Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/2ab9c8-0446-4105-8bff-08be3ee6d8aa/1/CCtHaK1Jv0LJmxjYpgWH-WMiYqs.roa
File:                     CCtHaK1Jv0LJmxjYpgWH-WMiYqs.roa (raw, json)
Hash identifier:          xfnBAwgDWduzAsbv1tBv+j+u8Un1H8QnSMN1IDmYL7I=
Subject key identifier:   08:2B:47:68:AD:49:BF:42:C9:9B:18:D8:A6:05:87:F9:63:22:62:AB
Certificate issuer:       /CN=f7420520f8a41bb04d6d1b0f40140e553f8af36f
Certificate serial:       018CC5010B205FB15A3E19854914FD07105E
Authority key identifier: F7:42:05:20:F8:A4:1B:B0:4D:6D:1B:0F:40:14:0E:55:3F:8A:F3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/90IFIPikG7BNbRsPQBQOVT-K828.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/2ab9c8-0446-4105-8bff-08be3ee6d8aa/1/CCtHaK1Jv0LJmxjYpgWH-WMiYqs.roa
Signing time:             Mon 01 Jan 2024 12:30:29 +0000
ROA not before:           Mon 01 Jan 2024 12:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39821
IP address blocks:        109.233.240.0/21 maxlen: 21
                          89.107.120.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/2ab9c8-0446-4105-8bff-08be3ee6d8aa/1/90IFIPikG7BNbRsPQBQOVT-K828.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/2ab9c8-0446-4105-8bff-08be3ee6d8aa/1/90IFIPikG7BNbRsPQBQOVT-K828.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/90IFIPikG7BNbRsPQBQOVT-K828.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0b:20:5f:b1:5a:3e:19:85:49:14:fd:07:10:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7420520f8a41bb04d6d1b0f40140e553f8af36f
        Validity
            Not Before: Jan  1 12:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=082b4768ad49bf42c99b18d8a60587f9632262ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c5:76:56:40:73:b8:90:7f:35:73:52:6e:d9:
                    34:2c:71:6d:a7:79:d6:6c:ac:7a:2f:3c:56:2f:06:
                    4f:99:2f:4d:ae:ba:01:38:68:63:82:8d:87:61:17:
                    c3:e7:2a:10:fd:74:52:c8:4e:9d:ca:e8:c7:1f:b9:
                    a7:5b:a8:7c:3b:95:34:2a:6b:9f:53:2e:80:5a:63:
                    43:e0:6f:89:f4:8c:d9:f1:d6:11:ab:f0:4b:9e:02:
                    a9:54:55:f0:bf:28:9f:3f:77:3a:7f:d9:68:29:50:
                    8a:4e:ad:96:c6:5a:f3:3a:af:dd:8b:8f:ae:bf:25:
                    1e:71:7c:8e:42:41:7b:80:eb:c9:1f:e2:b6:fb:e1:
                    5a:1e:10:db:a1:e8:76:af:00:ce:4d:a3:23:2b:7b:
                    c1:ab:a1:ea:8d:e7:9b:50:cd:46:7b:fe:11:3a:66:
                    4c:7d:af:6d:a4:ef:27:0f:60:98:4d:53:ea:5b:72:
                    44:26:a4:ba:61:9d:50:44:32:41:fe:7b:68:40:7c:
                    8f:b0:85:60:28:8a:86:ab:2f:e2:1f:e4:b9:c5:d7:
                    fe:d8:64:1d:7a:6c:a4:62:93:77:88:c7:15:bc:48:
                    08:67:ad:b4:b7:02:2a:a9:03:cd:5c:f4:a0:d6:d6:
                    be:14:6f:a7:32:f1:c4:5a:ba:e0:0a:cc:06:c6:62:
                    e1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:2B:47:68:AD:49:BF:42:C9:9B:18:D8:A6:05:87:F9:63:22:62:AB
            X509v3 Authority Key Identifier:
