Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/wKRTaxw_m0Em8LaiOh7c2R0K_LA.roa
File:                     wKRTaxw_m0Em8LaiOh7c2R0K_LA.roa (raw, json)
Hash identifier:          ygtsSrpuTzY8hJDz6IrIY8APLqiHJTZagTjuoSBh71g=
Subject key identifier:   C0:A4:53:6B:1C:3F:9B:41:26:F0:B6:A2:3A:1E:DC:D9:1D:0A:FC:B0
Certificate issuer:       /CN=e7fed4e778209c3cae93d4b76d350704462c3aab
Certificate serial:       0192F2744FB4054EED80DACB7FD2FF73722F
Authority key identifier: E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/wKRTaxw_m0Em8LaiOh7c2R0K_LA.roa
Signing time:             Sun 03 Nov 2024 14:36:01 +0000
ROA not before:           Sun 03 Nov 2024 14:36:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59703
IP address blocks:        89.33.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f2:74:4f:b4:05:4e:ed:80:da:cb:7f:d2:ff:73:72:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7fed4e778209c3cae93d4b76d350704462c3aab
        Validity
            Not Before: Nov  3 14:36:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0a4536b1c3f9b4126f0b6a23a1edcd91d0afcb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:51:43:0f:9a:cf:6e:43:32:bc:b6:ff:bd:d3:
                    7d:8f:47:56:52:a8:8f:e8:8b:8c:38:b7:4b:70:92:
                    68:98:c9:7a:36:5f:cc:bc:e0:a2:d4:37:d4:c6:cd:
                    73:49:1f:17:da:ae:b3:d4:34:78:70:30:cb:4b:37:
                    df:6f:ab:a8:c4:7f:df:6b:b6:2c:46:74:c1:b0:d0:
                    5d:df:ec:b6:df:a8:dc:e9:44:e9:ce:b6:3f:26:51:
                    5d:77:6e:9e:f9:fa:86:82:b8:72:6d:7f:3f:68:88:
                    d4:22:53:d1:ec:c2:ae:73:a2:74:95:50:bb:7e:84:
                    5a:69:1e:6a:5e:1e:21:e8:cf:86:13:d4:68:fc:c8:
                    d6:c1:90:68:8d:ec:26:ec:b1:99:73:ee:e4:6f:e6:
                    06:61:2f:73:05:58:77:e1:77:f9:60:81:69:e5:c8:
                    a5:2d:91:24:5d:2c:5b:d3:4d:9a:3f:1d:4b:60:ce:
                    11:95:2d:1d:9a:89:dc:07:80:1e:ba:5e:c9:64:e4:
                    35:69:65:ce:cd:c6:34:1a:5a:f1:8c:86:12:8f:a2:
                    7c:26:78:0b:db:d8:d1:2f:7b:ea:45:7c:d6:10:cb:
                    eb:a0:0c:f3:ee:e0:4e:4b:c1:38:ab:9f:d7:6c:8f:
                    bc:25:cb:b1:8c:a6:17:86:a0:a1:47:e5:dc:a4:f2:
                    4a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:A4:53:6B:1C:3F:9B:41:26:F0:B6:A2:3A:1E:DC:D9:1D:0A:FC:B0
            X509v3 Authority Key Identifier:
                keyid:E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/wKRTaxw_m0Em8LaiOh7c2R0K_LA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:1d:30:24:2c:22:0b:29:c6:e8:fb:f9:68:7c:c2:dc:c0:82:
