Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/37a134-4c48-4b5a-b443-52d982d21dff/1/ALtODEkkHrDWVFM-q_n_IId8vY8.roa
File:                     ALtODEkkHrDWVFM-q_n_IId8vY8.roa (raw, json)
Hash identifier:          TCSItPZr3kgwgaMT5289gKk8QXqZpnUBKYrfq7UgyQQ=
Subject key identifier:   00:BB:4E:0C:49:24:1E:B0:D6:54:53:3E:AB:F9:FF:20:87:7C:BD:8F
Certificate issuer:       /CN=6f79b58a3bfa38be90936c314f14b0d9c359acc1
Certificate serial:       018CC4923F1D7D2F351D2B9BDE1F91ECA351
Authority key identifier: 6F:79:B5:8A:3B:FA:38:BE:90:93:6C:31:4F:14:B0:D9:C3:59:AC:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3m1ijv6OL6Qk2wxTxSw2cNZrME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/37a134-4c48-4b5a-b443-52d982d21dff/1/ALtODEkkHrDWVFM-q_n_IId8vY8.roa
Signing time:             Mon 01 Jan 2024 10:29:27 +0000
ROA not before:           Mon 01 Jan 2024 10:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50078
IP address blocks:        193.104.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/37a134-4c48-4b5a-b443-52d982d21dff/1/b3m1ijv6OL6Qk2wxTxSw2cNZrME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/37a134-4c48-4b5a-b443-52d982d21dff/1/b3m1ijv6OL6Qk2wxTxSw2cNZrME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3m1ijv6OL6Qk2wxTxSw2cNZrME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3f:1d:7d:2f:35:1d:2b:9b:de:1f:91:ec:a3:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f79b58a3bfa38be90936c314f14b0d9c359acc1
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00bb4e0c49241eb0d654533eabf9ff20877cbd8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:11:db:0e:fe:a9:58:40:6c:b3:62:f1:a4:0d:
                    0a:98:49:a3:e7:84:66:8f:f9:8f:de:13:fa:6d:db:
                    30:2d:c3:f5:51:d3:31:d7:0f:ba:cf:fc:2c:a4:8f:
                    db:57:f3:c2:b4:28:07:d0:3c:31:15:56:b3:8c:b0:
                    28:bf:95:7e:f1:e3:f6:c1:37:16:bb:4c:50:46:6f:
                    20:52:58:db:43:e6:6d:c1:4f:d4:a5:b4:1b:6f:06:
                    71:ca:12:36:bf:e0:02:d9:8d:0b:84:92:6b:72:61:
                    06:d1:4c:84:c3:96:16:0e:fb:ce:fa:94:62:45:a4:
                    3c:e5:a9:9c:b5:24:c5:cb:4f:4c:77:6d:fe:0b:40:
                    c0:f1:b9:80:d8:18:a2:f3:14:4d:de:f3:ee:c5:5c:
                    42:f7:11:fe:ae:8c:2a:22:f6:13:70:21:09:c7:99:
                    a6:be:8f:26:79:ff:98:6b:57:2b:64:28:1c:2c:4b:
                    dd:56:c0:59:70:c2:60:94:ef:6f:b2:e0:04:ac:28:
                    31:08:9a:f1:c2:65:8e:cc:2d:32:da:96:51:b0:7d:
                    ca:e5:3a:04:45:1f:69:cc:cb:54:db:bd:4e:43:bc:
                    35:f8:f1:57:1c:88:36:24:c1:fe:d5:3a:49:30:29:
                    86:06:55:a6:35:07:00:c2:1f:4f:fa:f7:9f:c9:ed:
                    60:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:BB:4E:0C:49:24:1E:B0:D6:54:53:3E:AB:F9:FF:20:87:7C:BD:8F
            X509v3 Authority Key Identifier:
