Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/F5NyqIjyyPZnKsCCdiWO_H8G2XU.roa
File:                     F5NyqIjyyPZnKsCCdiWO_H8G2XU.roa (raw, json)
Hash identifier:          vgiQCZAfspEC6Evs7FQd/Se0WU3+AYLlPCfH0tvquSI=
Subject key identifier:   17:93:72:A8:88:F2:C8:F6:67:2A:C0:82:76:25:8E:FC:7F:06:D9:75
Certificate issuer:       /CN=762656c5e66b82c04654be1a25629b1fd6a59456
Certificate serial:       018CC8015D08658A7AED77B9286CFC317727
Authority key identifier: 76:26:56:C5:E6:6B:82:C0:46:54:BE:1A:25:62:9B:1F:D6:A5:94:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/diZWxeZrgsBGVL4aJWKbH9allFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/F5NyqIjyyPZnKsCCdiWO_H8G2XU.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54238
IP address blocks:        89.255.208.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/diZWxeZrgsBGVL4aJWKbH9allFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/diZWxeZrgsBGVL4aJWKbH9allFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/diZWxeZrgsBGVL4aJWKbH9allFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5d:08:65:8a:7a:ed:77:b9:28:6c:fc:31:77:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=762656c5e66b82c04654be1a25629b1fd6a59456
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=179372a888f2c8f6672ac08276258efc7f06d975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:da:ce:cd:f3:4e:96:e4:94:e7:ad:90:bb:83:
                    89:31:a9:c7:b5:a9:b1:e9:07:3a:16:fc:3f:1b:eb:
                    2e:b2:2d:f7:92:d6:6b:d2:bd:82:b1:95:80:e8:4c:
                    7a:31:a4:8b:04:6b:d3:11:ec:cc:ed:3b:0e:a9:86:
                    7a:d1:58:21:97:74:2f:c0:01:47:44:73:1c:24:35:
                    5a:97:f0:0b:34:0b:57:25:c3:ef:fb:69:9e:9f:c3:
                    77:36:4e:fa:5d:43:44:1c:d9:0c:4a:f0:37:d4:96:
                    aa:e1:58:b4:c2:95:47:47:7f:82:6c:ff:f3:d3:11:
                    4f:c4:70:9a:93:8d:35:c5:09:5d:77:73:56:7d:f8:
                    c2:6a:f7:f5:fd:3f:a6:01:c3:e5:ab:7d:0a:3a:6c:
                    57:d7:b6:c5:bd:a5:03:1f:ec:1c:f3:dc:5f:41:eb:
                    6e:bc:e8:3b:4d:4e:31:f0:60:a0:25:e3:3b:e5:75:
                    34:45:c0:19:4b:1b:91:c2:e3:d5:e9:23:89:4c:fc:
                    23:ae:0d:9e:55:da:f1:db:74:f6:99:18:c0:34:5a:
                    bf:70:de:38:f0:31:0a:59:79:d0:c8:3b:88:6b:a0:
                    45:59:c7:f2:d1:5a:8e:42:c7:48:2f:93:cf:07:ba:
                    8e:c6:58:6e:55:3a:14:d5:89:8b:55:87:c9:d7:b5:
                    40:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:93:72:A8:88:F2:C8:F6:67:2A:C0:82:76:25:8E:FC:7F:06:D9:75
            X509v3 Authority Key Identifier:
