Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/TDEYvJXOLiDsw60g0gNUG0UAdGE.roa
File:                     TDEYvJXOLiDsw60g0gNUG0UAdGE.roa (raw, json)
Hash identifier:          W/AoG5Cfi91eepgJT0W4OqDF+v5whCTi//VFkYRRzdk=
Subject key identifier:   4C:31:18:BC:95:CE:2E:20:EC:C3:AD:20:D2:03:54:1B:45:00:74:61
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       018CC802CDE4C1305ACC731FF08954E8151C
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/TDEYvJXOLiDsw60g0gNUG0UAdGE.roa
Signing time:             Tue 02 Jan 2024 02:31:16 +0000
ROA not before:           Tue 02 Jan 2024 02:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61059
IP address blocks:        89.44.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:cd:e4:c1:30:5a:cc:73:1f:f0:89:54:e8:15:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  2 02:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c3118bc95ce2e20ecc3ad20d203541b45007461
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:47:24:83:52:aa:9f:4c:00:f1:96:d4:27:9b:
                    aa:e8:70:ac:be:dc:98:e5:8e:f2:f2:92:6d:bd:18:
                    f8:57:24:e3:3a:48:6a:b0:20:3e:4c:3d:d5:20:c5:
                    bb:cc:a0:ac:c9:bf:e3:1c:60:33:89:ac:e4:0a:1b:
                    02:6e:0c:d8:ac:51:b6:7c:e7:5d:62:e9:fa:a2:16:
                    2e:21:bd:3b:51:bf:d1:ee:f1:9a:4a:b3:34:03:0c:
                    37:ba:67:41:9f:ed:da:76:28:04:ac:65:b3:3b:fb:
                    ba:9b:a2:ef:78:8e:39:fb:9d:7a:d1:1c:b4:28:bd:
                    b9:94:f4:dd:d4:4f:65:a4:44:98:7c:48:a8:8b:9e:
                    67:1b:e3:fb:bb:3b:19:db:d2:03:b6:6e:1c:b9:f7:
                    a2:0f:d8:2f:4c:0f:7a:91:79:35:88:c5:42:bf:91:
                    e5:fc:77:75:24:d2:2d:dc:e8:1b:64:a7:94:84:df:
                    31:e3:4a:ac:23:62:a9:1b:8e:0d:cd:2b:d2:0d:96:
                    ee:3c:af:b1:b5:37:9f:ac:54:b7:65:86:a5:4c:8c:
                    41:ce:46:8e:f2:8a:6d:34:12:cd:37:20:11:f6:20:
                    b0:49:bd:99:e2:02:ef:2c:ab:62:07:2d:b1:28:07:
                    84:9d:b5:29:70:85:7d:ec:b7:dc:33:4c:96:6c:cd:
                    74:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:31:18:BC:95:CE:2E:20:EC:C3:AD:20:D2:03:54:1B:45:00:74:61
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/TDEYvJXOLiDsw60g0gNUG0UAdGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:a0:32:7f:7c:3f:3c:4f:d8:8c:a7:89:bf:3c:c3:1f:a8:15:
         40:f2:a1:57:03:f4:b9:ad:b8:da:47:38:6d:50:bc:04:58:29:
         73:1a:1b:0e:0c:86:fa:9a:a1:9b:c8:5a:7a:79:22:09:99:30:
         d7:03:28:87:10:39:6a:a1:53:22:47:7b:7a:46:ad:a5:7f:ab:
         31:0c:6d:6b:34:4a:b3:15:fe:b5:c0:a9:31:61:e3:f5:c8:9b:
         73:9d:1a:72:a8:a6:33:9a:cc:e7:5d:5e:11:81:98:8d:bc:bf:
         e3:1e:e7:87:7a:e4:70:ff:31:50:fd:90:d3:81:36:ec:dc:e6:
         a1:47:69:ab:d8:95:3d:fa:ab:d2:bb:6c:fb:0c:0a:f4:92:f2:
         b6:d6:42:3e:96:9c:88:4d:da:f7:02:83:5d:39:11:29:79:09:
         ae:56:dd:4d:e3:25:5e:6a:55:ac:35:77:4c:14:e3:57:d8:5c:
         57:40:20:12:5b:77:16:db:22:8c:37:3c:24:b8:8b:e0:18:47:
         2d:4d:f1:c6:1d:98:6a:93:a9:b4:eb:a7:ac:b7:43:f2:b0:fc:
         c5:67:a9:ec:c9:0f:38:61:01:4d:77:9a:74:96:ce:24:0e:67:
         43:13:0c:60:74:e7:48:77:27:4a:61:13:d7:3a:bf:40:99:fd:
         f5:a5:a6:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAs3kwTBazHMf8IlU6BUcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzMxMThiYzk1Y2UyZTIwZWNjM2FkMjBkMjAzNTQxYjQ1MDA3NDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0ckg1Kqn0wA8ZbUJ5uq6HCsvtyY
5Y7y8pJtvRj4VyTjOkhqsCA+TD3VIMW7zKCsyb/jHGAziazkChsCbgzYrFG2fOdd
Yun6ohYuIb07Ub/R7vGaSrM0Aww3umdBn+3adigErGWzO/u6m6LveI45+5160Ry0
KL25lPTd1E9lpESYfEioi55nG+P7uzsZ29IDtm4cufeiD9gvTA96kXk1iMVCv5Hl
/Hd1JNIt3OgbZKeUhN8x40qsI2KpG44NzSvSDZbuPK+xtTefrFS3ZYalTIxBzkaO
8optNBLNNyAR9iCwSb2Z4gLvLKtiBy2xKAeEnbUpcIV97LfcM0yWbM10SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwxGLyVzi4g7MOtINIDVBtFAHRhMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvVERFWXZKWE9MaURzdzYwZzBnTlVHMFVBZEdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWSxYMA0G
CSqGSIb3DQEBCwUAA4IBAQA/oDJ/fD88T9iMp4m/PMMfqBVA8qFXA/S5rbjaRzht
ULwEWClzGhsODIb6mqGbyFp6eSIJmTDXAyiHEDlqoVMiR3t6Rq2lf6sxDG1rNEqz
Ff61wKkxYeP1yJtznRpyqKYzmsznXV4RgZiNvL/jHueHeuRw/zFQ/ZDTgTbs3Oah
R2mr2JU9+qvSu2z7DAr0kvK21kI+lpyITdr3AoNdOREpeQmuVt1N4yVealWsNXdM
FONX2FxXQCASW3cW2yKMNzwkuIvgGEctTfHGHZhqk6m066est0PysPzFZ6nsyQ84
YQFNd5p0ls4kDmdDEwxgdOdIdydKYRPXOr9Amf31paZ5
-----END CERTIFICATE-----