Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Uz23koVXSgc1A5j-Kkl7SglaFeI.roa
File:                     Uz23koVXSgc1A5j-Kkl7SglaFeI.roa (raw, json)
Hash identifier:          XOcYv+nxFdB1w/bL/7bGrx31Odta3YBkCcuWTGkttwE=
Subject key identifier:   53:3D:B7:92:85:57:4A:07:35:03:98:FE:2A:49:7B:4A:09:5A:15:E2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019108E0D38C8FE89D01315CA040EC3244A6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Uz23koVXSgc1A5j-Kkl7SglaFeI.roa
Signing time:             Wed 31 Jul 2024 13:00:37 +0000
ROA not before:           Wed 31 Jul 2024 13:00:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        89.213.186.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:08:e0:d3:8c:8f:e8:9d:01:31:5c:a0:40:ec:32:44:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 31 13:00:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=533db79285574a07350398fe2a497b4a095a15e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cf:92:b7:01:62:40:3d:90:67:f3:0c:ff:b1:
                    6a:64:85:30:c2:20:76:06:f2:71:4e:64:50:c7:65:
                    1f:8a:68:91:19:aa:02:ed:95:20:35:a2:74:16:41:
                    9c:4c:be:49:50:f9:46:f2:01:c3:b8:03:11:fd:f5:
                    7e:54:c5:16:45:d9:7e:c6:5f:2b:18:f2:86:10:25:
                    a9:7d:e8:49:56:5f:a3:3c:10:dc:2c:8a:a9:52:a1:
                    bc:0f:db:a5:04:c9:47:2f:2d:8f:0f:a4:15:93:d5:
                    5f:6b:f5:ba:0c:9d:a9:cd:a2:6e:36:b0:62:b9:9a:
                    26:db:e4:1a:0e:6f:a3:57:78:9a:4f:b1:b0:7b:8f:
                    bd:0c:b2:bc:4b:4f:82:89:69:cd:6f:81:ae:db:ca:
                    f1:a4:db:81:68:f5:f7:09:eb:3d:47:f5:6f:f5:15:
                    ec:6a:04:21:dc:ec:b8:67:13:00:7a:93:c9:70:90:
                    8e:92:1c:0c:21:49:d9:96:1e:a2:da:27:1a:1c:6b:
                    ad:25:94:a2:f3:cf:3b:3e:4b:da:ff:01:03:db:3f:
                    de:2c:d2:4a:76:2f:04:91:61:20:ea:b4:2d:2a:f8:
                    da:fe:83:2b:a8:27:2f:5a:3b:60:c1:12:7b:c2:27:
                    fe:f4:a1:06:c8:f0:d1:cc:f6:7a:a1:3b:b3:fe:9d:
                    00:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:3D:B7:92:85:57:4A:07:35:03:98:FE:2A:49:7B:4A:09:5A:15:E2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Uz23koVXSgc1A5j-Kkl7SglaFeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:9d:ad:7e:8e:5b:8f:c8:a3:f1:24:52:02:f6:8f:b7:bf:9a:
         e8:1e:b1:5b:8d:eb:04:57:a4:fb:d8:f4:2d:72:77:61:dd:c6:
         f7:54:20:f4:f4:21:98:30:6a:b1:7e:39:fb:89:ee:60:ea:6e:
         73:d5:49:ff:6e:9e:38:69:8d:31:af:2d:97:f2:9f:d2:58:1d:
         5e:ce:8c:7b:9f:af:ad:d0:52:c9:81:55:18:4f:b2:aa:d8:c2:
         c7:58:40:aa:89:27:d3:9a:fe:fa:df:6c:7a:c1:70:1d:56:8a:
         9a:e8:44:7e:e3:de:ad:f1:a0:b4:56:57:b1:3b:dd:42:85:f8:
         1d:bd:83:89:2b:e5:c3:27:5d:cd:26:40:2d:80:88:80:8b:ee:
         96:c7:7d:03:da:58:ba:06:af:71:a0:ef:9e:c5:48:6e:e4:e1:
         53:df:39:ff:fe:92:8d:ce:14:9c:08:de:09:c2:9c:cb:0e:0b:
         63:f6:93:4b:e8:ec:91:1b:04:cd:42:3f:e1:59:a8:64:05:24:
         bd:cd:b6:d5:e2:1c:5b:ef:df:83:6f:74:64:64:bb:06:67:a0:
         3c:89:b8:67:77:7b:67:dd:ff:9c:7f:40:c3:b3:1d:63:1a:64:
         1b:3a:6b:2b:17:3b:a2:23:e5:c8:dd:ce:ed:54:0e:94:0b:50:
         3a:f3:09:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEI4NOMj+idATFcoEDsMkSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzMxMTMwMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzNkYjc5Mjg1NTc0YTA3MzUwMzk4ZmUyYTQ5N2I0YTA5NWExNWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAic+StwFiQD2QZ/MM/7FqZIUwwiB2
BvJxTmRQx2UfimiRGaoC7ZUgNaJ0FkGcTL5JUPlG8gHDuAMR/fV+VMUWRdl+xl8r
GPKGECWpfehJVl+jPBDcLIqpUqG8D9ulBMlHLy2PD6QVk9Vfa/W6DJ2pzaJuNrBi
uZom2+QaDm+jV3iaT7Gwe4+9DLK8S0+CiWnNb4Gu28rxpNuBaPX3Ces9R/Vv9RXs
agQh3Oy4ZxMAepPJcJCOkhwMIUnZlh6i2icaHGutJZSi8887Pkva/wED2z/eLNJK
di8EkWEg6rQtKvja/oMrqCcvWjtgwRJ7wif+9KEGyPDRzPZ6oTuz/p0A0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFM9t5KFV0oHNQOY/ipJe0oJWhXiMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVXoyM2tvVlhTZ2MxQTVqLUtrbDdTZ2xhRmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWdW6MA0G
CSqGSIb3DQEBCwUAA4IBAQATna1+jluPyKPxJFIC9o+3v5roHrFbjesEV6T72PQt
cndh3cb3VCD09CGYMGqxfjn7ie5g6m5z1Un/bp44aY0xry2X8p/SWB1ezox7n6+t
0FLJgVUYT7Kq2MLHWECqiSfTmv7632x6wXAdVoqa6ER+496t8aC0VlexO91Chfgd
vYOJK+XDJ13NJkAtgIiAi+6Wx30D2li6Bq9xoO+exUhu5OFT3zn//pKNzhScCN4J
wpzLDgtj9pNL6OyRGwTNQj/hWahkBSS9zbbV4hxb79+Db3RkZLsGZ6A8ibhnd3tn
3f+cf0DDsx1jGmQbOmsrFzuiI+XI3c7tVA6UC1A68wnI
-----END CERTIFICATE-----