Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/DXs-ba15NaES8Q6pBux2o6NONG4.roa
File:                     DXs-ba15NaES8Q6pBux2o6NONG4.roa (raw, json)
Hash identifier:          5AgNJALdKlB1BuLPNG2gAn3xwWO/POlMwJsKagN2558=
Subject key identifier:   0D:7B:3E:6D:AD:79:35:A1:12:F1:0E:A9:06:EC:76:A3:A3:4E:34:6E
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DF3A73AAB665E460BBAEEC5FFE3E7
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/DXs-ba15NaES8Q6pBux2o6NONG4.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205349
IP address blocks:        62.89.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f3:a7:3a:ab:66:5e:46:0b:ba:ee:c5:ff:e3:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d7b3e6dad7935a112f10ea906ec76a3a34e346e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e4:6d:8a:de:5a:5c:79:bd:2f:f3:e0:e1:ac:
                    ae:16:25:27:45:b1:30:43:b7:5d:47:38:5a:d4:7b:
                    f1:b3:a7:df:a6:8d:5a:8e:07:aa:98:c7:de:1b:0c:
                    47:6d:66:7e:c2:48:5b:c8:1e:b7:5a:7f:4f:90:38:
                    80:5f:52:f0:a0:70:fa:24:43:91:69:17:d9:f1:46:
                    b0:90:09:42:5d:b4:c7:ce:b8:e7:46:37:3c:f7:92:
                    e9:1c:45:2c:d6:1c:f3:3f:7e:49:73:b7:5a:b8:3d:
                    c3:fa:99:a5:d7:c9:9c:35:7f:68:38:d9:1f:48:8d:
                    66:9c:b7:1f:f4:3d:34:1a:bd:8d:f6:03:22:01:f3:
                    f5:ac:a8:a9:39:af:94:fd:d5:e5:8a:2d:70:55:b1:
                    81:d6:90:1a:8e:28:6c:64:fa:8c:48:bb:e3:6b:a2:
                    35:0f:23:2d:38:2b:f6:a0:0d:9c:82:ac:1a:66:51:
                    db:09:de:46:7e:03:5b:11:9d:f4:7c:94:5b:42:36:
                    bf:85:52:a9:67:07:28:8a:07:6d:1f:33:d7:2f:79:
                    ca:ff:45:36:9c:5b:d4:85:28:c5:cd:6f:24:69:86:
                    24:0c:a5:ba:90:cc:22:24:9d:5b:08:d8:5e:1a:01:
                    09:a2:54:e9:c4:1c:06:c3:d9:75:5d:ee:b9:b9:aa:
                    c7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:7B:3E:6D:AD:79:35:A1:12:F1:0E:A9:06:EC:76:A3:A3:4E:34:6E
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/DXs-ba15NaES8Q6pBux2o6NONG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.89.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:c0:de:22:8a:c7:0b:c5:86:68:7c:c4:79:f8:c1:42:91:1a:
         04:c2:1b:7a:79:34:d1:d6:30:6a:07:be:22:fa:c2:e4:95:c1:
         3d:bb:06:e8:64:ca:1d:6c:ab:2f:4f:37:31:03:81:95:b7:ab:
         4a:32:12:17:04:7b:9c:03:a3:78:36:59:f3:3c:f4:05:87:60:
         52:74:9d:1a:e7:10:9e:6c:cf:93:cb:92:c4:4f:cc:e6:b9:ef:
         2d:0e:9a:e6:a4:e5:d8:64:0a:5f:9e:d3:92:3c:8b:ad:aa:14:
         7c:50:88:f1:ad:c5:24:43:79:9a:f8:69:90:b7:6d:28:0b:8b:
         7b:cf:b9:c2:48:10:d1:8f:a4:e1:b3:59:00:7f:dd:d4:46:fb:
         77:d7:11:6c:6d:33:ca:10:50:e4:74:31:fa:0d:33:f1:5d:27:
         3d:3c:35:a6:f2:18:06:88:e7:ec:ff:3c:31:d9:61:ed:08:4b:
         12:41:0e:ac:25:ea:b4:81:a1:96:27:8f:46:29:2f:fa:b8:92:
         d5:81:b8:df:a2:15:f1:0e:2d:c7:6a:54:de:ff:34:db:3e:7b:
         06:17:29:4f:18:1b:b3:b6:df:c5:3e:49:39:e5:e6:04:dc:91:
         55:a7:5a:10:83:cd:93:95:93:48:88:bc:03:6d:37:53:71:1f:
         78:e9:90:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfOnOqtmXkYLuu7F/+PnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDdiM2U2ZGFkNzkzNWExMTJmMTBlYTkwNmVjNzZhM2EzNGUzNDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuRtit5aXHm9L/Pg4ayuFiUnRbEw
Q7ddRzha1Hvxs6ffpo1ajgeqmMfeGwxHbWZ+wkhbyB63Wn9PkDiAX1LwoHD6JEOR
aRfZ8UawkAlCXbTHzrjnRjc895LpHEUs1hzzP35Jc7dauD3D+pml18mcNX9oONkf
SI1mnLcf9D00Gr2N9gMiAfP1rKipOa+U/dXlii1wVbGB1pAajihsZPqMSLvja6I1
DyMtOCv2oA2cgqwaZlHbCd5GfgNbEZ30fJRbQja/hVKpZwcoigdtHzPXL3nK/0U2
nFvUhSjFzW8kaYYkDKW6kMwiJJ1bCNheGgEJolTpxBwGw9l1Xe65uarHjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA17Pm2teTWhEvEOqQbsdqOjTjRuMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvRFhzLWJhMTVOYUVTOFE2cEJ1eDJvNk5PTkc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPlnNMA0G
CSqGSIb3DQEBCwUAA4IBAQARwN4iiscLxYZofMR5+MFCkRoEwht6eTTR1jBqB74i
+sLklcE9uwboZModbKsvTzcxA4GVt6tKMhIXBHucA6N4NlnzPPQFh2BSdJ0a5xCe
bM+Ty5LET8zmue8tDprmpOXYZApfntOSPIutqhR8UIjxrcUkQ3ma+GmQt20oC4t7
z7nCSBDRj6Ths1kAf93URvt31xFsbTPKEFDkdDH6DTPxXSc9PDWm8hgGiOfs/zwx
2WHtCEsSQQ6sJeq0gaGWJ49GKS/6uJLVgbjfohXxDi3HalTe/zTbPnsGFylPGBuz
tt/FPkk55eYE3JFVp1oQg82TlZNIiLwDbTdTcR946ZCM
-----END CERTIFICATE-----