Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/74980e-74f9-4b5e-9cf2-69711fe83d23/1/1-MZVlE8Go9VBXFeDGDZneyVG39I.roa
File:                     1-MZVlE8Go9VBXFeDGDZneyVG39I.roa (raw, json)
Hash identifier:          xNJ7FMGBMO95SgGurpUmY3Chk8Cm/ViHQ7s9aFgLg2Y=
Subject key identifier:   F8:C6:55:94:4F:06:A3:D5:41:5C:57:83:18:36:67:7B:25:46:DF:D2
Certificate issuer:       /CN=b3ef7c76ab3e6971d8f87302ddf92cc6098849ea
Certificate serial:       018CCA2AB32E2336EC1F6B8D1D928B335DBE
Authority key identifier: B3:EF:7C:76:AB:3E:69:71:D8:F8:73:02:DD:F9:2C:C6:09:88:49:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s-98dqs-aXHY-HMC3fksxgmISeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/74980e-74f9-4b5e-9cf2-69711fe83d23/1/1-MZVlE8Go9VBXFeDGDZneyVG39I.roa
Signing time:             Tue 02 Jan 2024 12:34:04 +0000
ROA not before:           Tue 02 Jan 2024 12:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1133
IP address blocks:        130.89.0.0/16 maxlen: 16
                          2001:67c:2564::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/74980e-74f9-4b5e-9cf2-69711fe83d23/1/s-98dqs-aXHY-HMC3fksxgmISeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/74980e-74f9-4b5e-9cf2-69711fe83d23/1/s-98dqs-aXHY-HMC3fksxgmISeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s-98dqs-aXHY-HMC3fksxgmISeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:b3:2e:23:36:ec:1f:6b:8d:1d:92:8b:33:5d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3ef7c76ab3e6971d8f87302ddf92cc6098849ea
        Validity
            Not Before: Jan  2 12:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8c655944f06a3d5415c57831836677b2546dfd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:95:d4:51:5f:6b:28:89:f6:f9:cb:f9:e3:5b:
                    d5:58:14:ae:73:1f:6d:d6:ee:e4:92:43:6f:1c:a4:
                    7d:98:18:16:19:f2:b2:ba:ef:bc:53:1b:fb:a7:ec:
                    ce:2d:4c:48:0d:c8:40:24:6e:ff:b5:0d:bd:11:09:
                    17:91:10:b5:f1:e4:cb:27:4d:dc:57:84:7e:4c:e4:
                    b5:f9:86:fc:dc:b5:17:19:ab:b7:a0:fc:da:cb:23:
                    64:1c:82:57:fa:9e:e2:51:ef:b4:58:b1:32:1b:29:
                    a8:68:7e:a4:21:cc:72:a7:d0:d9:2e:83:4b:26:b0:
                    96:59:c2:ea:9d:c2:c4:d1:14:27:9e:01:00:91:b0:
                    25:79:b7:81:c6:57:3a:a4:a9:59:e3:0e:94:a1:2f:
                    8d:f9:23:6f:51:75:b6:ec:fd:ac:1c:78:21:03:04:
                    55:a0:f2:92:fd:d9:cd:0c:aa:41:34:ca:22:ae:b4:
                    fd:d4:0a:ad:90:96:f4:c4:fa:ea:0d:09:2b:3f:7c:
                    18:30:a7:a1:8f:f8:63:22:7d:af:c0:85:69:6d:1f:
                    0e:de:52:41:8c:f6:55:94:c7:c6:af:1c:32:c9:9c:
                    27:06:4a:59:58:37:9b:09:07:56:1f:c9:0b:52:45:
                    92:89:f0:bf:6f:d3:1f:c0:c0:85:1d:59:6e:f6:6a:
                    67:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:C6:55:94:4F:06:A3:D5:41:5C:57:83:18:36:67:7B:25:46:DF:D2
            X509v3 Authority Key Identifier:
