Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rgDSwUCMUHK1IolJdZeyTvivhxk.roa
File:                     rgDSwUCMUHK1IolJdZeyTvivhxk.roa (raw, json)
Hash identifier:          YgN2Uo/fLfYpVgLtKtEokaJy7T0xgD29cJmha79gdJo=
Subject key identifier:   AE:00:D2:C1:40:8C:50:72:B5:22:89:49:75:97:B2:4E:F8:AF:87:19
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC349570E8DD3326DA4DB7022A78BC7EB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rgDSwUCMUHK1IolJdZeyTvivhxk.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61350
IP address blocks:        89.213.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:57:0e:8d:d3:32:6d:a4:db:70:22:a7:8b:c7:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae00d2c1408c5072b52289497597b24ef8af8719
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6d:ee:92:9e:b7:90:b7:14:9f:62:18:74:eb:
                    b1:39:b3:8d:2b:79:ba:3f:fd:12:50:15:8d:c0:e7:
                    dc:72:78:53:ab:9a:5a:6d:58:5d:a0:ae:8e:3a:f8:
                    5e:f6:e0:0a:14:7d:24:44:31:25:f4:17:f6:31:b3:
                    d0:fa:de:34:0a:d2:8f:b0:2a:8f:b4:86:53:da:5a:
                    bb:35:90:20:1e:0f:10:9e:28:fe:c8:df:d5:36:b0:
                    8b:f5:2a:f8:c1:71:9b:de:14:4a:fb:66:d3:0e:1d:
                    12:68:75:b3:f7:3c:ae:2b:83:7e:cc:06:96:ad:6f:
                    cf:75:3d:92:ba:de:14:74:23:cb:3c:a7:c6:72:fb:
                    8b:01:31:c4:f4:4b:aa:f5:cd:35:b0:dd:95:91:c0:
                    32:6f:c4:2c:ef:5f:86:ca:9f:fc:eb:9e:03:20:a5:
                    c8:77:d4:a3:83:49:a0:85:c0:d3:75:78:bb:65:14:
                    39:01:8b:07:90:e5:d6:aa:80:79:22:05:91:38:ac:
                    b2:b1:5a:f4:69:56:61:d3:39:75:7f:d8:aa:6f:6f:
                    2b:39:b6:86:0b:ba:a0:96:a8:f5:67:b9:04:ec:06:
                    9a:51:a0:18:0f:f9:ff:8f:52:f0:bc:d3:39:24:21:
                    98:87:3d:4e:1a:a1:7d:20:0b:b5:05:28:73:ea:8f:
                    ef:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:00:D2:C1:40:8C:50:72:B5:22:89:49:75:97:B2:4E:F8:AF:87:19
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rgDSwUCMUHK1IolJdZeyTvivhxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:c7:b2:8f:0c:f9:40:63:ad:fc:18:4f:88:88:d1:71:d1:bf:
         28:33:95:d3:79:17:76:1c:ed:20:6e:71:cb:8b:3d:ba:0e:4c:
         b4:7f:ee:ab:05:50:5c:48:c6:91:83:34:d6:79:fa:de:e2:e3:
         e9:03:16:f4:c9:05:83:39:10:7d:43:ef:26:25:9b:17:96:74:
         e7:c6:a3:6d:bd:c5:96:d5:54:73:5f:b4:c8:cd:da:28:6f:46:
         52:68:d9:a9:b9:b4:93:dc:73:69:a2:f8:ea:fb:bb:74:d6:a7:
         67:79:6e:af:f9:36:9a:e3:fb:55:cc:f6:81:eb:e9:c0:8e:81:
         a6:9d:f8:13:5c:b5:be:20:7b:48:88:73:f9:f5:f6:f2:33:f4:
         d8:a6:12:2f:53:2b:47:c7:ab:f7:54:39:e0:1b:62:54:32:63:
         3a:4d:a3:c5:5c:2b:92:61:7d:d3:ba:25:1b:2b:94:68:ee:ac:
         d3:29:ff:d6:23:b1:9c:31:19:ad:91:ca:65:c1:5f:c1:cc:69:
         64:c5:84:a9:bc:74:0c:51:f2:11:8d:2b:02:90:1c:76:b3:04:
         51:f5:fa:5b:fa:24:4b:35:97:1f:5e:5e:fb:3d:e0:ad:4f:5d:
         d9:aa:a8:c7:c8:86:a9:c9:65:bc:73:14:f0:72:0e:52:9a:1d:
         64:e0:7f:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVcOjdMybaTbcCKni8frMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTAwZDJjMTQwOGM1MDcyYjUyMjg5NDk3NTk3YjI0ZWY4YWY4NzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm23ukp63kLcUn2IYdOuxObONK3m6
P/0SUBWNwOfccnhTq5pabVhdoK6OOvhe9uAKFH0kRDEl9Bf2MbPQ+t40CtKPsCqP
tIZT2lq7NZAgHg8Qnij+yN/VNrCL9Sr4wXGb3hRK+2bTDh0SaHWz9zyuK4N+zAaW
rW/PdT2Sut4UdCPLPKfGcvuLATHE9Euq9c01sN2VkcAyb8Qs71+Gyp/8654DIKXI
d9Sjg0mghcDTdXi7ZRQ5AYsHkOXWqoB5IgWROKyysVr0aVZh0zl1f9iqb28rObaG
C7qglqj1Z7kE7AaaUaAYD/n/j1LwvNM5JCGYhz1OGqF9IAu1BShz6o/vmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4A0sFAjFBytSKJSXWXsk74r4cZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcmdEU3dVQ01VSEsxSW9sSmRaZXlUdml2aHhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWAMA0G
CSqGSIb3DQEBCwUAA4IBAQBvx7KPDPlAY638GE+IiNFx0b8oM5XTeRd2HO0gbnHL
iz26Dky0f+6rBVBcSMaRgzTWefre4uPpAxb0yQWDORB9Q+8mJZsXlnTnxqNtvcWW
1VRzX7TIzdoob0ZSaNmpubST3HNpovjq+7t01qdneW6v+Taa4/tVzPaB6+nAjoGm
nfgTXLW+IHtIiHP59fbyM/TYphIvUytHx6v3VDngG2JUMmM6TaPFXCuSYX3TuiUb
K5Ro7qzTKf/WI7GcMRmtkcplwV/BzGlkxYSpvHQMUfIRjSsCkBx2swRR9fpb+iRL
NZcfXl77PeCtT13ZqqjHyIapyWW8cxTwcg5Smh1k4H8r
-----END CERTIFICATE-----