         15:64:12:69:70:ed:d5:c7:54:0d:6b:cd:fd:22:34:3e:9b:03:
         ec:bb:a8:74:17:15:c0:d9:64:9d:08:9c:9f:96:7b:6b:8d:18:
         eb:18:8a:7e:5b:10:0a:0a:05:d9:6b:7c:c6:05:f1:18:d2:50:
         2e:3f:b1:76:35:33:42:55:f9:5c:57:29:a3:cc:43:c0:6c:80:
         71:1c:df:65:bf:8b:fe:06:a3:e5:50:9a:6f:ff:51:47:36:ff:
         05:7d:c7:7c:05:18:e3:a0:7e:07:66:fa:82:c3:b9:7d:ae:db:
         d7:70:db:91:a7:5e:98:32:2c:47:57:53:31:51:4b:84:59:2e:
         8a:eb:eb:4a:89:d2:b6:8d:b2:b0:33:02:b9:a0:65:53:d5:a9:
         da:1e:ad:2b:fd:a3:86:ad:fe:07:0c:73:c7:16:da:fd:0c:69:
         cc:47:03:d5:ae:12:95:c9:f0:f6:b4:97:81:05:73:1d:45:e1:
         85:79:23:88:df:b7:3d:43:ee:59:e6:0e:be:bc:7a:1b:7f:10:
         ca:30:17:6d:51:ca:32:e8:49:7c:ae:b2:54:bf:81:f6:eb:7f:
         e8:3a:31:e4:64:9a:77:cf:07:b7:e3:3c:e1:cb:1d:12:9a:00:
         94:b3:8f:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLydE+0BU7tgNrLf9L/c3IvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZmVkNGU3NzgyMDljM2NhZTkzZDRiNzZkMzUwNzA0NDYy
YzNhYWIwHhcNMjQxMTAzMTQzNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGE0NTM2YjFjM2Y5YjQxMjZmMGI2YTIzYTFlZGNkOTFkMGFmY2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11FDD5rPbkMyvLb/vdN9j0dWUqiP
6IuMOLdLcJJomMl6Nl/MvOCi1DfUxs1zSR8X2q6z1DR4cDDLSzffb6uoxH/fa7Ys
RnTBsNBd3+y236jc6UTpzrY/JlFdd26e+fqGgrhybX8/aIjUIlPR7MKuc6J0lVC7
foRaaR5qXh4h6M+GE9Ro/MjWwZBojewm7LGZc+7kb+YGYS9zBVh34Xf5YIFp5cil
LZEkXSxb002aPx1LYM4RlS0dmoncB4Aeul7JZOQ1aWXOzcY0GlrxjIYSj6J8JngL
29jRL3vqRXzWEMvroAzz7uBOS8E4q5/XbI+8JcuxjKYXhqChR+XcpPJK8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCkU2scP5tBJvC2ojoe3NkdCvywMB8GA1UdIwQY
MBaAFOf+1Od4IJw8rpPUt201BwRGLDqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV83VTUzZ2duRHl1azlTM2JUVUhCRVlzT3FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8yMmEzYzctNmZlNS00OWUxLTkzNWQt
OGJiODAxNTJhYjM0LzEvd0tSVGF4d19tMEVtOExhaU9oN2MyUjBLX0xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8yMmEzYzctNmZlNS00OWUxLTkzNWQtOGJiODAxNTJhYjM0
LzEvNV83VTUzZ2duRHl1azlTM2JUVUhCRVlzT3FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSGBMA0G
CSqGSIb3DQEBCwUAA4IBAQBgHTAkLCILKcbo+/lofMLcwIIVZBJpcO3Vx1QNa839
IjQ+mwPsu6h0FxXA2WSdCJyflntrjRjrGIp+WxAKCgXZa3zGBfEY0lAuP7F2NTNC
VflcVymjzEPAbIBxHN9lv4v+BqPlUJpv/1FHNv8Ffcd8BRjjoH4HZvqCw7l9rtvX
cNuRp16YMixHV1MxUUuEWS6K6+tKidK2jbKwMwK5oGVT1anaHq0r/aOGrf4HDHPH
Ftr9DGnMRwPVrhKVyfD2tJeBBXMdReGFeSOI37c9Q+5Z5g6+vHobfxDKMBdtUcoy
6El8rrJUv4H263/oOjHkZJp3zwe34zzhyx0SmgCUs49V
-----END CERTIFICATE-----