Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/CfRxEHDx563psk174NucDw5uybE.roa
File:                     CfRxEHDx563psk174NucDw5uybE.roa (raw, json)
Hash identifier:          uRSd0bAKPEU907K98oKWZtI9QuP/KrTIvilXwDmgeik=
Subject key identifier:   09:F4:71:10:70:F1:E7:AD:E9:B2:4D:7B:E0:DB:9C:0F:0E:6E:C9:B1
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       01927D49F5CD3C63EC1D7220A110D1B99A04
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/CfRxEHDx563psk174NucDw5uybE.roa
Signing time:             Fri 11 Oct 2024 20:34:12 +0000
ROA not before:           Fri 11 Oct 2024 20:34:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        185.10.120.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7d:49:f5:cd:3c:63:ec:1d:72:20:a1:10:d1:b9:9a:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Oct 11 20:34:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09f4711070f1e7ade9b24d7be0db9c0f0e6ec9b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5f:c4:8c:1e:e1:f4:31:c4:3d:7c:48:e5:68:
                    f1:93:90:51:47:ea:7b:93:d7:71:6d:68:19:a6:b7:
                    9a:8c:d7:6a:5f:78:69:cc:51:b0:4f:b5:74:51:26:
                    e2:a4:36:6d:ed:63:a3:ce:7b:5c:1d:b5:c5:46:44:
                    5d:21:d9:49:a0:ef:ce:95:82:84:50:36:94:9b:0f:
                    25:8a:01:52:15:66:54:9c:13:00:d0:c2:0c:b5:7b:
                    ee:57:a8:ab:be:1f:6c:a2:1a:6c:5d:dd:e2:41:4e:
                    06:a5:7b:55:85:2b:52:ba:10:ff:b9:63:71:d3:f9:
                    5b:68:60:84:2b:2f:ba:7d:9e:17:05:4a:69:11:9c:
                    b7:1a:71:42:2a:32:97:f8:6b:18:e6:69:f7:10:88:
                    39:89:ff:81:4d:b8:cf:2b:77:a0:7f:4c:f7:4a:4f:
                    c0:c6:c8:3d:78:b7:db:80:65:00:51:04:c1:a3:cc:
                    ab:09:35:ea:9c:c8:2a:64:0c:c8:0e:14:df:34:7d:
                    7d:37:50:ff:2d:f3:95:f7:0b:ff:6f:fd:76:f1:1a:
                    4a:70:e2:91:82:45:b9:06:78:7f:35:33:9f:4d:61:
                    81:14:8b:2e:b6:5a:72:c1:59:7b:00:f1:78:3c:60:
                    92:90:ca:e3:7a:85:dc:7b:31:6a:48:81:ed:72:82:
                    74:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:F4:71:10:70:F1:E7:AD:E9:B2:4D:7B:E0:DB:9C:0F:0E:6E:C9:B1
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/CfRxEHDx563psk174NucDw5uybE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:a8:a1:67:f1:d3:01:96:14:a1:1f:ee:03:c4:5f:4a:56:09:
         f6:66:81:ca:26:20:88:44:52:9c:6b:40:c1:1a:44:b4:84:ff:
         f8:08:d6:ef:fb:2f:fa:0b:4a:5f:e7:50:ad:1e:2f:e0:44:a5:
         0a:1a:cb:07:86:dd:af:6d:50:ea:d3:fc:8b:ba:19:f9:c8:83:
         3b:82:41:b4:28:25:9e:ea:d2:a5:87:d0:b3:b4:f4:19:bc:e1:
         12:76:19:75:9d:5e:36:8d:b3:ce:25:c1:11:94:49:8e:51:02:
         6a:a3:0d:4b:84:5e:99:6c:1d:8f:27:c8:04:51:63:e7:a9:c9:
         be:f7:b8:27:5a:b8:e6:43:60:f8:ac:66:c6:58:59:25:05:43:
         8d:22:65:bf:6b:20:bd:e4:cf:3f:0f:24:19:de:d1:93:28:8c:
         37:81:c2:56:1c:13:b5:94:c7:17:56:bc:08:65:97:5f:82:07:
         35:66:de:89:73:ce:47:a2:e1:83:52:34:33:67:c5:5e:57:b8:
         23:d4:d2:7c:8d:c6:d3:c1:aa:94:5b:a3:49:0a:1c:f3:a8:36:
         6e:dd:a7:21:85:6b:1a:80:64:da:6d:c4:b7:41:ba:48:9a:82:
         f3:14:3d:91:be:e5:7f:6b:ca:81:ae:a7:aa:b2:04:0c:c3:a8:
         08:43:7b:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ9SfXNPGPsHXIgoRDRuZoEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjQxMDExMjAzNDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWY0NzExMDcwZjFlN2FkZTliMjRkN2JlMGRiOWMwZjBlNmVjOWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlF/EjB7h9DHEPXxI5Wjxk5BRR+p7
k9dxbWgZpreajNdqX3hpzFGwT7V0USbipDZt7WOjzntcHbXFRkRdIdlJoO/OlYKE
UDaUmw8ligFSFWZUnBMA0MIMtXvuV6irvh9sohpsXd3iQU4GpXtVhStSuhD/uWNx
0/lbaGCEKy+6fZ4XBUppEZy3GnFCKjKX+GsY5mn3EIg5if+BTbjPK3egf0z3Sk/A
xsg9eLfbgGUAUQTBo8yrCTXqnMgqZAzIDhTfNH19N1D/LfOV9wv/b/128RpKcOKR
gkW5Bnh/NTOfTWGBFIsutlpywVl7APF4PGCSkMrjeoXcezFqSIHtcoJ05wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAn0cRBw8eet6bJNe+DbnA8ObsmxMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvQ2ZSeEVIRHg1NjNwc2sxNzROdWNEdzV1eWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQp4MA0G
CSqGSIb3DQEBCwUAA4IBAQAhqKFn8dMBlhShH+4DxF9KVgn2ZoHKJiCIRFKca0DB
GkS0hP/4CNbv+y/6C0pf51CtHi/gRKUKGssHht2vbVDq0/yLuhn5yIM7gkG0KCWe
6tKlh9CztPQZvOESdhl1nV42jbPOJcERlEmOUQJqow1LhF6ZbB2PJ8gEUWPnqcm+
97gnWrjmQ2D4rGbGWFklBUONImW/ayC95M8/DyQZ3tGTKIw3gcJWHBO1lMcXVrwI
ZZdfggc1Zt6Jc85HouGDUjQzZ8VeV7gj1NJ8jcbTwaqUW6NJChzzqDZu3achhWsa
gGTabcS3QbpImoLzFD2RvuV/a8qBrqeqsgQMw6gIQ3so
-----END CERTIFICATE-----