hBYwd8sOnxmwOdoVJT/cobXY7cH65IVejgYRC7tPsuVybw/kOhoq4ytDH
N0HxDyCH4rko9nSL2sPRH6gza8GrUK4g+A8HX/846V/lgXnxFf4AvvN18pczyKCQ
uLNoYop0f1gv7l8m0/gPzhSZRDquBQI8vTnruKDsHp/QNA9IvWPcm415mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEzebgjdZAVSFfTC+EFv6JMC1kWMB8GA1UdIwQY
MBaAFIniGiuKJblxvbdBoKrjJZkjBBlOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWVJYUs0b2x1WEc5dDBHZ3F1TWxtU01FR1U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi80MDY5OTEtNWJlMy00YTA1LWFjYjIt
MWFkNDdjY2QyZDlhLzEva1RONXVDTjFrQlZJVjlNTDRRV19va3dMV1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi80MDY5OTEtNWJlMy00YTA1LWFjYjItMWFkNDdjY2QyZDlh
LzEvaWVJYUs0b2x1WEc5dDBHZ3F1TWxtU01FR1U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRnWMA0G
CSqGSIb3DQEBCwUAA4IBAQAhqtqUJRnbVA08YTcMw0u4Gu43zNivRi+i1BVnUhje
gC/vrCoXEbO0dQCOvCGtSzMHKWmU8FcvKRH/ti0+RNuKfistvA0+kA4VEGkRU1Lk
9eWz/0JurRFSE4VJWK44MWwqipe8OXmULO9azMibdwyjIJhushzeUi2bRiVS0Dl6
Rsm9rIGznRWrRCZ5hqCUaK6QxfwjiqJtGyGDrBMHVGoFUskKwCXOp5u1aaCG2jYE
YmultnPCC0LxP9cuN8kL1z0JW3OMshpFPpdRBqpbMJdxGJe5TGtwyzJfyX7sLcN6
AY+9CGWphEu6PLQeGiA0Suh8DGFB/Em6wmZG/hKl4pEs
-----END CERTIFICATE-----