Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/1XQZ3-ijHPJbcFYb--EtKkAbJSA.roa
File:                     1XQZ3-ijHPJbcFYb--EtKkAbJSA.roa (raw, json)
Hash identifier:          G9GzSNAxQjI5rj86Wf7LAMFiVDRRZAsFRlOd4kHiEVI=
Subject key identifier:   D5:74:19:DF:E8:A3:1C:F2:5B:70:56:1B:FB:E1:2D:2A:40:1B:25:20
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       018CC7958E5EE996B0DE0423FFC1F9431C6C
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/1XQZ3-ijHPJbcFYb--EtKkAbJSA.roa
Signing time:             Tue 02 Jan 2024 00:31:56 +0000
ROA not before:           Tue 02 Jan 2024 00:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209667
IP address blocks:        89.223.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8e:5e:e9:96:b0:de:04:23:ff:c1:f9:43:1c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 00:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d57419dfe8a31cf25b70561bfbe12d2a401b2520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a3:a2:25:c1:a9:ea:ef:5e:2e:9e:bc:bc:dd:
                    33:4c:ec:82:50:cb:4b:54:d0:f9:8d:6b:7d:44:65:
                    ac:68:e8:c3:89:b0:fd:5f:ae:32:4d:30:db:89:30:
                    19:eb:74:2e:ed:32:67:fc:f8:23:28:6f:f3:a9:f6:
                    f9:32:88:4a:1a:e5:af:bf:52:06:93:e8:35:1a:c6:
                    7b:36:15:06:ec:8d:37:44:16:89:46:f2:09:b7:f1:
                    ad:65:dc:bc:3e:00:24:29:e8:59:6c:26:31:2f:80:
                    b2:ca:b4:df:7a:a4:c9:8f:87:f1:19:48:f4:b4:87:
                    ec:f2:c3:1c:32:dc:30:b3:29:fb:3c:fa:60:72:0b:
                    1e:b8:8e:18:da:8c:d9:0c:4b:cb:5d:26:3d:09:b5:
                    0c:3a:e2:18:6d:61:2c:3c:a3:5b:91:e8:f5:1c:90:
                    b2:b9:f2:6c:3e:48:1c:06:42:07:a4:f0:fa:e2:9a:
                    c1:b4:32:f4:bb:f6:cc:cb:4d:81:9a:1e:7f:8a:8e:
                    f8:e0:2a:a4:75:58:73:60:0e:5c:d1:1b:2c:1f:1b:
                    df:dd:ac:67:3d:31:d1:b7:d9:d7:77:ed:ee:22:e2:
                    58:f3:ab:4a:92:6a:87:ed:7c:93:2b:dc:88:c1:f7:
                    bc:f0:97:b1:4e:03:5f:07:55:0c:fe:26:75:9c:0f:
                    0b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:74:19:DF:E8:A3:1C:F2:5B:70:56:1B:FB:E1:2D:2A:40:1B:25:20
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/1XQZ3-ijHPJbcFYb--EtKkAbJSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.223.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:e2:29:32:48:ea:a5:e9:03:16:bf:05:fa:6f:c2:53:5c:76:
         c2:65:4c:0a:76:9e:ea:3b:87:07:cf:9d:c4:5a:4c:97:10:e5:
         28:b3:bd:f3:67:3b:cb:67:85:b8:e5:7d:9b:08:89:9b:76:97:
         7f:44:75:51:4d:b4:7f:04:36:31:9d:19:10:6d:fe:45:e6:98:
         92:0a:48:17:06:28:d4:84:dd:d7:6f:66:a0:97:ca:39:e2:8d:
         b3:e8:85:9d:26:da:43:be:4e:95:cb:46:76:3c:14:72:ef:53:
         b1:75:44:2d:ee:4a:4f:ad:82:82:bc:ad:0f:16:cf:b5:0c:88:
         da:9d:ed:57:ee:1f:61:ef:28:fd:0d:ab:8c:84:46:f0:91:ea:
         34:4b:b7:e3:bb:15:11:a9:b6:49:2e:7c:c1:f8:90:c7:17:7a:
         b7:6e:2b:48:ee:6d:e5:76:c1:dc:c3:ff:f8:e5:57:be:d8:21:
         1b:5a:c9:28:a1:2d:53:a8:f5:fb:2e:88:0c:41:b2:49:c7:0c:
         1b:ab:20:30:90:19:59:6e:95:94:3c:a7:1b:a5:5e:8f:a1:0b:
         ff:a2:5f:92:94:41:b2:6b:ad:a4:3f:8b:94:ef:f2:35:5e:b6:
         1d:a7:ae:f5:aa:1c:40:40:32:a3:10:a8:cc:ce:dd:d9:af:f4:
         fb:0d:48:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlY5e6Zaw3gQj/8H5QxxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjQwMTAyMDAzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTc0MTlkZmU4YTMxY2YyNWI3MDU2MWJmYmUxMmQyYTQwMWIyNTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaOiJcGp6u9eLp68vN0zTOyCUMtL
VND5jWt9RGWsaOjDibD9X64yTTDbiTAZ63Qu7TJn/PgjKG/zqfb5MohKGuWvv1IG
k+g1GsZ7NhUG7I03RBaJRvIJt/GtZdy8PgAkKehZbCYxL4CyyrTfeqTJj4fxGUj0
tIfs8sMcMtwwsyn7PPpgcgseuI4Y2ozZDEvLXSY9CbUMOuIYbWEsPKNbkej1HJCy
ufJsPkgcBkIHpPD64prBtDL0u/bMy02Bmh5/io744CqkdVhzYA5c0RssHxvf3axn
PTHRt9nXd+3uIuJY86tKkmqH7XyTK9yIwfe88JexTgNfB1UM/iZ1nA8LWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNV0Gd/ooxzyW3BWG/vhLSpAGyUgMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvMVhRWjMtaWpIUEpiY0ZZYi0tRXRLa0FiSlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWd9gMA0G
CSqGSIb3DQEBCwUAA4IBAQB14ikySOql6QMWvwX6b8JTXHbCZUwKdp7qO4cHz53E
WkyXEOUos73zZzvLZ4W45X2bCImbdpd/RHVRTbR/BDYxnRkQbf5F5piSCkgXBijU
hN3Xb2agl8o54o2z6IWdJtpDvk6Vy0Z2PBRy71OxdUQt7kpPrYKCvK0PFs+1DIja
ne1X7h9h7yj9DauMhEbwkeo0S7fjuxURqbZJLnzB+JDHF3q3bitI7m3ldsHcw//4
5Ve+2CEbWskooS1TqPX7LogMQbJJxwwbqyAwkBlZbpWUPKcbpV6PoQv/ol+SlEGy
a62kP4uU7/I1XrYdp671qhxAQDKjEKjMzt3Zr/T7DUjH
-----END CERTIFICATE-----