                keyid:6F:79:B5:8A:3B:FA:38:BE:90:93:6C:31:4F:14:B0:D9:C3:59:AC:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3m1ijv6OL6Qk2wxTxSw2cNZrME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/37a134-4c48-4b5a-b443-52d982d21dff/1/ALtODEkkHrDWVFM-q_n_IId8vY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/37a134-4c48-4b5a-b443-52d982d21dff/1/b3m1ijv6OL6Qk2wxTxSw2cNZrME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:c8:a7:08:5f:21:0c:17:55:c0:29:ed:9c:6b:33:8b:74:bd:
         3b:6b:eb:a6:79:77:f6:3a:af:07:c6:65:b9:47:00:c5:0f:00:
         73:ee:09:0a:6f:8d:e5:da:a4:a9:6f:31:39:29:80:ac:a8:9f:
         5a:e7:07:3f:00:19:8c:b9:a6:b5:06:d7:53:e8:9d:e8:72:e7:
         3e:07:34:a0:b2:b9:db:7b:25:0e:29:4a:ef:23:80:74:93:b2:
         af:2c:ba:d2:0c:e6:0d:15:ac:9f:63:fb:29:60:5a:09:75:1b:
         d2:2e:e2:c0:97:37:c6:35:a2:02:ee:2f:0d:74:28:7c:0a:7e:
         af:c0:c4:8d:55:fe:3d:1a:9e:0a:65:30:f7:26:0a:a3:e0:bd:
         99:00:c8:b3:da:f2:74:80:39:95:d2:0d:db:21:32:80:03:43:
         58:f3:c4:d4:41:1d:b1:1a:5a:4c:3e:45:4e:42:66:43:73:36:
         34:69:0b:9c:a3:c4:f0:b6:3a:21:61:10:5e:46:fb:cc:3b:8f:
         f8:33:ee:cd:4d:05:75:a3:0f:f7:34:c5:28:f1:b3:a7:a2:04:
         65:3b:c9:d1:8d:6e:00:f8:9f:4e:50:1f:5c:5d:be:2a:b1:50:
         5d:25:6c:94:bc:73:52:44:7f:16:83:9b:8b:07:d6:95:9a:e1:
         2e:5f:3a:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkj8dfS81HSub3h+R7KNRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzliNThhM2JmYTM4YmU5MDkzNmMzMTRmMTRiMGQ5YzM1
OWFjYzEwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGJiNGUwYzQ5MjQxZWIwZDY1NDUzM2VhYmY5ZmYyMDg3N2NiZDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghHbDv6pWEBss2LxpA0KmEmj54Rm
j/mP3hP6bdswLcP1UdMx1w+6z/wspI/bV/PCtCgH0DwxFVazjLAov5V+8eP2wTcW
u0xQRm8gUljbQ+ZtwU/UpbQbbwZxyhI2v+AC2Y0LhJJrcmEG0UyEw5YWDvvO+pRi
RaQ85amctSTFy09Md23+C0DA8bmA2Bii8xRN3vPuxVxC9xH+rowqIvYTcCEJx5mm
vo8mef+Ya1crZCgcLEvdVsBZcMJglO9vsuAErCgxCJrxwmWOzC0y2pZRsH3K5ToE
RR9pzMtU271OQ7w1+PFXHIg2JMH+1TpJMCmGBlWmNQcAwh9P+vefye1gPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAC7TgxJJB6w1lRTPqv5/yCHfL2PMB8GA1UdIwQY
MBaAFG95tYo7+ji+kJNsMU8UsNnDWazBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNtMWlqdjZPTDZRazJ3eFR4U3cyY05ack1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS8zN2ExMzQtNGM0OC00YjVhLWI0NDMt
NTJkOTgyZDIxZGZmLzEvQUx0T0RFa2tIckRXVkZNLXFfbl9JSWQ4dlk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS8zN2ExMzQtNGM0OC00YjVhLWI0NDMtNTJkOTgyZDIxZGZm
LzEvYjNtMWlqdjZPTDZRazJ3eFR4U3cyY05ack1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWhZMA0G
CSqGSIb3DQEBCwUAA4IBAQCtyKcIXyEMF1XAKe2cazOLdL07a+umeXf2Oq8HxmW5
RwDFDwBz7gkKb43l2qSpbzE5KYCsqJ9a5wc/ABmMuaa1BtdT6J3ocuc+BzSgsrnb
eyUOKUrvI4B0k7KvLLrSDOYNFayfY/spYFoJdRvSLuLAlzfGNaIC7i8NdCh8Cn6v
wMSNVf49Gp4KZTD3Jgqj4L2ZAMiz2vJ0gDmV0g3bITKAA0NY88TUQR2xGlpMPkVO
QmZDczY0aQuco8TwtjohYRBeRvvMO4/4M+7NTQV1ow/3NMUo8bOnogRlO8nRjW4A
+J9OUB9cXb4qsVBdJWyUvHNSRH8Wg5uLB9aVmuEuXzrq
-----END CERTIFICATE-----