Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/MYg2sMPuLyrCXtDZKgde1DUbiGk.roa
File:                     MYg2sMPuLyrCXtDZKgde1DUbiGk.roa (raw, json)
Hash identifier:          a5HvjcRYo0wOyvFAnQ4dXcj9fyvSnsr+BVrgX+rgbbY=
Subject key identifier:   31:88:36:B0:C3:EE:2F:2A:C2:5E:D0:D9:2A:07:5E:D4:35:1B:88:69
Certificate issuer:       /CN=fd89b349c84fc7b3412a52d65ff260d2cc289ab9
Certificate serial:       018CC42468F69AA46B3400E77CB7C4366612
Authority key identifier: FD:89:B3:49:C8:4F:C7:B3:41:2A:52:D6:5F:F2:60:D2:CC:28:9A:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_YmzSchPx7NBKlLWX_Jg0swomrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/MYg2sMPuLyrCXtDZKgde1DUbiGk.roa
Signing time:             Mon 01 Jan 2024 08:29:29 +0000
ROA not before:           Mon 01 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        149.255.96.0/20 maxlen: 24
                          2a03:ca80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/_YmzSchPx7NBKlLWX_Jg0swomrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/_YmzSchPx7NBKlLWX_Jg0swomrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_YmzSchPx7NBKlLWX_Jg0swomrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:68:f6:9a:a4:6b:34:00:e7:7c:b7:c4:36:66:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd89b349c84fc7b3412a52d65ff260d2cc289ab9
        Validity
            Not Before: Jan  1 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=318836b0c3ee2f2ac25ed0d92a075ed4351b8869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:1e:ca:6e:87:1a:be:c4:e5:6c:39:63:2e:be:
                    68:82:96:58:60:2b:2d:76:7e:f9:0e:25:04:98:48:
                    fb:fe:c1:64:10:38:d8:72:48:19:f4:aa:aa:17:89:
                    99:5e:b1:af:7f:db:5b:a0:d6:de:31:73:21:ba:2a:
                    9c:93:4c:6d:65:8d:a7:4b:e8:4a:23:bf:2b:72:92:
                    26:b1:b5:89:77:c1:69:e9:e7:18:76:49:ed:0e:77:
                    2b:0b:ff:26:e1:e0:c7:71:d9:a6:1a:6d:fd:85:de:
                    7c:58:b2:65:51:d0:0f:29:82:60:be:3e:f7:ee:5a:
                    d6:b8:8e:d2:6b:df:16:61:f6:e3:47:00:1d:ac:e5:
                    32:0a:02:c2:83:3e:5f:52:c7:e3:24:8c:db:4b:e2:
                    66:dd:87:85:69:3c:72:dd:23:02:f6:18:d4:45:a4:
                    f2:1c:28:8c:14:28:83:d1:61:2d:4b:bc:ce:e3:eb:
                    d8:68:36:ea:5c:6f:05:9f:cc:b7:21:b6:32:68:43:
                    4b:d7:98:9f:1d:82:50:56:91:47:d9:a4:6d:15:c5:
                    ab:af:1d:8e:13:02:d9:26:3d:c4:59:30:a6:3e:42:
                    90:0f:a0:33:6f:b7:9d:d5:8e:09:48:f9:a7:d2:96:
                    7c:49:54:ea:cb:7e:7b:58:f1:88:54:2b:82:a6:e2:
                    c0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:88:36:B0:C3:EE:2F:2A:C2:5E:D0:D9:2A:07:5E:D4:35:1B:88:69
            X509v3 Authority Key Identifier:
