Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/73JTgzV4p1HW07KV13N4q1RDGLo.roa
File:                     73JTgzV4p1HW07KV13N4q1RDGLo.roa (raw, json)
Hash identifier:          VNVjyOGOAjWJ6riK/fVHeZkzkAAFQkjNWzkiC0Y4vk4=
Subject key identifier:   EF:72:53:83:35:78:A7:51:D6:D3:B2:95:D7:73:78:AB:54:43:18:BA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190CAE5D98BE830A188F3BAF558A95D57F4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/73JTgzV4p1HW07KV13N4q1RDGLo.roa
Signing time:             Fri 19 Jul 2024 12:09:39 +0000
ROA not before:           Fri 19 Jul 2024 12:09:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214584
IP address blocks:        89.213.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ca:e5:d9:8b:e8:30:a1:88:f3:ba:f5:58:a9:5d:57:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 19 12:09:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef7253833578a751d6d3b295d77378ab544318ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c7:e6:cd:94:e5:52:a4:93:b5:a8:fa:85:07:
                    f5:fd:bf:78:08:92:c2:ea:ae:43:f3:3d:ad:c1:c9:
                    a6:77:b3:8c:92:ca:c0:bd:1a:e8:a8:40:92:ec:96:
                    da:a5:1e:9a:bb:e2:b4:9e:1c:c8:b2:dc:b1:06:d9:
                    66:cb:7a:7a:32:7d:ca:e7:ad:52:fd:03:f7:fa:2b:
                    4e:35:bb:b6:2b:6d:52:31:6e:d6:eb:48:6c:6b:b0:
                    1a:50:c1:d1:09:1f:2d:3b:7e:47:13:53:da:c5:a4:
                    b4:b9:73:4b:f0:3a:4c:a1:c1:42:d7:9a:f2:28:fb:
                    aa:16:85:94:51:01:1d:52:c0:3a:12:9f:7a:d0:b5:
                    61:44:24:2e:7c:e6:a0:e3:04:03:bc:c8:96:e8:8e:
                    29:15:1e:e6:d5:e8:68:07:0b:ee:1a:19:5b:3a:a5:
                    62:62:18:ac:7d:16:be:ce:be:61:a8:08:02:fa:1c:
                    ad:03:d0:00:b7:f7:55:b5:b6:be:b5:1b:b1:f2:c7:
                    46:8f:3e:d6:84:19:24:23:6a:ff:a0:d3:13:7d:ad:
                    e5:65:cf:2b:79:f8:e5:d4:f1:a1:59:1b:cb:76:c6:
                    1b:35:62:a2:88:b6:cf:d6:3c:00:d1:94:32:69:ae:
                    71:8b:3a:18:b5:c2:42:84:cc:dc:2c:a5:de:f3:d9:
                    71:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:72:53:83:35:78:A7:51:D6:D3:B2:95:D7:73:78:AB:54:43:18:BA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/73JTgzV4p1HW07KV13N4q1RDGLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:5b:db:0c:3b:e9:3e:af:5a:ca:e5:b9:8a:52:ed:67:fc:07:
         73:eb:83:f8:bb:23:a6:a3:52:66:6a:82:74:fa:c2:77:89:ec:
         14:df:83:17:f7:37:5f:f0:78:2b:3b:d3:03:c7:0c:2e:ef:f4:
         24:bf:5c:0e:66:34:76:25:7b:38:0d:1a:6e:37:d7:b8:0e:c6:
         ac:0f:49:61:04:a2:aa:e9:83:3f:f8:09:ee:91:47:ac:67:fb:
         1b:47:16:b9:9f:20:25:c9:7d:0d:9b:8e:39:15:4b:5a:1e:8f:
         b2:32:be:57:7a:23:86:3e:76:6a:8c:1f:8a:c6:6e:ab:67:f1:
         d5:4c:9b:51:3d:13:83:00:ed:84:86:b2:4b:fd:69:2c:d4:b9:
         6d:65:81:e6:13:78:81:b8:7c:8c:fe:db:ea:b7:07:c0:81:ed:
         41:e0:91:52:54:8c:8a:61:08:51:38:1b:44:b1:1e:f9:04:9d:
         3a:27:36:a3:91:d6:5a:37:c8:bd:0d:74:2a:86:c9:c1:ac:72:
         bb:21:49:90:16:99:e7:d6:e8:bb:42:a2:aa:3a:67:9e:3e:c8:
         e3:f1:b0:14:ff:20:27:58:b1:33:c0:88:59:ab:8d:34:8f:56:
         e4:d7:63:e6:2c:8f:35:cc:31:89:ba:71:d3:1d:bf:02:09:0f:
         34:24:29:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDK5dmL6DChiPO69VipXVf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzE5MTIwOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjcyNTM4MzM1NzhhNzUxZDZkM2IyOTVkNzczNzhhYjU0NDMxOGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sfmzZTlUqSTtaj6hQf1/b94CJLC
6q5D8z2twcmmd7OMksrAvRroqECS7JbapR6au+K0nhzIstyxBtlmy3p6Mn3K561S
/QP3+itONbu2K21SMW7W60hsa7AaUMHRCR8tO35HE1PaxaS0uXNL8DpMocFC15ry
KPuqFoWUUQEdUsA6Ep960LVhRCQufOag4wQDvMiW6I4pFR7m1ehoBwvuGhlbOqVi
YhisfRa+zr5hqAgC+hytA9AAt/dVtba+tRux8sdGjz7WhBkkI2r/oNMTfa3lZc8r
efjl1PGhWRvLdsYbNWKiiLbP1jwA0ZQyaa5xizoYtcJChMzcLKXe89lxTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9yU4M1eKdR1tOylddzeKtUQxi6MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNzNKVGd6VjRwMUhXMDdLVjEzTjRxMVJER0xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdU7MA0G
CSqGSIb3DQEBCwUAA4IBAQBNW9sMO+k+r1rK5bmKUu1n/Adz64P4uyOmo1JmaoJ0
+sJ3iewU34MX9zdf8HgrO9MDxwwu7/Qkv1wOZjR2JXs4DRpuN9e4DsasD0lhBKKq
6YM/+AnukUesZ/sbRxa5nyAlyX0Nm445FUtaHo+yMr5XeiOGPnZqjB+Kxm6rZ/HV
TJtRPRODAO2EhrJL/Wks1LltZYHmE3iBuHyM/tvqtwfAge1B4JFSVIyKYQhROBtE
sR75BJ06JzajkdZaN8i9DXQqhsnBrHK7IUmQFpnn1ui7QqKqOmeePsjj8bAU/yAn
WLEzwIhZq400j1bk12PmLI81zDGJunHTHb8CCQ80JClW
-----END CERTIFICATE-----