                keyid:B3:EF:7C:76:AB:3E:69:71:D8:F8:73:02:DD:F9:2C:C6:09:88:49:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s-98dqs-aXHY-HMC3fksxgmISeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/74980e-74f9-4b5e-9cf2-69711fe83d23/1/1-MZVlE8Go9VBXFeDGDZneyVG39I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/74980e-74f9-4b5e-9cf2-69711fe83d23/1/s-98dqs-aXHY-HMC3fksxgmISeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.89.0.0/16
                IPv6:
                  2001:67c:2564::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:44:e0:f3:f6:b3:59:54:58:ae:ef:39:4d:41:ea:eb:f7:56:
         37:3c:24:cc:45:fa:60:8f:7f:8c:e7:9b:44:5e:50:37:cf:94:
         e6:22:39:e7:d6:d8:cb:f0:d3:34:df:b4:08:4d:1e:41:68:e7:
         52:77:55:c8:c0:27:92:71:de:ce:9d:04:6b:aa:49:92:c1:5e:
         f7:5c:0e:9e:93:62:6b:ab:a4:f2:a7:74:14:8a:49:cf:f1:a8:
         8e:56:75:dc:41:f8:25:0a:e0:81:e4:93:35:96:0f:3f:42:84:
         7b:4d:73:fe:28:42:29:d8:69:d7:c6:b2:ab:d9:9b:b7:00:03:
         91:66:78:64:06:51:50:da:61:f7:fd:da:89:a0:da:1d:55:a7:
         49:d3:74:44:24:fc:8f:0c:37:e0:69:43:66:06:a9:b7:7e:2d:
         5f:85:35:6b:38:e1:d1:c2:20:17:d5:df:3d:6a:31:2a:26:9a:
         10:67:2d:3e:bd:a5:eb:bc:8b:06:13:33:b7:62:97:22:ca:d8:
         35:0f:7a:93:04:80:6c:f0:37:4b:9b:33:fc:c0:e2:95:da:7b:
         d9:e7:ef:26:d9:a3:6e:1e:0e:d1:e5:79:2d:57:84:da:c6:78:
         f1:cb:c0:03:6a:0e:e9:eb:1f:35:f1:93:5c:37:8d:d2:f8:91:
         24:e8:67:15
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKrMuIzbsH2uNHZKLM12+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZWY3Yzc2YWIzZTY5NzFkOGY4NzMwMmRkZjkyY2M2MDk4
ODQ5ZWEwHhcNMjQwMTAyMTIzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGM2NTU5NDRmMDZhM2Q1NDE1YzU3ODMxODM2Njc3YjI1NDZkZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJXUUV9rKIn2+cv541vVWBSucx9t
1u7kkkNvHKR9mBgWGfKyuu+8Uxv7p+zOLUxIDchAJG7/tQ29EQkXkRC18eTLJ03c
V4R+TOS1+Yb83LUXGau3oPzayyNkHIJX+p7iUe+0WLEyGymoaH6kIcxyp9DZLoNL
JrCWWcLqncLE0RQnngEAkbAlebeBxlc6pKlZ4w6UoS+N+SNvUXW27P2sHHghAwRV
oPKS/dnNDKpBNMoirrT91AqtkJb0xPrqDQkrP3wYMKehj/hjIn2vwIVpbR8O3lJB
jPZVlMfGrxwyyZwnBkpZWDebCQdWH8kLUkWSifC/b9MfwMCFHVlu9mpnmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPjGVZRPBqPVQVxXgxg2Z3slRt/SMB8GA1UdIwQY
MBaAFLPvfHarPmlx2PhzAt35LMYJiEnqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcy05OGRxcy1hWEhZLUhNQzNma3N4Z21JU2VvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS83NDk4MGUtNzRmOS00YjVlLTljZjIt
Njk3MTFmZTgzZDIzLzEvMS1NWlZsRThHbzlWQlhGZURHRFpuZXlWRzM5SS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzUvNzQ5ODBlLTc0ZjktNGI1ZS05Y2YyLTY5NzExZmU4M2Qy
My8xL3MtOThkcXMtYVhIWS1ITUMzZmtzeGdtSVNlby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAvBggrBgEFBQcBBwEB/wQgMB4wCwQCAAEwBQMDAIJZMA8E
AgACMAkDBwAgAQZ8JWQwDQYJKoZIhvcNAQELBQADggEBACxE4PP2s1lUWK7vOU1B
6uv3Vjc8JMxF+mCPf4znm0ReUDfPlOYiOefW2Mvw0zTftAhNHkFo51J3VcjAJ5Jx
3s6dBGuqSZLBXvdcDp6TYmurpPKndBSKSc/xqI5WddxB+CUK4IHkkzWWDz9ChHtN
c/4oQinYadfGsqvZm7cAA5FmeGQGUVDaYff92omg2h1Vp0nTdEQk/I8MN+BpQ2YG
qbd+LV+FNWs44dHCIBfV3z1qMSommhBnLT69peu8iwYTM7dilyLK2DUPepMEgGzw
N0ubM/zA4pXae9nn7ybZo24eDtHleS1XhNrGePHLwANqDunrHzXxk1w3jdL4kSTo
ZxU=
-----END CERTIFICATE-----