Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/L89QI2tLX7Dcv88b4y8T9VgeMC4.roa
File:                     L89QI2tLX7Dcv88b4y8T9VgeMC4.roa (raw, json)
Hash identifier:          8LQfbgkoOXBYjwVv3Rn9O97EBV9Nd3rinl1SLeFmtiQ=
Subject key identifier:   2F:CF:50:23:6B:4B:5F:B0:DC:BF:CF:1B:E3:2F:13:F5:58:1E:30:2E
Certificate issuer:       /CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
Certificate serial:       018CC6B8B02A9A5E506DC7C1E6CAED4353CF
Authority key identifier: 16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/L89QI2tLX7Dcv88b4y8T9VgeMC4.roa
Signing time:             Mon 01 Jan 2024 20:30:41 +0000
ROA not before:           Mon 01 Jan 2024 20:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        155.45.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b0:2a:9a:5e:50:6d:c7:c1:e6:ca:ed:43:53:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
        Validity
            Not Before: Jan  1 20:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fcf50236b4b5fb0dcbfcf1be32f13f5581e302e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7e:3d:8c:d2:6f:cc:ed:44:7d:4f:ab:af:b6:
                    82:c8:cf:06:f4:7e:e5:ef:2f:8d:a3:5c:7f:f4:ab:
                    7e:e0:3e:ad:a1:d2:7d:4b:e7:3f:83:3c:79:ed:0a:
                    de:38:0a:b2:2c:cb:f1:67:de:25:dc:67:20:40:ab:
                    4a:1f:a8:7e:d9:d1:cd:48:c4:4d:62:1d:30:84:99:
                    4c:d8:67:18:07:b8:99:3b:67:77:09:45:8c:a0:dd:
                    27:38:8e:ba:05:d2:45:5f:65:ef:d1:d1:34:6a:9d:
                    75:bf:e6:51:4e:ed:78:c9:82:cb:39:41:28:94:fb:
                    8d:bd:59:da:39:e0:94:d4:0c:49:86:f6:cf:20:39:
                    5a:b9:1c:2e:3c:38:d6:0a:7d:81:dc:3d:58:51:08:
                    51:a8:fb:42:4b:e1:f1:66:6f:73:31:97:0d:68:d1:
                    d7:d9:cf:5b:de:66:b5:e0:82:15:e6:da:a0:61:8e:
                    ae:7c:d9:f5:7a:6b:1e:c4:74:55:c8:3a:9d:6d:1d:
                    20:c2:25:96:c2:50:a8:4c:a7:51:0a:f2:7f:f2:b5:
                    98:bc:9d:6b:4d:e1:5c:9c:90:6d:13:97:5f:e8:9e:
                    03:83:82:c5:f7:c1:2b:00:ff:c4:79:80:3f:fd:5d:
                    6f:8d:9f:1a:f4:f2:de:a5:34:b4:65:2d:6c:95:3a:
                    14:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:CF:50:23:6B:4B:5F:B0:DC:BF:CF:1B:E3:2F:13:F5:58:1E:30:2E
            X509v3 Authority Key Identifier:
                keyid:16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/L89QI2tLX7Dcv88b4y8T9VgeMC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.45.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:88:4f:a8:43:4f:e3:41:a3:cc:f3:8b:48:1f:f9:d2:ac:24:
         4c:6d:c8:91:32:ee:d0:69:65:bf:de:1d:2f:29:a4:76:68:c4:
         e8:2d:05:7b:2a:56:14:e8:3e:c1:f4:16:29:1a:87:ef:17:e2:
         c3:c1:93:9c:1f:08:88:69:3d:fa:50:0c:17:f3:c3:e4:bb:b3:
         17:d8:bf:1e:94:25:f4:b6:bd:e0:75:e1:45:15:b7:cd:5f:01:
         18:75:c2:41:87:31:be:86:bd:11:5d:c2:1a:b9:c0:7e:12:05:
         db:81:a9:74:53:62:63:10:b2:22:16:b2:c4:ee:f2:24:b1:b4:
         c8:ee:bb:20:75:cf:7c:6b:c4:7a:c6:35:2e:8b:2c:ba:e0:11:
         bf:0b:c0:56:11:6b:30:32:99:2e:b8:8b:d8:ca:b5:3b:78:e0:
         c5:4c:41:dc:cd:aa:5d:83:0d:0b:52:4e:c3:57:e4:c6:69:94:
         17:25:77:fe:35:76:71:af:b9:4e:9e:63:49:a2:00:e1:f2:21:
         ab:38:a2:3e:4d:5a:f3:0c:62:84:7d:f3:da:67:83:7c:79:54:
         5a:c4:c9:e4:57:50:ed:39:72:31:77:b4:67:57:83:38:05:96:
         73:f9:58:c2:b6:f4:0a:88:a1:0a:2e:d3:b9:ea:22:3d:e5:c8:
         0c:ba:7a:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuLAqml5QbcfB5srtQ1PPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Y2RlMTM5YWUwNTczYjBhNGRkYTkzZTc3YjU3ZmYyN2Y5
YmViYTEwHhcNMjQwMTAxMjAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmNmNTAyMzZiNGI1ZmIwZGNiZmNmMWJlMzJmMTNmNTU4MWUzMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl349jNJvzO1EfU+rr7aCyM8G9H7l
7y+No1x/9Kt+4D6todJ9S+c/gzx57QreOAqyLMvxZ94l3GcgQKtKH6h+2dHNSMRN
Yh0whJlM2GcYB7iZO2d3CUWMoN0nOI66BdJFX2Xv0dE0ap11v+ZRTu14yYLLOUEo
lPuNvVnaOeCU1AxJhvbPIDlauRwuPDjWCn2B3D1YUQhRqPtCS+HxZm9zMZcNaNHX
2c9b3ma14IIV5tqgYY6ufNn1emsexHRVyDqdbR0gwiWWwlCoTKdRCvJ/8rWYvJ1r
TeFcnJBtE5df6J4Dg4LF98ErAP/EeYA//V1vjZ8a9PLepTS0ZS1slToUsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/PUCNrS1+w3L/PG+MvE/VYHjAuMB8GA1UdIwQY
MBaAFBbN4TmuBXOwpN2pPne1f/J/m+uhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUt
YjY5ZGNlNzU0N2ExLzEvTDg5UUkydExYN0Rjdjg4YjR5OFQ5VmdlTUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUtYjY5ZGNlNzU0N2Ex
LzEvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmy2AMA0G
CSqGSIb3DQEBCwUAA4IBAQBhiE+oQ0/jQaPM84tIH/nSrCRMbciRMu7QaWW/3h0v
KaR2aMToLQV7KlYU6D7B9BYpGofvF+LDwZOcHwiIaT36UAwX88Pku7MX2L8elCX0
tr3gdeFFFbfNXwEYdcJBhzG+hr0RXcIaucB+EgXbgal0U2JjELIiFrLE7vIksbTI
7rsgdc98a8R6xjUuiyy64BG/C8BWEWswMpkuuIvYyrU7eODFTEHczapdgw0LUk7D
V+TGaZQXJXf+NXZxr7lOnmNJogDh8iGrOKI+TVrzDGKEffPaZ4N8eVRaxMnkV1Dt
OXIxd7RnV4M4BZZz+VjCtvQKiKEKLtO56iI95cgMunql
-----END CERTIFICATE-----