Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/XGCUKSKtO8FN6maPH49WkH68fk4.roa
File:                     XGCUKSKtO8FN6maPH49WkH68fk4.roa (raw, json)
Hash identifier:          myC1S7qEF0ZKtBAIhopACYxSjy86zTTyy9/bbWkgAv8=
Subject key identifier:   5C:60:94:29:22:AD:3B:C1:4D:EA:66:8F:1F:8F:56:90:7E:BC:7E:4E
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC727679803941942A363463B026738A9
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/XGCUKSKtO8FN6maPH49WkH68fk4.roa
Signing time:             Mon 01 Jan 2024 22:31:37 +0000
ROA not before:           Mon 01 Jan 2024 22:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62308
IP address blocks:        89.174.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:67:98:03:94:19:42:a3:63:46:3b:02:67:38:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c60942922ad3bc14dea668f1f8f56907ebc7e4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:35:9e:bd:bf:14:33:91:52:93:d5:8d:e8:0e:
                    fe:d2:73:ae:73:91:3b:bd:5a:5d:8b:11:26:e2:44:
                    38:1c:81:19:d4:a1:4f:ee:fa:c5:ec:41:94:70:5d:
                    4f:9c:33:3c:b6:63:27:52:83:ef:4e:27:33:8e:5d:
                    81:c1:61:2a:29:05:83:15:de:a2:50:f2:89:ad:0b:
                    c0:04:49:9f:ee:c0:8e:5c:64:ac:07:0b:19:3e:78:
                    2e:95:19:27:55:c8:a3:39:27:77:c3:9b:95:33:06:
                    c3:40:c0:a8:6b:32:bc:37:10:ee:ef:b8:a8:02:44:
                    c0:35:30:09:cc:7b:02:f1:0b:ba:2a:46:76:c5:0f:
                    e3:e7:51:57:66:ac:bf:e2:30:af:19:53:b6:b0:fd:
                    43:6c:b1:bc:88:f1:e0:09:00:5a:b2:ac:20:b5:e6:
                    46:6a:17:05:b3:7f:b3:37:62:2f:cb:e6:b0:03:ee:
                    10:b7:ee:91:0c:2a:55:25:05:57:a8:c3:b0:9a:2e:
                    06:a1:6b:05:34:f3:a8:75:3c:b8:80:b2:79:53:42:
                    23:25:15:da:ad:6c:4d:2b:e9:06:03:6b:6f:7b:80:
                    eb:03:ad:6b:f6:b3:c3:c0:a8:08:fe:fd:9a:f7:52:
                    53:e1:80:49:e9:2b:e4:a7:10:d8:b1:d5:d4:1a:99:
                    cb:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:60:94:29:22:AD:3B:C1:4D:EA:66:8F:1F:8F:56:90:7E:BC:7E:4E
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/XGCUKSKtO8FN6maPH49WkH68fk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.174.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:3a:a9:7a:58:02:e7:55:69:23:9b:37:32:34:54:dd:e9:49:
         9b:81:cb:31:05:2f:94:16:1e:89:ee:f6:4e:0f:c8:80:bc:a2:
         58:9f:6e:90:14:b6:56:d8:9c:a6:a9:55:11:76:0f:7d:ac:71:
         61:3d:a5:ca:ad:07:1a:38:fc:e8:7d:e3:ce:f7:f8:d1:8d:2b:
         68:96:4e:e4:26:c6:41:d4:fc:48:f4:7f:6d:fc:da:f3:13:80:
         1b:f8:15:25:6b:98:07:7b:9d:87:ce:21:89:aa:b6:3c:ec:81:
         e4:1b:f7:dd:eb:f5:95:9a:ae:98:a8:10:78:6c:9d:0c:af:54:
         b4:4e:da:e5:52:75:82:74:5d:92:f8:58:0e:d1:b7:02:70:ba:
         2e:14:67:6c:e9:2e:ed:e0:bb:a1:67:ab:3a:ac:27:86:7d:25:
         84:de:ab:67:52:66:db:42:79:82:cf:12:0a:55:d1:ea:8e:19:
         cd:32:0e:55:64:6f:f1:45:a1:8f:d1:10:f8:f3:dd:7f:3b:a7:
         c0:0b:e3:a8:b3:a7:0a:64:cf:de:e7:05:28:5f:81:12:78:3d:
         e7:0e:ca:ad:ec:26:e6:c3:64:e0:33:3f:d6:92:f1:5b:9b:d0:
         60:e1:af:70:a6:0d:56:b8:9e:22:58:43:c2:a8:68:92:97:85:
         86:cc:eb:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2eYA5QZQqNjRjsCZzipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzYwOTQyOTIyYWQzYmMxNGRlYTY2OGYxZjhmNTY5MDdlYmM3ZTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjWevb8UM5FSk9WN6A7+0nOuc5E7
vVpdixEm4kQ4HIEZ1KFP7vrF7EGUcF1PnDM8tmMnUoPvTiczjl2BwWEqKQWDFd6i
UPKJrQvABEmf7sCOXGSsBwsZPngulRknVcijOSd3w5uVMwbDQMCoazK8NxDu77io
AkTANTAJzHsC8Qu6KkZ2xQ/j51FXZqy/4jCvGVO2sP1DbLG8iPHgCQBasqwgteZG
ahcFs3+zN2Ivy+awA+4Qt+6RDCpVJQVXqMOwmi4GoWsFNPOodTy4gLJ5U0IjJRXa
rWxNK+kGA2tve4DrA61r9rPDwKgI/v2a91JT4YBJ6SvkpxDYsdXUGpnL6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxglCkirTvBTepmjx+PVpB+vH5OMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvWEdDVUtTS3RPOEZONm1hUEg0OVdrSDY4Zms0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWa4UMA0G
CSqGSIb3DQEBCwUAA4IBAQCaOql6WALnVWkjmzcyNFTd6UmbgcsxBS+UFh6J7vZO
D8iAvKJYn26QFLZW2JymqVURdg99rHFhPaXKrQcaOPzofePO9/jRjStolk7kJsZB
1PxI9H9t/NrzE4Ab+BUla5gHe52HziGJqrY87IHkG/fd6/WVmq6YqBB4bJ0Mr1S0
TtrlUnWCdF2S+FgO0bcCcLouFGds6S7t4LuhZ6s6rCeGfSWE3qtnUmbbQnmCzxIK
VdHqjhnNMg5VZG/xRaGP0RD4891/O6fAC+Oos6cKZM/e5wUoX4ESeD3nDsqt7Cbm
w2TgMz/WkvFbm9Bg4a9wpg1WuJ4iWEPCqGiSl4WGzOvy
-----END CERTIFICATE-----