Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/XFvNyWJyCTLWKeDQy0vlqRLtBjs.roa
File:                     XFvNyWJyCTLWKeDQy0vlqRLtBjs.roa (raw, json)
Hash identifier:          FLCLwnouyY4FPochbiLfoW501UMea/gTCuLFuAUR1VY=
Subject key identifier:   5C:5B:CD:C9:62:72:09:32:D6:29:E0:D0:CB:4B:E5:A9:12:ED:06:3B
Certificate issuer:       /CN=021b3ea35edfdd138c15506d74a76022dd37694b
Certificate serial:       018CC5DBF1267FB8C07987B1662781EF973F
Authority key identifier: 02:1B:3E:A3:5E:DF:DD:13:8C:15:50:6D:74:A7:60:22:DD:37:69:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/XFvNyWJyCTLWKeDQy0vlqRLtBjs.roa
Signing time:             Mon 01 Jan 2024 16:29:34 +0000
ROA not before:           Mon 01 Jan 2024 16:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204680
IP address blocks:        192.67.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 13:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f1:26:7f:b8:c0:79:87:b1:66:27:81:ef:97:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=021b3ea35edfdd138c15506d74a76022dd37694b
        Validity
            Not Before: Jan  1 16:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c5bcdc962720932d629e0d0cb4be5a912ed063b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b9:6f:42:0c:49:8a:55:c6:20:d6:1d:b9:e7:
                    ad:1e:e8:56:3a:cd:6d:4c:c9:3e:ee:ea:72:e0:e4:
                    03:77:ef:93:5a:6d:2f:48:77:0f:0f:a7:94:2b:2a:
                    78:33:82:0f:c9:e3:e7:fb:c7:ba:1a:b4:e8:6f:12:
                    23:41:8a:87:46:f9:5b:13:ff:9c:99:3f:18:55:52:
                    69:01:4f:af:dc:3f:89:0a:a4:7d:2f:73:cb:72:87:
                    8f:d8:3a:12:95:47:4e:13:b8:c7:c4:dd:7f:ee:53:
                    cd:d3:37:7f:a3:35:5e:bc:71:4d:ef:7d:a7:c7:1e:
                    8d:4d:5d:a0:be:82:eb:7c:c2:38:5d:cc:dc:d8:68:
                    b3:d7:e4:5a:70:21:fe:fd:28:cf:e0:de:ca:59:29:
                    59:cb:86:99:f3:bd:c6:fe:86:6a:37:6a:8d:26:c7:
                    35:f5:81:0c:68:1a:ab:c0:bf:d6:ec:e9:7b:82:a6:
                    f5:b6:d4:52:54:4d:bb:a3:fd:aa:ea:a3:34:f5:36:
                    7c:46:7f:83:6d:98:95:26:df:83:06:45:c4:90:65:
                    8d:ee:37:08:64:0b:df:a7:b8:07:c5:d8:3e:a7:d7:
                    f1:3f:2a:f6:3d:80:4f:af:37:1a:25:fa:1a:19:c3:
                    ab:ed:74:d6:e4:5b:2d:94:4e:a6:fd:c5:7a:65:12:
                    9e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:5B:CD:C9:62:72:09:32:D6:29:E0:D0:CB:4B:E5:A9:12:ED:06:3B
            X509v3 Authority Key Identifier:
