Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/6fcba8-adb8-411f-9e46-2ef27a1916bd/1/mjK2-IvECOhowGlXUSDOKkzCEq4.roa
File:                     mjK2-IvECOhowGlXUSDOKkzCEq4.roa (raw, json)
Hash identifier:          WxFNt3K11nwNNWpdxRLmx/DqbpyCRBBnCBRicxiTUKg=
Subject key identifier:   9A:32:B6:F8:8B:C4:08:E8:68:C0:69:57:51:20:CE:2A:4C:C2:12:AE
Certificate issuer:       /CN=c38ca1d418c218e26f795181a9e3bb7b79d4443f
Certificate serial:       018CC6B7961EB7628FC81BDDC68C3A881C5A
Authority key identifier: C3:8C:A1:D4:18:C2:18:E2:6F:79:51:81:A9:E3:BB:7B:79:D4:44:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4yh1BjCGOJveVGBqeO7e3nURD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/6fcba8-adb8-411f-9e46-2ef27a1916bd/1/mjK2-IvECOhowGlXUSDOKkzCEq4.roa
Signing time:             Mon 01 Jan 2024 20:29:29 +0000
ROA not before:           Mon 01 Jan 2024 20:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41203
IP address blocks:        89.207.48.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/6fcba8-adb8-411f-9e46-2ef27a1916bd/1/w4yh1BjCGOJveVGBqeO7e3nURD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/6fcba8-adb8-411f-9e46-2ef27a1916bd/1/w4yh1BjCGOJveVGBqeO7e3nURD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4yh1BjCGOJveVGBqeO7e3nURD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:96:1e:b7:62:8f:c8:1b:dd:c6:8c:3a:88:1c:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38ca1d418c218e26f795181a9e3bb7b79d4443f
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a32b6f88bc408e868c069575120ce2a4cc212ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a1:e2:5c:46:86:3b:b8:57:d2:01:dd:21:ae:
                    f6:ee:6c:20:05:41:0c:64:b6:cd:fc:44:dc:dc:94:
                    cb:97:2a:9c:61:7f:e3:c6:20:7a:d6:c4:e0:c5:57:
                    55:e7:3f:1f:94:a5:81:2c:4b:49:77:da:ba:19:bd:
                    c0:75:c4:6d:39:71:41:d4:ee:7b:f2:34:94:d4:cb:
                    c1:ac:4a:a6:ec:62:74:62:e8:1b:f0:43:c2:c7:d8:
                    0c:9e:8c:c3:73:cf:9b:2e:72:25:64:7a:26:cc:23:
                    8f:ab:9e:57:d7:75:3e:18:9f:83:b5:6b:15:bd:36:
                    76:80:95:1b:ba:de:57:25:e7:7b:14:07:d8:ee:72:
                    f3:c5:43:e1:dd:5d:fc:a0:0d:3f:49:a1:3f:a2:6b:
                    dc:8d:88:32:c8:2b:93:3c:28:f1:a5:bb:41:57:6f:
                    e8:34:44:3e:d2:8e:5c:91:9e:e6:4c:e2:fe:ed:0b:
                    31:be:79:dd:92:96:f8:36:ae:27:fb:62:57:0d:f6:
                    5f:84:b6:09:9a:d3:62:d3:b3:42:c7:70:2e:38:9b:
                    d3:1e:c2:79:6c:7a:f2:cf:f6:c2:fa:a3:c6:59:ff:
                    52:41:46:c6:f3:59:53:de:2e:dc:c6:bf:27:76:5f:
                    50:98:19:7f:73:4a:e9:54:b1:7d:3c:8c:13:f1:2c:
                    09:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:32:B6:F8:8B:C4:08:E8:68:C0:69:57:51:20:CE:2A:4C:C2:12:AE
            X509v3 Authority Key Identifier:
