Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gyZHHjU_R7GELwSF1L_yLng3VLY.roa
File:                     gyZHHjU_R7GELwSF1L_yLng3VLY.roa (raw, json)
Hash identifier:          B0EHrfmqGqdjustCpfzXedGb5YL9mALnXPKdWzgwtjg=
Subject key identifier:   83:26:47:1E:35:3F:47:B1:84:2F:04:85:D4:BF:F2:2E:78:37:54:B6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC34954C1C9F39463C9BAE4F83E89D7E9
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gyZHHjU_R7GELwSF1L_yLng3VLY.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58955
IP address blocks:        89.213.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:54:c1:c9:f3:94:63:c9:ba:e4:f8:3e:89:d7:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8326471e353f47b1842f0485d4bff22e783754b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9a:4d:e0:96:b8:36:1b:c1:5b:69:bd:75:71:
                    7f:fe:a0:67:30:0c:24:00:f4:90:4b:ab:9d:18:21:
                    6a:ae:3f:56:c4:05:85:66:93:cc:51:38:57:96:a8:
                    38:98:c4:7b:93:a9:16:c0:e3:0d:4a:3a:8a:b1:52:
                    e7:36:8e:24:10:84:02:ca:44:cc:e7:98:02:c7:20:
                    8f:bd:cd:63:7c:74:d5:c7:0e:18:c6:0c:3f:c9:36:
                    58:62:61:4b:34:4b:2f:d8:1f:36:9e:00:e1:d3:98:
                    68:6d:41:8d:c2:7f:ef:e1:9b:6e:4f:f2:27:40:12:
                    33:b4:46:46:ce:d7:8d:21:aa:fb:2c:5b:bb:b8:89:
                    a1:01:e5:a4:5d:c6:fb:5e:54:72:f8:1d:e6:f6:5d:
                    dc:6a:3d:44:2c:a1:8d:17:41:a5:33:ad:87:c5:b3:
                    63:b4:a2:41:b7:4f:b3:a6:a1:8a:52:80:a9:cd:12:
                    1e:1a:51:a3:6c:41:83:98:79:46:88:d8:9b:55:25:
                    38:84:fa:7b:ef:7a:07:3b:1c:0a:b4:28:70:28:3e:
                    f9:40:42:ca:13:f7:c2:23:19:4a:c4:68:42:ac:f1:
                    86:0d:50:36:c8:b2:d0:21:a7:83:51:04:16:3b:cf:
                    05:8f:34:05:f3:e5:a2:e9:6b:f5:e4:b3:37:5a:ef:
                    ed:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:26:47:1E:35:3F:47:B1:84:2F:04:85:D4:BF:F2:2E:78:37:54:B6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gyZHHjU_R7GELwSF1L_yLng3VLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:8d:14:e9:ba:8a:14:bf:52:d9:e5:af:b1:7e:13:db:1a:ad:
         85:ce:52:e4:7c:e4:0c:34:62:09:cb:8b:e5:0b:b3:18:f4:b7:
         d2:63:6e:1a:a9:ca:58:58:ed:10:67:60:b9:c6:dd:8b:fa:3b:
         38:2c:96:d8:4d:a0:bf:73:f9:7b:dc:bb:40:9c:82:aa:8c:72:
         b8:77:ef:dc:fc:32:7c:3f:6a:0a:e1:5a:43:af:b4:88:0a:ca:
         a5:f7:97:25:90:4f:23:66:9d:75:1d:38:98:44:d9:2d:bb:1d:
         bf:01:20:08:53:3b:d4:7a:be:f7:72:70:d9:d4:f1:4d:b7:9e:
         19:ca:bc:7d:89:97:d7:07:63:e3:c4:25:f6:b1:6c:39:28:95:
         21:b0:3e:54:43:15:26:c3:10:59:fb:2a:57:b9:09:2f:0c:a1:
         b0:8d:3b:a2:7d:ba:eb:df:d6:89:f8:83:92:14:aa:71:e7:5f:
         22:a3:b7:71:42:a0:d1:2c:f2:cb:83:31:df:62:27:d6:ea:8d:
         0d:bb:04:40:64:59:ba:c8:6c:1f:8e:bb:7e:d7:2c:23:41:d3:
         13:c7:27:f2:5e:42:02:98:be:24:06:f4:cc:fa:6d:ce:16:2a:
         46:34:72:b0:0a:6f:fb:a9:71:15:d3:10:2f:f5:b5:63:01:31:
         9d:55:0a:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVTByfOUY8m65Pg+idfpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzI2NDcxZTM1M2Y0N2IxODQyZjA0ODVkNGJmZjIyZTc4Mzc1NGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZpN4Ja4NhvBW2m9dXF//qBnMAwk
APSQS6udGCFqrj9WxAWFZpPMUThXlqg4mMR7k6kWwOMNSjqKsVLnNo4kEIQCykTM
55gCxyCPvc1jfHTVxw4Yxgw/yTZYYmFLNEsv2B82ngDh05hobUGNwn/v4ZtuT/In
QBIztEZGzteNIar7LFu7uImhAeWkXcb7XlRy+B3m9l3caj1ELKGNF0GlM62HxbNj
tKJBt0+zpqGKUoCpzRIeGlGjbEGDmHlGiNibVSU4hPp773oHOxwKtChwKD75QELK
E/fCIxlKxGhCrPGGDVA2yLLQIaeDUQQWO88FjzQF8+Wi6Wv15LM3Wu/tPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMmRx41P0exhC8EhdS/8i54N1S2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ3laSEhqVV9SN0dFTHdTRjFMX3lMbmczVkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWxMA0G
CSqGSIb3DQEBCwUAA4IBAQAAjRTpuooUv1LZ5a+xfhPbGq2FzlLkfOQMNGIJy4vl
C7MY9LfSY24aqcpYWO0QZ2C5xt2L+js4LJbYTaC/c/l73LtAnIKqjHK4d+/c/DJ8
P2oK4VpDr7SICsql95clkE8jZp11HTiYRNktux2/ASAIUzvUer73cnDZ1PFNt54Z
yrx9iZfXB2PjxCX2sWw5KJUhsD5UQxUmwxBZ+ypXuQkvDKGwjTuifbrr39aJ+IOS
FKpx518io7dxQqDRLPLLgzHfYifW6o0NuwRAZFm6yGwfjrt+1ywjQdMTxyfyXkIC
mL4kBvTM+m3OFipGNHKwCm/7qXEV0xAv9bVjATGdVQpv
-----END CERTIFICATE-----