Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5WUfE1jGpysjJQsQc9G0JuAtiNs.roa
File:                     5WUfE1jGpysjJQsQc9G0JuAtiNs.roa (raw, json)
Hash identifier:          PBKcMX4lvEIT4KCEdRlh/HPeePf9bSGrLiCFUlJUMKQ=
Subject key identifier:   E5:65:1F:13:58:C6:A7:2B:23:25:0B:10:73:D1:B4:26:E0:2D:88:DB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC349544D72630040B4C943A65D3623BC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5WUfE1jGpysjJQsQc9G0JuAtiNs.roa
Signing time:             Mon 01 Jan 2024 04:30:11 +0000
ROA not before:           Mon 01 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        89.213.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:54:4d:72:63:00:40:b4:c9:43:a6:5d:36:23:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5651f1358c6a72b23250b1073d1b426e02d88db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cb:9a:0c:d1:0c:9f:4c:a9:ef:cb:1c:a5:b9:
                    43:5d:9b:58:dd:d6:c1:b2:fa:40:47:c0:46:1d:4d:
                    c5:61:f7:9f:c6:a9:c6:aa:e7:99:b2:62:64:50:2c:
                    8c:20:ce:be:09:f9:d8:f7:a2:e2:d6:0a:fb:53:65:
                    ad:c9:5c:4a:fe:89:d0:b7:a6:4f:ab:6f:3d:fa:7a:
                    5c:0f:90:93:73:f0:72:34:19:f2:22:69:d2:16:92:
                    35:eb:f7:2f:ef:22:dc:98:da:c1:55:eb:4e:9a:ee:
                    ef:87:91:1b:0a:bc:fb:79:eb:3f:be:04:65:70:ec:
                    40:45:8e:18:96:f1:78:cf:f4:96:8e:e9:4f:f4:7e:
                    52:1a:5c:33:14:7a:f3:21:96:1b:20:2d:a3:52:45:
                    d9:ce:3a:c5:a1:4a:16:70:75:d9:55:9d:db:a7:3c:
                    cf:82:c0:11:b6:15:51:a1:a1:41:9b:91:fa:5f:28:
                    4e:22:43:2a:dc:e3:a1:51:e9:0c:ff:a3:5e:6b:f5:
                    fc:b2:0a:9b:f5:1b:96:ae:df:8f:f6:92:f2:76:47:
                    5e:c6:53:55:38:bd:3c:d1:02:ef:13:11:80:2e:c3:
                    f2:77:d3:3b:3c:12:bf:36:63:6a:0d:2e:9f:ff:80:
                    c3:d3:07:e2:14:0c:a4:8c:8a:3c:1a:ff:b1:df:c1:
                    3e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:65:1F:13:58:C6:A7:2B:23:25:0B:10:73:D1:B4:26:E0:2D:88:DB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5WUfE1jGpysjJQsQc9G0JuAtiNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:3a:27:b7:ca:6a:03:58:71:73:35:70:a3:19:d0:9a:ec:d1:
         bc:4d:72:55:8d:b9:79:a1:7b:d7:bb:20:ba:08:ef:d7:4e:f9:
         7f:5a:b6:43:90:61:25:bd:8d:8f:b2:35:06:11:71:db:4a:3b:
         13:23:96:6a:03:67:79:25:b6:05:23:4d:4e:25:85:ac:0e:2a:
         71:a9:30:b3:d2:7e:41:f6:e9:fa:7c:b4:db:00:21:d7:6f:29:
         cd:83:d5:8b:fc:fd:2a:d7:91:ea:51:23:97:ee:47:24:fe:ac:
         34:96:fc:76:9c:66:47:7b:3c:48:f9:4a:c0:ba:3e:eb:84:1b:
         cc:4c:b9:c4:38:92:9d:c8:7a:b3:63:25:75:60:f3:57:19:d4:
         5a:c3:07:6b:e4:5f:31:cf:49:3c:7a:49:52:46:36:9f:e8:aa:
         36:98:3d:f4:7b:e8:e8:33:52:95:2a:66:01:11:a5:c8:3c:93:
         25:08:42:43:02:3c:68:5f:8a:37:5f:87:86:97:20:89:be:b0:
         9d:e6:6c:6b:c1:cb:52:ea:67:2c:d7:b5:4b:ef:35:e0:79:a2:
         fe:46:1c:73:8e:dd:4f:e1:9c:c6:8c:9a:0f:4a:83:c7:41:af:
         87:85:8f:49:87:1a:d4:14:d5:58:9c:64:14:93:97:57:49:5f:
         cf:0c:46:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVRNcmMAQLTJQ6ZdNiO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTY1MWYxMzU4YzZhNzJiMjMyNTBiMTA3M2QxYjQyNmUwMmQ4OGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8uaDNEMn0yp78scpblDXZtY3dbB
svpAR8BGHU3FYfefxqnGqueZsmJkUCyMIM6+CfnY96Li1gr7U2WtyVxK/onQt6ZP
q289+npcD5CTc/ByNBnyImnSFpI16/cv7yLcmNrBVetOmu7vh5EbCrz7ees/vgRl
cOxARY4YlvF4z/SWjulP9H5SGlwzFHrzIZYbIC2jUkXZzjrFoUoWcHXZVZ3bpzzP
gsARthVRoaFBm5H6XyhOIkMq3OOhUekM/6Nea/X8sgqb9RuWrt+P9pLydkdexlNV
OL080QLvExGALsPyd9M7PBK/NmNqDS6f/4DD0wfiFAykjIo8Gv+x38E+3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOVlHxNYxqcrIyULEHPRtCbgLYjbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNVdVZkUxakdweXNqSlFzUWM5RzBKdUF0aU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWXMA0G
CSqGSIb3DQEBCwUAA4IBAQAROie3ymoDWHFzNXCjGdCa7NG8TXJVjbl5oXvXuyC6
CO/XTvl/WrZDkGElvY2PsjUGEXHbSjsTI5ZqA2d5JbYFI01OJYWsDipxqTCz0n5B
9un6fLTbACHXbynNg9WL/P0q15HqUSOX7kck/qw0lvx2nGZHezxI+UrAuj7rhBvM
TLnEOJKdyHqzYyV1YPNXGdRawwdr5F8xz0k8eklSRjaf6Ko2mD30e+joM1KVKmYB
EaXIPJMlCEJDAjxoX4o3X4eGlyCJvrCd5mxrwctS6mcs17VL7zXgeaL+Rhxzjt1P
4ZzGjJoPSoPHQa+HhY9JhxrUFNVYnGQUk5dXSV/PDEar
-----END CERTIFICATE-----