Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/dycx85GWYDhfsVMZvxX1YKC-1gk.roa
File:                     dycx85GWYDhfsVMZvxX1YKC-1gk.roa (raw, json)
Hash identifier:          i9bfdnILAXMZ4zmh8lBJHkzy4rdo3pA9MSRN7cL5IwA=
Subject key identifier:   77:27:31:F3:91:96:60:38:5F:B1:53:19:BF:15:F5:60:A0:BE:D6:09
Certificate issuer:       /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial:       018CC94E4AC32EA6837E2C9E82EC9990CE5F
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/dycx85GWYDhfsVMZvxX1YKC-1gk.roa
Signing time:             Tue 02 Jan 2024 08:33:20 +0000
ROA not before:           Tue 02 Jan 2024 08:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197216
IP address blocks:        89.187.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:4a:c3:2e:a6:83:7e:2c:9e:82:ec:99:90:ce:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
        Validity
            Not Before: Jan  2 08:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=772731f3919660385fb15319bf15f560a0bed609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:55:29:62:e0:9c:6c:95:cd:af:78:d9:2b:ce:
                    ac:1a:bc:c4:c3:e3:81:47:ff:32:de:65:b1:a8:c0:
                    bc:2c:6c:8d:2d:ff:7f:b4:6b:fa:03:d7:48:a6:2f:
                    69:ab:6b:e2:78:da:cc:cd:e6:d9:60:17:f4:9f:4e:
                    39:13:08:88:6f:28:23:a4:fb:19:1c:7e:9a:77:de:
                    4a:7a:13:84:94:9b:ff:cc:9d:74:3a:7f:b9:a3:d1:
                    1a:b4:f4:36:9d:c0:12:b1:6b:b4:5a:d2:c0:5c:9b:
                    1d:36:f7:91:10:93:07:03:f3:5a:e8:f9:d9:b2:71:
                    44:49:aa:0e:f9:83:08:a4:8a:c0:9d:50:95:cd:c0:
                    9c:cb:cb:a8:98:67:4d:f8:c7:fb:64:3b:5f:64:a2:
                    96:9b:8d:31:3e:ea:a7:20:db:8f:c7:43:d4:d3:f1:
                    54:00:a2:14:8e:51:73:e6:65:95:a7:73:f9:9c:11:
                    5b:58:2f:13:ef:75:91:d9:36:db:a9:0d:23:4d:6b:
                    34:4c:7e:40:5c:b7:a9:71:f9:41:43:a1:7c:ad:06:
                    72:70:1f:3f:1f:90:b3:58:e4:bd:0b:c5:21:54:91:
                    62:f0:31:13:5f:94:d1:c7:5c:89:e3:e2:94:44:a0:
                    e7:e0:64:16:b7:91:9f:39:19:3f:ef:7a:a4:92:13:
                    ac:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:27:31:F3:91:96:60:38:5F:B1:53:19:BF:15:F5:60:A0:BE:D6:09
            X509v3 Authority Key Identifier:
                keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/dycx85GWYDhfsVMZvxX1YKC-1gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:30:5f:9b:72:7e:96:7d:1e:8c:94:3e:ad:2b:b1:96:38:dc:
         33:60:03:a8:05:c8:41:ed:8b:eb:79:ae:b0:c7:cc:ec:bc:4d:
         9c:e9:6b:c7:de:0a:5c:ff:fa:b1:77:42:c7:5c:9c:45:98:13:
         73:7d:5b:89:bb:63:d5:7b:b0:59:e5:e9:8c:a8:f0:b0:bd:71:
         7c:32:59:c0:07:f8:df:4c:e6:71:94:ca:d6:ee:af:d4:19:b8:
         92:e0:36:7c:5f:b1:38:82:a2:58:09:cc:44:73:0c:c6:01:2c:
         10:c4:76:82:aa:7e:be:50:ab:14:e8:f7:93:92:f5:8c:a7:28:
         7f:24:97:58:1e:04:f1:d6:dd:e8:8b:db:b7:d8:a6:58:e0:3f:
         09:9f:f0:fb:a7:ac:54:66:c4:37:46:11:bc:1a:c2:9c:f1:f7:
         53:32:96:5a:79:3d:f3:01:d8:d3:ab:a8:04:92:06:d6:34:83:
         62:8a:bc:53:3e:b9:ad:94:55:95:32:38:b4:ac:0e:04:75:14:
         86:39:da:89:3c:90:4a:0a:87:eb:0c:42:63:37:01:55:42:d7:
         ed:d6:dc:e1:ae:85:d6:eb:8a:67:e2:dc:83:0c:bb:6b:30:51:
         e7:b9:53:d4:3c:e6:d2:04:63:56:08:14:e4:1a:8c:c5:17:b3:
         f9:b8:25:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkrDLqaDfiyeguyZkM5fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjQwMTAyMDgzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzI3MzFmMzkxOTY2MDM4NWZiMTUzMTliZjE1ZjU2MGEwYmVkNjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhVUpYuCcbJXNr3jZK86sGrzEw+OB
R/8y3mWxqMC8LGyNLf9/tGv6A9dIpi9pq2vieNrMzebZYBf0n045EwiIbygjpPsZ
HH6ad95KehOElJv/zJ10On+5o9EatPQ2ncASsWu0WtLAXJsdNveREJMHA/Na6PnZ
snFESaoO+YMIpIrAnVCVzcCcy8uomGdN+Mf7ZDtfZKKWm40xPuqnINuPx0PU0/FU
AKIUjlFz5mWVp3P5nBFbWC8T73WR2TbbqQ0jTWs0TH5AXLepcflBQ6F8rQZycB8/
H5CzWOS9C8UhVJFi8DETX5TRx1yJ4+KURKDn4GQWt5GfORk/73qkkhOscwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcnMfORlmA4X7FTGb8V9WCgvtYJMB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvZHljeDg1R1dZRGhmc1ZNWnZ4WDFZS0MtMWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbtTMA0G
CSqGSIb3DQEBCwUAA4IBAQAvMF+bcn6WfR6MlD6tK7GWONwzYAOoBchB7Yvrea6w
x8zsvE2c6WvH3gpc//qxd0LHXJxFmBNzfVuJu2PVe7BZ5emMqPCwvXF8MlnAB/jf
TOZxlMrW7q/UGbiS4DZ8X7E4gqJYCcxEcwzGASwQxHaCqn6+UKsU6PeTkvWMpyh/
JJdYHgTx1t3oi9u32KZY4D8Jn/D7p6xUZsQ3RhG8GsKc8fdTMpZaeT3zAdjTq6gE
kgbWNINiirxTPrmtlFWVMji0rA4EdRSGOdqJPJBKCofrDEJjNwFVQtft1tzhroXW
64pn4tyDDLtrMFHnuVPUPObSBGNWCBTkGozFF7P5uCW9
-----END CERTIFICATE-----