Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/t-stjlWJNWZujqboj1vmlnZooto.roa
File:                     t-stjlWJNWZujqboj1vmlnZooto.roa (raw, json)
Hash identifier:          oxtd6VJpZy5e1+rCbkaKVYDVfzMnieSurl6oorDyryI=
Subject key identifier:   B7:EB:2D:8E:55:89:35:66:6E:8E:A6:E8:8F:5B:E6:96:76:68:A2:DA
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018CC26D67020244DA646B0404DAF578162C
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/t-stjlWJNWZujqboj1vmlnZooto.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206991
IP address blocks:        185.123.101.0/24 maxlen: 24
                          185.123.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:67:02:02:44:da:64:6b:04:04:da:f5:78:16:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7eb2d8e558935666e8ea6e88f5be6967668a2da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:83:47:13:df:1d:7b:ca:00:4b:6d:e7:12:96:
                    07:41:b8:c5:58:5f:81:ef:5a:c6:1a:a0:7c:64:d8:
                    42:3a:ea:17:6f:28:27:f9:05:f1:c8:72:f6:3c:23:
                    84:05:f8:e3:8e:f3:71:c6:a4:89:e3:c4:8b:7e:4d:
                    3e:75:59:8e:14:f8:9e:99:f3:48:0c:a6:18:44:d8:
                    68:31:20:4c:b3:d8:7b:d6:f1:1c:ac:e6:ac:b2:f7:
                    94:c0:98:8e:fc:b2:38:fe:c8:f9:7f:90:38:da:1d:
                    3b:69:59:6c:33:29:0b:9c:71:4c:25:e9:e1:f8:b9:
                    f4:5f:48:50:32:13:e7:7f:53:d3:b3:80:bc:f4:d7:
                    d5:18:26:24:ab:6b:cb:92:2c:1f:86:6d:37:20:c2:
                    b7:9f:0d:0e:14:a9:24:62:ee:63:76:7b:c6:37:9a:
                    61:db:28:dd:f4:1c:02:5f:2b:b4:9b:bc:47:bb:6d:
                    34:b8:48:d2:e7:6e:7c:be:96:bc:c4:40:ae:e7:b1:
                    2e:02:01:86:1d:41:14:d6:cf:6d:da:04:93:68:3d:
                    e8:93:2e:c7:6e:58:6f:a0:bb:32:04:2d:a0:bf:6e:
                    7a:85:3a:98:2f:7a:10:bc:82:04:17:6b:a6:68:31:
                    24:d5:8f:f6:26:99:8a:bf:02:a6:e2:af:97:66:3e:
                    08:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:EB:2D:8E:55:89:35:66:6E:8E:A6:E8:8F:5B:E6:96:76:68:A2:DA
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/t-stjlWJNWZujqboj1vmlnZooto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:68:1b:df:45:a3:1e:31:c4:cf:8b:3d:0c:5a:f8:f1:f8:59:
         17:a9:09:2d:95:c3:97:ee:24:33:d7:3b:33:c7:f9:76:57:47:
         81:5f:fe:c6:e1:c5:66:83:a8:d8:97:25:53:13:55:43:8a:43:
         f9:b6:50:a8:91:b5:01:78:07:4d:c3:77:80:75:7c:c2:55:cb:
         46:51:8e:b3:5c:20:67:ba:9b:8e:46:50:0d:22:d5:d6:fe:dc:
         f9:df:82:ef:b1:f1:c9:60:6f:98:e8:26:43:90:ea:dc:7c:74:
         6f:ce:b3:59:77:dd:3d:20:e3:49:6b:de:2c:8f:e4:98:be:d6:
         85:71:ea:34:99:d8:07:57:e8:c2:c4:7d:b8:39:02:75:af:54:
         0a:a6:10:37:5b:93:18:49:60:6e:51:d2:3c:2b:90:9b:95:59:
         34:49:c4:8d:3f:d6:9f:ed:49:10:1a:23:8e:69:45:87:b7:bc:
         06:78:bc:97:68:af:a8:09:86:ad:2e:ea:ed:3f:70:36:31:b5:
         f5:b0:a3:4a:be:11:0b:bb:fd:e0:61:e3:87:43:66:30:90:a8:
         66:97:c6:0c:49:23:ec:7f:cf:1e:79:4a:73:8b:8b:65:7d:e5:
         fd:74:1e:9d:13:b5:1d:0c:5c:52:51:2e:e9:4a:46:75:9c:61:
         06:4f:0a:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWcCAkTaZGsEBNr1eBYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2ViMmQ4ZTU1ODkzNTY2NmU4ZWE2ZTg4ZjViZTY5Njc2NjhhMmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooNHE98de8oAS23nEpYHQbjFWF+B
71rGGqB8ZNhCOuoXbygn+QXxyHL2PCOEBfjjjvNxxqSJ48SLfk0+dVmOFPiemfNI
DKYYRNhoMSBMs9h71vEcrOassveUwJiO/LI4/sj5f5A42h07aVlsMykLnHFMJenh
+Ln0X0hQMhPnf1PTs4C89NfVGCYkq2vLkiwfhm03IMK3nw0OFKkkYu5jdnvGN5ph
2yjd9BwCXyu0m7xHu200uEjS5258vpa8xECu57EuAgGGHUEU1s9t2gSTaD3oky7H
blhvoLsyBC2gv256hTqYL3oQvIIEF2umaDEk1Y/2JpmKvwKm4q+XZj4I6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfrLY5ViTVmbo6m6I9b5pZ2aKLaMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvdC1zdGpsV0pOV1p1anFib2oxdm1sblpvb3RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXtkMA0G
CSqGSIb3DQEBCwUAA4IBAQAPaBvfRaMeMcTPiz0MWvjx+FkXqQktlcOX7iQz1zsz
x/l2V0eBX/7G4cVmg6jYlyVTE1VDikP5tlCokbUBeAdNw3eAdXzCVctGUY6zXCBn
upuORlANItXW/tz534LvsfHJYG+Y6CZDkOrcfHRvzrNZd909IONJa94sj+SYvtaF
ceo0mdgHV+jCxH24OQJ1r1QKphA3W5MYSWBuUdI8K5CblVk0ScSNP9af7UkQGiOO
aUWHt7wGeLyXaK+oCYatLurtP3A2MbX1sKNKvhELu/3gYeOHQ2YwkKhml8YMSSPs
f88eeUpzi4tlfeX9dB6dE7UdDFxSUS7pSkZ1nGEGTwrY
-----END CERTIFICATE-----