Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/kf6U-9GDRNG13A4BYlHRDYG0-h0.roa
File:                     kf6U-9GDRNG13A4BYlHRDYG0-h0.roa (raw, json)
Hash identifier:          fnhBimJuFaaDjG2mIrJubR3JWZFaoH8UULirQr46i6I=
Subject key identifier:   91:FE:94:FB:D1:83:44:D1:B5:DC:0E:01:62:51:D1:0D:81:B4:FA:1D
Certificate issuer:       /CN=17c203e3f365923a843d3220317a1c68cf74de0f
Certificate serial:       018CC64B5E5D45AF2BCDE6B064C0953668D4
Authority key identifier: 17:C2:03:E3:F3:65:92:3A:84:3D:32:20:31:7A:1C:68:CF:74:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/kf6U-9GDRNG13A4BYlHRDYG0-h0.roa
Signing time:             Mon 01 Jan 2024 18:31:17 +0000
ROA not before:           Mon 01 Jan 2024 18:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        89.111.15.128/26 maxlen: 26
                          2a00:17c0:c4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/F8ID4_NlkjqEPTIgMXocaM903g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/F8ID4_NlkjqEPTIgMXocaM903g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:5e:5d:45:af:2b:cd:e6:b0:64:c0:95:36:68:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17c203e3f365923a843d3220317a1c68cf74de0f
        Validity
            Not Before: Jan  1 18:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91fe94fbd18344d1b5dc0e016251d10d81b4fa1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:0c:6b:4e:79:00:c5:a1:5f:98:48:65:fa:29:
                    6a:4b:21:2e:98:bd:57:5f:a3:87:be:60:7e:f2:e8:
                    b0:36:d2:85:2f:df:68:2c:cc:a6:93:33:b5:ad:99:
                    aa:01:6c:49:ff:ef:93:6c:42:53:26:f5:02:71:a9:
                    8c:d3:74:43:c9:78:69:d5:e7:28:d5:c0:09:18:04:
                    14:4f:34:32:0a:46:57:f8:7e:23:c1:71:de:14:e5:
                    69:f6:1a:d1:17:e2:8f:e1:99:b7:53:ab:23:94:13:
                    d8:3f:a5:19:66:2b:b4:a7:da:c7:e9:fe:ba:93:ed:
                    c4:2a:c4:4e:65:09:31:32:b1:28:d5:65:9a:d1:dd:
                    75:be:0e:cf:e5:79:96:0f:30:56:de:67:3d:03:fb:
                    03:10:96:11:dc:cb:02:de:ea:23:4d:17:1c:d9:b6:
                    4c:b1:e9:a6:09:94:bc:a3:db:27:a3:19:48:9a:d5:
                    c9:6a:f3:8e:16:7b:9b:99:a0:4b:32:3e:f6:4a:23:
                    2e:c3:3d:99:04:2a:f8:cc:38:5a:d0:f9:ae:ba:63:
                    f2:3c:d2:44:ca:fd:44:63:1f:c3:49:d6:cf:c5:e5:
                    b0:7c:ed:65:87:86:44:2a:9c:5f:13:9c:e7:7d:e5:
                    15:74:fa:3c:c0:1f:9e:27:62:22:67:cd:17:9c:d8:
                    0d:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:FE:94:FB:D1:83:44:D1:B5:DC:0E:01:62:51:D1:0D:81:B4:FA:1D
            X509v3 Authority Key Identifier:
                keyid:17:C2:03:E3:F3:65:92:3A:84:3D:32:20:31:7A:1C:68:CF:74:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/kf6U-9GDRNG13A4BYlHRDYG0-h0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/F8ID4_NlkjqEPTIgMXocaM903g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.111.15.128/26