                keyid:FD:89:B3:49:C8:4F:C7:B3:41:2A:52:D6:5F:F2:60:D2:CC:28:9A:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_YmzSchPx7NBKlLWX_Jg0swomrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/MYg2sMPuLyrCXtDZKgde1DUbiGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/_YmzSchPx7NBKlLWX_Jg0swomrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.255.96.0/20
                IPv6:
                  2a03:ca80::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:cd:37:2f:0c:85:ed:ed:1c:6f:16:6d:01:d0:4e:a3:c2:ef:
         0e:ab:ff:30:9c:07:96:8a:6f:31:31:b4:91:e4:e3:85:42:6f:
         5e:71:b8:24:d2:f5:6e:e4:92:9d:b5:38:2e:0c:17:43:6b:d3:
         9d:18:2a:af:e4:1d:ef:91:c0:fe:9a:bc:38:e0:45:19:c8:36:
         65:9f:dd:f2:41:ad:c0:5d:e1:02:c5:94:5e:dc:58:3c:8c:91:
         2b:02:0e:5a:f8:2d:69:ed:6f:99:8a:4e:92:84:f4:0e:e3:a6:
         a9:97:3b:b5:1d:3c:37:6e:97:40:8a:d8:d1:cc:46:6f:80:a7:
         4e:62:b2:f9:a0:49:ee:44:2c:bb:02:8c:4b:a0:05:9d:48:d7:
         fa:06:a7:c2:24:d4:78:98:af:5c:ce:04:ac:d8:a6:22:e3:1f:
         48:ce:30:3d:13:67:8c:30:c7:d7:cc:49:bf:40:15:c8:a8:66:
         cc:52:67:5d:4e:dc:ef:dd:a3:d5:d9:4c:51:f1:4c:69:a8:fa:
         4e:42:90:1a:af:14:df:73:6c:14:6e:0f:13:35:c4:81:90:42:
         f8:47:de:59:55:bc:71:62:93:75:72:2c:82:9f:3e:a8:0f:b4:
         32:c9:8e:8a:33:33:41:f1:68:05:0d:b5:5e:f6:bd:88:c9:bb:
         9d:7e:25:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJGj2mqRrNADnfLfENmYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkODliMzQ5Yzg0ZmM3YjM0MTJhNTJkNjVmZjI2MGQyY2My
ODlhYjkwHhcNMjQwMTAxMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTg4MzZiMGMzZWUyZjJhYzI1ZWQwZDkyYTA3NWVkNDM1MWI4ODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwx7KbocavsTlbDljLr5ogpZYYCst
dn75DiUEmEj7/sFkEDjYckgZ9KqqF4mZXrGvf9tboNbeMXMhuiqck0xtZY2nS+hK
I78rcpImsbWJd8Fp6ecYdkntDncrC/8m4eDHcdmmGm39hd58WLJlUdAPKYJgvj73
7lrWuI7Sa98WYfbjRwAdrOUyCgLCgz5fUsfjJIzbS+Jm3YeFaTxy3SMC9hjURaTy
HCiMFCiD0WEtS7zO4+vYaDbqXG8Fn8y3IbYyaENL15ifHYJQVpFH2aRtFcWrrx2O
EwLZJj3EWTCmPkKQD6Azb7ed1Y4JSPmn0pZ8SVTqy357WPGIVCuCpuLAvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDGINrDD7i8qwl7Q2SoHXtQ1G4hpMB8GA1UdIwQY
MBaAFP2Js0nIT8ezQSpS1l/yYNLMKJq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1ltelNjaFB4N05CS2xMV1hfSmcwc3dvbXJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9lZTcxNGEtMjFhYy00Mzg2LTgyZjUt
ZTgxNzYxMDJjNWZmLzEvTVlnMnNNUHVMeXJDWHREWktnZGUxRFViaUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9lZTcxNGEtMjFhYy00Mzg2LTgyZjUtZTgxNzYxMDJjNWZm
LzEvX1ltelNjaFB4N05CS2xMV1hfSmcwc3dvbXJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQElf9gMA0E
AgACMAcDBQMqA8qAMA0GCSqGSIb3DQEBCwUAA4IBAQCJzTcvDIXt7RxvFm0B0E6j
wu8Oq/8wnAeWim8xMbSR5OOFQm9ecbgk0vVu5JKdtTguDBdDa9OdGCqv5B3vkcD+
mrw44EUZyDZln93yQa3AXeECxZRe3Fg8jJErAg5a+C1p7W+Zik6ShPQO46aplzu1
HTw3bpdAitjRzEZvgKdOYrL5oEnuRCy7AoxLoAWdSNf6BqfCJNR4mK9czgSs2KYi
4x9IzjA9E2eMMMfXzEm/QBXIqGbMUmddTtzv3aPV2UxR8UxpqPpOQpAarxTfc2wU
bg8TNcSBkEL4R95ZVbxxYpN1ciyCnz6oD7QyyY6KMzNB8WgFDbVe9r2IybudfiXL
-----END CERTIFICATE-----