Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/TQ9IKdKglp7c6npPHqXVI3mwNUw.roa
File:                     TQ9IKdKglp7c6npPHqXVI3mwNUw.roa (raw, json)
Hash identifier:          ExBw/OPrqngAXptHcokOTqQG2hMWHuh/c3vbL8cp5Sw=
Subject key identifier:   4D:0F:48:29:D2:A0:96:9E:DC:EA:7A:4F:1E:A5:D5:23:79:B0:35:4C
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       018CC8DED08FF80B3918BF217C6824D9A278
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/TQ9IKdKglp7c6npPHqXVI3mwNUw.roa
Signing time:             Tue 02 Jan 2024 06:31:34 +0000
ROA not before:           Tue 02 Jan 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212174
IP address blocks:        89.35.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d0:8f:f8:0b:39:18:bf:21:7c:68:24:d9:a2:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Jan  2 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d0f4829d2a0969edcea7a4f1ea5d52379b0354c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:81:b7:37:02:40:29:5a:93:d3:a1:13:13:98:
                    fa:04:0a:61:65:59:cd:5b:cc:1f:04:de:32:26:fa:
                    46:55:62:01:3a:15:c5:01:c0:25:3c:53:4a:f2:19:
                    cf:63:a8:3c:a1:0c:9d:1a:ed:50:df:fa:0e:d7:74:
                    63:90:cf:e8:f3:99:4e:af:f5:c0:01:3b:ad:07:58:
                    2c:fb:82:50:17:43:e7:bd:d7:32:4c:42:84:a3:6f:
                    5f:e5:68:80:bf:9d:ea:93:b5:f1:ee:0f:71:26:ba:
                    2c:ab:8b:7e:51:61:02:4d:de:0b:05:ce:15:19:b6:
                    31:6b:3a:4c:78:d0:0f:fd:ad:26:db:38:29:f1:23:
                    cf:e6:73:7c:b8:19:85:f9:85:40:01:e9:35:d9:0e:
                    ee:5c:d4:ad:2f:bd:ac:67:01:49:b0:4e:3b:4b:9a:
                    a9:9e:37:54:ea:6c:e4:00:c0:4e:31:7a:79:df:48:
                    a9:32:dd:0c:5e:77:8d:7b:35:de:38:a1:d4:7b:1c:
                    49:70:11:14:ff:95:43:b3:2c:59:50:99:61:44:5d:
                    cc:ac:90:39:41:4c:94:76:eb:bb:01:e0:45:73:2a:
                    52:2e:39:43:c6:76:25:5c:a1:1e:63:66:00:bb:d2:
                    2c:10:3b:44:d9:c0:76:fd:91:a1:13:7f:0d:de:5a:
                    01:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:0F:48:29:D2:A0:96:9E:DC:EA:7A:4F:1E:A5:D5:23:79:B0:35:4C
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/TQ9IKdKglp7c6npPHqXVI3mwNUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:97:28:17:83:ae:d8:bf:6e:fe:40:4d:84:41:74:d5:77:fa:
         5c:bb:fc:67:af:96:20:18:7c:9a:a0:43:6f:8e:29:e7:91:71:
         e1:29:16:ac:66:21:46:05:cb:63:e9:03:7a:64:40:f2:6e:5e:
         b3:98:5d:a5:84:46:f7:4e:6e:ea:25:ac:63:8b:ee:fa:b8:d0:
         dd:d8:55:81:fb:63:fe:0c:7e:93:2f:82:51:e7:ef:63:bd:c0:
         19:64:ad:31:5e:73:ce:84:99:42:be:86:c3:49:63:45:ad:2a:
         54:44:d7:61:5e:54:e1:0b:76:bf:89:22:a5:ff:92:fd:76:d1:
         38:e3:81:ca:44:93:a5:96:9a:e9:44:b9:b1:51:d7:30:e0:8e:
         f1:3d:2c:8e:e1:bd:0e:f4:98:ff:e1:23:a1:cf:73:6b:6f:e4:
         d8:55:ac:69:9c:e8:dc:57:2c:dc:39:2a:56:e5:6e:cb:92:95:
         80:c1:10:82:40:1e:43:34:62:26:49:cb:45:bd:9a:b9:a2:30:
         0e:52:0c:26:1c:78:3c:0a:86:85:d3:0c:c3:b5:ad:9f:91:77:
         cf:7e:35:92:2d:96:a8:81:d4:da:c7:01:03:9c:1d:5d:f4:25:
         98:b5:a9:0c:c1:c0:08:81:9c:d5:53:29:4c:a1:d0:84:c6:46:
         23:92:b3:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tCP+As5GL8hfGgk2aJ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjQwMTAyMDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDBmNDgyOWQyYTA5NjllZGNlYTdhNGYxZWE1ZDUyMzc5YjAzNTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4G3NwJAKVqT06ETE5j6BAphZVnN
W8wfBN4yJvpGVWIBOhXFAcAlPFNK8hnPY6g8oQydGu1Q3/oO13RjkM/o85lOr/XA
ATutB1gs+4JQF0PnvdcyTEKEo29f5WiAv53qk7Xx7g9xJrosq4t+UWECTd4LBc4V
GbYxazpMeNAP/a0m2zgp8SPP5nN8uBmF+YVAAek12Q7uXNStL72sZwFJsE47S5qp
njdU6mzkAMBOMXp530ipMt0MXneNezXeOKHUexxJcBEU/5VDsyxZUJlhRF3MrJA5
QUyUduu7AeBFcypSLjlDxnYlXKEeY2YAu9IsEDtE2cB2/ZGhE38N3loBEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0PSCnSoJae3Op6Tx6l1SN5sDVMMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvVFE5SUtkS2dscDdjNm5wUEhxWFZJM213TlV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSPpMA0G
CSqGSIb3DQEBCwUAA4IBAQCJlygXg67Yv27+QE2EQXTVd/pcu/xnr5YgGHyaoENv
jinnkXHhKRasZiFGBctj6QN6ZEDybl6zmF2lhEb3Tm7qJaxji+76uNDd2FWB+2P+
DH6TL4JR5+9jvcAZZK0xXnPOhJlCvobDSWNFrSpURNdhXlThC3a/iSKl/5L9dtE4
44HKRJOllprpRLmxUdcw4I7xPSyO4b0O9Jj/4SOhz3Nrb+TYVaxpnOjcVyzcOSpW
5W7LkpWAwRCCQB5DNGImSctFvZq5ojAOUgwmHHg8CoaF0wzDta2fkXfPfjWSLZao
gdTaxwEDnB1d9CWYtakMwcAIgZzVUylModCExkYjkrPG
-----END CERTIFICATE-----