                keyid:76:26:56:C5:E6:6B:82:C0:46:54:BE:1A:25:62:9B:1F:D6:A5:94:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/diZWxeZrgsBGVL4aJWKbH9allFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/F5NyqIjyyPZnKsCCdiWO_H8G2XU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/diZWxeZrgsBGVL4aJWKbH9allFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.255.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3d:82:14:46:60:2f:8c:78:12:82:9f:76:2f:a9:a8:45:9b:dc:
         46:50:5d:39:f1:ec:1f:27:a5:ea:96:26:11:69:31:f0:72:0a:
         fb:fb:52:24:20:5f:5b:df:41:e8:40:cb:26:2e:c8:4b:00:05:
         55:d3:0e:4a:f5:1c:7e:7a:fb:59:33:e3:ab:d1:73:5f:a2:0c:
         07:64:d0:1c:1f:8c:18:5d:f6:a2:fd:2c:3a:ef:c9:00:03:6d:
         ed:82:5d:c5:66:5f:f2:fc:f1:46:20:58:08:d5:53:c6:2f:0e:
         99:63:2f:12:c1:9c:ea:62:d7:93:94:82:64:8d:b1:9c:5e:9d:
         4c:a9:d7:f7:e5:a9:6c:e0:63:c7:b0:51:d4:71:a3:52:ab:0e:
         57:73:03:94:8e:00:69:ca:bd:de:dc:08:91:d6:42:f5:54:92:
         01:c3:05:fb:df:6a:20:35:f3:c6:46:de:dd:28:fe:88:1d:7d:
         71:65:4a:94:88:83:16:3a:ec:fd:8e:ef:e5:b3:91:13:f0:e4:
         01:5e:8b:96:c0:d6:75:d5:6d:f6:c9:d8:27:6e:d1:a6:1c:fa:
         46:9f:34:14:f3:8f:0f:a3:b3:3d:ec:ce:ab:0c:f3:5d:35:b2:
         0c:d7:a9:9f:0b:10:0b:1b:64:c1:04:de:83:fa:5e:d9:3e:4a:
         0f:f9:12:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAV0IZYp67Xe5KGz8MXcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MjY1NmM1ZTY2YjgyYzA0NjU0YmUxYTI1NjI5YjFmZDZh
NTk0NTYwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzkzNzJhODg4ZjJjOGY2NjcyYWMwODI3NjI1OGVmYzdmMDZkOTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNrOzfNOluSU562Qu4OJManHtamx
6Qc6Fvw/G+susi33ktZr0r2CsZWA6Ex6MaSLBGvTEezM7TsOqYZ60Vghl3QvwAFH
RHMcJDVal/ALNAtXJcPv+2men8N3Nk76XUNEHNkMSvA31Jaq4Vi0wpVHR3+CbP/z
0xFPxHCak401xQldd3NWffjCavf1/T+mAcPlq30KOmxX17bFvaUDH+wc89xfQetu
vOg7TU4x8GCgJeM75XU0RcAZSxuRwuPV6SOJTPwjrg2eVdrx23T2mRjANFq/cN44
8DEKWXnQyDuIa6BFWcfy0VqOQsdIL5PPB7qOxlhuVToU1YmLVYfJ17VAPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeTcqiI8sj2ZyrAgnYljvx/Btl1MB8GA1UdIwQY
MBaAFHYmVsXma4LARlS+GiVimx/WpZRWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGlaV3hlWnJnc0JHVkw0YUpXS2JIOWFsbEZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8xOThjNmItZDcxNS00N2I2LTg2YzAt
NGQyMmM2YjViMWZlLzEvRjVOeXFJanl5UFpuS3NDQ2RpV09fSDhHMlhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8xOThjNmItZDcxNS00N2I2LTg2YzAtNGQyMmM2YjViMWZl
LzEvZGlaV3hlWnJnc0JHVkw0YUpXS2JIOWFsbEZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWf/QMA0G
CSqGSIb3DQEBCwUAA4IBAQA9ghRGYC+MeBKCn3YvqahFm9xGUF058ewfJ6XqliYR
aTHwcgr7+1IkIF9b30HoQMsmLshLAAVV0w5K9Rx+evtZM+Or0XNfogwHZNAcH4wY
Xfai/Sw678kAA23tgl3FZl/y/PFGIFgI1VPGLw6ZYy8SwZzqYteTlIJkjbGcXp1M
qdf35als4GPHsFHUcaNSqw5XcwOUjgBpyr3e3AiR1kL1VJIBwwX732ogNfPGRt7d
KP6IHX1xZUqUiIMWOuz9ju/ls5ET8OQBXouWwNZ11W32ydgnbtGmHPpGnzQU848P
o7M97M6rDPNdNbIM16mfCxALG2TBBN6D+l7ZPkoP+RK6
-----END CERTIFICATE-----