                keyid:02:1B:3E:A3:5E:DF:DD:13:8C:15:50:6D:74:A7:60:22:DD:37:69:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/XFvNyWJyCTLWKeDQy0vlqRLtBjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.67.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:a9:1e:3d:bb:4e:97:cd:ea:87:fd:61:eb:0e:cd:ad:6d:3a:
         4e:1b:d4:8a:be:d4:2b:4d:38:1e:3b:b8:2a:3d:1c:5c:8b:10:
         2d:73:8e:87:a8:85:fb:ff:d3:67:44:9f:e8:6f:58:69:00:9b:
         d5:e4:bc:87:c1:db:65:23:b6:19:31:57:6b:b3:70:55:98:63:
         01:51:01:e7:12:b1:31:eb:4b:bb:6b:9c:26:2a:cd:3a:f4:17:
         e8:0b:bf:5b:cc:cb:2d:a1:a2:f2:b5:b5:30:9b:08:06:4f:2b:
         94:98:4f:65:cc:18:d8:fe:6a:32:70:e6:30:fc:23:78:97:39:
         06:1d:a6:22:39:9c:88:0a:49:b9:5f:7d:74:7d:e4:19:28:33:
         46:47:c3:5f:4a:81:01:63:e0:ac:06:6d:b4:3a:3d:f9:d4:b3:
         42:ea:e0:16:3a:45:90:17:1e:04:f7:37:f2:00:3b:29:1b:11:
         0b:13:bc:82:1f:54:35:7e:f3:a2:67:bc:38:7e:0f:8b:dd:e8:
         c7:1f:3b:6a:35:48:5c:c4:a0:5c:27:65:fb:d0:f1:bc:3c:6e:
         b8:29:a5:63:d1:35:b2:3d:09:53:e0:8b:b8:0a:7c:48:d3:03:
         db:f8:32:8c:9d:56:b3:df:c3:3e:ed:c4:ae:82:a5:02:79:c9:
         68:20:07:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/Emf7jAeYexZieB75c/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMWIzZWEzNWVkZmRkMTM4YzE1NTA2ZDc0YTc2MDIyZGQz
NzY5NGIwHhcNMjQwMTAxMTYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzViY2RjOTYyNzIwOTMyZDYyOWUwZDBjYjRiZTVhOTEyZWQwNjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrlvQgxJilXGINYdueetHuhWOs1t
TMk+7upy4OQDd++TWm0vSHcPD6eUKyp4M4IPyePn+8e6GrTobxIjQYqHRvlbE/+c
mT8YVVJpAU+v3D+JCqR9L3PLcoeP2DoSlUdOE7jHxN1/7lPN0zd/ozVevHFN732n
xx6NTV2gvoLrfMI4Xczc2Giz1+RacCH+/SjP4N7KWSlZy4aZ873G/oZqN2qNJsc1
9YEMaBqrwL/W7Ol7gqb1ttRSVE27o/2q6qM09TZ8Rn+DbZiVJt+DBkXEkGWN7jcI
ZAvfp7gHxdg+p9fxPyr2PYBPrzcaJfoaGcOr7XTW5FstlE6m/cV6ZRKecQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxbzclicgky1ing0MtL5akS7QY7MB8GA1UdIwQY
MBaAFAIbPqNe390TjBVQbXSnYCLdN2lLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWhzLW8xN2YzUk9NRlZCdGRLZGdJdDAzYVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mODliNjQtODdiNy00OGY0LThiNjAt
YzMyMDRiZGU3NzczLzEvWEZ2TnlXSnlDVExXS2VEUXkwdmxxUkx0QmpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mODliNjQtODdiNy00OGY0LThiNjAtYzMyMDRiZGU3Nzcz
LzEvQWhzLW8xN2YzUk9NRlZCdGRLZGdJdDAzYVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEO9MA0G
CSqGSIb3DQEBCwUAA4IBAQAfqR49u06XzeqH/WHrDs2tbTpOG9SKvtQrTTgeO7gq
PRxcixAtc46HqIX7/9NnRJ/ob1hpAJvV5LyHwdtlI7YZMVdrs3BVmGMBUQHnErEx
60u7a5wmKs069BfoC79bzMstoaLytbUwmwgGTyuUmE9lzBjY/moycOYw/CN4lzkG
HaYiOZyICkm5X310feQZKDNGR8NfSoEBY+CsBm20Oj351LNC6uAWOkWQFx4E9zfy
ADspGxELE7yCH1Q1fvOiZ7w4fg+L3ejHHztqNUhcxKBcJ2X70PG8PG64KaVj0TWy
PQlT4Iu4CnxI0wPb+DKMnVaz38M+7cSugqUCecloIAfE
-----END CERTIFICATE-----