Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/xDCukfRi9itiHCw-2QNikYDvd8A.roa
File:                     xDCukfRi9itiHCw-2QNikYDvd8A.roa (raw, json)
Hash identifier:          +smY2YcoWxf0JA5G5YeReu4zZNG58HkKBlXDf9HM660=
Subject key identifier:   C4:30:AE:91:F4:62:F6:2B:62:1C:2C:3E:D9:03:62:91:80:EF:77:C0
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E695FAF251A12D5D957B6BC7F1891
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/xDCukfRi9itiHCw-2QNikYDvd8A.roa
Signing time:             Tue 02 Jan 2024 08:33:28 +0000
ROA not before:           Tue 02 Jan 2024 08:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        89.39.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:69:5f:af:25:1a:12:d5:d9:57:b6:bc:7f:18:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c430ae91f462f62b621c2c3ed903629180ef77c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:30:d2:4f:ab:0d:cc:6a:62:01:8e:92:1d:32:
                    19:75:ae:64:61:c3:4d:06:1d:d0:65:47:32:85:e3:
                    0c:3c:55:c7:e0:42:b6:3f:4d:a6:ee:95:17:33:13:
                    f6:04:60:4c:5c:59:5b:85:ef:fe:a4:4f:bb:f4:1b:
                    f3:fe:e6:cb:d0:fe:b5:9c:dc:f5:9c:5b:14:5a:00:
                    72:3f:6e:91:62:0a:b8:5c:3d:3a:b1:88:6a:89:13:
                    d4:34:7d:57:a2:ff:c4:19:9b:24:85:75:ca:61:5b:
                    62:ec:18:67:6e:b1:55:8c:68:27:47:65:b6:ac:c7:
                    1e:e7:e8:30:2c:0a:ef:5d:cc:cc:a5:e1:71:e5:9c:
                    47:f4:0a:38:15:49:8d:65:60:8c:ef:f1:a2:db:e2:
                    74:58:d9:f2:b2:51:24:b1:c3:06:54:6f:37:ea:1e:
                    f1:e6:b7:73:58:46:09:3b:57:94:c0:70:b3:f6:23:
                    9b:55:a3:eb:0f:d6:79:2f:af:ff:bb:aa:f8:c5:58:
                    27:21:29:2f:8a:21:10:f7:8f:fd:8f:72:a7:ac:75:
                    e3:f8:19:24:02:c0:ff:e3:bd:05:cf:70:ff:1a:52:
                    ed:2a:71:8c:56:5d:e8:9c:f3:fe:ad:ef:d7:56:ba:
                    55:c1:cd:a0:fe:c5:8f:61:d4:e3:42:fd:22:fa:93:
                    b2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:30:AE:91:F4:62:F6:2B:62:1C:2C:3E:D9:03:62:91:80:EF:77:C0
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/xDCukfRi9itiHCw-2QNikYDvd8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:e1:e5:e1:ba:8a:38:37:46:eb:44:71:70:1e:5f:32:ce:4a:
         f7:14:7b:3c:b8:8e:0c:22:fc:18:c0:cc:70:90:a8:c0:b0:00:
         3f:f6:67:4e:ea:8a:70:0a:d6:07:f0:5f:bd:30:f6:f4:db:09:
         9e:bc:b1:ec:ee:fc:c6:a0:b9:af:ce:d8:13:d3:c0:c8:16:b1:
         64:13:fa:a9:d9:4b:50:e7:12:55:74:08:02:ac:d9:ef:a4:94:
         a5:81:79:27:0a:0e:31:30:84:8c:41:5f:71:97:5d:e6:a4:ed:
         da:58:fb:d1:ae:a8:b2:62:6e:05:b5:83:75:a4:8a:af:c6:76:
         50:6b:a3:f2:49:4e:b7:4d:ce:c5:f6:f0:b8:06:fc:e0:e7:7e:
         19:f3:1a:9a:32:0b:e2:e0:9e:8f:6f:3d:78:eb:5f:5a:e0:dd:
         5b:e9:1b:1c:ef:6d:c0:bf:19:b9:c4:3c:c4:6e:ba:85:69:97:
         31:ab:b9:0d:3a:80:bd:b7:1f:c4:d1:b3:1b:cf:2d:b5:18:3e:
         80:4f:df:8c:ae:39:1c:c6:03:bc:65:b8:f7:3b:8b:63:dc:58:
         b1:68:10:70:f5:51:35:17:4d:9d:a6:e2:2c:4a:0e:77:2f:e7:
         ab:e4:26:80:47:31:33:4b:1e:d4:1f:e6:86:1f:49:5a:d6:ea:
         0a:ae:0a:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmlfryUaEtXZV7a8fxiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDMwYWU5MWY0NjJmNjJiNjIxYzJjM2VkOTAzNjI5MTgwZWY3N2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzDST6sNzGpiAY6SHTIZda5kYcNN
Bh3QZUcyheMMPFXH4EK2P02m7pUXMxP2BGBMXFlbhe/+pE+79Bvz/ubL0P61nNz1
nFsUWgByP26RYgq4XD06sYhqiRPUNH1Xov/EGZskhXXKYVti7BhnbrFVjGgnR2W2
rMce5+gwLArvXczMpeFx5ZxH9Ao4FUmNZWCM7/Gi2+J0WNnyslEkscMGVG836h7x
5rdzWEYJO1eUwHCz9iObVaPrD9Z5L6//u6r4xVgnISkviiEQ94/9j3KnrHXj+Bkk
AsD/470Fz3D/GlLtKnGMVl3onPP+re/XVrpVwc2g/sWPYdTjQv0i+pOy/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQwrpH0YvYrYhwsPtkDYpGA73fAMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEveERDdWtmUmk5aXRpSEN3LTJRTmlrWUR2ZDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWScGMA0G
CSqGSIb3DQEBCwUAA4IBAQBd4eXhuoo4N0brRHFwHl8yzkr3FHs8uI4MIvwYwMxw
kKjAsAA/9mdO6opwCtYH8F+9MPb02wmevLHs7vzGoLmvztgT08DIFrFkE/qp2UtQ
5xJVdAgCrNnvpJSlgXknCg4xMISMQV9xl13mpO3aWPvRrqiyYm4FtYN1pIqvxnZQ
a6PySU63Tc7F9vC4Bvzg534Z8xqaMgvi4J6Pbz14619a4N1b6Rsc723Avxm5xDzE
brqFaZcxq7kNOoC9tx/E0bMbzy21GD6AT9+MrjkcxgO8Zbj3O4tj3FixaBBw9VE1
F02dpuIsSg53L+er5CaARzEzSx7UH+aGH0la1uoKrgoE
-----END CERTIFICATE-----