Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/ae8HUz6nt9V9WU2PZmFvPBNegWY.roa
File:                     ae8HUz6nt9V9WU2PZmFvPBNegWY.roa (raw, json)
Hash identifier:          ykoxQF0Jx6+PtNoMzwI1wHZx+GTLwdb658TUZzCSBco=
Subject key identifier:   69:EF:07:53:3E:A7:B7:D5:7D:59:4D:8F:66:61:6F:3C:13:5E:81:66
Certificate issuer:       /CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
Certificate serial:       0192660B98E09898F24BC8275974B3E52D64
Authority key identifier: B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/ae8HUz6nt9V9WU2PZmFvPBNegWY.roa
Signing time:             Mon 07 Oct 2024 08:14:48 +0000
ROA not before:           Mon 07 Oct 2024 08:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48678
IP address blocks:        89.35.52.0/24 maxlen: 24
                          193.164.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:66:0b:98:e0:98:98:f2:4b:c8:27:59:74:b3:e5:2d:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
        Validity
            Not Before: Oct  7 08:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69ef07533ea7b7d57d594d8f66616f3c135e8166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b5:ef:5c:6d:f9:84:90:19:38:91:b3:73:77:
                    41:e3:18:7f:6e:1a:dc:c4:fb:38:0e:5a:95:92:e0:
                    f1:b1:1d:e1:fb:b6:1d:60:a5:c5:54:12:26:88:0b:
                    b2:50:bc:47:a8:5e:5a:7b:32:49:1c:66:58:8f:71:
                    d7:af:61:07:08:da:c2:4c:f1:a9:83:de:dd:2c:08:
                    c3:7e:a6:ea:77:cf:34:93:b4:90:c9:ec:24:1b:13:
                    82:cc:bd:bf:c3:52:e2:0c:4f:45:e3:08:d2:57:eb:
                    e2:df:32:89:93:af:f1:0a:6b:99:8f:dc:3c:42:35:
                    17:f6:e3:11:b9:6b:c5:88:f1:38:08:50:51:e8:0f:
                    c8:3f:46:a1:24:ea:82:cd:25:8e:a4:f9:d9:b5:09:
                    20:a3:9a:8b:ce:26:eb:7a:4c:9e:48:a3:ac:ca:ff:
                    db:2e:cf:8a:ea:ef:c8:3d:e5:f2:02:3e:0f:99:51:
                    71:ce:ad:de:65:cf:bd:55:40:2d:c9:b7:42:3b:4e:
                    6d:59:8d:08:d6:c6:8e:f3:ae:04:65:f0:7a:c0:4f:
                    8a:4a:41:63:8e:5b:9e:92:ca:41:d3:e7:c6:dc:47:
                    0b:ec:f9:a7:53:52:29:86:f2:3e:26:03:03:a2:cc:
                    79:fb:91:c9:50:1a:98:a3:f8:8c:8a:b9:de:b8:7b:
                    1e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:EF:07:53:3E:A7:B7:D5:7D:59:4D:8F:66:61:6F:3C:13:5E:81:66
            X509v3 Authority Key Identifier:
                keyid:B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/ae8HUz6nt9V9WU2PZmFvPBNegWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.52.0/24
                  193.164.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:07:13:0d:c2:b1:22:c2:0f:38:21:55:90:dd:87:ff:78:4a:
         c4:1d:60:43:9b:92:0a:41:e6:1c:f3:c4:f2:b3:f8:6d:58:56:
         07:00:43:36:71:a3:b0:d2:db:be:17:e6:27:dd:59:b0:22:a4:
         45:85:47:1a:e7:37:1e:4d:4e:39:ee:39:05:ef:42:9a:8d:e7:
         12:87:b5:74:08:0a:41:00:98:3c:71:44:35:48:80:60:8f:1b:
         50:db:95:8d:a8:64:bf:00:ce:6e:d9:cd:b4:e3:90:d6:ef:9a:
         8a:a8:67:a1:fe:03:af:e9:7e:d0:97:2a:bb:1e:a3:5c:64:96:
         0c:10:a6:d1:9e:32:a5:22:62:a0:f3:e1:da:7e:4c:46:95:c7:
         9e:0e:06:da:47:6f:29:84:68:0e:77:91:04:a0:39:7f:2c:bb:
         57:cf:4a:12:73:b1:ce:9d:c1:f9:98:4d:e4:3b:21:9e:6f:a4:
         23:14:31:cc:9d:66:78:98:1a:56:96:be:c0:46:c1:05:8f:8a:
         a4:2c:fc:93:d2:11:1e:59:e4:74:ea:50:36:21:78:1b:a2:2a:
         74:73:51:64:cf:19:f2:75:ea:3d:4c:5a:c0:c1:c8:14:c1:83:
         4e:92:23:40:c2:71:48:f3:11:49:9d:cc:16:94:30:79:ab:52:
         ba:b1:6d:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJmC5jgmJjyS8gnWXSz5S1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjVhODBhNzEwNmUwYTRiODU0NWM4MTUwYmI3MmM2OTlm
Y2M5YTAwHhcNMjQxMDA3MDgxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWVmMDc1MzNlYTdiN2Q1N2Q1OTRkOGY2NjYxNmYzYzEzNWU4MTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLXvXG35hJAZOJGzc3dB4xh/bhrc
xPs4DlqVkuDxsR3h+7YdYKXFVBImiAuyULxHqF5aezJJHGZYj3HXr2EHCNrCTPGp
g97dLAjDfqbqd880k7SQyewkGxOCzL2/w1LiDE9F4wjSV+vi3zKJk6/xCmuZj9w8
QjUX9uMRuWvFiPE4CFBR6A/IP0ahJOqCzSWOpPnZtQkgo5qLzibrekyeSKOsyv/b
Ls+K6u/IPeXyAj4PmVFxzq3eZc+9VUAtybdCO05tWY0I1saO864EZfB6wE+KSkFj
jluekspB0+fG3EcL7PmnU1IphvI+JgMDosx5+5HJUBqYo/iMirneuHseawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGnvB1M+p7fVfVlNj2ZhbzwTXoFmMB8GA1UdIwQY
MBaAFLC1qApxBuCkuFRcgVC7csaZ/MmgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDIt
NzQ1ZTA4ZmU1OGM2LzEvYWU4SFV6Nm50OVY5V1UyUFptRnZQQk5lZ1dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDItNzQ1ZTA4ZmU1OGM2
LzEvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSM0AwQA
waQFMA0GCSqGSIb3DQEBCwUAA4IBAQBCBxMNwrEiwg84IVWQ3Yf/eErEHWBDm5IK
QeYc88Tys/htWFYHAEM2caOw0tu+F+Yn3VmwIqRFhUca5zceTU457jkF70KajecS
h7V0CApBAJg8cUQ1SIBgjxtQ25WNqGS/AM5u2c2045DW75qKqGeh/gOv6X7Qlyq7
HqNcZJYMEKbRnjKlImKg8+HafkxGlceeDgbaR28phGgOd5EEoDl/LLtXz0oSc7HO
ncH5mE3kOyGeb6QjFDHMnWZ4mBpWlr7ARsEFj4qkLPyT0hEeWeR06lA2IXgboip0
c1Fkzxnydeo9TFrAwcgUwYNOkiNAwnFI8xFJncwWlDB5q1K6sW3H
-----END CERTIFICATE-----