Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Mr53CHecw-rzOFwm7hWVcFuKDa4.roa
File:                     Mr53CHecw-rzOFwm7hWVcFuKDa4.roa (raw, json)
Hash identifier:          L5EijHZQaywTWsG424pgJaVrdmzqPu909DU7AO/fakg=
Subject key identifier:   32:BE:77:08:77:9C:C3:EA:F3:38:5C:26:EE:15:95:70:5B:8A:0D:AE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190DBFA6A714F92CC6C37E840D50322DD78
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Mr53CHecw-rzOFwm7hWVcFuKDa4.roa
Signing time:             Mon 22 Jul 2024 19:45:39 +0000
ROA not before:           Mon 22 Jul 2024 19:45:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     265919
IP address blocks:        89.213.5.0/24 maxlen: 24
                          89.213.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:db:fa:6a:71:4f:92:cc:6c:37:e8:40:d5:03:22:dd:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 22 19:45:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32be7708779cc3eaf3385c26ee1595705b8a0dae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:fd:40:0e:43:17:54:e2:7c:cc:4e:e3:36:3d:
                    15:1e:56:d1:92:59:51:8f:f5:e7:9f:7d:99:4c:ec:
                    6d:c2:0e:a3:d8:ff:50:f3:8f:c7:38:d8:5b:a8:27:
                    55:98:fe:6e:25:76:96:c3:d3:c2:d9:58:ba:ff:af:
                    03:aa:1d:1f:a4:c3:55:65:be:2a:0c:f7:a6:26:68:
                    6c:a3:ff:3e:ae:4c:cf:1d:6a:af:da:36:a7:02:78:
                    df:2a:67:8c:56:42:6f:81:11:f9:90:e9:18:9a:fe:
                    a6:df:b8:66:83:db:a6:e5:c2:d7:73:e9:56:89:23:
                    94:15:29:0f:1a:be:e9:f0:b8:dc:4e:b8:e0:82:e3:
                    23:33:66:6f:04:3b:ac:99:dd:c1:e8:0d:65:64:81:
                    60:f0:02:1c:4f:1d:13:73:94:c4:c5:64:38:31:e4:
                    8e:a0:86:cc:69:1f:b3:d3:62:fc:95:de:36:1d:a1:
                    3e:78:21:af:b0:b2:40:6f:d2:87:86:e8:5f:47:ec:
                    5f:f7:b6:87:6d:02:d2:39:e5:c3:54:2a:7a:99:6f:
                    d6:e1:47:80:68:a3:7c:0f:90:58:9f:e5:7c:de:80:
                    bd:5d:ec:83:d9:59:22:9a:62:8e:06:17:57:c0:19:
                    c2:79:d4:8f:6d:6f:31:63:c3:e7:be:35:11:cd:2f:
                    c9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:BE:77:08:77:9C:C3:EA:F3:38:5C:26:EE:15:95:70:5B:8A:0D:AE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Mr53CHecw-rzOFwm7hWVcFuKDa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.5.0/24
                  89.213.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:17:b9:bf:5d:11:98:b4:7e:9f:6c:6c:69:97:b4:64:77:ae:
         7e:cd:76:e1:d8:dc:f4:81:fa:bc:d0:02:14:bc:be:95:2b:56:
         41:91:3d:d2:6e:ea:c9:5f:bf:60:6e:59:7f:13:31:3d:76:79:
         1a:ec:4b:e8:f4:da:af:9e:3b:f9:a2:13:d3:3e:93:76:5c:b8:
         2f:18:c3:0a:db:d4:98:f5:6f:07:13:73:cc:84:78:f9:21:f4:
         69:4b:2e:e1:68:76:d9:1c:a8:d1:bf:ea:78:c1:70:98:77:66:
         69:e2:85:e3:de:91:57:8d:b3:3e:ec:bf:4c:89:2a:76:96:9d:
         26:b5:5a:47:5f:f2:24:1d:15:1b:3b:a1:ce:08:ce:81:66:39:
         40:7a:50:4a:03:b1:5f:e8:54:f7:84:b6:2d:05:f4:76:25:96:
         f0:c3:12:2c:4d:11:c8:37:0b:f6:98:ae:90:9b:66:4b:84:d2:
         ef:06:ac:07:83:da:b4:97:1d:d3:a3:b4:93:ba:e4:9d:d5:4c:
         28:fc:87:1c:0e:58:81:4e:ed:32:a5:40:55:3a:5b:4f:53:71:
         7a:82:47:ea:bc:b7:a1:ec:e5:2f:ba:51:c9:a8:32:88:9e:8d:
         af:e8:f0:f8:28:20:d3:39:fa:72:dd:e7:0c:c5:d1:81:49:c7:
         1c:76:e6:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZDb+mpxT5LMbDfoQNUDIt14MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzIyMTk0NTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmJlNzcwODc3OWNjM2VhZjMzODVjMjZlZTE1OTU3MDViOGEwZGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnv1ADkMXVOJ8zE7jNj0VHlbRkllR
j/Xnn32ZTOxtwg6j2P9Q84/HONhbqCdVmP5uJXaWw9PC2Vi6/68Dqh0fpMNVZb4q
DPemJmhso/8+rkzPHWqv2janAnjfKmeMVkJvgRH5kOkYmv6m37hmg9um5cLXc+lW
iSOUFSkPGr7p8LjcTrjgguMjM2ZvBDusmd3B6A1lZIFg8AIcTx0Tc5TExWQ4MeSO
oIbMaR+z02L8ld42HaE+eCGvsLJAb9KHhuhfR+xf97aHbQLSOeXDVCp6mW/W4UeA
aKN8D5BYn+V83oC9XeyD2VkimmKOBhdXwBnCedSPbW8xY8PnvjURzS/JMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDK+dwh3nMPq8zhcJu4VlXBbig2uMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTXI1M0NIZWN3LXJ6T0Z3bTdoV1ZjRnVLRGE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdUFAwQA
WdXnMA0GCSqGSIb3DQEBCwUAA4IBAQCgF7m/XRGYtH6fbGxpl7Rkd65+zXbh2Nz0
gfq80AIUvL6VK1ZBkT3SburJX79gbll/EzE9dnka7Evo9Nqvnjv5ohPTPpN2XLgv
GMMK29SY9W8HE3PMhHj5IfRpSy7haHbZHKjRv+p4wXCYd2Zp4oXj3pFXjbM+7L9M
iSp2lp0mtVpHX/IkHRUbO6HOCM6BZjlAelBKA7Ff6FT3hLYtBfR2JZbwwxIsTRHI
Nwv2mK6Qm2ZLhNLvBqwHg9q0lx3To7STuuSd1Uwo/IccDliBTu0ypUBVOltPU3F6
gkfqvLeh7OUvulHJqDKIno2v6PD4KCDTOfpy3ecMxdGBScccduZZ
-----END CERTIFICATE-----