Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/sU35PHBn_2cVSSYPcFpp_LjFi84.roa
File:                     sU35PHBn_2cVSSYPcFpp_LjFi84.roa (raw, json)
Hash identifier:          r0vwyPC9BULhHpKPcIU4JoMjMWc6rMdWHZuL5fFBp4M=
Subject key identifier:   B1:4D:F9:3C:70:67:FF:67:15:49:26:0F:70:5A:69:FC:B8:C5:8B:CE
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E6D5B61A57F5081116E1242474EDE
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/sU35PHBn_2cVSSYPcFpp_LjFi84.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41573
IP address blocks:        89.40.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6d:5b:61:a5:7f:50:81:11:6e:12:42:47:4e:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b14df93c7067ff671549260f705a69fcb8c58bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:6e:13:33:62:ae:e2:ff:f2:a4:bc:ea:0b:55:
                    06:35:75:e9:a0:b2:4e:b4:95:be:cb:38:80:14:f4:
                    05:7b:ee:af:58:fa:67:e8:75:86:28:28:16:ee:bc:
                    2e:78:c6:69:13:51:9d:dd:c4:26:ac:61:f6:18:fe:
                    8d:92:ae:50:5a:20:5d:3b:18:bf:c7:c3:2b:43:c7:
                    bd:c2:54:a3:a7:41:a7:c4:8a:a5:00:d9:8c:db:45:
                    f2:8d:ed:69:fa:ae:a6:7d:82:49:d4:81:b8:fc:76:
                    9a:90:4c:4f:35:9b:a5:bc:35:42:b2:c8:34:7d:00:
                    f4:93:d0:87:cc:22:c2:6c:4c:8c:69:46:54:b1:ec:
                    1f:2e:9d:ad:7a:a3:2d:0a:03:30:98:78:f2:28:4d:
                    95:50:e7:18:41:c1:b4:ca:15:1c:43:24:e3:46:f5:
                    4b:a0:84:0b:43:27:05:0b:a8:c3:46:07:95:2e:67:
                    b7:69:6b:31:60:d8:84:d3:e8:37:ad:db:84:5d:49:
                    76:7f:63:20:b3:0c:bf:96:79:b9:5b:d0:fa:d6:40:
                    12:ed:7e:55:9c:78:fd:ac:f2:04:ce:cd:d2:7d:f6:
                    54:7f:36:31:d4:cb:cf:dc:c4:10:1b:26:e5:f8:b3:
                    76:1b:c6:a0:b6:d9:fd:55:37:6b:bf:a1:5a:61:47:
                    ba:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:4D:F9:3C:70:67:FF:67:15:49:26:0F:70:5A:69:FC:B8:C5:8B:CE
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/sU35PHBn_2cVSSYPcFpp_LjFi84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:3b:74:b5:e1:55:a8:6d:e6:08:fc:cb:fe:db:ba:1f:16:6c:
         bb:17:48:bd:51:a6:ba:38:c0:a4:0c:5c:38:f6:b8:cb:7b:67:
         3e:d8:fa:8d:69:13:8e:6c:d5:ae:fb:20:0a:3d:4e:de:42:4e:
         58:b4:34:e3:2f:ba:a8:0a:a3:b7:08:18:a2:6e:6e:df:9c:9b:
         c2:72:03:6b:fd:46:12:e0:cd:5d:cb:83:97:6d:52:9a:cb:b9:
         47:00:4f:d5:c5:37:85:cd:6f:04:52:06:b8:27:ea:ae:95:57:
         15:1d:ae:72:34:87:3f:ca:74:f2:be:c9:d1:5e:e8:7a:2a:7d:
         37:0d:13:28:aa:8f:e3:cd:56:f8:76:b7:a8:d1:ed:e8:c5:93:
         4c:13:3c:24:7d:7a:3a:80:74:94:86:e8:58:d1:28:17:ba:2f:
         eb:22:1f:7c:8f:e0:df:74:6c:cd:1a:11:15:eb:ca:21:81:8f:
         cb:3a:c4:5f:78:df:b5:e3:63:f1:64:50:c7:e8:bc:c4:4d:6e:
         f7:1d:88:15:c7:b4:a5:f5:35:09:55:2c:2d:3e:49:2e:f0:a2:
         1e:f7:ed:90:5b:b8:49:cd:3a:f3:bf:0d:cb:60:36:f8:de:a1:
         25:d9:03:42:21:8f:5b:0d:64:e6:13:a6:db:ee:67:cc:76:8a:
         c5:24:e8:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTm1bYaV/UIERbhJCR07eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTRkZjkzYzcwNjdmZjY3MTU0OTI2MGY3MDVhNjlmY2I4YzU4YmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6W4TM2Ku4v/ypLzqC1UGNXXpoLJO
tJW+yziAFPQFe+6vWPpn6HWGKCgW7rwueMZpE1Gd3cQmrGH2GP6Nkq5QWiBdOxi/
x8MrQ8e9wlSjp0GnxIqlANmM20Xyje1p+q6mfYJJ1IG4/HaakExPNZulvDVCssg0
fQD0k9CHzCLCbEyMaUZUsewfLp2teqMtCgMwmHjyKE2VUOcYQcG0yhUcQyTjRvVL
oIQLQycFC6jDRgeVLme3aWsxYNiE0+g3rduEXUl2f2Mgswy/lnm5W9D61kAS7X5V
nHj9rPIEzs3SffZUfzYx1MvP3MQQGybl+LN2G8agttn9VTdrv6FaYUe6AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFN+TxwZ/9nFUkmD3Baafy4xYvOMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvc1UzNVBIQm5fMmNWU1NZUGNGcHBfTGpGaTg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSjhMA0G
CSqGSIb3DQEBCwUAA4IBAQB+O3S14VWobeYI/Mv+27ofFmy7F0i9Uaa6OMCkDFw4
9rjLe2c+2PqNaROObNWu+yAKPU7eQk5YtDTjL7qoCqO3CBiibm7fnJvCcgNr/UYS
4M1dy4OXbVKay7lHAE/VxTeFzW8EUga4J+qulVcVHa5yNIc/ynTyvsnRXuh6Kn03
DRMoqo/jzVb4dreo0e3oxZNMEzwkfXo6gHSUhuhY0SgXui/rIh98j+DfdGzNGhEV
68ohgY/LOsRfeN+142PxZFDH6LzETW73HYgVx7Sl9TUJVSwtPkku8KIe9+2QW7hJ
zTrzvw3LYDb43qEl2QNCIY9bDWTmE6bb7mfMdorFJOi/
-----END CERTIFICATE-----