                keyid:F7:42:05:20:F8:A4:1B:B0:4D:6D:1B:0F:40:14:0E:55:3F:8A:F3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/90IFIPikG7BNbRsPQBQOVT-K828.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/2ab9c8-0446-4105-8bff-08be3ee6d8aa/1/CCtHaK1Jv0LJmxjYpgWH-WMiYqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/2ab9c8-0446-4105-8bff-08be3ee6d8aa/1/90IFIPikG7BNbRsPQBQOVT-K828.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.120.0/21
                  109.233.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         37:2b:9a:03:8e:c8:1e:20:c5:31:be:40:55:ac:89:d9:6d:aa:
         a1:f3:87:61:2f:21:56:a5:65:10:f9:f3:1b:c2:52:2d:92:e5:
         82:c7:4d:d4:10:82:43:9f:59:af:38:f7:a9:f6:e0:0d:e1:b5:
         d1:5f:42:09:4f:eb:9b:7f:37:95:1b:92:01:7b:f2:f1:b8:c0:
         db:de:24:29:51:ed:2f:48:5e:df:31:4b:32:9e:44:0c:67:b0:
         c8:8b:33:0f:ac:0c:12:07:97:70:f7:1b:17:3a:86:39:bf:8b:
         38:97:4b:9f:66:85:c8:ff:80:50:24:d8:5a:26:12:fb:0f:e3:
         bc:b6:e2:3e:f9:ee:72:a1:71:e0:77:30:b3:bd:8a:b5:50:f6:
         9e:8d:75:a7:b2:d7:16:56:b6:56:f2:3f:f5:af:c9:67:34:99:
         a7:96:50:64:b3:20:54:42:ff:cc:00:6a:fc:87:81:e7:c2:38:
         73:83:ad:64:10:66:82:5c:05:40:74:c6:f3:c5:14:2e:13:81:
         54:0d:44:be:3c:bd:17:9f:c9:a4:a0:3f:32:7d:9b:6e:fa:c4:
         54:6b:59:19:e4:f5:71:8d:80:72:85:2e:8b:43:76:3b:9e:b3:
         52:d5:61:d2:16:1d:28:90:b3:a6:f5:3e:c5:c0:2e:72:69:4b:
         5d:95:0e:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAQsgX7FaPhmFSRT9BxBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NDIwNTIwZjhhNDFiYjA0ZDZkMWIwZjQwMTQwZTU1M2Y4
YWYzNmYwHhcNMjQwMTAxMTIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODJiNDc2OGFkNDliZjQyYzk5YjE4ZDhhNjA1ODdmOTYzMjI2MmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMV2VkBzuJB/NXNSbtk0LHFtp3nW
bKx6LzxWLwZPmS9NrroBOGhjgo2HYRfD5yoQ/XRSyE6dyujHH7mnW6h8O5U0Kmuf
Uy6AWmND4G+J9IzZ8dYRq/BLngKpVFXwvyifP3c6f9loKVCKTq2WxlrzOq/di4+u
vyUecXyOQkF7gOvJH+K2++FaHhDboeh2rwDOTaMjK3vBq6HqjeebUM1Ge/4ROmZM
fa9tpO8nD2CYTVPqW3JEJqS6YZ1QRDJB/ntoQHyPsIVgKIqGqy/iH+S5xdf+2GQd
emykYpN3iMcVvEgIZ620twIqqQPNXPSg1ta+FG+nMvHEWrrgCswGxmLhGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAgrR2itSb9CyZsY2KYFh/ljImKrMB8GA1UdIwQY
MBaAFPdCBSD4pBuwTW0bD0AUDlU/ivNvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTBJRklQaWtHN0JOYlJzUFFCUU9WVC1LODI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yYWI5YzgtMDQ0Ni00MTA1LThiZmYt
MDhiZTNlZTZkOGFhLzEvQ0N0SGFLMUp2MExKbXhqWXBnV0gtV01pWXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yYWI5YzgtMDQ0Ni00MTA1LThiZmYtMDhiZTNlZTZkOGFh
LzEvOTBJRklQaWtHN0JOYlJzUFFCUU9WVC1LODI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDWWt4AwQD
benwMA0GCSqGSIb3DQEBCwUAA4IBAQA3K5oDjsgeIMUxvkBVrInZbaqh84dhLyFW
pWUQ+fMbwlItkuWCx03UEIJDn1mvOPep9uAN4bXRX0IJT+ubfzeVG5IBe/LxuMDb
3iQpUe0vSF7fMUsynkQMZ7DIizMPrAwSB5dw9xsXOoY5v4s4l0ufZoXI/4BQJNha
JhL7D+O8tuI++e5yoXHgdzCzvYq1UPaejXWnstcWVrZW8j/1r8lnNJmnllBksyBU
Qv/MAGr8h4Hnwjhzg61kEGaCXAVAdMbzxRQuE4FUDUS+PL0Xn8mkoD8yfZtu+sRU
a1kZ5PVxjYByhS6LQ3Y7nrNS1WHSFh0okLOm9T7FwC5yaUtdlQ6/
-----END CERTIFICATE-----