Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/_iE_2MQNp2b3V61CeNOEIXZHbcs.roa
File:                     _iE_2MQNp2b3V61CeNOEIXZHbcs.roa (raw, json)
Hash identifier:          Odr2yO1qkmgbLxwWKL+9y336XqttJ63pR5gTDMzBEAc=
Subject key identifier:   FE:21:3F:D8:C4:0D:A7:66:F7:57:AD:42:78:D3:84:21:76:47:6D:CB
Certificate issuer:       /CN=adac830ccaa74783dd961fab241a228d7cc6f808
Certificate serial:       018CC3B743AD4D67D7CAF16F8135474281BB
Authority key identifier: AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/_iE_2MQNp2b3V61CeNOEIXZHbcs.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28745
IP address blocks:        89.237.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:43:ad:4d:67:d7:ca:f1:6f:81:35:47:42:81:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adac830ccaa74783dd961fab241a228d7cc6f808
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe213fd8c40da766f757ad4278d3842176476dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d8:9f:55:23:c4:a5:5a:e1:9c:51:cd:f7:72:
                    33:3d:fe:85:33:30:97:62:eb:80:89:4b:ee:4b:f2:
                    0d:1d:b9:3a:60:8e:8f:e6:24:09:a6:b2:0d:a0:83:
                    31:3d:3c:24:4d:82:30:83:f3:2c:1a:96:3d:22:c9:
                    48:0b:16:11:aa:e6:ed:52:31:60:bd:2f:e8:11:95:
                    9f:88:17:a1:76:27:51:a8:28:83:39:24:5b:67:6c:
                    fd:1b:f1:6d:2f:6d:ea:2f:27:28:24:20:f5:31:d0:
                    8f:8f:b1:3d:31:67:6c:8c:fd:e9:a8:68:25:60:8d:
                    df:c8:5e:69:79:a1:fc:b2:57:62:88:01:8e:84:e4:
                    84:fc:66:b5:25:08:da:53:af:dc:83:f8:5c:31:02:
                    d0:bc:ff:9e:87:96:aa:ef:c3:50:eb:c8:d2:96:72:
                    23:c4:05:5f:37:24:5d:f1:5c:dd:46:06:37:b2:16:
                    28:df:f7:4f:f1:99:c9:8e:65:b2:81:5b:03:13:60:
                    9f:c2:e6:4a:b7:8b:b8:48:e9:a7:61:a4:cc:3d:b8:
                    52:67:8f:e5:ab:ad:7a:73:be:7d:19:a6:62:a0:be:
                    dc:cf:c3:b2:79:a6:67:96:df:cb:b2:f8:3c:70:7f:
                    74:4a:83:4a:69:89:4f:e7:17:00:f7:3c:4d:75:92:
                    f3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:21:3F:D8:C4:0D:A7:66:F7:57:AD:42:78:D3:84:21:76:47:6D:CB
            X509v3 Authority Key Identifier:
                keyid:AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/_iE_2MQNp2b3V61CeNOEIXZHbcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.237.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:f2:8e:d9:4f:64:a0:80:c3:21:0d:71:6e:90:25:c9:15:79:
         e9:d0:5e:14:2a:20:16:46:6a:6e:6c:60:cc:40:ab:b0:2f:cc:
         a1:25:51:1d:d0:8b:e6:a4:f8:19:ec:4e:17:3d:60:8d:c8:88:
         34:48:23:03:ff:eb:3d:d3:a8:56:76:79:3f:0e:bb:32:92:44:
         54:0b:e5:bb:56:7c:2d:7c:1f:d1:29:ad:b7:27:4b:e0:e3:ba:
         aa:42:63:ee:00:20:27:60:4e:f1:c6:b0:e1:97:f5:5d:e1:41:
         c2:f9:39:4d:46:67:a8:7a:1b:e7:1c:f3:8f:35:1f:73:d9:b6:
         c5:18:38:48:4b:1d:dc:ad:71:a7:5a:65:45:64:c3:c9:d5:ad:
         b5:fb:dc:e0:cd:4e:c2:f5:fc:dd:26:7a:9f:e2:72:0f:0d:29:
         b1:1f:54:8a:37:89:c2:77:7a:b5:ef:0a:9f:e6:1f:15:f3:28:
         8c:a8:74:4e:23:07:1d:75:f1:a1:e3:0a:f3:fe:cb:79:ea:5a:
         f1:30:38:71:79:06:84:f0:db:1f:db:4d:9e:f5:bb:8a:1b:a2:
         cb:ad:22:08:77:f4:1a:30:ea:7a:af:15:f0:6c:a1:34:98:4c:
         cc:56:ed:72:d5:ec:2c:cc:f2:92:2e:48:22:31:40:e8:cf:52:
         bd:d5:13:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0OtTWfXyvFvgTVHQoG7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYWM4MzBjY2FhNzQ3ODNkZDk2MWZhYjI0MWEyMjhkN2Nj
NmY4MDgwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTIxM2ZkOGM0MGRhNzY2Zjc1N2FkNDI3OGQzODQyMTc2NDc2ZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtifVSPEpVrhnFHN93IzPf6FMzCX
YuuAiUvuS/INHbk6YI6P5iQJprINoIMxPTwkTYIwg/MsGpY9IslICxYRqubtUjFg
vS/oEZWfiBehdidRqCiDOSRbZ2z9G/FtL23qLycoJCD1MdCPj7E9MWdsjP3pqGgl
YI3fyF5peaH8sldiiAGOhOSE/Ga1JQjaU6/cg/hcMQLQvP+eh5aq78NQ68jSlnIj
xAVfNyRd8VzdRgY3shYo3/dP8ZnJjmWygVsDE2CfwuZKt4u4SOmnYaTMPbhSZ4/l
q616c759GaZioL7cz8OyeaZnlt/Lsvg8cH90SoNKaYlP5xcA9zxNdZLzkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP4hP9jEDadm91etQnjThCF2R23LMB8GA1UdIwQY
MBaAFK2sgwzKp0eD3ZYfqyQaIo18xvgIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgt
OTI5ZjdkNjM1ZjRiLzEvX2lFXzJNUU5wMmIzVjYxQ2VOT0VJWFpIYmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgtOTI5ZjdkNjM1ZjRi
LzEvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWe08MA0G
CSqGSIb3DQEBCwUAA4IBAQAu8o7ZT2SggMMhDXFukCXJFXnp0F4UKiAWRmpubGDM
QKuwL8yhJVEd0IvmpPgZ7E4XPWCNyIg0SCMD/+s906hWdnk/DrsykkRUC+W7Vnwt
fB/RKa23J0vg47qqQmPuACAnYE7xxrDhl/Vd4UHC+TlNRmeoehvnHPOPNR9z2bbF
GDhISx3crXGnWmVFZMPJ1a21+9zgzU7C9fzdJnqf4nIPDSmxH1SKN4nCd3q17wqf
5h8V8yiMqHROIwcddfGh4wrz/st56lrxMDhxeQaE8Nsf202e9buKG6LLrSIId/Qa
MOp6rxXwbKE0mEzMVu1y1ewszPKSLkgiMUDoz1K91RNy
-----END CERTIFICATE-----