                IPv6:
                  2a00:17c0:c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:ae:a7:9d:73:d3:48:87:9a:14:94:24:ea:4f:0f:8b:16:dd:
         da:0c:9b:e6:97:99:df:84:5f:17:f6:c9:2e:70:3c:f1:f8:80:
         25:c5:2b:91:79:5f:5d:e1:2f:54:b2:4d:62:96:fd:17:d1:a1:
         17:a0:9c:40:b2:7a:bd:e9:60:b7:b9:b1:59:77:9e:83:2e:c1:
         bb:02:8d:cb:7b:7a:fa:8d:b1:70:5a:40:46:94:33:c3:d6:eb:
         ea:3a:05:2b:87:bc:5f:fd:70:48:50:72:58:81:84:18:09:56:
         4a:b2:7e:1c:bc:1c:ef:a7:f8:01:40:af:ee:60:3f:b1:13:28:
         05:84:e7:b1:cb:80:5f:10:2d:b3:1a:fa:82:14:e5:31:0d:ec:
         ae:a7:d9:31:64:c6:0f:90:e4:62:c2:12:20:a8:de:c7:45:cc:
         79:b4:85:25:1c:32:fe:4c:f8:6b:0b:81:d7:99:af:63:73:41:
         6f:d2:2c:6e:8d:c7:f4:47:22:ec:1f:0a:54:b1:7e:c6:c3:7f:
         37:02:9d:86:43:ee:05:0f:db:73:fe:df:87:73:ac:72:80:16:
         e0:00:0b:af:be:2f:f2:30:9d:8a:70:e2:0a:62:20:75:b5:73:
         bb:ec:6e:a9:b9:1a:9e:40:27:74:13:75:12:0d:c6:11:ca:00:
         36:6b:ab:5e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGS15dRa8rzeawZMCVNmjUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YzIwM2UzZjM2NTkyM2E4NDNkMzIyMDMxN2ExYzY4Y2Y3
NGRlMGYwHhcNMjQwMTAxMTgzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWZlOTRmYmQxODM0NGQxYjVkYzBlMDE2MjUxZDEwZDgxYjRmYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QxrTnkAxaFfmEhl+ilqSyEumL1X
X6OHvmB+8uiwNtKFL99oLMymkzO1rZmqAWxJ/++TbEJTJvUCcamM03RDyXhp1eco
1cAJGAQUTzQyCkZX+H4jwXHeFOVp9hrRF+KP4Zm3U6sjlBPYP6UZZiu0p9rH6f66
k+3EKsROZQkxMrEo1WWa0d11vg7P5XmWDzBW3mc9A/sDEJYR3MsC3uojTRcc2bZM
semmCZS8o9snoxlImtXJavOOFnubmaBLMj72SiMuwz2ZBCr4zDha0PmuumPyPNJE
yv1EYx/DSdbPxeWwfO1lh4ZEKpxfE5znfeUVdPo8wB+eJ2IiZ80XnNgNWQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJH+lPvRg0TRtdwOAWJR0Q2BtPodMB8GA1UdIwQY
MBaAFBfCA+PzZZI6hD0yIDF6HGjPdN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjhJRDRfTmxranFFUFRJZ01Yb2NhTTkwM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy84OWFlOGUtNDY3NC00NTVkLTlmMjMt
YWM2N2EzNmU0YWFiLzEva2Y2VS05R0RSTkcxM0E0QllsSFJEWUcwLWgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy84OWFlOGUtNDY3NC00NTVkLTlmMjMtYWM2N2EzNmU0YWFi
LzEvRjhJRDRfTmxranFFUFRJZ01Yb2NhTTkwM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDANBAIAATAHAwUGWW8PgDAP
BAIAAjAJAwcAKgAXwADEMA0GCSqGSIb3DQEBCwUAA4IBAQB7rqedc9NIh5oUlCTq
Tw+LFt3aDJvml5nfhF8X9skucDzx+IAlxSuReV9d4S9Usk1ilv0X0aEXoJxAsnq9
6WC3ubFZd56DLsG7Ao3Le3r6jbFwWkBGlDPD1uvqOgUrh7xf/XBIUHJYgYQYCVZK
sn4cvBzvp/gBQK/uYD+xEygFhOexy4BfEC2zGvqCFOUxDeyup9kxZMYPkORiwhIg
qN7HRcx5tIUlHDL+TPhrC4HXma9jc0Fv0ixujcf0RyLsHwpUsX7Gw383Ap2GQ+4F
D9tz/t+Hc6xygBbgAAuvvi/yMJ2KcOIKYiB1tXO77G6puRqeQCd0E3USDcYRygA2
a6te
-----END CERTIFICATE-----