Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/331ce6-e428-41fa-bb10-db3afd3d762e/1/lBKzzTH6xWOAi4s0U4hWrJFNxBg.roa
File:                     lBKzzTH6xWOAi4s0U4hWrJFNxBg.roa (raw, json)
Hash identifier:          5Bv/rsXxZ35rNNvIAMuW0Wj+zcEMXZFrdpESKNLXo/0=
Subject key identifier:   94:12:B3:CD:31:FA:C5:63:80:8B:8B:34:53:88:56:AC:91:4D:C4:18
Certificate issuer:       /CN=81aeb7622a44d23c2a45b4d0df40d6cdcc33241d
Certificate serial:       018CC94D9154CB5FD71F760D33AC7E97EDBB
Authority key identifier: 81:AE:B7:62:2A:44:D2:3C:2A:45:B4:D0:DF:40:D6:CD:CC:33:24:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ga63YipE0jwqRbTQ30DWzcwzJB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/331ce6-e428-41fa-bb10-db3afd3d762e/1/lBKzzTH6xWOAi4s0U4hWrJFNxBg.roa
Signing time:             Tue 02 Jan 2024 08:32:33 +0000
ROA not before:           Tue 02 Jan 2024 08:32:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204949
IP address blocks:        89.23.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/331ce6-e428-41fa-bb10-db3afd3d762e/1/ga63YipE0jwqRbTQ30DWzcwzJB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/331ce6-e428-41fa-bb10-db3afd3d762e/1/ga63YipE0jwqRbTQ30DWzcwzJB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ga63YipE0jwqRbTQ30DWzcwzJB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:91:54:cb:5f:d7:1f:76:0d:33:ac:7e:97:ed:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81aeb7622a44d23c2a45b4d0df40d6cdcc33241d
        Validity
            Not Before: Jan  2 08:32:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9412b3cd31fac563808b8b34538856ac914dc418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:00:e8:4c:23:ed:ff:f1:0a:92:57:93:1e:13:
                    7d:93:09:c9:7e:ed:5e:a3:1d:2f:ff:e3:c8:31:94:
                    6d:8c:83:89:3c:25:32:ce:93:b7:d1:68:c9:3a:5e:
                    43:01:3b:28:6f:d6:96:f0:94:70:cb:0f:c9:7d:bc:
                    01:92:e6:46:3a:61:c0:a3:c8:3a:ae:96:7b:cc:5f:
                    a0:0f:4c:36:18:4e:ff:38:1c:af:54:0c:16:e7:53:
                    ba:8e:2e:01:3f:8c:e6:74:a1:83:86:79:7a:6c:66:
                    e6:64:b0:2b:97:aa:38:27:eb:04:f1:05:c3:b5:98:
                    91:cf:4e:36:26:24:23:85:20:78:44:be:56:07:81:
                    b7:b7:1e:7e:ad:65:79:aa:8a:27:ff:6d:94:24:23:
                    13:21:6a:97:b7:54:38:00:b3:d4:95:91:c4:73:7f:
                    90:d8:4b:9b:b1:36:6a:d2:c2:3d:23:df:a1:70:c7:
                    10:cc:00:c4:69:31:3c:20:9c:60:04:c9:10:ff:7a:
                    5a:d0:b5:26:d5:db:6f:d0:10:f4:7b:42:7a:0e:0c:
                    93:a3:21:b9:40:75:26:b7:02:f4:0c:8b:72:68:0a:
                    10:ac:ac:46:c5:5d:1c:24:0d:0a:d2:ce:f4:b4:4f:
                    9b:bc:88:64:1c:97:5d:31:fb:b4:16:18:a1:d5:a1:
                    11:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:12:B3:CD:31:FA:C5:63:80:8B:8B:34:53:88:56:AC:91:4D:C4:18
            X509v3 Authority Key Identifier:
