Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fY5wPxUOF9YNCynYkkuqc7klc8E.roa
File:                     fY5wPxUOF9YNCynYkkuqc7klc8E.roa (raw, json)
Hash identifier:          +AjKtGm21ndeivB0k9ymmeK2aPICSxAcE4SUmDPTruM=
Subject key identifier:   7D:8E:70:3F:15:0E:17:D6:0D:0B:29:D8:92:4B:AA:73:B9:25:73:C1
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3495FAE0FF1DA9EE6C697EBED5349E7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fY5wPxUOF9YNCynYkkuqc7klc8E.roa
Signing time:             Mon 01 Jan 2024 04:30:14 +0000
ROA not before:           Mon 01 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210110
IP address blocks:        89.213.128.0/24 maxlen: 24
                          109.176.254.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5f:ae:0f:f1:da:9e:e6:c6:97:eb:ed:53:49:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d8e703f150e17d60d0b29d8924baa73b92573c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:38:4c:10:af:ee:ca:f9:1a:7c:5b:38:3d:98:
                    02:5e:5b:06:5d:6a:4e:bb:e5:af:9d:02:94:9f:5b:
                    bc:0a:69:a6:4b:b7:0c:04:79:18:ae:ce:1e:00:c1:
                    05:52:f8:06:07:0a:57:9f:73:24:c1:33:bd:09:53:
                    65:9b:3f:b2:88:d1:2c:3f:9f:6e:d1:a3:b7:48:13:
                    2e:c0:5e:ab:0a:25:b7:a2:d1:5f:ec:9f:c2:fa:f4:
                    64:cf:8d:ee:69:fa:ca:53:8a:2a:8c:a1:84:f5:b7:
                    fa:42:b1:93:4f:02:bc:a8:31:f5:41:b6:19:c4:fd:
                    15:52:8f:53:b5:76:9f:ba:10:bc:72:08:31:ab:be:
                    78:7c:03:12:6b:71:b4:8b:c1:75:00:2f:95:1d:6e:
                    64:ec:9f:50:f2:2a:da:e2:d3:9a:1f:21:dc:4d:d8:
                    db:6b:51:d3:34:cc:38:70:cb:ca:95:89:19:7f:9c:
                    29:42:d4:5f:83:56:b0:35:69:f9:29:79:32:a5:53:
                    0a:7f:5c:a4:8e:41:85:e9:d0:e7:5c:82:89:1e:27:
                    67:22:11:5e:1a:03:d5:3e:2a:36:a0:81:76:0d:6b:
                    23:a6:f9:e7:72:6d:33:1b:54:7e:46:54:c3:ad:03:
                    18:e8:bd:b4:0f:65:f5:67:d8:6a:60:2b:9d:fe:b1:
                    54:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:8E:70:3F:15:0E:17:D6:0D:0B:29:D8:92:4B:AA:73:B9:25:73:C1
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fY5wPxUOF9YNCynYkkuqc7klc8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.128.0/24
                  109.176.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:22:26:48:5f:da:74:27:31:2e:3f:f6:6c:12:7e:00:8c:29:
         88:28:77:24:d9:85:d2:d6:be:ea:63:a6:68:23:be:4c:51:eb:
         37:c9:2c:17:55:17:dc:49:ab:92:74:73:80:e9:bb:ea:18:8f:
         9a:1b:f0:28:67:f7:3d:15:0a:62:d8:6d:52:5e:a7:bf:b9:45:
         84:48:ec:45:60:ef:66:9d:96:17:cf:7f:a5:a7:78:7a:32:d5:
         bb:05:a3:29:de:73:f4:f9:c8:3a:bb:f4:2c:8b:9a:dc:af:70:
         82:96:82:92:0e:06:b4:5a:f2:eb:88:15:cc:f7:6f:24:e7:a6:
         36:cf:ab:d2:c9:d4:ce:cf:38:1e:1d:74:07:b6:3c:8a:0f:f2:
         c5:cd:dd:7d:34:0a:51:32:1a:97:29:5e:54:d0:c6:e6:8c:72:
         07:47:80:1c:1a:57:70:ff:4a:ee:19:c4:95:98:89:c7:00:a7:
         00:d8:41:4b:e4:8a:2d:7b:cf:c5:81:88:15:fd:d5:71:18:60:
         cd:98:a2:f6:ea:2b:91:84:80:e6:b6:5e:1c:e5:bf:e6:f1:42:
         30:ea:a2:2f:38:7c:6d:45:0d:d2:e9:40:88:9c:83:68:46:2d:
         96:e5:22:26:42:7c:0d:27:55:d5:d2:57:40:91:46:78:da:aa:
         63:44:2b:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSV+uD/HanubGl+vtU0nnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDhlNzAzZjE1MGUxN2Q2MGQwYjI5ZDg5MjRiYWE3M2I5MjU3M2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtThMEK/uyvkafFs4PZgCXlsGXWpO
u+WvnQKUn1u8CmmmS7cMBHkYrs4eAMEFUvgGBwpXn3MkwTO9CVNlmz+yiNEsP59u
0aO3SBMuwF6rCiW3otFf7J/C+vRkz43uafrKU4oqjKGE9bf6QrGTTwK8qDH1QbYZ
xP0VUo9TtXafuhC8cggxq754fAMSa3G0i8F1AC+VHW5k7J9Q8ira4tOaHyHcTdjb
a1HTNMw4cMvKlYkZf5wpQtRfg1awNWn5KXkypVMKf1ykjkGF6dDnXIKJHidnIhFe
GgPVPio2oIF2DWsjpvnncm0zG1R+RlTDrQMY6L20D2X1Z9hqYCud/rFUeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH2OcD8VDhfWDQsp2JJLqnO5JXPBMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZlk1d1B4VU9GOVlOQ3luWWtrdXFjN2tsYzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdWAAwQB
bbD+MA0GCSqGSIb3DQEBCwUAA4IBAQBcIiZIX9p0JzEuP/ZsEn4AjCmIKHck2YXS
1r7qY6ZoI75MUes3ySwXVRfcSauSdHOA6bvqGI+aG/AoZ/c9FQpi2G1SXqe/uUWE
SOxFYO9mnZYXz3+lp3h6MtW7BaMp3nP0+cg6u/Qsi5rcr3CCloKSDga0WvLriBXM
928k56Y2z6vSydTOzzgeHXQHtjyKD/LFzd19NApRMhqXKV5U0MbmjHIHR4AcGldw
/0ruGcSVmInHAKcA2EFL5Iote8/FgYgV/dVxGGDNmKL26iuRhIDmtl4c5b/m8UIw
6qIvOHxtRQ3S6UCInINoRi2W5SImQnwNJ1XV0ldAkUZ42qpjRCve
-----END CERTIFICATE-----