                keyid:C3:8C:A1:D4:18:C2:18:E2:6F:79:51:81:A9:E3:BB:7B:79:D4:44:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4yh1BjCGOJveVGBqeO7e3nURD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/6fcba8-adb8-411f-9e46-2ef27a1916bd/1/mjK2-IvECOhowGlXUSDOKkzCEq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/6fcba8-adb8-411f-9e46-2ef27a1916bd/1/w4yh1BjCGOJveVGBqeO7e3nURD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5f:8f:95:79:e6:33:5b:84:2c:30:9e:fe:ab:5b:f5:39:2e:24:
         6c:c6:99:05:93:8b:a4:b0:a2:26:4e:11:3a:bb:42:f7:43:9c:
         43:ef:60:2e:6a:67:46:9d:a5:0b:a4:39:a7:1b:a7:a5:62:46:
         45:9b:01:43:5a:28:6b:0b:a0:e5:b7:dd:88:94:da:e1:26:7a:
         19:ec:4a:f3:c4:69:52:cb:2a:8c:b0:4a:e2:ad:d5:35:71:c1:
         51:8d:11:3e:11:4e:d2:0c:cb:3d:98:e9:a1:ad:2e:ea:19:3d:
         06:57:17:d1:c9:34:5a:d4:c0:06:a8:67:8d:cf:1d:c7:e6:70:
         52:85:c7:d2:5b:09:7e:d7:d7:68:5f:7a:7e:a5:76:f1:81:86:
         d5:1b:c4:70:d1:b4:81:1c:89:f9:1b:a9:f3:0a:0b:f9:9a:2f:
         b4:29:60:ee:1e:ac:cc:b3:95:f2:ff:c0:fc:bf:dc:b9:6b:6d:
         bd:5a:91:db:97:a7:b4:ae:c6:28:b7:9e:91:00:07:c6:40:dc:
         37:b3:69:11:90:1c:5c:5b:e9:28:ab:e3:82:de:9d:d6:b9:eb:
         6a:7b:13:30:b7:a4:01:8c:36:40:31:90:fd:f1:5b:31:76:ca:
         e3:e2:f4:73:a2:b6:4f:c7:08:1b:28:b7:a9:68:42:3f:77:1e:
         73:b5:89:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5Yet2KPyBvdxow6iBxaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzOGNhMWQ0MThjMjE4ZTI2Zjc5NTE4MWE5ZTNiYjdiNzlk
NDQ0M2YwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTMyYjZmODhiYzQwOGU4NjhjMDY5NTc1MTIwY2UyYTRjYzIxMmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqHiXEaGO7hX0gHdIa727mwgBUEM
ZLbN/ETc3JTLlyqcYX/jxiB61sTgxVdV5z8flKWBLEtJd9q6Gb3AdcRtOXFB1O57
8jSU1MvBrEqm7GJ0Yugb8EPCx9gMnozDc8+bLnIlZHomzCOPq55X13U+GJ+DtWsV
vTZ2gJUbut5XJed7FAfY7nLzxUPh3V38oA0/SaE/omvcjYgyyCuTPCjxpbtBV2/o
NEQ+0o5ckZ7mTOL+7Qsxvnndkpb4Nq4n+2JXDfZfhLYJmtNi07NCx3AuOJvTHsJ5
bHryz/bC+qPGWf9SQUbG81lT3i7cxr8ndl9QmBl/c0rpVLF9PIwT8SwJjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJoytviLxAjoaMBpV1EgzipMwhKuMB8GA1UdIwQY
MBaAFMOModQYwhjib3lRganju3t51EQ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzR5aDFCakNHT0p2ZVZHQnFlTzdlM25VUkQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS82ZmNiYTgtYWRiOC00MTFmLTllNDYt
MmVmMjdhMTkxNmJkLzEvbWpLMi1JdkVDT2hvd0dsWFVTRE9La3pDRXE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS82ZmNiYTgtYWRiOC00MTFmLTllNDYtMmVmMjdhMTkxNmJk
LzEvdzR5aDFCakNHT0p2ZVZHQnFlTzdlM25VUkQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWc8wMA0G
CSqGSIb3DQEBCwUAA4IBAQBfj5V55jNbhCwwnv6rW/U5LiRsxpkFk4uksKImThE6
u0L3Q5xD72AuamdGnaULpDmnG6elYkZFmwFDWihrC6Dlt92IlNrhJnoZ7ErzxGlS
yyqMsErirdU1ccFRjRE+EU7SDMs9mOmhrS7qGT0GVxfRyTRa1MAGqGeNzx3H5nBS
hcfSWwl+19doX3p+pXbxgYbVG8Rw0bSBHIn5G6nzCgv5mi+0KWDuHqzMs5Xy/8D8
v9y5a229WpHbl6e0rsYot56RAAfGQNw3s2kRkBxcW+koq+OC3p3WuetqexMwt6QB
jDZAMZD98Vsxdsrj4vRzorZPxwgbKLepaEI/dx5ztYlf
-----END CERTIFICATE-----