                keyid:81:AE:B7:62:2A:44:D2:3C:2A:45:B4:D0:DF:40:D6:CD:CC:33:24:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ga63YipE0jwqRbTQ30DWzcwzJB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/331ce6-e428-41fa-bb10-db3afd3d762e/1/lBKzzTH6xWOAi4s0U4hWrJFNxBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/331ce6-e428-41fa-bb10-db3afd3d762e/1/ga63YipE0jwqRbTQ30DWzcwzJB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:09:f5:59:bb:e9:91:f2:a2:25:cf:03:9b:6d:08:9a:ce:d5:
         c9:b1:df:c7:67:22:30:6d:da:2f:c0:62:d5:7a:b8:5b:af:d1:
         4c:a7:37:50:89:32:53:f8:17:c6:87:b0:1a:43:43:24:a9:9c:
         a7:32:b0:c7:77:32:f6:98:1a:07:1d:d8:d8:78:eb:06:71:cf:
         cf:2c:ff:e1:e2:40:45:ff:30:8e:5b:64:3a:70:4e:d3:79:82:
         ed:bf:76:b1:0c:d0:4a:bb:14:41:0d:dd:39:55:28:38:65:2b:
         7f:2b:41:96:8b:8d:79:02:57:69:b3:c3:7f:c0:b4:65:0b:a8:
         29:95:9f:8c:f4:7c:a7:45:51:27:2c:c5:3c:f7:fc:dd:62:f3:
         f6:69:86:2c:3d:ce:55:67:99:ee:06:25:ab:da:59:a4:74:83:
         9e:64:41:cd:f2:13:c4:a5:73:cf:90:4f:0b:36:6b:c4:1a:26:
         57:64:e1:aa:74:57:a1:04:74:09:ff:06:8c:e9:5f:55:46:6e:
         64:9c:e9:d2:c1:bc:6a:e2:83:f9:3a:05:71:ef:44:07:4a:c0:
         36:03:86:9e:18:e5:d2:fc:f8:39:b5:f9:48:76:a4:01:63:cf:
         a0:80:73:a8:aa:1d:ea:84:90:29:8c:e2:77:86:c0:50:f4:52:
         9d:b4:7b:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTZFUy1/XH3YNM6x+l+27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYWViNzYyMmE0NGQyM2MyYTQ1YjRkMGRmNDBkNmNkY2Mz
MzI0MWQwHhcNMjQwMTAyMDgzMjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDEyYjNjZDMxZmFjNTYzODA4YjhiMzQ1Mzg4NTZhYzkxNGRjNDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwDoTCPt//EKkleTHhN9kwnJfu1e
ox0v/+PIMZRtjIOJPCUyzpO30WjJOl5DATsob9aW8JRwyw/JfbwBkuZGOmHAo8g6
rpZ7zF+gD0w2GE7/OByvVAwW51O6ji4BP4zmdKGDhnl6bGbmZLArl6o4J+sE8QXD
tZiRz042JiQjhSB4RL5WB4G3tx5+rWV5qoon/22UJCMTIWqXt1Q4ALPUlZHEc3+Q
2EubsTZq0sI9I9+hcMcQzADEaTE8IJxgBMkQ/3pa0LUm1dtv0BD0e0J6DgyToyG5
QHUmtwL0DItyaAoQrKxGxV0cJA0K0s70tE+bvIhkHJddMfu0Fhih1aERkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQSs80x+sVjgIuLNFOIVqyRTcQYMB8GA1UdIwQY
MBaAFIGut2IqRNI8KkW00N9A1s3MMyQdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2E2M1lpcEUwandxUmJUUTMwRFd6Y3d6SkIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8zMzFjZTYtZTQyOC00MWZhLWJiMTAt
ZGIzYWZkM2Q3NjJlLzEvbEJLenpUSDZ4V09BaTRzMFU0aFdySkZOeEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8zMzFjZTYtZTQyOC00MWZhLWJiMTAtZGIzYWZkM2Q3NjJl
LzEvZ2E2M1lpcEUwandxUmJUUTMwRFd6Y3d6SkIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRd9MA0G
CSqGSIb3DQEBCwUAA4IBAQAoCfVZu+mR8qIlzwObbQiaztXJsd/HZyIwbdovwGLV
erhbr9FMpzdQiTJT+BfGh7AaQ0MkqZynMrDHdzL2mBoHHdjYeOsGcc/PLP/h4kBF
/zCOW2Q6cE7TeYLtv3axDNBKuxRBDd05VSg4ZSt/K0GWi415Aldps8N/wLRlC6gp
lZ+M9HynRVEnLMU89/zdYvP2aYYsPc5VZ5nuBiWr2lmkdIOeZEHN8hPEpXPPkE8L
NmvEGiZXZOGqdFehBHQJ/waM6V9VRm5knOnSwbxq4oP5OgVx70QHSsA2A4aeGOXS
/Pg5tflIdqQBY8+ggHOoqh3qhJApjOJ3hsBQ9FKdtHue
-----END CERTIFICATE-----